Analysis of the Kupyna-256 Hash Function

  • Christoph Dobraunig
  • Maria Eichlseder
  • Florian Mendel
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9783)

Abstract

The hash function Kupyna was recently published as the Ukrainian standard DSTU 7564:2014. It is structurally very similar to the SHA-3 finalist Grøstl, but differs in details of the round transformations. Most notably, some of the round constants are added with a modular addition, rather than bitwise xor. This change prevents a straightforward application of some recent attacks, in particular of the rebound attacks on the compression function of similar AES-like hash constructions. However, we show that it is actually possible to mount rebound attacks, despite the presence of modular constant additions. More specifically, we describe collision attacks on the compression function for 6 (out of 10) rounds of Kupyna-256 with an attack complexity of \(2^{70}\), and for 7 rounds with complexity \(2^{125.8}\). In addition, we can use the rebound attack for creating collisions for the round-reduced hash function itself. This is possible for 4 rounds of Kupyna-256 with complexity \(2^{67}\) and for 5 rounds with complexity \(2^{120}\).

Keywords

Hash functions Cryptanalysis Collisions Free-start collisions Kupyna Rebound attack 

References

  1. 1.
    Canteaut, A. (ed.): FSE 2012. LNCS, vol. 7549. Springer, Heidelberg (2012)MATHGoogle Scholar
  2. 2.
    Daemen, J., Rijmen, V.: The wide trail design strategy. In: Honary, B. (ed.) IMA 2001. LNCS, vol. 2260, pp. 222–238. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  3. 3.
    Gauravaram, P., Knudsen, L.R., Matusiewicz, K., Mendel, F.,Rechberger, C.,Schläffer, M., Thomsen, S.S.: Grøstl – a SHA-3 candidate. Submission to NIST, January 2009. http://www.groestl.info
  4. 4.
    Gilbert, H., Peyrin, T.: Super-Sbox cryptanalysis: improved attacks for AES-Like permutations. In: Hong, S., Iwata, T. (eds.) FSE 2010. LNCS, vol. 6147, pp. 365–383. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  5. 5.
    Jean, J., Naya-Plasencia, M., Peyrin, T.: Improved rebound attack on the finalist Grøstl. In: Canteaut [1], pp. 110–126Google Scholar
  6. 6.
    Lamberger, M., Mendel, F., Rechberger, C., Rijmen, V., Schläffer, M.: Rebound distinguishers: results on the full whirlpool compression function. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 126–143. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  7. 7.
    Lamberger, M., Mendel, F., Schläffer, M., Rechberger, C., Rijmen, V.: The rebound attack and subspace distinguishers: application to whirlpool. J. Cryptol. 28(2), 257–296 (2015)MathSciNetCrossRefMATHGoogle Scholar
  8. 8.
    Mendel, F., Pramstaller, N., Rechberger, C., Kontak, M., Szmidt, J.: Cryptanalysis of the GOST hash function. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 162–178. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  9. 9.
    Mendel, F., Rechberger, C., Schläffer, M., Thomsen, S.S.: The rebound attack: cryptanalysis of reduced whirlpool and Grøstl. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 260–276. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  10. 10.
    Mendel, F., Rechberger, C., Schläffer, M., Thomsen, S.S.: Rebound attacks on the reduced Grøstl hash function. In: Pieprzyk, J. (ed.) CT-RSA 2010. LNCS, vol. 5985, pp. 350–365. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  11. 11.
    Mendel, F., Rijmen, V., Schläffer, M.: Collision attack on 5 rounds of Grøstl. In: Cid, C., Rechberger, C. (eds.) FSE 2014. LNCS, vol. 8540, pp. 509–521. Springer, Heidelberg (2015)Google Scholar
  12. 12.
    Oliynykov, R., Gorbenko, I., Kazymyrov, O., Ruzhentsev, V., Kuznetsov, O.,Gorbenko, Y., Boiko, A., Dyrda, O., Dolgov, V., Pushkaryov, A.: A newstandard of Ukraine: the Kupyna hash function. Cryptology ePrint Archive, Report 2015/885 (2015). http://eprint.iacr.org/2015/885
  13. 13.
    Wu, S., Feng, D., Wu, W., Guo, J., Dong, L., Zou, J.: (pseudo) preimage attack on round-reduced Grøstl hash function and others. In: Canteaut [1], pp. 127–145Google Scholar
  14. 14.
    Zou, J., Dong, L.: Cryptanalysis of the round-reduced Kupyna hash function.Cryptology ePrint Archive, Report 2015/959 (2015). http://eprint.iacr.org/2015/959

Copyright information

© International Association for Cryptologic Research 2016

Authors and Affiliations

  • Christoph Dobraunig
    • 1
  • Maria Eichlseder
    • 1
  • Florian Mendel
    • 1
  1. 1.Graz University of TechnologyGrazAustria

Personalised recommendations