Collision Attacks on Up to 5 Rounds of SHA-3 Using Generalized Internal Differentials

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8424)

Abstract

On October 2-nd 2012 NIST announced its selection of the Keccak scheme as the new SHA-3 hash standard. In this paper we present the first published collision finding attacks on reduced-round versions of Keccak-384 and Keccak-512, providing actual collisions for 3-round versions, and describing an attack which is \(2^{45}\) times faster than birthday attacks for 4-round Keccak-384. For Keccak-256, we increase the number of rounds which can be attacked to 5. All these results are based on a generalized internal differential attack (introduced by Peyrin at Crypto 2010), and use it to map a large number of Keccak inputs into a relatively small subset of possible outputs with a surprisingly large probability. In such a squeeze attack it is easier to find random collisions in the reduced target subset by a standard birthday argument.

Keywords

Hash function Cryptanalysis SHA-3 Keccak Collisions Internal differentials Squeeze attack 

Notes

Acknowledgements

The authors would like to thank the anonymous referees for their very helpful comments on the preliminary version of this paper.

References

  1. 1.
    Aumasson, J.-P., Meier, W.: Zero-sum distinguishers for reduced Keccak-f and for the core functions of Luffa and Hamsi. NIST mailing list (2009)Google Scholar
  2. 2.
    Bernstein, D.J.: Second preimages for 6 (7? (8??)) rounds of keccak? NIST mailing list (2010)Google Scholar
  3. 3.
    Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: On the indifferentiability of the sponge construction. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 181–197. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  4. 4.
    Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: The Keccak SHA-3 submission. Submission to NIST (Round 3) (2011)Google Scholar
  5. 5.
    Biham, E.: New types of cryptanalytic attacks using related keys. J. Cryptology 7(4), 229–246 (1994)CrossRefMATHGoogle Scholar
  6. 6.
    Biryukov, A., Wagner, D.: Slide attacks. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol. 1636, pp. 245–259. Springer, Heidelberg (1999) CrossRefGoogle Scholar
  7. 7.
    Bouillaguet, C., Dunkelman, O., Leurent, G., Fouque, P.-A.: Another look at complementation properties. In: Hong, S., Iwata, T. (eds.) FSE 2010. LNCS, vol. 6147, pp. 347–364. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  8. 8.
    Boura, C., Canteaut, A.: Zero-sum distinguishers for iterated permutations and application to Keccak-f and Hamsi-256. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) SAC 2010. LNCS, vol. 6544, pp. 1–17. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  9. 9.
    Chang, S.-J., Perlner, R., Burr, W.E., Turan, M.S., Kelsey, J.M., Paul, S., Bassham, L.E.: Third-Round Report of the SHA-3 Cryptographic Hash Algorithm Competition (2012). http://csrc.nist.gov/groups/ST/hash/sha-3/Round3/documents/Round3_Report_NISTIR_7896.pdf
  10. 10.
    Daemen, J., Van Assche, G.: Differential propagation analysis of Keccak. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 422–441. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  11. 11.
    Dinur, I., Dunkelman, O., Shamir, A.: Collision attacks on Up to 5 rounds of SHA-3 using generalized internal differentials. Cryptology ePrint Archive, Report 2012/672 (2012). http://eprint.iacr.org/
  12. 12.
    Dinur, I., Dunkelman, O., Shamir, A.: New attacks on Keccak-224 and Keccak-256. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 442–461. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  13. 13.
    Duan, M., Lai, X.: Improved zero-sum distinguisher for full round Keccak-f Permutation. Cryptology ePrint Archive, Report 2011/023 (2011)Google Scholar
  14. 14.
    Duc, A., Guo, J., Peyrin, T., Wei, L.: Unaligned rebound attack: application to Keccak. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 402–421. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  15. 15.
    Harpes, C., Massey, J.L.: Partitioning cryptanalysis. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 13–27. Springer, Heidelberg (1997) CrossRefGoogle Scholar
  16. 16.
    Homsirikamol, E., Morawiecki, P., Rogawski, M., Srebrny, M.: Security margin evaluation of SHA-3 contest finalists through SAT-Based attacks. In: Cortesi, A., Chaki, N., Saeed, K., Wierzchoń, S. (eds.) CISIM 2012. LNCS, vol. 7564, pp. 56–67. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  17. 17.
    Knuth, D.E.: The Art of Computer Programming. Seminumerical algorithms, vol. 2, 2nd edn. Addison-Wesley, Reading (1981)MATHGoogle Scholar
  18. 18.
    Van Le, T., Sparr, R., Wernsdorf, R., Desmedt, Y.G.: Complementation-like and cyclic properties of AES round functions. In: Dobbertin, H., Rijmen, V., Sowa, A. (eds.) AES 2005. LNCS, vol. 3373, pp. 128–141. Springer, Heidelberg (2005) CrossRefGoogle Scholar
  19. 19.
    Leander, G., Abdelraheem, M.A., AlKhzaimi, H., Zenner, E.: A Cryptanalysis of PRINTcipher: The Invariant Subspace Attack. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 206–221. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  20. 20.
    Morawiecki, P., Pieprzyk, J., Srebrny, M.: Rotational cryptanalysis of round-reduced Keccak. Cryptology ePrint Archive, Report 2012/546 (2012). http://eprint.iacr.org/
  21. 21.
    Naya-Plasencia, M., Röck, A., Meier, W.: Practical analysis of reduced-round Keccak. In: Bernstein, D.J., Chatterjee, S. (eds.) INDOCRYPT 2011. LNCS, vol. 7107, pp. 236–254. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  22. 22.
    Peyrin, T.: Improved differential attacks for ECHO and Grøstl. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 370–392. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  23. 23.
    van Oorschot, P.C., Wiener, M.: Improving implementable meet-in-the-middle attacks by orders of magnitude. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 229–236. Springer, Heidelberg (1996) Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  1. 1.Computer Science DepartmentThe Weizmann InstituteRehovotIsrael
  2. 2.Computer Science DepartmentUniversity of HaifaHaifaIsrael

Personalised recommendations