Analysis of reduced-SHAvite-3-256 v2

Authors:
Marine Minier;María Naya-Plasencia;Thomas Peyrin
Affiliations:
Université de Lyon, INRIA, CITI, France;FHNW, Windisch, Switzerland;Nanyang Technological University, Singapore
Venue:
FSE'11 Proceedings of the 18th international conference on Fast software encryption
Year:
2011

Citing 14
Cited 1

Random oracles are practical: a paradigm for designing efficient protocols

CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
The Design of Rijndael

The Design of Rijndael
A Generalized Birthday Problem

CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Grøstl

Fast Software Encryption
Improved Cryptanalysis of the Reduced Grøstl Compression Function, ECHO Permutation and AES Block Cipher

Selected Areas in Cryptography
Cryptanalysis of Hash Functions with Structures

Selected Areas in Cryptography
Rebound Attack on the Full Lane Compression Function

ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Rebound Distinguishers: Results on the Full Whirlpool Compression Function

ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Cryptanalysis of GRINDAHL

ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
Super-Sbox cryptanalysis: improved attacks for AES-like permutations

FSE'10 Proceedings of the 17th international conference on Fast software encryption
Improved differential attacks for ECHO and Grøstl

CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
Finding collisions in the full SHA-1

CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
How to break MD5 and other hash functions

EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Cryptanalysis of the 10-round hash and full compression function of SHAvite-3-512

AFRICACRYPT'10 Proceedings of the Third international conference on Cryptology in Africa

Known-key distinguishers on 11-round Feistel and collision attacks on its hashing modes

FSE'11 Proceedings of the 18th international conference on Fast software encryption

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this article, we provide the first independent analysis of the (2nd-round tweaked) 256-bit version of the SHA-3 candidate SHAvite-3. By leveraging recently introduced cryptanalysis tools such as rebound attack or Super-Sbox cryptanalysis, we are able to derive chosen-related-salt distinguishing attacks on the compression function on up to 8 rounds (12 rounds in total) and free-start collisions on up to 7 rounds. In particular, our best results are obtained by carefully controlling the differences in the key schedule of the internal cipher. Most of our results have been implemented and verified experimentally.