Advertisement

Higher-Order Differential Properties of Keccak and Luffa

  • Christina Boura
  • Anne Canteaut
  • Christophe De Cannière
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6733)

Abstract

In this paper, we identify higher-order differential and zero-sum properties in the full Keccak-f permutation, in the Luffa v1 hash function and in components of the Luffa v2 algorithm. These structural properties rely on a new bound on the degree of iterated permutations with a nonlinear layer composed of parallel applications of a number of balanced Sboxes. These techniques yield zero-sum partitions of size 21575 for the full Keccak-f permutation and several observations on the Luffa hash family. We first show that Luffa v1 applied to one-block messages is a function of 255 variables with degree at most 251. This observation leads to the construction of a higher-order differential distinguisher for the full Luffa v1 hash function, similar to the one presented by Watanabe et al. on a reduced version. We show that similar techniques can be used to find all-zero higher-order differentials in the Luffa v2 compression function, but the additional blank round destroys this property in the hash function.

Keywords

Hash functions degree higher-order differentials zero-sums SHA-3 

References

  1. 1.
    Aumasson, J.-P., Meier, W.: Zero-sum distinguishers for reduced Keccak -f and for the core functions of Luffa and Hamsi. Presented at the Rump Session of Cryptographic Hardware and Embedded Systems - CHES 2009 (2009)Google Scholar
  2. 2.
    Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Keccak sponge function family main document. Submission to NIST, Round 2 (2009)Google Scholar
  3. 3.
    Boura, C., Canteaut, A.: Zero-Sum Distinguishers for Iterated Permutations and Application to Keccak-f and Hamsi-256. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) SAC 2010. LNCS, vol. 6544, pp. 1–17. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  4. 4.
    De Cannière, C., Sato, H., Watanabe, D.: The reasons for the change of Luffa. Supplied with the Second Round PackageGoogle Scholar
  5. 5.
    De Cannière, C., Sato, H., Watanabe, D.: Hash Function Luffa: Specification. Submission to NIST, Round 1 (2008)Google Scholar
  6. 6.
    De Cannière, C., Sato, H., Watanabe, D.: Hash Function Luffa: Specification. Submission to NIST, Round 2 (2009)Google Scholar
  7. 7.
    Canteaut, A., Videau, M.: Degree of composition of highly nonlinear functions and applications to higher order differential cryptanalysis. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 518–533. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  8. 8.
    Duan, M., Lai, X.: Improved zero-sum distinguisher for full round Keccak -f permutation. IACR ePrint Report 2011/023 (January 2011), http://eprint.iacr.org/2011/023
  9. 9.
    Khovratovich, D., Naya-Plasencia, M., Röck, A., Schläffer, M.: Cryptanalysis of Luffa v2 components. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) SAC 2010. LNCS, vol. 6544, pp. 388–409. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  10. 10.
    Knudsen, L.R.: Truncated and higher order differentials. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 196–211. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  11. 11.
    Knudsen, L.R., Rijmen, V.: Known-key distinguishers for some block ciphers. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 315–324. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  12. 12.
    Lai, X.: Higher order derivatives and differential cryptanalysis. In: Proc. Symposium on Communication, Coding and Cryptography, in Honor of J. L. Massey on the Occasion of His 60’th Birthday. Kluwer Academic Publishers, Dordrecht (1994)Google Scholar
  13. 13.
    Watanabe, D., Hatano, Y., Yamada, T., Kaneko, T.: Higher Order Differential Attack on Step-Reduced Variants of Luffa v1. In: Hong, S., Iwata, T. (eds.) FSE 2010. LNCS, vol. 6147, pp. 270–285. Springer, Heidelberg (2010)CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2011

Authors and Affiliations

  • Christina Boura
    • 1
    • 2
  • Anne Canteaut
    • 1
  • Christophe De Cannière
    • 3
  1. 1.SECRET Project-Team - INRIA Paris-RocquencourtLe Chesnay CedexFrance
  2. 2.GemaltoMeudon sur SeineFrance
  3. 3.Department of Electrical Engineering ESAT/SCD-COSICKatholieke Universiteit LeuvenHeverleeBelgium

Personalised recommendations