Zero-Sum Distinguishers for Iterated Permutations and Application to Keccak-f and Hamsi-256
نویسندگان
چکیده
The zero-sum distinguishers introduced by Aumasson and Meier are investigated. First, the minimal size of a zero-sum is established. Then, we analyze the impacts of the linear and the nonlinear layers in an iterated permutation on the construction of zero-sum partitions. Finally, these techniques are applied to the Keccak-f permutation and to Hamsi-256. We exhibit several zero-sum partitions for 20 rounds (out of 24) of Keccak-f and some zero-sum partitions of size 2 and 2 for the finalization permutation in Hamsi-256.
منابع مشابه
Improved zero-sum distinguisher for full round Keccak-f permutation
Keccak is one of the five hash functions selected for the final round of the SHA-3 competition and its inner primitive is a permutation called Keccakf . In this paper, we find that for the inverse of the only one nonlinear transformation of Keccak-f , the algebraic degrees of any output coordinate and of the product of any two output coordinates are both 3 and also 2 less than its size 5. Combi...
متن کاملOn the algebraic degree of some SHA-3 candidates
We present a study on the algebraic degree of iterated permutations seen as multivariate polynomials. Our main result shows that this degree depends on the algebraic degree of the inverse of the permutation which is iterated. It leads among others to an improvement of the bound on the degree presented in [6]. This result has some consequences in hash function analysis since several attacks or d...
متن کاملUnaligned Rebound Attack: Application to Keccak
We analyze the internal permutations of Keccak, one of the NIST SHA-3 competition finalists, in regard to differential properties. By carefully studying the elements composing those permutations, we are able to derive most of the best known differential paths for up to 5 rounds. We use these differential paths in a rebound attack setting and adapt this powerful freedom degrees utilization in or...
متن کاملHigher-Order Differential Properties of Keccak and Luffa
In this paper, we identify higher-order differential and zero-sum properties in the full Keccak-f permutation, in the Luffa v1 hash function, and in components of the Luffa v2 algorithm. These structural properties rely on a new bound on the degree of iterated permutations with a nonlinear layer composed of parallel applications of smaller balanced Sboxes. These techniques yield zero-sum partit...
متن کاملLinear Structures: Applications to Cryptanalysis of Round-Reduced Keccak
In this paper, we analyze the security of round-reduced versions of the Keccak hash function family. Based on the work pioneered by Aumasson and Meier, and Dinur et al., we formalize and develop a technique named linear structure, which allows linearization of the underlying permutation of Keccak for up to 3 rounds with large number of variable spaces. As a direct application, it extends the be...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2010