New collision attacks on round-reduced KECCAK

Kexin Qiao; Ling Song; Meicheng Liu; Jian Guo

doi:10.1007/978-3-319-56617-7_8

New collision attacks on round-reduced KECCAK

Kexin Qiao
, Ling Song^*
, Meicheng Liu
, Jian Guo

^*Corresponding author for this work

CAS - Institute of Information Engineering
Chinese Academy of Sciences
University of Chinese Academy of Sciences
Nanyang Technological University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

35 Citations (Scopus)

Abstract

In this paper, we focus on collision attacks against Keccak hash function family and some of its variants. Following the framework developed by Dinur et al. at FSE 2012 where 4-round collisions were found by combining 3-round differential trails and 1-round connectors, we extend the connectors one round further hence achieve collision attacks for up to 5 rounds. The extension is possible thanks to the large degree of freedom of the wide internal state. By linearization of all S-boxes of the first round, the problem of finding solutions of 2-round connectors are converted to that of solving a system of linear equations. However, due to the quick freedom reduction from the linearization, the system has solution only when the 3-round differential trails satisfy some additional conditions. We develop a dedicated differential trail search strategy and find such special differentials indeed exist. As a result, the first practical collision attack against 5-round SHAKE128 and two 5-round instances of the Keccak collision challenges are found with real examples. We also give the first results against 5-round Keccak-224 and 6-round Keccak collision challenges. It is remarked that the work here is still far from threatening the security of the full 24-round Keccak family.

Original language	English
Title of host publication	Advances in Cryptology – EUROCRYPT 2017 - 36th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings
Editors	Jean-Sebastien Coron, Jesper Buus Nielsen
Publisher	Springer Verlag
Pages	216-243
Number of pages	28
ISBN (Print)	9783319566160
DOIs	https://doi.org/10.1007/978-3-319-56617-7_8
Publication status	Published - 2017
Externally published	Yes
Event	36th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2017 - Paris, France Duration: 30 Apr 2017 → 4 May 2017

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	10212 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	36th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2017
Country/Territory	France
City	Paris
Period	30/04/17 → 4/05/17

Keywords

Differential
Hash function
Keccak
Linearization
SHA-3

Access to Document

10.1007/978-3-319-56617-7_8

Cite this

Qiao, K., Song, L., Liu, M., & Guo, J. (2017). New collision attacks on round-reduced KECCAK. In J.-S. Coron, & J. B. Nielsen (Eds.), Advances in Cryptology – EUROCRYPT 2017 - 36th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings (pp. 216-243). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10212 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-319-56617-7_8

Qiao, Kexin ; Song, Ling ; Liu, Meicheng et al. / New collision attacks on round-reduced KECCAK. Advances in Cryptology – EUROCRYPT 2017 - 36th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings. editor / Jean-Sebastien Coron ; Jesper Buus Nielsen. Springer Verlag, 2017. pp. 216-243 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{a0a0cb4ded5243d09d2c4e9bd0430052,

title = "New collision attacks on round-reduced KECCAK",

abstract = "In this paper, we focus on collision attacks against Keccak hash function family and some of its variants. Following the framework developed by Dinur et al. at FSE 2012 where 4-round collisions were found by combining 3-round differential trails and 1-round connectors, we extend the connectors one round further hence achieve collision attacks for up to 5 rounds. The extension is possible thanks to the large degree of freedom of the wide internal state. By linearization of all S-boxes of the first round, the problem of finding solutions of 2-round connectors are converted to that of solving a system of linear equations. However, due to the quick freedom reduction from the linearization, the system has solution only when the 3-round differential trails satisfy some additional conditions. We develop a dedicated differential trail search strategy and find such special differentials indeed exist. As a result, the first practical collision attack against 5-round SHAKE128 and two 5-round instances of the Keccak collision challenges are found with real examples. We also give the first results against 5-round Keccak-224 and 6-round Keccak collision challenges. It is remarked that the work here is still far from threatening the security of the full 24-round Keccak family.",

keywords = "Differential, Hash function, Keccak, Linearization, SHA-3",

author = "Kexin Qiao and Ling Song and Meicheng Liu and Jian Guo",

note = "Publisher Copyright: {\textcopyright} International Association for Cryptologic Research 2017.; 36th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2017 ; Conference date: 30-04-2017 Through 04-05-2017",

year = "2017",

doi = "10.1007/978-3-319-56617-7\_8",

language = "English",

isbn = "9783319566160",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "216--243",

editor = "Jean-Sebastien Coron and Nielsen, \{Jesper Buus\}",

booktitle = "Advances in Cryptology – EUROCRYPT 2017 - 36th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings",

address = "Germany",

}

Qiao, K, Song, L, Liu, M & Guo, J 2017, New collision attacks on round-reduced KECCAK. in J-S Coron & JB Nielsen (eds), Advances in Cryptology – EUROCRYPT 2017 - 36th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 10212 LNCS, Springer Verlag, pp. 216-243, 36th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2017, Paris, France, 30/04/17. https://doi.org/10.1007/978-3-319-56617-7_8

New collision attacks on round-reduced KECCAK. / Qiao, Kexin; Song, Ling; Liu, Meicheng et al.
Advances in Cryptology – EUROCRYPT 2017 - 36th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings. ed. / Jean-Sebastien Coron; Jesper Buus Nielsen. Springer Verlag, 2017. p. 216-243 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10212 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - New collision attacks on round-reduced KECCAK

AU - Qiao, Kexin

AU - Song, Ling

AU - Liu, Meicheng

AU - Guo, Jian

N1 - Publisher Copyright: © International Association for Cryptologic Research 2017.

PY - 2017

Y1 - 2017

N2 - In this paper, we focus on collision attacks against Keccak hash function family and some of its variants. Following the framework developed by Dinur et al. at FSE 2012 where 4-round collisions were found by combining 3-round differential trails and 1-round connectors, we extend the connectors one round further hence achieve collision attacks for up to 5 rounds. The extension is possible thanks to the large degree of freedom of the wide internal state. By linearization of all S-boxes of the first round, the problem of finding solutions of 2-round connectors are converted to that of solving a system of linear equations. However, due to the quick freedom reduction from the linearization, the system has solution only when the 3-round differential trails satisfy some additional conditions. We develop a dedicated differential trail search strategy and find such special differentials indeed exist. As a result, the first practical collision attack against 5-round SHAKE128 and two 5-round instances of the Keccak collision challenges are found with real examples. We also give the first results against 5-round Keccak-224 and 6-round Keccak collision challenges. It is remarked that the work here is still far from threatening the security of the full 24-round Keccak family.

AB - In this paper, we focus on collision attacks against Keccak hash function family and some of its variants. Following the framework developed by Dinur et al. at FSE 2012 where 4-round collisions were found by combining 3-round differential trails and 1-round connectors, we extend the connectors one round further hence achieve collision attacks for up to 5 rounds. The extension is possible thanks to the large degree of freedom of the wide internal state. By linearization of all S-boxes of the first round, the problem of finding solutions of 2-round connectors are converted to that of solving a system of linear equations. However, due to the quick freedom reduction from the linearization, the system has solution only when the 3-round differential trails satisfy some additional conditions. We develop a dedicated differential trail search strategy and find such special differentials indeed exist. As a result, the first practical collision attack against 5-round SHAKE128 and two 5-round instances of the Keccak collision challenges are found with real examples. We also give the first results against 5-round Keccak-224 and 6-round Keccak collision challenges. It is remarked that the work here is still far from threatening the security of the full 24-round Keccak family.

KW - Differential

KW - Hash function

KW - Keccak

KW - Linearization

KW - SHA-3

UR - https://www.scopus.com/pages/publications/85018700240

U2 - 10.1007/978-3-319-56617-7_8

DO - 10.1007/978-3-319-56617-7_8

M3 - Conference contribution

AN - SCOPUS:85018700240

SN - 9783319566160

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 216

EP - 243

BT - Advances in Cryptology – EUROCRYPT 2017 - 36th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings

A2 - Coron, Jean-Sebastien

A2 - Nielsen, Jesper Buus

PB - Springer Verlag

T2 - 36th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2017

Y2 - 30 April 2017 through 4 May 2017

ER -

Qiao K, Song L, Liu M, Guo J. New collision attacks on round-reduced KECCAK. In Coron JS, Nielsen JB, editors, Advances in Cryptology – EUROCRYPT 2017 - 36th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings. Springer Verlag. 2017. p. 216-243. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-56617-7_8

New collision attacks on round-reduced KECCAK

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this