Skip to main content
SpringerLink
Log in

Rebound Attacks on the Reduced Grøstl Hash Function

  • Conference paper
Topics in Cryptology - CT-RSA 2010 (CT-RSA 2010)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 5985))

Included in the following conference series:

Abstract

Grøstl is one of 14 second round candidates of the NIST SHA-3 competition. Cryptanalytic results on the wide-pipe compression function of Grøstl-256 have already been published. However, little is known about the hash function, arguably a much more interesting cryptanalytic setting. Also, Grøstl-512 has not been analyzed yet. In this paper, we show the first cryptanalytic attacks on reduced-round versions of the Grøstl hash functions. These results are obtained by several extensions of the rebound attack. We present a collision attack on 4/10 rounds of the Grøstl-256 hash function and 5/14 rounds of the Grøstl-512 hash functions. Additionally, we give the best collision attack for reduced-round (7/10 and 7/14) versions of the compression function of Grøstl-256 and Grøstl-512.

This work was supported in part by the European Commission through the ICT programme under contract ICT-2007-216676 ECRYPT II and the fourth author is supported by a grant from the Villum Kann Rasmussen Foundation. Parts of this work were carried out while the third author was visiting Technical University of Denmark, supported by a grant from DCAMM International Graduate Research School, Danish Center for Applied Mathematics and Mechanics.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Daemen, J., Rijmen, V.: Understanding Two-Round Differentials in AES. In: De Prisco, R., Yung, M. (eds.) SCN 2006. LNCS, vol. 4116, pp. 78–94. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  2. De Cannière, C., Rechberger, C.: Finding SHA-1 Characteristics: General Results and Applications. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 1–20. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  3. Fouque, P.A., Stern, J., Zimmer, S.: Cryptanalysis of Tweaked Versions of SMASH and Reparation. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) Selected Areas in Cryptography. LNCS, vol. 5381, pp. 136–150. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  4. Gauravaram, P., Knudsen, L.R., Matusiewicz, K., Mendel, F., Rechberger, C., Schläffer, M., Thomsen, S.S.: Grøstl – a SHA-3 candidate. Submission to NIST (2008), http://www.groestl.info

  5. Gilbert, H., Peyrin, T.: Super-Sbox Cryptanalysis: Improved Attacks for AES-like permutations. Cryptology ePrint Archive, Report 2009/531 (2009), http://eprint.iacr.org/

  6. Lamberger, M., Mendel, F., Rechberger, C., Rijmen, V., Schläffer, M.: Cryptanalysis of the Whirlpool Hash Function (manuscript)

    Google Scholar 

  7. Lamberger, M., Mendel, F., Rechberger, C., Rijmen, V., Schläffer, M.: Rebound Distinguishers: Results on the Full Whirlpool Compression Function. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 126–143. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  8. Mendel, F., Peyrin, T., Rechberger, C., Schläffer, M.: Improved Cryptanalysis of the Reduced Grøstl Compression Function, ECHO Permutation and AES Block Cipher. In: Rijmen, V. (ed.) SAC 2009. LNCS, vol. 5867, pp. 16–35. Springer, Heidelberg (2009)

    Google Scholar 

  9. Mendel, F., Rechberger, C., Schläffer, M., Thomsen, S.S.: The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Grøstl. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 260–276. Springer, Heidelberg (2009)

    Google Scholar 

  10. National Institute of Standards and Technology: FIPS PUB 197, Advanced Encryption Standard (AES). Federal Information Processing Standards Publication 197, U.S. Department of Commerce (November 2001)

    Google Scholar 

  11. National Institute of Standards and Technology: Announcing Request for Candidate Algorithm Nominations for a New Cryptographic Hash Algorithm (SHA-3) Family. Federal Register Notice (November 2007), http://csrc.nist.gov

  12. Stevens, M., Lenstra, A.K., de Weger, B.: Chosen-Prefix Collisions for MD5 and Colliding X.509 Certificates for Different Identities. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 1–22. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  13. Tillich, S., Feldhofer, M., Kirschbaum, M., Plos, T., Schmidt, J.M., Szekely, A.: High-Speed Hardware Implementations of BLAKE, Blue Midnight Wish, CubeHash, ECHO, Fugue, Grøstl, Hamsi, J.H., Keccak, Luffa, Shabal, SHAvite-3, SIMD, and Skein. Cryptology ePrint Archive, Report 2009/510 (2009), http://eprint.iacr.org/

  14. Wang, X., Yin, Y.L., Yu, H.: Finding Collisions in the Full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)

    Google Scholar 

  15. Wang, X., Yu, H.: How to Break MD5 and Other Hash Functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute for Applied Information Processing and Communications (IAIK), Graz University of Technology, Inffeldgasse 16a, A-8010, Graz, Austria

    Florian Mendel & Martin Schläffer

  2. Dept. of Electrical Engineering ESAT/COSIC, K.U. Leuven, and Interdisciplinary Institute for BroadBand Technology (IBBT), Kasteelpark Arenberg 10, B–3001, Heverlee, Belgium

    Christian Rechberger

  3. Department of Mathematics, Technical University of Denmark, Matematiktorvet 303S, DK-2800 Kgs., Lyngby, Denmark

    Søren S. Thomsen

Authors
  1. Florian Mendel
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Christian Rechberger
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Martin Schläffer
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Søren S. Thomsen
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computing, Macquarie University, NSW 2109, Sydney, Australia

    Josef Pieprzyk

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Mendel, F., Rechberger, C., Schläffer, M., Thomsen, S.S. (2010). Rebound Attacks on the Reduced Grøstl Hash Function. In: Pieprzyk, J. (eds) Topics in Cryptology - CT-RSA 2010. CT-RSA 2010. Lecture Notes in Computer Science, vol 5985. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-11925-5_24

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-11925-5_24

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-11924-8

  • Online ISBN: 978-3-642-11925-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation