Please use this identifier to cite or link to this item: https://hdl.handle.net/10356/100424
Title: Practical collision attacks against round-reduced SHA-3
Authors: Guo, Jian
Liao, Guohong
Liu, Guozhen
Liu, Meicheng
Qiao, Kexin
Song, Ling
Keywords: Cryptanalysis
Hash Function
Science::Mathematics
Issue Date: 2019
Source: Guo, J., Liao, G., Liu, G., Liu, M., Qiao, K., & Song, L. Practical collision attacks against round-reduced SHA-3. Journal of Cryptology. doi:10.1007/s00145-019-09313-3
Series/Report no.: Journal of Cryptology
Abstract: The Keccak hash function is the winner of the SHA-3 competition (2008–2012) and became the SHA-3 standard of NIST in 2015. In this paper, we focus on practical collision attacks against round-reduced SHA-3 and some Keccak variants. Following the framework developed by Dinur et al. at FSE 2012 where 4-round collisions were found by combining 3-round differential trails and 1-round connectors, we extend the connectors to up to three rounds and hence achieve collision attacks for up to 6 rounds. The extension is possible thanks to the large degree of freedom of the wide internal state. By linearizing S-boxes of the first round, the problem of finding solutions of 2-round connectors is converted to that of solving a system of linear equations. When linearization is applied to the first two rounds, 3-round connectors become possible. However, due to the quick reduction in the degree of freedom caused by linearization, the connector succeeds only when the 3-round differential trails satisfy some additional conditions. We develop dedicated strategies for searching differential trails and find that such special differential trails indeed exist. To summarize, we obtain the first real collisions on six instances, including three round-reduced instances of SHA-3, namely 5-round SHAKE128, SHA3-224 and SHA3-256, and three instances of Keccak contest, namely Keccak[1440, 160, 5, 160], Keccak[640, 160, 5, 160] and Keccak[1440, 160, 6, 160], improving the number of practically attacked rounds by two. It is remarked that the work here is still far from threatening the security of the full 24-round SHA-3 family.
URI: https://hdl.handle.net/10356/100424
http://hdl.handle.net/10220/49481
ISSN: 0933-2790
DOI: 10.1007/s00145-019-09313-3
Rights: © 2019 International Association for Cryptologic Research. All rights reserved.
Fulltext Permission: none
Fulltext Availability: No Fulltext
Appears in Collections:SPMS Journal Articles

SCOPUSTM   
Citations

3
checked on Sep 6, 2020

WEB OF SCIENCETM
Citations

2
checked on Oct 23, 2020

Page view(s)

96
checked on Oct 28, 2020

Google ScholarTM

Check

Altmetric


Plumx

Items in DR-NTU are protected by copyright, with all rights reserved, unless otherwise indicated.