Cryptanalysis of the compression function of SIMD

Authors:
Hongbo Yu;Xiaoyun Wang
Affiliations:
Department of Computer Science and Technology, Tsinghua University, Beijing, China;Tsinghua University and Shandong University, China
Venue:
ACISP'11 Proceedings of the 16th Australasian conference on Information security and privacy
Year:
2011

Citing 5
Cited 1

A Distinguisher for the Compression Function of SIMD-512

INDOCRYPT '09 Proceedings of the 10th International Conference on Cryptology in India: Progress in Cryptology
Rotational cryptanalysis of ARX

FSE'10 Proceedings of the 17th international conference on Fast software encryption
Finding collisions in the full SHA-1

CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
How to break MD5 and other hash functions

EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Collisions of SHA-0 and reduced SHA-1

EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques

Boomerang distinguisher for the SIMD-512 compression function

INDOCRYPT'11 Proceedings of the 12th international conference on Cryptology in India

Quantified Score

Hi-index	0.00

Visualization

Abstract

SIMD is one of the second round candidates of the SHA-3 competition hosted by NIST. In this paper, we present the first attack for the compression function of the reduced SIMD-256 and the full SIMD-512 (the tweaked version) using the modular difference method. For SIMD- 256, we give a free-start near collision attack on the compression function reduced to 20 steps with complexity 2116. And for SIMD-512, we give a free-start near collision attack on the 24-step compression function with complexity 2235. Furthermore, we give a distinguisher attack for the full compression function of SIMD-512 with complexity 2475. Our attacks are also applicable for the final compression function of SIMD.