Advertisement

Cube Attacks and Cube-Attack-Like Cryptanalysis on the Round-Reduced Keccak Sponge Function

  • Itai Dinur
  • Paweł Morawiecki
  • Josef Pieprzyk
  • Marian Srebrny
  • Michał Straus
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9056)

Abstract

In this paper, we comprehensively study the resistance of keyed variants of SHA-3 (Keccak) against algebraic attacks. This analysis covers a wide range of key recovery, MAC forgery and other types of attacks, breaking up to 9 rounds (out of the full 24) of the Keccak internal permutation much faster than exhaustive search. Moreover, some of our attacks on the 6-round Keccak are completely practical and were verified on a desktop PC. Our methods combine cube attacks (an algebraic key recovery attack) and related algebraic techniques with structural analysis of the Keccak permutation. These techniques should be useful in future cryptanalysis of Keccak and similar designs.

Although our attacks break more rounds than previously published techniques, the security margin of Keccak remains large. For Keyak – the Keccak-based authenticated encryption scheme – the nominal number of rounds is 12 and therefore its security margin is smaller (although still sufficient).

Keywords

Keccak SHA-3 Sponge function Cube attack 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    CAESAR: Competition for Authenticated Encryption: Security, Applicability, and Robustness. http://competitions.cr.yp.to/caesar.html
  2. 2.
    Aumasson, J.P., Meier, W.: Zero-sum Distinguishers for Reduced Keccak-f and for the Core Functions of Luffa and Hamsi. Tech. rep., NIST mailing list (2009)Google Scholar
  3. 3.
    Aumasson, J.-P., Dinur, I., Meier, W., Shamir, A.: Cube testers and key recovery attacks on reduced-round MD6 and trivium. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 1–22. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  4. 4.
    Bard, G.V., Courtois, N.T., Nakahara Jr., J., Sepehrdad, P., Zhang, B.: Algebraic, AIDA/cube and side channel analysis of KATAN family of block ciphers. In: Gong, G., Gupta, K.C. (eds.) INDOCRYPT 2010. LNCS, vol. 6498, pp. 176–196. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  5. 5.
    Bellare, M., Canetti, R., Krawczyk, H.: Message Authentication Using Hash Functions: the HMAC Construction. CryptoBytes 2(1), 12–15 (1996)Google Scholar
  6. 6.
    Bernstein, D.J.: Second Preimages for 6 (7? (8??)) Rounds of Keccak? NIST mailing list (2010). http://ehash.iaik.tugraz.at/uploads/6/65/NIST-mailing-list_Bernstein-Daemen.txt
  7. 7.
    Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Cryptographic Sponges. http://sponge.noekeon.org/CSF-0.1.pdf
  8. 8.
    Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Keccak Sponge Function Family Main Document. http://keccak.noekeon.org/Keccak-main-2.1.pdf
  9. 9.
    Bertoni, G., Daemen, J., Peeters, M., Van Assche, G., Van Keer, R.: Keyak. http://keyak.noekeon.org
  10. 10.
    Bertoni, G., Daemen, J., Peeters, M., Assche, G.V.: Duplexing the Sponge: Single-pass Authenticated Encryption and Other Applications. Cryptology ePrint Archive, Report 2011/499 (2011). http://eprint.iacr.org/
  11. 11.
    Boura, C., Canteaut, A., De Cannière, C.: Higher-order differential properties of Keccak and Luffa. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 252–269. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  12. 12.
    Dinur, I., Dunkelman, O., Shamir, A.: New attacks on keccak-224 and keccak-256. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 442–461. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  13. 13.
    Dinur, I., Dunkelman, O., Shamir, A.: Collision attacks on up to 5 rounds of SHA-3 using generalized internal differentials. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 219–240. Springer, Heidelberg (2014) CrossRefGoogle Scholar
  14. 14.
    Dinur, I., Shamir, A.: Cube attacks on tweakable black box polynomials. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 278–299. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  15. 15.
    Dinur, I., Shamir, A.: Breaking grain-128 with dynamic cube attacks. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 167–187. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  16. 16.
    Fischer, S., Khazaei, S., Meier, W.: Chosen IV statistical analysis for key recovery attacks on stream ciphers. In: Vaudenay, S. (ed.) AFRICACRYPT 2008. LNCS, vol. 5023, pp. 236–245. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  17. 17.
    Homsirikamol, E., Morawiecki, P., Rogawski, M., Srebrny, M.: Security margin evaluation of SHA-3 contest finalists through SAT-based attacks. In: Cortesi, A., Chaki, N., Saeed, K., Wierzchoń, S. (eds.) CISIM 2012. LNCS, vol. 7564, pp. 56–67. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  18. 18.
    Jovanovic, P., Luykx, A., Mennink, B.: Beyond \(2^{c/2}\) Security in Sponge-Based Authenticated Encryption Modes. Cryptology ePrint Archive, Report 2014/373 (2014)Google Scholar
  19. 19.
    Knellwolf, S., Meier, W., Naya-Plasencia, M.: Conditional differential cryptanalysis of NLFSR-based cryptosystems. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 130–145. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  20. 20.
    Lai, X.: Higher order derivatives and differential cryptanalysis. In: Blahut, R., Costello, D.J., Maurer, U., Mittelholzer, T. (eds.) Communications and Cryptography. The Springer International Series in Engineering and Computer Science, vol. 276, pp. 227–233. Springer, US (1994)Google Scholar
  21. 21.
    Lathrop, J.: Cube Attacks on Cryptographic Hash Functions. Master’s thesis, Rochester Institute of Technology (2009)Google Scholar
  22. 22.
    Naya-Plasencia, M., Röck, A., Meier, W.: Practical analysis of reduced-round Keccak. In: Bernstein, D.J., Chatterjee, S. (eds.) INDOCRYPT 2011. LNCS, vol. 7107, pp. 236–254. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  23. 23.
    Vielhaber, M.: Breaking ONE.FIVIUM by AIDA an Algebraic IV Differential Attack. Cryptology ePrint Archive, Report 2007/413 (2007)Google Scholar

Copyright information

© International Association for Cryptologic Research 2015

Authors and Affiliations

  • Itai Dinur
    • 1
  • Paweł Morawiecki
    • 2
    • 3
  • Josef Pieprzyk
    • 4
  • Marian Srebrny
    • 2
    • 3
  • Michał Straus
    • 3
  1. 1.Computer Science DepartmentÉcole Normale SupérieureParisFrance
  2. 2.Institute of Computer SciencePolish Academy of SciencesWarsawPoland
  3. 3.Section of InformaticsUniversity of CommerceKielcePoland
  4. 4.Queensland University of TechnologyBrisbaneAustralia

Personalised recommendations