Cryptanalysis of Luffa v2 components

Authors:
Dmitry Khovratovich;María Naya-Plasencia;Andrea Röck;Martin Schläffer
Affiliations:
University of Luxembourg, Luxembourg;FHNW, Windisch, Switzerland;Aalto University School of Science and Technology, Finland;IAIK, Graz University of Technology, Austria
Venue:
SAC'10 Proceedings of the 17th international conference on Selected areas in cryptography
Year:
2010

Citing 5
Cited 7

A Generalized Birthday Problem

CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Grøstl

Fast Software Encryption
Distinguisher and Related-Key Attack on the Full AES-256

CRYPTO '09 Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology
Improved Cryptanalysis of the Reduced Grøstl Compression Function, ECHO Permutation and AES Block Cipher

Selected Areas in Cryptography
Higher order differential attack on step-reduced variants of Luffa v1

FSE'10 Proceedings of the 17th international conference on Fast software encryption

Subspace distinguisher for 5/8 rounds of the ECHO-256 hash function

SAC'10 Proceedings of the 17th international conference on Selected areas in cryptography
Higher-order differential properties of KECCAK and Luffa

FSE'11 Proceedings of the 18th international conference on Fast software encryption
Finding collisions for reduced Luffa-256 v2

ACISP'11 Proceedings of the 16th Australasian conference on Information security and privacy
How to improve rebound attacks

CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
Cryptanalysis of ARMADILLO2

ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
Known-Key distinguisher on round-reduced 3d block cipher

WISA'11 Proceedings of the 12th international conference on Information Security Applications
Unaligned rebound attack: application to keccak

FSE'12 Proceedings of the 19th international conference on Fast Software Encryption

Quantified Score

Hi-index	0.00

Visualization

Abstract

We develop a number of techniques for the cryptanalysis of the SHA-3 candidate Luffa, and apply them to various Luffa components. These techniques include a new variant of the rebound approach taking into account the specifics of Luffa. The main improvements include the construction of good truncated differential paths, the search for differences using multiple inbound phases and a fast final solution search via linear systems. Using these techniques, we are able to construct nontrivial semi-free-start collisions for 7 (out of 8 rounds) of Luffa-256 with a complexity of 2104 in time and 2102 in memory. This is the first analysis of a Luffa component other that the permutation of Luffa v1. Additionally, we provide new and more efficient distinguishers also for the full permutation of Luffa v2. For this permutation distinguisher, we use a new model which applies first a short test on all samples and then a longer test on a smaller subset of the inputs. We demonstrate that a set of right pairs for the given differential path can be found significantly faster than for a random permutation.