Improved analysis of ECHO-256

Authors:
Jérémy Jean;María Naya-Plasencia;Martin Schläffer
Affiliations:
Ecole Normale Supérieure, France;FHNW, Windisch, Switzerland;IAIK, Graz University of Technology, Austria
Venue:
SAC'11 Proceedings of the 18th international conference on Selected Areas in Cryptography
Year:
2011

Citing 11
Cited 1

A Generalized Birthday Problem

CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Grøstl

Fast Software Encryption
Rebound Attack on the Full Lane Compression Function

ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Rebound Distinguishers: Results on the Full Whirlpool Compression Function

ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Super-Sbox cryptanalysis: improved attacks for AES-like permutations

FSE'10 Proceedings of the 17th international conference on Fast software encryption
Improved differential attacks for ECHO and Grøstl

CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
Subspace distinguisher for 5/8 rounds of the ECHO-256 hash function

SAC'10 Proceedings of the 17th international conference on Selected areas in cryptography
Practical near-collisions and collisions on round-reduced ECHO-256 compression function

FSE'11 Proceedings of the 18th international conference on Fast software encryption
How to improve rebound attacks

CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
Complementation-Like and cyclic properties of AES round functions

AES'04 Proceedings of the 4th international conference on Advanced Encryption Standard
Understanding two-round differentials in AES

SCN'06 Proceedings of the 5th international conference on Security and Cryptography for Networks

Improved rebound attack on the finalist grøstl

FSE'12 Proceedings of the 19th international conference on Fast Software Encryption

Quantified Score

Hi-index	0.00

Visualization

Abstract

ECHO-256 is a second-round candidate of the SHA-3 competition. It is an AES-based hash function that has attracted a lot of interest and analysis. Up to now, the best known attacks were a distinguisher on the full internal permutation and a collision on four rounds of its compression function. The latter was the best known analysis on the compression function as well as the one on the largest number of rounds so far. In this paper, we extend the compression function results to get a distinguisher on 7 out of 8 rounds using rebound techniques. We also present the first 5-round collision attack on the ECHO-256 hash function.