Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben
Journal of Cryptology
Erschienen in: Journal of Cryptology 2/2015

01.04.2015

The Rebound Attack and Subspace Distinguishers: Application to Whirlpool

verfasst von: Mario Lamberger, Florian Mendel, Martin Schläffer, Christian Rechberger, Vincent Rijmen

Erschienen in: Journal of Cryptology | Ausgabe 2/2015

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

We introduce the rebound attack as a variant of differential cryptanalysis on hash functions and apply it to the hash function Whirlpool, standardized by ISO/IEC. We give attacks on reduced variants of the 10-round Whirlpool hash function and compression function. Our results are collisions for 5.5 and near-collisions for 7.5 rounds on the hash function, as well as semi-free-start collisions for 7.5 and semi-free-start near-collisions for 9.5 rounds on the compression function. Additionally, we introduce the subspace problem as a generalization of near-collision resistance. Finally, we present the first distinguishers that apply to the full compression function and the full underlying block cipher W of Whirlpool.
Vorheriger Artikel Efficient Recursive Diffusion Layers for Block Ciphers and Hash Functions
Nächster Artikel From Non-adaptive to Adaptive Pseudorandom Functions

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Literatur
[1]
[2]
[3]
A. Biryukov, D. Khovratovich, I. Nikolić, Distinguisher and related-key attack on the full AES-256, in CRYPTO, ed. by S. Halevi. LNCS, vol. 5677 (Springer, Berlin, 2009), pp. 231–249
[4]
A. Bogdanov, D. Khovratovich, C. Rechberger, Biclique cryptanalysis of the full AES, in ASIACRYPT, ed. by D.H. Lee, X. Wang. LNCS, vol. 7073 (Springer, Berlin, 2011), pp. 344–371
[5]
C. Bouillaguet, P. Derbez, P.A. Fouque, Automatic search of attacks on round-reduced AES and applications, in CRYPTO, ed. by P. Rogaway. LNCS, vol. 6841 (Springer, Berlin, 2011), pp. 169–187
[6]
F. Chabaud, A. Joux, Differential collisions in SHA-0, in CRYPTO, ed. by H. Krawczyk. LNCS, vol. 1462 (Springer, Berlin, 1998), pp. 56–71
[7]
J. Daemen, V. Rijmen, The wide trail design strategy, in IMA Int. Conf., ed. by B. Honary. LNCS, vol. 2260 (Springer, Berlin, 2001), pp. 222–238
[8]
J. Daemen, V. Rijmen, The Design of Rijndael: AES—The Advanced Encryption Standard (Springer, Berlin, 2002) CrossRef
[9]
I. Damgård, A design principle for hash functions, in CRYPTO, ed. by G. Brassard. LNCS, vol. 435 (Springer, Berlin, 1989), pp. 416–427
[10]
C. De Cannière, F. Mendel, C. Rechberger, Collisions for 70-step SHA-1: on the full cost of collision search, in Selected Areas in Cryptography, ed. by C.M. Adams, A. Miri, M.J. Wiener. LNCS, vol. 4876 (Springer, Berlin, 2007), pp. 56–73 CrossRef
[11]
C. De Cannière, C. Rechberger, Finding SHA-1 characteristics: general results and applications, in ASIACRYPT, ed. by X. Lai, K. Chen. LNCS, vol. 4284 (Springer, Berlin, 2006), pp. 1–20
[12]
P. Derbez, P.A. Fouque, J. Jean, Faster chosen-key distinguishers on reduced-round AES, in INDOCRYPT, ed. by S.D. Galbraith, M. Nandi. LNCS, vol. 7668 (Springer, Berlin, 2012), pp. 225–243
[13]
I. Dinur, O. Dunkelman, N. Keller, A. Shamir, Efficient dissection of composite problems, with applications to cryptanalysis, knapsacks, and combinatorial search problems, in CRYPTO, ed. by R. Safavi-Naini, R. Canetti. LNCS, vol. 7417 (Springer, Berlin, 2012), pp. 719–740
[14]
H. Dobbertin, The status of MD5 after a recent attack. CryptoBytes 2(2), 1–6 (1996) MathSciNet
[15]
[16]
A. Duc, J. Guo, T. Peyrin, L. Wei, Unaligned rebound attack: application to Keccak, in FSE, ed. by A. Canteaut. LNCS, vol. 7549 (Springer, Berlin, 2012), pp. 402–421
[17]
S. Fisher, Classroom notes: matrices over a finite field. Am. Math. Mon. 73(6), 639–641 (1966) CrossRefMATH
[18]
P.A. Fouque, J. Jean, T. Peyrin, Structural evaluation of AES and chosen-key distinguisher of 9-round AES-128, in CRYPTO (1), ed. by R. Canetti, J.A. Garay. LNCS, vol. 8042 (Springer, Berlin, 2013), pp. 183–203
[19]
H. Gilbert, M. Minier, A collision attack on 7 rounds of Rijndael, in AES Candidate Conference, (2000), pp. 230–241
[20]
H. Gilbert, T. Peyrin, Super-Sbox cryptanalysis: improved attacks for AES-like permutations, in FSE, ed. by S. Hong, T. Iwata. LNCS, vol. 6147 (Springer, Berlin, 2010), pp. 365–383
[21]
[22]
[23]
K. Ideguchi, E. Tischhauser, B. Preneel, Improved collision attacks on the reduced-round Grøstl hash function, in ISC, ed. by M. Burmester, G. Tsudik, S.S. Magliveras, I. Ilic. LNCS, vol. 6531 (Springer, Berlin, 2010), pp. 1–16
[24]
International Organization for Standardization: Information Technology—Security Techniques—Hash-Functions. Part 3: Dedicated Hash-Functions. ISO/IEC 10118-3:2004 (2004)
[25]
J. Jean, P.A. Fouque, Practical near-collisions and collisions on round-reduced ECHO-256 compression function, in FSE, ed. by A. Joux. LNCS, vol. 6733 (Springer, Berlin, 2011), pp. 107–127
[26]
J. Jean, M. Naya-Plasencia, T. Peyrin, Improved rebound attack on the finalist Grøstl, in FSE, ed. by A. Canteaut. LNCS, vol. 7549 (Springer, Berlin, 2012), pp. 110–126
[27]
J. Jean, M. Naya-Plasencia, M. Schläffer, Improved analysis of ECHO-256, in Selected Areas in Cryptography, ed. by A. Miri, S. Vaudenay. LNCS, vol. 7118 (Springer, Berlin, 2011), pp. 19–36 CrossRef
[28]
J. Kelsey, S. Lucks, Collisions and near-collisions for reduced-round Tiger, in FSE, ed. by M.J.B. Robshaw. LNCS, vol. 4047 (Springer, Berlin, 2006), pp. 111–125
[29]
D. Khovratovich, M. Naya-Plasencia, A. Röck, M. Schläffer, Cryptanalysis of Luffa v2 components, in Selected Areas in Cryptography, ed. by A. Biryukov, G. Gong, D.R. Stinson. LNCS, vol. 6544 (Springer, Berlin, 2010), pp. 388–409 CrossRef
[30]
D. Khovratovich, I. Nikolić, C. Rechberger, Rotational rebound attacks on reduced Skein, in ASIACRYPT, ed. by M. Abe. LNCS, vol. 6477 (Springer, Berlin, 2010), pp. 1–19
[31]
L.R. Knudsen, Truncated and higher order differentials, in FSE, ed. by B. Preneel. LNCS, vol. 1008 (Springer, Berlin, 1994), pp. 196–211
[32]
L.R. Knudsen, Non-random properties of reduced-round Whirlpool. NESSIE public report, NES/DOC/UIB/WP5/017/1 (2002)
[33]
L.R. Knudsen, V. Rijmen, Known-key distinguishers for some block ciphers, in ASIACRYPT, ed. by K. Kurosawa. LNCS, vol. 4833 (Springer, Berlin, 2007), pp. 315–324
[34]
S. Kölbl, F. Mendel, Practical attacks on the Maelstrom-0 compression function, in ACNS, ed. by J. Lopez, G. Tsudik. LNCS, vol. 6715, (2011), pp. 449–461
[35]
M. Lamberger, F. Mendel, C. Rechberger, V. Rijmen, M. Schläffer, Rebound distinguishers: results on the full whirlpool compression function, in ASIACRYPT, ed. by M. Matsui. LNCS, vol. 5912 (Springer, Berlin, 2009), pp. 126–143
[36]
G. Leurent, Construction of differential characteristics in ARX designs application to Skein, in CRYPTO (1), ed. by R. Canetti, J.A. Garay. LNCS, vol. 8042 (Springer, Berlin, 2013), pp. 241–258
[37]
R. Lidl, H. Niederreiter, Finite fields, in Encyclopedia of Mathematics and Its Applications, vol. 20, 2nd edn. (Cambridge University Press, Cambridge, 1997). With a foreword by P.M. Cohn
[38]
K. Matusiewicz, M. Naya-Plasencia, I. Nikolić, Y. Sasaki, M. Schläffer, Rebound attack on the full lane compression function, in ASIACRYPT, ed. by M. Matsui. LNCS, vol. 5912 (Springer, Berlin, 2009), pp. 106–125
[39]
F. Mendel, T. Peyrin, C. Rechberger, M. Schläffer, Improved cryptanalysis of the reduced Grøstl compression function, ECHO permutation and AES block cipher, in Selected Areas in Cryptography, ed. by M.J. Jacobson Jr., V. Rijmen, R. Safavi-Naini. LNCS, vol. 5867 (Springer, Berlin, 2009), pp. 16–35 CrossRef
[40]
F. Mendel, B. Preneel, V. Rijmen, H. Yoshida, D. Watanabe, Update on Tiger, in INDOCRYPT, ed. by R. Barua, T. Lange. LNCS, vol. 4329 (Springer, Berlin, 2006), pp. 63–79
[41]
F. Mendel, C. Rechberger, M. Schläffer, Cryptanalysis of Twister, in ACNS, ed. by M. Abdalla, D. Pointcheval, P.A. Fouque, D. Vergnaud. LNCS, vol. 5536, (2009), pp. 342–353
[42]
F. Mendel, C. Rechberger, M. Schläffer, S.S. Thomsen, The rebound attack: cryptanalysis of reduced whirlpool and Grøstl, in FSE, ed. by O. Dunkelman. LNCS, vol. 5665 (Springer, Berlin, 2009), pp. 260–276
[43]
F. Mendel, C. Rechberger, M. Schläffer, S.S. Thomsen, Rebound attacks on the reduced Grøstl hash function, in CT-RSA, ed. by J. Pieprzyk. LNCS, vol. 5985 (Springer, Berlin, 2010), pp. 350–365
[44]
F. Mendel, V. Rijmen, Cryptanalysis of the Tiger hash function, in ASIACRYPT, ed. by K. Kurosawa. LNCS, vol. 4833 (Springer, Berlin, 2007), pp. 536–550
[45]
R.C. Merkle, One way hash functions and DES, in CRYPTO, ed. by G. Brassard. LNCS, vol. 435 (Springer, Berlin, 1989), pp. 428–446
[46]
M. Minier, M. Naya-Plasencia, T. Peyrin, Analysis of Reduced-SHAvite-3-256 v2, in FSE, ed. by A. Joux. LNCS, vol. 6733 (Springer, Berlin, 2011), pp. 68–87
[47]
[48]
M. Naya-Plasencia, How to improve rebound attacks, in CRYPTO, ed. by P. Rogaway. LNCS, vol. 6841 (Springer, Berlin, 2011), pp. 188–205
[49]
M. Naya-Plasencia, D. Toz, K. Varici, Rebound attack on JH42, in ASIACRYPT, ed. by D.H. Lee, X. Wang. LNCS, vol. 7073 (Springer, Berlin, 2011), pp. 252–269
[50]
[51]
T. Peyrin, Cryptanalysis of Grindahl, in ASIACRYPT, ed. by K. Kurosawa. LNCS, vol. 4833 (Springer, Berlin, 2007), pp. 551–567
[52]
T. Peyrin, Improved differential attacks for ECHO and Grøstl, in CRYPTO, ed. by T. Rabin. LNCS, vol. 6223 (Springer, Berlin, 2010), pp. 370–392
[53]
V. Rijmen, B. Preneel, Improved characteristics for differential cryptanalysis of hash functions based on block ciphers, in FSE, ed. by B. Preneel. LNCS, vol. 1008 (Springer, Berlin, 1994), pp. 242–248
[54]
V. Rijmen, D. Toz, K. Varici, Rebound attack on reduced-round versions of JH, in FSE, ed. by S. Hong, T. Iwata. LNCS, vol. 6147 (Springer, Berlin, 2010), pp. 286–303
[55]
[56]
Y. Sasaki, Meet-in-the-middle preimage attacks on AES hashing modes and an application to whirlpool, in FSE, ed. by A. Joux. LNCS, vol. 6733 (Springer, Berlin, 2011), pp. 378–396
[57]
Y. Sasaki, Y. Li, L. Wang, K. Sakiyama, K. Ohta, Non-full-active Super-Sbox analysis: applications to ECHO and Grøstl, in ASIACRYPT, ed. by M. Abe. LNCS, vol. 6477 (Springer, Berlin, 2010), pp. 38–55
[58]
Y. Sasaki, N. Takayanagi, K. Sakiyama, K. Ohta, Experimental verification of Super-Sbox analysis—confirmation of detailed attack complexity, in IWSEC, ed. by T. Iwata, M. Nishigaki. LNCS, vol. 7038 (Springer, Berlin, 2011), pp. 178–192
[59]
Y. Sasaki, L. Wang, S. Wu, W. Wu, Investigating fundamental security requirements on whirlpool: improved preimage and collision attacks, in ASIACRYPT, ed. by X. Wang, K. Sako. LNCS, vol. 7658 (Springer, Berlin, 2012), pp. 562–579
[60]
M. Schläffer, Subspace distinguisher for 5/8 rounds of the ECHO-256 hash function, in Selected Areas in Cryptography, ed. by A. Biryukov, G. Gong, D.R. Stinson. LNCS, vol. 6544 (Springer, Berlin, 2010), pp. 369–387 CrossRef
[61]
D. Wagner, The boomerang attack, in FSE, ed. by L.R. Knudsen. LNCS, vol. 1636 (Springer, Berlin, 1999), pp. 156–170
[62]
X. Wang, Y.L. Yin, H. Yu, Finding collisions in the full SHA-1, in CRYPTO, ed. by V. Shoup. LNCS, vol. 3621 (Springer, Berlin, 2005), pp. 17–36
[63]
X. Wang, H. Yu, How to break MD5 and other hash functions, in EUROCRYPT, ed. by R. Cramer. LNCS, vol. 3494 (Springer, Berlin, 2005), pp. 19–35
[64]
S. Wu, D. Feng, W. Wu, Cryptanalysis of the LANE hash function, in Selected Areas in Cryptography, ed. by M.J. Jacobson Jr., V. Rijmen, R. Safavi-Naini. LNCS, vol. 5867 (Springer, Berlin, 2009), pp. 126–140 CrossRef
[65]
S. Wu, D. Feng, W. Wu, Practical rebound attack on 12-round Cheetah-256, in ICISC, ed. by D. Lee, S. Hong. LNCS, vol. 5984 (Springer, Berlin, 2009), pp. 300–314
[66]
H. Yu, J. Chen, X. Wang, Partial-collision attack on the round-reduced compression function of Skein-256, in FSE, ed. by S. Moriai. LNCS (Springer, Berlin, 2013, to appear)
Metadaten
Titel
The Rebound Attack and Subspace Distinguishers: Application to Whirlpool
verfasst von
Mario Lamberger
Florian Mendel
Martin Schläffer
Christian Rechberger
Vincent Rijmen
Publikationsdatum
01.04.2015
Verlag
Springer US
Erschienen in
Journal of Cryptology / Ausgabe 2/2015
Print ISSN: 0933-2790
Elektronische ISSN: 1432-1378
DOI
https://doi.org/10.1007/s00145-013-9166-5

Weitere Artikel der Ausgabe 2/2015

Journal of Cryptology 2/2015 Zur Ausgabe

OriginalPaper

From Non-adaptive to Adaptive Pseudorandom Functions

OriginalPaper

New Attacks on IDEA with at Least 6 Rounds

OriginalPaper

An Efficient Protocol for Secure Two-Party Computation in the Presence of Malicious Adversaries

OriginalPaper

Computing on Authenticated Data

OriginalPaper

Efficient Recursive Diffusion Layers for Block Ciphers and Hash Functions

Premium Partner

    Bildnachweise