Cryptanalysis of 2 Round Keccak-384

  • Rajendra KumarEmail author
  • Nikhil Mittal
  • Shashank Singh
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11356)


In this paper, we present a cryptanalysis of round reduced Keccak-384 for 2 rounds. The best known preimage attack for this variant of Keccak has the time complexity \(2^{129}\). In our analysis, we find a preimage in the time complexity of \(2^{89}\) and almost same memory is required.


Keccak Sha-3 Cryptanalysis Hash functions Preimage attack 



We thank the reviewers of Indocrypt-2018 for providing comments which helped in improving the work. In particular, we thank an anonymous reviewer for suggesting us to implement the attack on the \(\textsc {Keccak}[r:=400-192, c:=192]\) and also providing insights to further improve the attack. We take it as the future work.


  1. 1.
    Bernstein, D.J.: Second preimages for 6 (7?(8??)) rounds of keccak. NIST mailing list (2010)Google Scholar
  2. 2.
    Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Keccak specifications. Submission to NIST (Round 2) (2009)Google Scholar
  3. 3.
    Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Cryptographic sponges (2011).
  4. 4.
    Chang, D., Kumar, A., Morawiecki, P., Sanadhya, S.K.: 1st and 2nd preimage attacks on 7, 8 and 9 rounds of Keccak-224,256,384,512. In: SHA-3 Workshop, August 2014Google Scholar
  5. 5.
    Dinur, I., Dunkelman, O., Shamir, A.: New attacks on Keccak-224 and Keccak-256. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 442–461. Springer, Heidelberg (2012). Scholar
  6. 6.
    Dinur, I., Dunkelman, O., Shamir, A.: Collision attacks on up to 5 rounds of SHA-3 using generalized internal differentials. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 219–240. Springer, Heidelberg (2014). Scholar
  7. 7.
    Dinur, I., Dunkelman, O., Shamir, A.: Improved practical attacks on round-reduced Keccak. J. Cryptol. 27(2), 183–209 (2014)MathSciNetCrossRefGoogle Scholar
  8. 8.
    Guo, J., Liu, M., Song, L.: Linear structures: applications to cryptanalysis of round-reduced Keccak. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 249–274. Springer, Heidelberg (2016). Scholar
  9. 9.
    Kumar, R., Rajasree, M.S., AlKhzaimi, H.: Cryptanalysis of 1-round KECCAK. In: Joux, A., Nitaj, A., Rachidi, T. (eds.) AFRICACRYPT 2018. LNCS, vol. 10831, pp. 124–137. Springer, Cham (2018). Scholar
  10. 10.
    Morawiecki, P., Pieprzyk, J., Srebrny, M.: Rotational cryptanalysis of round-reduced Keccak. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 241–262. Springer, Heidelberg (2014). Scholar
  11. 11.
    Morawiecki, P., Srebrny, M.: A sat-based preimage analysis of reduced Keccak hash functions. Inf. Process. Lett. 113(10–11), 392–397 (2013)MathSciNetCrossRefGoogle Scholar
  12. 12.
    Naya-Plasencia, M.: How to improve rebound attacks. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 188–205. Springer, Heidelberg (2011). Scholar
  13. 13.
    Naya-Plasencia, M., Röck, A., Meier, W.: Practical analysis of reduced-round Keccak. In: Bernstein, D.J., Chatterjee, S. (eds.) INDOCRYPT 2011. LNCS, vol. 7107, pp. 236–254. Springer, Heidelberg (2011). Scholar
  14. 14.
    Qiao, K., Song, L., Liu, M., Guo, J.: New collision attacks on round-reduced Keccak. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10212, pp. 216–243. Springer, Cham (2017). Scholar
  15. 15.
    Song, L., Liao, G., Guo, J.: Non-full sbox linearization: applications to collision attacks on round-reduced Keccak. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10402, pp. 428–451. Springer, Cham (2017). Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.Center for CybersecurityIndian Institute of Technology KanpurKanpurIndia
  2. 2.Indian Institute of Science Education and Research BhopalBhopalIndia

Personalised recommendations