Differential Cryptanalysis of Reduced Rounds of GOST
SAC '00 Proceedings of the 7th Annual International Workshop on Selected Areas in Cryptography
Differential Cryptanalysis of DES-like Cryptosystems
CRYPTO '90 Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology
Provable Security against Differential and Linear Cryptanalysis for the SPN Structure
FSE '00 Proceedings of the 7th International Workshop on Fast Software Encryption
Hi-index | 0.00 |
We focus on the cryptographic hash algorithm Lesamnta-256. Lesamnta-256 consists of the Merkle-Damgård iteration of a compression function and an output function. The compression function consists of a mixing function and a key scheduling function. The mixing function consists of 32 rounds of four-way generalized Feistel structure. On each round there is a nonlinear function F with 64-bit input/output, which consists of the 4 steps of AES type of SPN (Substitution Permutation Network) structure. A subkey is XORed only at the first step of the SPN. The designers analyzed its security by assuming that the subkey is XORed at every step of the SPN. Such an independent subkey assumption is also applied to the analysis of other SHA-3 candidates, e.g. Grøstl, LANE, Luffa. However we analyze the security of these components of Lesamnta as is. We show that the 2 steps of SPN referred to as XS have the maximum differential probability 2−11.415. This probability is greater than both of the differential characteristic probability 2−18 and the differential probability 2−12 derived under the independent subkey assumption. On the strength of whole compression function, we show that there are at least 15 active F functions in the mixing function on 64-bit truncated analysis. As the input bit length of the mixing function is 256, we can say that it is secure against differential attack if the maximum differential probability of F function is less than 2−256/15 ≈ 2−17.067. We also show that the key scheduling function is secure against differential cryptanalysis.