Advertisement

Preimage Attacks on Round-Reduced Keccak-224/256 via an Allocating Approach

  • Ting Li
  • Yao SunEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11478)

Abstract

We present new preimage attacks on standard Keccak-224 and Keccak-256 that are reduced to 3 and 4 rounds. An allocating approach is used in the attacks, and the whole complexity is allocated to two stages, such that fewer constraints are considered and the complexity is lowered in each stage. Specifically, we are trying to find a 2-block preimage, instead of a 1-block one, for a given hash value, and the first and second message blocks are found in two stages, respectively. Both the message blocks are constrained by a set of newly proposed conditions on the middle state, which are weaker than those brought by the initial values and the hash values. Thus, the complexities in the two stages are both lower than that of finding a 1-block preimage directly. Together with the basic allocating approach, an improved method is given to balance the complexities of two stages, and hence, obtains the optimal attacks. As a result, we present the best theoretical preimage attacks on Keccak-224 and Keccak-256 that are reduced to 3 and 4 rounds. Moreover, we practically found a (second) preimage for 3-round Keccak-224 with a complexity of \(2^{39.39}\).

Keywords

Cryptanalysis Keccak SHA-3 Preimage attack 

References

  1. 1.
    Aumasson, J., Meier, W.: Zero-sum distinguishers for reduced Keccak-f and for the core functions of Luffa and Hamsi (2009). https://131002.net/data/papers/AM09.pdf
  2. 2.
    Bernstein, D.: Second preimages for 6(7?(8??)) rounds of Keccak. In: NIST Mailing List (2010)Google Scholar
  3. 3.
    Bertoni, G., Daemen, J., Peeters, M., Assche, G.V.: The Keccak reference, version 3.0 (2011). https://keccak.team/keccak.html
  4. 4.
    Chaigneau, C., et al.: Key-recovery attacks on full kravatte. IACR Trans. Symmetric Cryptol. 2018, 5–28 (2018).  https://doi.org/10.13154/tosc.v2018.i1.5-28. https://tosc.iacr.org/index.php/ToSC/article/view/842CrossRefGoogle Scholar
  5. 5.
    Chang, D., Kumar, A., Morawiecki, P., Sanadhya, S.: 1st and 2nd preimage attacks on 7, 8 and 9 rounds of Keccak-224,256,384,512. In: SHA-3 Workshop (2014)Google Scholar
  6. 6.
    Daemen, J., Van Assche, G.: Differential propagation analysis of Keccak. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 422–441. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-34047-5_24CrossRefGoogle Scholar
  7. 7.
    Dinur, I., Dunkelman, O., Shamir, A.: New attacks on keccak-224 and Keccak-256. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 442–461. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-34047-5_25. Revised Selected PapersCrossRefGoogle Scholar
  8. 8.
    Dinur, I., Dunkelman, O., Shamir, A.: Collision attacks on up to 5 rounds of SHA-3 using generalized internal differentials. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 219–240. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-43933-3_12. Revised Selected PapersCrossRefGoogle Scholar
  9. 9.
    Dinur, I., Dunkelman, O., Shamir, A.: Improved practical attacks on round-reduced Keccak. J. Cryptol. 27(2), 183–209 (2014)MathSciNetCrossRefGoogle Scholar
  10. 10.
    Dinur, I., Morawiecki, P., Pieprzyk, J., Srebrny, M., Straus, M.: Cube attacks and cube-attack-like cryptanalysis on the round-reduced Keccak sponge function. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 733–761. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46800-5_28CrossRefGoogle Scholar
  11. 11.
    Dinur, I., Morawiecki, P.L., Pieprzyk, J., Srebrny, M., Straus, M.L.: Practical complexity cube attacks on round-reduced Keccak sponge function. IACR Cryptology ePrint Archive 2014, 259 (2014)Google Scholar
  12. 12.
    Guo, J., Liu, M., Song, L.: Linear structures: applications to cryptanalysis of round-reduced Keccak. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 249–274. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53887-6_9CrossRefGoogle Scholar
  13. 13.
    Huang, S., Wang, X., Xu, G., Wang, M., Zhao, J.: Conditional cube attack on reduced-round Keccak sponge function. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10211, pp. 259–288. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-56614-6_9CrossRefGoogle Scholar
  14. 14.
    Kölbl, S., Mendel, F., Nad, T., Schläffer, M.: Differential cryptanalysis of Keccak variants. In: Stam, M. (ed.) IMACC 2013. LNCS, vol. 8308, pp. 141–157. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-45239-0_9CrossRefGoogle Scholar
  15. 15.
    Li, T., Sun, Y., Liao, M., Wang, D.: Preimage attacks on the round-reduced Keccak with cross-linear structures. IACR Trans. Symmetric Cryptol. 2017, 39–57 (2017)Google Scholar
  16. 16.
    Li, Z., Bi, W., Dong, X., Wang, X.: Improved conditional cube attacks on Keccak keyed modes with MILP method. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10624, pp. 99–127. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-70694-8_4CrossRefGoogle Scholar
  17. 17.
    Morawiecki, P., Pieprzyk, J., Srebrny, M.: Rotational cryptanalysis of round-reduced Keccak. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 241–262. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-43933-3_13. Revised Selected PapersCrossRefGoogle Scholar
  18. 18.
    Morawiecki, P., Srebrny, M.: A sat-based preimage analysis of reduced Keccak hash functions. Inf. Process. Lett. 113(10–11), 392–397 (2013)MathSciNetCrossRefGoogle Scholar
  19. 19.
    Naya-Plasencia, M., Röck, A., Meier, W.: Practical analysis of reduced-round Keccak. In: Bernstein, D.J., Chatterjee, S. (eds.) INDOCRYPT 2011. LNCS, vol. 7107, pp. 236–254. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-25578-6_18CrossRefGoogle Scholar
  20. 20.
    NIST: SHA-3 competition (2007-2012). http://csrc.nist.gov/groups/ST/hash/sha-3/index.html
  21. 21.
    Preneel, B.: The state of cryptographic hash functions. In: Damgård, I.B. (ed.) EEF School 1998. LNCS, vol. 1561, pp. 158–182. Springer, Heidelberg (1999).  https://doi.org/10.1007/3-540-48969-X_8CrossRefGoogle Scholar
  22. 22.
    Qiao, K., Song, L., Liu, M., Guo, J.: New collision attacks on round-reduced Keccak. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10212, pp. 216–243. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-56617-7_8CrossRefGoogle Scholar
  23. 23.
    Song, L., Liao, G., Guo, J.: Non-full Sbox linearization: applications to collision attacks on round-reduced Keccak. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10402, pp. 428–451. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-63715-0_15CrossRefGoogle Scholar
  24. 24.
    Song, L., Guo, J., Shi, D.: New MILP modeling: improved conditional cube attacks to Keccak-based constructions. IACR Cryptology ePrint Archive 2017, 1030 (2017)Google Scholar
  25. 25.
    Stevens, M., Bursztein, E., Karpman, P., Albertini, A., Markov, Y.: The first collision for full SHA-1. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10401, pp. 570–596. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-63688-7_19CrossRefGoogle Scholar
  26. 26.
    The U.S. National Institute of Standards and Technology Technology: SHA-3 standard: Permutation-based hash and extendable-output functions. In: Federal Information Processing Standard, FIPS 202 (2015). http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf
  27. 27.
    Wang, X., Yu, H.: How to break MD5 and other hash functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005).  https://doi.org/10.1007/11426639_2CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2019

Authors and Affiliations

  1. 1.State Key Laboratory of Information Security, Institute of Information EngineeringChinese Academy of SciencesBeijingChina
  2. 2.School of Cyber SecurityUniversity of Chinese Academy of SciencesBeijingChina

Personalised recommendations