Construction of Differential Characteristics in ARX Designs Application to Skein
- Gaëtan LeurentAffiliated withUCL Crypto Group
In this paper, we study differential attacks against ARX schemes. We build upon the generalized characteristics of De Cannière and Rechberger and the multi-bit constraints of Leurent.
Our main result is an algorithm to build complex non-linear differential characteristics for ARX constructions, that we applied to reduced versions of the hash function Skein. We present several characteristics for use in various attack scenarios: on the one hand we show attacks with a relatively low complexity, in relatively strong settings; and on the other hand weaker distinguishers reaching more rounds. Our most notable results are practical free-start and semi-free-start collision attacks for 20 rounds and 12 rounds of Skein-256, respectively. Since the full version of Skein-256 has 72 rounds, this result confirms the large security margin of the design.
These results are some of the first examples of complex differential trails built for pure ARX designs. We believe this is an important work to assess the security those functions against differential cryptanalysis. Our tools are publicly available from the ARXtools webpage.
KeywordsSymmetric ciphers Hash functions ARX Generalized characteristics Differential attacks Skein
- Construction of Differential Characteristics in ARX Designs Application to Skein
- Book Title
- Advances in Cryptology – CRYPTO 2013
- Book Subtitle
- 33rd Annual Cryptology Conference, Santa Barbara, CA, USA, August 18-22, 2013. Proceedings, Part I
- pp 241-258
- Print ISBN
- Online ISBN
- Series Title
- Lecture Notes in Computer Science
- Series Volume
- Series ISSN
- Springer Berlin Heidelberg
- Copyright Holder
- International Association for Cryptologic Research
- Additional Links
- Symmetric ciphers
- Hash functions
- Generalized characteristics
- Differential attacks
- Industry Sectors
- eBook Packages
To view the rest of this content please follow the download PDF link above.