Higher-order differential properties of KECCAK and Luffa

Authors:
Christina Boura;Anne Canteaut;Christophe De Cannière
Affiliations:
INRIA Paris-Rocquencourt, Le Chesnay Cedex, France and Gemalto, Meudon sur Seine, France;INRIA Paris-Rocquencourt, Le Chesnay Cedex, France;Department of Electrical Engineering, ESAT, SCD-COSIC, Katholieke Universiteit Leuven, Heverlee, Belgium
Venue:
FSE'11 Proceedings of the 18th international conference on Fast software encryption
Year:
2011

Citing 5
Cited 7

Degree of Composition of Highly Nonlinear Functions and Applications to Higher Order Differential Cryptanalysis

EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Known-key distinguishers for some block ciphers

ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
Higher order differential attack on step-reduced variants of Luffa v1

FSE'10 Proceedings of the 17th international conference on Fast software encryption
Zero-sum distinguishers for iterated permutations and application to KECCAK-f and Hamsi-256

SAC'10 Proceedings of the 17th international conference on Selected areas in cryptography
Cryptanalysis of Luffa v2 components

SAC'10 Proceedings of the 17th international conference on Selected areas in cryptography

The LED block cipher

CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
Second-Order differential collisions for reduced SHA-256

ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
EPCBC: a block cipher suitable for electronic product code encryption

CANS'11 Proceedings of the 10th international conference on Cryptology and Network Security
Practical analysis of reduced-round keccak

INDOCRYPT'11 Proceedings of the 12th international conference on Cryptology in India
Improved rebound attack on the finalist grøstl

FSE'12 Proceedings of the 19th international conference on Fast Software Encryption
Unaligned rebound attack: application to keccak

FSE'12 Proceedings of the 19th international conference on Fast Software Encryption
The SHA-3 competition: lessons learned

Proceedings of the 6th International Conference on Security of Information and Networks

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper, we identify higher-order differential and zero-sum properties in the full Keccak-f permutation, in the Luffa v1 hash function and in components of the Luffa v2 algorithm. These structural properties rely on a new bound on the degree of iterated permutations with a nonlinear layer composed of parallel applications of a number of balanced Sboxes. These techniques yield zero-sum partitions of size 21575 for the full Keccak-f permutation and several observations on the Luffa hash family. We first show that Luffa v1 applied to one-block messages is a function of 255 variables with degree at most 251. This observation leads to the construction of a higher-order differential distinguisher for the full Luffa v1 hash function, similar to the one presented by Watanabe et al. on a reduced version. We show that similar techniques can be used to find all-zero higher-order differentials in the Luffa v2 compression function, but the additional blank round destroys this property in the hash function.