Internal differential collision attacks on the reduced-round GrØstl-0 hash function

Authors:
Kota Ideguchi;Elmar Tischhauser;Bart Preneel
Affiliations:
Systems Development Laboratory, Hitachi, LTD, Yokohama, Japan;ESAT-COSIC and IBBT, Katholieke Universiteit Leuven, Heverlee, Belgium 3001 and Fund for Scientific Research, Flanders, Belgium;ESAT-COSIC and IBBT, Katholieke Universiteit Leuven, Heverlee, Belgium 3001
Venue:
Designs, Codes and Cryptography
Year:
2014

Citing 14
Cited 0

The art of computer programming, volume 2 (3rd ed.): seminumerical algorithms

The art of computer programming, volume 2 (3rd ed.): seminumerical algorithms
The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Grøstl

Fast Software Encryption
Improved Cryptanalysis of the Reduced Grøstl Compression Function, ECHO Permutation and AES Block Cipher

Selected Areas in Cryptography
Rebound Distinguishers: Results on the Full Whirlpool Compression Function

ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Cryptanalysis of GRINDAHL

ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
Super-Sbox cryptanalysis: improved attacks for AES-like permutations

FSE'10 Proceedings of the 17th international conference on Fast software encryption
Improved differential attacks for ECHO and Grøstl

CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
Improved collision attacks on the reduced-round Grøstl hash function

ISC'10 Proceedings of the 13th international conference on Information security
Known and chosen key differential distinguishers for block ciphers

ICISC'10 Proceedings of the 13th international conference on Information security and cryptology
Finding SHA-1 characteristics: general results and applications

ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
Finding collisions in the full SHA-1

CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
How to break MD5 and other hash functions

EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Understanding two-round differentials in AES

SCN'06 Proceedings of the 5th international conference on Security and Cryptography for Networks
Rebound attacks on the reduced grøstl hash function

CT-RSA'10 Proceedings of the 2010 international conference on Topics in Cryptology

Quantified Score

Hi-index	0.00

Visualization

Abstract

We analyze the GrØstl-0 hash function, that is the version of GrØstl submitted to the SHA-3 competition. This paper extends Peyrin's internal differential strategy, that uses differential paths between the permutations P and Q of GrØstl-0 to construct distinguishers of the compression function. This results in collision attacks and semi-free-start collision attacks on the GrØstl-0 hash function and compression function with reduced rounds. Specifically, we show collision attacks on the GrØstl-0-256 hash function reduced to 5 and 6 out of 10 rounds with time complexities 248 and 2112 and on the GrØstl-0-512 hash function reduced to 6 out of 14 rounds with time complexity 2183. Furthermore, we demonstrate semi-free-start collision attacks on the GrØstl-0-256 compression function reduced to 8 rounds and the GrØstl-0-512 compression function reduced to 9 rounds. Finally, we show improved distinguishers for the GrØstl-0-256 permutations with reduced rounds.