Rebound Attack on the Full Lane Compression Function

Matusiewicz, Krystian; Naya-Plasencia, Maŕıa; Nikolić, Ivica; Sasaki, Yu; Schläffer, Martin

doi:10.1007/978-3-642-10366-7_7

Cited by 50 publications

(56 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This showed that truncated differentials [22] are useful when cryptanalyzing a byteoriented primitive such as the AES. Later on, the rebound attack [27] was shown to lead to substantial efficiency improvements in the freedom degrees usage of the attacker [23,25,40]. The idea is to build a differential path and use the available freedom degrees in the "most expensive" part of the path.…”

Section: Introductionmentioning

confidence: 99%

Super-Sbox Cryptanalysis: Improved Attacks for AES-Like Permutations

Gilbert

Peyrin

2010

Lecture Notes in Computer Science

140

213

View full text Add to dashboard Cite

Abstract. In this paper, we improve the recent rebound and start-fromthe-middle attacks on AES-like permutations. Our new cryptanalysis technique uses the fact that one can view two rounds of such permutations as a layer of big Sboxes preceded and followed by simple affine transformations. The big Sboxes encountered in this alternative representation are named Super-Sboxes. We apply this method to two second-round SHA-3 candidates Grøstl and ECHO, and obtain improvements over the previous cryptanalysis results for these two schemes. Moreover, we improve the best distinguisher for the AES block cipher in the known-key setting, reaching 8 rounds for the 128-bit version.

show abstract

Section: Introductionmentioning

confidence: 99%

Super-Sbox Cryptanalysis: Improved Attacks for AES-Like Permutations

Gilbert

Peyrin

2010

Lecture Notes in Computer Science

140

213

View full text Add to dashboard Cite

show abstract

“…The three equations (6), (7), (8) are independent, which allows to do the merge in three steps: one on each pair of slices (1,5), (2,6) and (3, 7) of S12. Figure 11 represents in color only the first step, on the slice pair (1, 5) of S12.…”

Section: Final Merging Phasementioning

confidence: 99%

“…Similar techniques have been introduced on Whirlpool [6] and on the SHA-3 proposal LANE [8]. In comparison to the rebound or the start-from-the-middle techniques, we are not limited to a controlled part located in the middle of the path.…”

Section: Introductionmentioning

confidence: 99%

Practical Near-Collisions and Collisions on Round-Reduced ECHO-256 Compression Function

Jean

Fouque

2011

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. In this paper, we present new results on the second-round SHA-3 candidate ECHO. We describe a method to construct a collision in the compression function of ECHO-256 reduced to four rounds in 2 52 operations on AES-columns without significant memory requirements. Our attack uses the most recent analyses on ECHO, in particular the SuperSBox and SuperMixColumns layers to utilize efficiently the available freedom degrees. We also show why some of these results are flawed and we propose a solution to fix them. Our work improves the time and memory complexity of previous known techniques by using available freedom degrees more precisely. Finally, we validate our work by an implementation leading to near-collisions in 2 36 operations for the 4-round compression function.

show abstract

“…Whirlpool [21]) or multiple independent inbound phases were efficiently connected by exploiting insufficient diffusion, for instance between parallel states (e.g. Lane [20]). …”

Section: Extensions To More Roundsmentioning

confidence: 99%

Whirlwind: a new cryptographic hash function

Barreto

Nikov

Nikova

et al. 2010

Des. Codes Cryptogr.

View full text Add to dashboard Cite

A new cryptographic hash function Whirlwind is presented. We give the full specification and explain the design rationale. We show how the hash function can be implemented efficiently in software and give first performance numbers. A detailed analysis of the security against state-of-the-art cryptanalysis methods is also provided. In comparison to the algorithms submitted to the SHA-3 competition, Whirlwind takes recent developments in cryptanalysis into account by design. Even though software performance is not outstanding, it compares favourably with the 512-bit versions of SHA-3 candidates such as LANE or the original CubeHash proposal and is about on par with ECHO and MD6.

show abstract

Rebound Attack on the Full Lane Compression Function

Cited by 50 publications

References 10 publications

Super-Sbox Cryptanalysis: Improved Attacks for AES-Like Permutations

Super-Sbox Cryptanalysis: Improved Attacks for AES-Like Permutations

Practical Near-Collisions and Collisions on Round-Reduced ECHO-256 Compression Function

Whirlwind: a new cryptographic hash function

Contact Info

Product

Resources

About