Practical Near-Collisions and Collisions on Round-Reduced ECHO-256 Compression Function

Jean, Jérémy; Fouque, Pierre-Alain

doi:10.1007/978-3-642-21702-9_7

Cited by 12 publications

(20 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Subsequently, rebound attacks have been applied to other AES-based hash functions such as LANE [8], JH [14], and Echo [5]. Various tweaks have been applied to the basic rebound attack in order to construct differential paths that cover more rounds such as merging multiple in-bounds [7], super Sbox cryptanalysis [4], extended 5-round inbound [7], and linearized match-in-the-middle and start-fromthe-middle techniques [10].…”

Section: Introductionmentioning

confidence: 99%

Rebound Attacks on Stribog

AlTawy¹,

Kircanski²,

Youssef³

2014

Information Security and Cryptology -- ICISC 2013

View full text Add to dashboard Cite

Abstract. In August 2012, the Stribog hash function was selected as the new Russian hash standard (GOST R 34.11-2012). Stribog is an AES-based primitive and is considered as an asymmetric reply to the new SHA-3. In this paper we investigate the collision resistance of the Stribog compression function and its internal cipher. Specifically, we present a message differential path for the internal block cipher that allows us to efficiently obtain a 5-round free-start collision and a 7.75 free-start near collision for the internal cipher with complexities 2 8 and 2 40 , respectively. Finally, the compression function is analyzed and a 7.75 round semi free-start collision, 8.75 and 9.75 round semi free-start near collisions are presented along with an example for 4.75 round 49 out of 64 bytes near colliding message pair.

show abstract

Section: Introductionmentioning

confidence: 99%

Rebound Attacks on Stribog

AlTawy¹,

Kircanski²,

Youssef³

2014

Information Security and Cryptology -- ICISC 2013

View full text Add to dashboard Cite

show abstract

“…As for Grøstl-256, a 6-round semi free-start collision is given. Subsequently, rebound attacks have been applied to other AES-based hash functions such as LANE [17], JH [28], Echo [12], Streebog [3], and Grøstl [24]. Various tweaks have been applied to the basic rebound attack in order to construct differential paths that cover more rounds such as merging multiple in-bounds [15], super Sbox cryptanalysis [9], extended 5-round inbound [15], and linearized match-in-themiddle and start-from-the-middle techniques [19].…”

Section: The Rebound Attackmentioning

confidence: 99%

Watch your constants: malicious Streebog

AlTawy

Youssef

2015

IET Information Security

View full text Add to dashboard Cite

Abstract. In August 2012, the Streebog hash function was selected as the new Russian cryptographic hash standard (GOST R 34.11-2012). In this paper, we investigate the new standard in the context of malicious hashing and present a practical collision for a malicious version of the full hash function. In particular, we apply the rebound attack to find three solutions for three different differential paths for four rounds, and using the freedom of the round constants we connect them to obtain a collision for the twelve rounds of the compression function. Additionally, and due to the simple processing of the counter, we bypass the barrier of the checksum finalization step and transfer the compression function collision to the hash function output with no additional cost. The presented attack has a practical complexity and is verified by an example. While the results of this paper may not have a direct impact on the security of the current Streebog hash function, it presents an urge for the designers to publish the origin of the used parameters and the rational behind their choices in order for this function to gain enough confidence and wide spread adoption by the security community.

show abstract

“…With this technique, already proven to be efficient for AES-based hash functions cryptanalysis [10,12,16,17,23] In this model, all AddRoundConstant and SubBytes layers can be ignored since they have no impact on truncated differences. ShiftBytes will only move the difference positions and the diffusion will come from the MixCells layers.…”

Section: Truncated Differential Characteristicsmentioning

confidence: 99%

Improved Cryptanalysis of AES-like Permutations

2013

Self Cite

View full text Add to dashboard Cite

Abstract. AES-based functions have attracted of a lot of analysis in the recent years, mainly due to the SHA-3 hash function competition. In particular, the rebound attack allowed to break several proposals and many improvements/variants of this method have been published. Yet, it remained an open question whether it was possible to reach one more round with this type of technique compared to the state-of-the-art. In this article, we close this open problem by providing a further improvement over the original rebound attack and its variants, that allows the attacker to control one more round in the middle of a differential path for an AES-like permutation. Our algorithm is based on lists merging as defined in [21] and we generalized the concept to non-full active truncated differential paths [25]. As an illustration, we applied our method to the internal permutations used in Grøstl, one of the five finalist hash functions of the SHA-3 competition. When entering this final phase, the designers tweaked the function so as to thwart attacks from Peyrin [24] that exploited relations between the internal permutations. Until our results, no analysis was published on Grøstl and the best results reached 8 and 7 rounds for the 256-bit and 512-bit version respectively. By applying our algorithm, we present new internal permutation distinguishers on 9 and 10 rounds respectively.

show abstract

Practical Near-Collisions and Collisions on Round-Reduced ECHO-256 Compression Function

Cited by 12 publications

References 17 publications

Rebound Attacks on Stribog

Rebound Attacks on Stribog

Watch your constants: malicious Streebog

Improved Cryptanalysis of AES-like Permutations

Contact Info

Product

Resources

About