Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Grøstl
Fast Software Encryption
Selected Areas in Cryptography
Rebound Distinguishers: Results on the Full Whirlpool Compression Function
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Rebound attack on reduced-round versions of JH
FSE'10 Proceedings of the 17th international conference on Fast software encryption
Super-Sbox cryptanalysis: improved attacks for AES-like permutations
FSE'10 Proceedings of the 17th international conference on Fast software encryption
Cryptanalysis of Luffa v2 components
SAC'10 Proceedings of the 17th international conference on Selected areas in cryptography
Higher-order differential properties of KECCAK and Luffa
FSE'11 Proceedings of the 18th international conference on Fast software encryption
How to improve rebound attacks
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
Finding collisions in the full SHA-1
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Practical analysis of reduced-round keccak
INDOCRYPT'11 Proceedings of the 12th international conference on Cryptology in India
Differential propagation analysis of keccak
FSE'12 Proceedings of the 19th international conference on Fast Software Encryption
Hi-index | 0.00 |
We analyze the internal permutations of Keccak, one of the NIST SHA-3 competition finalists, in regard to differential properties. By carefully studying the elements composing those permutations, we are able to derive most of the best known differential paths for up to 5 rounds. We use these differential paths in a rebound attack setting and adapt this powerful freedom degrees utilization in order to derive distinguishers for up to 8 rounds of the internal permutations of the submitted version of Keccak. The complexity of the 8 round distinguisher is 2491.47. Our results have been implemented and verified experimentally on a small version of Keccak.