International Conference on the Theory and Application of Cryptology and Information Security

ASIACRYPT 2010: Advances in Cryptology - ASIACRYPT 2010 pp 38-55

Non-full-active Super-Sbox Analysis: Applications to ECHO and Grøstl

  • Yu Sasaki
  • Yang Li
  • Lei Wang
  • Kazuo Sakiyama
  • Kazuo Ohta
Conference paper

DOI: 10.1007/978-3-642-17373-8_3

Volume 6477 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Sasaki Y., Li Y., Wang L., Sakiyama K., Ohta K. (2010) Non-full-active Super-Sbox Analysis: Applications to ECHO and Grøstl. In: Abe M. (eds) Advances in Cryptology - ASIACRYPT 2010. ASIACRYPT 2010. Lecture Notes in Computer Science, vol 6477. Springer, Berlin, Heidelberg

Abstract

In this paper, we present non-full-active Super-Sbox analysis which can detect non-ideal properties of a class of AES-based permutations with a low complexity. We apply this framework to SHA-3 round-2 candidates ECHO and Grøstl. The first application is for the full-round (8-round) ECHO permutation, which is a building block for 256-bit and 224-bit output sizes. By combining several observations specific to ECHO, our attack detects a non-ideal property with a time complexity of 2182 and 237 amount of memory. The complexity, especially in terms of the product of time and memory, is drastically reduced from the previous best attack which required 2512×2512. Note that this result does not impact the security of the ECHO compression function nor the overall hash function. We also show that our method can detect non-ideal properties of the 8-round Grøstl-256 permutation with a practical complexity, and finally show that our approach improves a semi-free-start collision attack on the 7-round Grøstl-512 compression function. Our approach is based on a series of attacks on AES-based hash functions such as rebound attack and Super-Sbox analysis. The core idea is using a new differential path consisting of only non-full-active states.

Keywords

AES-based permutationECHOGrøstlSHA-3Super-Sbox
Download to read the full conference paper text

Copyright information

© International Association for Cryptologic Research 2010

Authors and Affiliations

  • Yu Sasaki
    • 1
  • Yang Li
    • 2
  • Lei Wang
    • 2
  • Kazuo Sakiyama
    • 2
  • Kazuo Ohta
    • 2
  1. 1.NTT Information Sharing Platform LaboratoriesNTT CorporationMusashino-shiJapan
  2. 2.The University of Electro-CommunicationsChoufu-shiJapan