Collision Attacks on Up to 5 Rounds of SHA-3 Using Generalized Internal Differentials

Dinur, Itai; Dunkelman, Orr; Shamir, Adi

doi:10.1007/978-3-662-43933-3_12

Cited by 51 publications

(39 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Considering attacks that break core security properties of the keyless, hashing mode, much faster than exhaustive search, the best result is 5 rounds [13]. As we can break up to 9 rounds of the keyed variants, the conclusion from our analysis is that the security margin of Keccak is somewhat reduced in the keyed modes.…”

Section: Resultsmentioning

confidence: 88%

Cube Attacks and Cube-Attack-Like Cryptanalysis on the Round-Reduced Keccak Sponge Function

Dinur

Morawiecki

Pieprzyk

et al. 2015

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. In this paper, we comprehensively study the resistance of keyed variants of SHA-3 (Keccak) against algebraic attacks. This analysis covers a wide range of key recovery, MAC forgery and other types of attacks, breaking up to 9 rounds (out of the full 24) of the Keccak internal permutation much faster than exhaustive search. Moreover, some of our attacks on the 6-round Keccak are completely practical and were verified on a desktop PC. Our methods combine cube attacks (an algebraic key recovery attack) and related algebraic techniques with structural analysis of the Keccak permutation. These techniques should be useful in future cryptanalysis of Keccak and similar designs. Although our attacks break more rounds than previously published techniques, the security margin of Keccak remains large. For Keyak -a Keccak-based authenticated encryption scheme -the nominal number of rounds is 12 and therefore its security margin is smaller (although still sufficient).

show abstract

Section: Resultsmentioning

confidence: 88%

Cube Attacks and Cube-Attack-Like Cryptanalysis on the Round-Reduced Keccak Sponge Function

Dinur

Morawiecki

Pieprzyk

et al. 2015

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…Since the probability for obtaining the inverse of a hash is less than is less than the probability for obtaining the collision Preserving Forward Anonymity on Dynamic ID based Remote User attack, then in this case the probability for obtaining the collision attack should be observed. Suppose keccak-256 is used, then it can be attacked by methods which were proposed by Dinur et al [9,14], Naya-Plasencia et al [13], Kolbl et al [15] and Daemen et al [17]. Assume that the attacker used an attack proposed by Daemen et al [17] with probability of 2 -296 , in the 24-round collision attack, then the probability of obtaining the collision is equal to 2 -296 [17].Since the probability of obtaining the inverse of a hash value is always less than the probability for obtaining its collision, then the probability for obtaining the inverse of Keccak hash value is less than 2 -296 .…”

Section: A Strength Analysis For Preserving Forward Anonymitymentioning

confidence: 99%

Preserving Forward Anonymity on Dynamic ID based Remote User Authentication Scheme

Barmawi¹,

Suratman²

2017

ijeei

View full text Add to dashboard Cite

Recently, the use of smart cards in human life is increasing. One important aspect in implementing smart cards in human life is its security. Security should be considered because smart cards can contain important data that must be protected, and specific research is needed to address attacks against smart card. There are weaknesses in preserving forward anonymity on dynamic ID-based remote user authentication using smart cards as mentioned in Zhai et al. In their work, attacks that led to the failure of forward anonymity have been successfully carried out. This problem has already been overcome by Lee's scheme, with the probability of the forward anonymity failure was ½ 296 but the computation cost was still high. This research discussed about overcoming attacks that can lead to the failure of forward anonymity with probability of less than ½ 296 and has less computation cost. For this purpose, discrete log function and multiplicative inverse is introduced instead of using hash function and Diffie-Hellman method. Based on the discussion it is proven that these functions can preserve the forward anonymity with the probability of failure less than ½ 296 .

show abstract

“…Internal differentials The best collision attack against Keccak was obtained through the technique called internal differentials [13]. While in standard differential attacks we consider two different plaintexts, in internal differential attacks only one plaintext is considered, and the statistical evolution of the differences between its parts is followed.…”

Section: Differential Path Searchmentioning

confidence: 99%

“…Without κ all rounds of the permutation P would be equal making it subject to attacks exploiting symmetry such as slide attacks [10]. The constants used in Keccak have very low Hamming weight and this feature was exploited in two cryptanalytic attacks [13,22] against the round-reduced Keccak. These results motivated us to introduce constants with much higher Hamming weight.…”

Section: κmentioning

confidence: 99%

See 1 more Smart Citation

ICEPOLE: High-Speed, Hardware-Oriented Authenticated Encryption

Morawiecki

Gaj

Homsirikamol

et al. 2014

Advanced Information Systems Engineering

View full text Add to dashboard Cite

Abstract. This paper introduces our dedicated authenticated encryption scheme ICEPOLE. ICE-POLE is a high-speed hardware-oriented scheme, suitable for high-throughput network nodes or generally any environment where specialized hardware (such as FPGAs or ASICs) can be used to provide high data processing rates. ICEPOLE-128 (the primary ICEPOLE variant) is very fast. On the modern FPGA device Virtex 6, a basic iterative architecture of ICEPOLE reaches 41 Gbits/s, which is over 10 times faster than the equivalent implementation of AES-128-GCM. The throughput-to-area ratio is also substantially better when compared to AES-128-GCM. We have carefully examined the security of the algorithm through a range of cryptanalytic techniques and our findings indicate that ICEPOLE offers high security level.

show abstract

Collision Attacks on Up to 5 Rounds of SHA-3 Using Generalized Internal Differentials

Cited by 51 publications

References 16 publications

Cube Attacks and Cube-Attack-Like Cryptanalysis on the Round-Reduced Keccak Sponge Function

Cube Attacks and Cube-Attack-Like Cryptanalysis on the Round-Reduced Keccak Sponge Function

Preserving Forward Anonymity on Dynamic ID based Remote User Authentication Scheme

ICEPOLE: High-Speed, Hardware-Oriented Authenticated Encryption

Contact Info

Product

Resources

About