Boomerang distinguisher for the SIMD-512 compression function

Authors:
Florian Mendel;Tomislav Nad
Affiliations:
Institute for Applied Information Processing and Communications (IAIK), Graz University of Technology, Graz, Austria;Institute for Applied Information Processing and Communications (IAIK), Graz University of Technology, Graz, Austria
Venue:
INDOCRYPT'11 Proceedings of the 12th international conference on Cryptology in India
Year:
2011

Citing 18
Cited 1

A Design Principle for Hash Functions

CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
One Way Hash Functions and DES

CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
The Boomerang Attack

FSE '99 Proceedings of the 6th International Workshop on Fast Software Encryption
Cube Attacks on Tweakable Black Box Polynomials

EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Grøstl

Fast Software Encryption
Distinguisher and Related-Key Attack on the Full AES-256

CRYPTO '09 Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology
Improved Cryptanalysis of the Reduced Grøstl Compression Function, ECHO Permutation and AES Block Cipher

Selected Areas in Cryptography
A Distinguisher for the Compression Function of SIMD-512

INDOCRYPT '09 Proceedings of the 10th International Conference on Cryptology in India: Progress in Cryptology
Hash functions and the (amplified) boomerang attack

CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
Super-Sbox cryptanalysis: improved attacks for AES-like permutations

FSE'10 Proceedings of the 17th international conference on Fast software encryption
Boomerang attacks on BLAKE-32

FSE'11 Proceedings of the 18th international conference on Fast software encryption
Cryptanalysis of the compression function of SIMD

ACISP'11 Proceedings of the 16th Australasian conference on Information security and privacy
A failure-friendly design principle for hash functions

ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
Update on SHA-1

CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
Finding collisions in the full SHA-1

CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
How to break MD5 and other hash functions

EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Second-Order differential collisions for reduced SHA-256

ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
The Return of the Cryptographic Boomerang

IEEE Transactions on Information Theory

Second order collision for the 42-step reduced DHA-256 hash function

Information Processing Letters

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper, we present a distinguisher for the permutation of SIMD-512 with complexity 2226.52. We extend the attack to a distinguisher for the compression function with complexity 2200.6. The attack is based on the application of the boomerang attack for hash functions. Starting from the middle of the compression function we use techniques from coding theory to search for two differential characteristics, one for the backward direction and one for the forward direction to construct a second-order differential. Both characteristics hold with high probability. The direct application of the second-order differential leads to a distinguisher for the permutation. Based on this differential we extend the attack to distinguisher for the compression function.