Subspace Distinguisher for 5/8 Rounds of the ECHO-256 Hash Function
نویسنده
چکیده
In this work we present first results for the hash function of ECHO. We provide a subspace distinguisher for 5 rounds, near-collisions on 4.5 rounds and collisions for 4 out of 8 rounds of the ECHO-256 hash function. The complexities are 2 compression function calls for the distinguisher and near-collision attack, and 2 for the collision attack. The memory requirements are 2 for all attacks. Furthermore, we provide improved compression function attacks on ECHO256 to get distinguishers on 7 rounds and near-collisions for 6 and 6.5 rounds. The compression function attacks also apply to ECHO-512. To get these results, we consider new and sparse truncated differential paths through ECHO. We are able to construct these paths by analyzing the combined MixColumns and BigMixColumns transformation. Since in these sparse truncated differential paths at most one fourth of all bytes of each ECHO state are active, missing degrees of freedom are not a problem. Therefore, we are able to mount a rebound attack with multiple inbound phases to efficiently find according message pairs for ECHO.
منابع مشابه
Improved Collisions for Reduced ECHO-256
In this work, we present a collision attack on 5 out of 8 rounds of the ECHO256 hash function with a complexity of 2 in time and 2 memory. In this work, we further show that the merge inbound phase can still be solved in the case of hash function attacks on ECHO. As correctly observed by Jean et al., the merge inbound phase of previous hash function attacks succeeds only with a probability of 2...
متن کاملImproved Analysis of ECHO-256
ECHO-256 is a second-round candidate of the SHA-3 competition. It is an AESbased hash function that has attracted a lot of interest and analysis. Up to now, the best known attacks were a distinguisher on the full internal permutation and a collision on four rounds of its compression function. The latter was the best known analysis on the compression function as well as the one on the largest nu...
متن کاملInvestigating Fundamental Security Requirements on Whirlpool: Improved Preimage and Collision Attacks
In this paper, improved cryptanalyses for the ISO standard hash function Whirlpool are presented with respect to the fundamental security notions. While a subspace distinguisher was presented on full version (10 rounds) of the compression function, its impact to the security of the hash function seems limited. In this paper, we discuss the (second) preimage and collision attacks for the hash fu...
متن کاملImproved Cryptanalysis on Reduced-Round GOST and Whirlpool Hash Function
The GOST hash function family has served as the new Russian national hash standard (GOST R 34.11-2012) since January 1, 2013, and it has two members, i.e., GOST256 and GOST-512 which correspond to two different output lengths. Most of the previous analyses of GOST emphasize on the compression function rather than the hash function. In this paper, we focus on security properties of GOST under th...
متن کاملAnalysis of a SHA-256 Variant
SHA-256 is a cryptographic hash function which was proposed in 2000 as a new generation of SHA functions and was adopted as FIPS standard in 2002. In this paper we will consider a SHA-256 variant and a SHACAL-2 variant in which every arithmetic addition is replaced by XOR operation. We call the SHA-256 variant SHA-2-XOR and the SHACAL-2 variant SHACAL-2-XOR respectively. We will present a diffe...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2010 شماره
صفحات -
تاریخ انتشار 2010