Abstract
Keccak is one of the five hash functions selected for the final round of the SHA-3 competition, and its inner primitive is a permutation called Keccak-f. In this paper, we observe that for the inverse of the only nonlinear transformation in Keccak-f, the algebraic degree of any output coordinate and the one of the product of any two output coordinates are both 3, which is 2 less than its size of 5. Combining this observation with a proposition on the upper bound of the degree of iterated permutations, we improve the zero-sum distinguisher for the Keccak-f permutation with full 24 rounds by lowering the size of the zero-sum partition from 21590 to 21575.
Article PDF
Similar content being viewed by others
Avoid common mistakes on your manuscript.
References
Boura C, Canteaut A. Zero-sum distinguishers for iterated permutations and application to Keccak-f and Hamsi-256. In: Proceedings of the 17th International Workshop on Selected Areas in Cryptography 2010 Aug 12–13, Waterloo, Ontario, Canada. Waterloo: LNCS Springer Press, 2010. 1–17
Boura C, Canteaut A, Cannière C D. Higher-order differential properties of Keccak and Luffa, In: Proceedings of the 18th International Workshop on Fast Software Encryption 2011 Feb 14–16, Lyngby, Denmark. Lyngby: LNCS Springer Press, 2011. 252–269
Lai X J. Higher order derivatives and differential cryptanalysis. In: Communications and Cryptography: Two Sides of One Tapestry 1994, Switzerland. Switzerland: Kluwer Adademic Publishers, 1994. 227–233
Canteaut A, Videau M. Degree of composition of highly nonlinear functions and applications to higher order differential cryptanalysis. In: Advances in Cryptology-EUROCRYPT 2002, International Conference on the Theory and Applications of Cryptographic Techniques, Apr 28–May 2, Amsterdam, The Netherlands. Amsterdam: LNCS Springer Press, 2002. 518–533
Author information
Authors and Affiliations
Corresponding author
Additional information
This article is published with open access at Springerlink.com
Rights and permissions
This article is published under an open access license. Please check the 'Copyright Information' section either on this page or in the PDF for details of this license and what re-use is permitted. If your intended use exceeds what is permitted by the license or if you are unable to locate the licence and re-use information, please contact the Rights and Permissions team.
About this article
Cite this article
Duan, M., Lai, X. Improved zero-sum distinguisher for full round Keccak-f permutation. Chin. Sci. Bull. 57, 694–697 (2012). https://doi.org/10.1007/s11434-011-4909-x
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11434-011-4909-x