A Distinguisher for the Compression Function of SIMD-512

Mendel, Florian; Nad, Tomislav

doi:10.1007/978-3-642-10628-6_15

Florian Mendel¹⁸ &
Tomislav Nad¹⁸

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5922))

Included in the following conference series:

International Conference on Cryptology in India

870 Accesses
5 Citations

Abstract

SIMD is one of the round 2 candidates of the public SHA-3 competition hosted by NIST. It was designed by Leurent et al.. In this paper, we present a distinguisher attack on the compression function of SIMD-512. By linearizing the compression function we construct a linear code. Using techniques from coding theory to search for low Hamming weight codewords, we can find differential characteristics with low Hamming weight (and hence high probability). In the attack the differences are introduced only in the IV. Such a characteristic is the base for our distinguisher, which can distinguish the compression function of SIMD-512 from random with a complexity of 5·2^425.28 compression function calls. Furthermore, we can distinguish the output transformation of SIMD-512 from random with a complexity of about 22·2^425.28 compression function calls. So far this is the first cryptanalytic result for the SIMD hash function.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Alex Biryukov, D.K., Nikolić, I.: Distinguisher and Related-Key Attack on the Full AES-256. In: Halevi, S. (ed.) Crypto. LNCS, vol. 5677, pp. 231–249. Springer, Heidelberg (2009)
Google Scholar
Canteaut, A., Chabaud, F.: A New Algorithm for Finding Minimum-Weight Words in a Linear Code: Application to McEliece’s Cryptosystem and to Narrow-Sense BCH Codes of Length 511. IEEE Transactions on Information Theory 44(1), 367–378 (1998)
Article MATH MathSciNet Google Scholar
Chabaud, F., Joux, A.: Differential Collisions in SHA-0. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 56–71. Springer, Heidelberg (1998)
Google Scholar
Chang, D., Nandi, M.: Improved Indifferentiability Security Analysis of chopMD Hash Function. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 429–443. Springer, Heidelberg (2008)
Chapter Google Scholar
Damgård, I.B.: A Design Principle for Hash Functions. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 416–427. Springer, Heidelberg (1990)
Google Scholar
Daum, M.: Cryptanalysis of Hash Functions of the MD4-Family. Ph.D. thesis, Ruhr-Universität Bochum (May 2005), http://www.cits.rub.de/imperia/md/content/magnus/dissmd4.pdf
Indesteege, S., Preneel, B.: Practical Collisions for EnRUPT. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 246–259. Springer, Heidelberg (2009)
Google Scholar
Leurent, G., Bouillaguet, C., Fouque, P.A.: SIMD Is a Message Digest. Submission to NIST (2008), http://www.di.ens.fr/~leurent/files/SIMD.pdf
Lucks, S.: A Failure-Friendly Design Principle for Hash Functions. In: Roy, B. K. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 474–494. Springer, Heidelberg (2005)
Chapter Google Scholar
Maurer, U.M., Tessaro, S.: Domain Extension of Public Random Functions: Beyond the Birthday Barrier. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 187–204. Springer, Heidelberg (2007)
Chapter Google Scholar
Merkle, R.C.: One Way Hash Functions and DES. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 428–446. Springer, Heidelberg (1990)
Google Scholar
National Institute of Standards and Technology: Announcing Request for Candidate Algorithm Nominations for a New Cryptographic Hash Algorithm (SHA-3) Family. Federal Register Notice, (November 2007), http://csrc.nist.gov
Pramstaller, N., Rechberger, C., Rijmen, V.: Exploiting Coding Theory for Collision Attacks on SHA-1. In: Smart, N.P. (ed.) Cryptography and Coding 2005. LNCS, vol. 3796, pp. 78–95. Springer, Heidelberg (2005)
Chapter Google Scholar
Rijmen, V., Oswald, E.: Update on SHA-1. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 58–71. Springer, Heidelberg (2005)
Google Scholar
Wang, X., Yu, H.: How to Break MD5 and Other Hash Functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005)
Google Scholar

Download references

Author information

Authors and Affiliations

Institute for Applied Information Processing and Communications (IAIK), Graz University of Technology, Inffeldgasse 16a, A-8010, Graz, Austria
Florian Mendel & Tomislav Nad

Authors

Florian Mendel
View author publications
You can also search for this author in PubMed Google Scholar
Tomislav Nad
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Applied Statistics Unit, Indian Statistical Institute, 203 B.T. Road, 700108, Kolkata, India
Bimal Roy
Projet Team SECRET, Centre de Recherche INRIA Rocquencourt, B.P. 105, 78153, Le Chesnay Cedex, France
Nicolas Sendrier

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Mendel, F., Nad, T. (2009). A Distinguisher for the Compression Function of SIMD-512. In: Roy, B., Sendrier, N. (eds) Progress in Cryptology - INDOCRYPT 2009. INDOCRYPT 2009. Lecture Notes in Computer Science, vol 5922. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10628-6_15

Download citation

DOI: https://doi.org/10.1007/978-3-642-10628-6_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-10627-9
Online ISBN: 978-3-642-10628-6
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics