Improved Differential Attacks for ECHO and Grøstl

Download Book (11,769 KB) As a courtesy to our readers the eBook is provided DRM-free. However, please note that Springer uses effective methods and state-of-the art technology to detect, stop, and prosecute illegal sharing to safeguard our authors’ interests.
Download Chapter (374 KB)


We present improved cryptanalysis of two second-round SHA-3 candidates: the AES-based hash functions ECHO and Grøstl. We explain methods for building better differential trails for ECHO by increasing the granularity of the truncated differential paths previously considered. In the case of Grøstl, we describe a new technique, the internal differential attack, which shows that when using parallel computations designers should also consider the differential security between the parallel branches. Then, we exploit the recently introduced start-from-the-middle or Super-Sbox attacks, that proved to be very efficient when attacking AES-like permutations, to achieve a very efficient utilization of the available freedom degrees. Finally, we obtain the best known attacks so far for both ECHO and Grøstl. In particular, we are able to mount a distinguishing attack for the full Grøstl-256 compression function.