The art of computer programming, volume 2 (3rd ed.): seminumerical algorithms
The art of computer programming, volume 2 (3rd ed.): seminumerical algorithms
The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Grøstl
Fast Software Encryption
Selected Areas in Cryptography
Rebound Distinguishers: Results on the Full Whirlpool Compression Function
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
Super-Sbox cryptanalysis: improved attacks for AES-like permutations
FSE'10 Proceedings of the 17th international conference on Fast software encryption
Improved differential attacks for ECHO and Grøstl
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
Improved collision attacks on the reduced-round Grøstl hash function
ISC'10 Proceedings of the 13th international conference on Information security
Known and chosen key differential distinguishers for block ciphers
ICISC'10 Proceedings of the 13th international conference on Information security and cryptology
Finding SHA-1 characteristics: general results and applications
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
Finding collisions in the full SHA-1
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
How to break MD5 and other hash functions
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Understanding two-round differentials in AES
SCN'06 Proceedings of the 5th international conference on Security and Cryptography for Networks
Rebound attacks on the reduced grøstl hash function
CT-RSA'10 Proceedings of the 2010 international conference on Topics in Cryptology
Hi-index | 0.00 |
We analyze the GrØstl-0 hash function, that is the version of GrØstl submitted to the SHA-3 competition. This paper extends Peyrin's internal differential strategy, that uses differential paths between the permutations P and Q of GrØstl-0 to construct distinguishers of the compression function. This results in collision attacks and semi-free-start collision attacks on the GrØstl-0 hash function and compression function with reduced rounds. Specifically, we show collision attacks on the GrØstl-0-256 hash function reduced to 5 and 6 out of 10 rounds with time complexities 248 and 2112 and on the GrØstl-0-512 hash function reduced to 6 out of 14 rounds with time complexity 2183. Furthermore, we demonstrate semi-free-start collision attacks on the GrØstl-0-256 compression function reduced to 8 rounds and the GrØstl-0-512 compression function reduced to 9 rounds. Finally, we show improved distinguishers for the GrØstl-0-256 permutations with reduced rounds.