Abstract
The maximum diffusion round, DRmax is a traditional diffusion criterion for block cipher in the secret-key setting. In recent years, the study of the security of block ciphers in hash function setting or known-key setting has attracted great interest. In this paper, we revisit the security of the hash function based on block cipher by using the sliced-biclique technique. The number of rounds attacked HashR is regarded as a new diffusion criterion for the underlying block cipher in the known-key setting. Intuitively, DRmax is a criterion with only one base and HashR is a criterion with two bases. Besides, we design an automated cryptanalysis tool to compute the value of HashR efficiently. Furthermore, we evaluate the new diffusion property of the improved GFS and EGFN and obtain some interesting results. Firstly, the HashR for the improved GFS structure with a permutation is equal to that for the structure with its inverse permutation. Secondly, we find that several optimum diffusion matrices with the same DRmax have different HashR values. As a result, the numbers of optimum diffusion shuffles for improved GFS with \(k\le 16\) are largely reduced referring to the values of HashR. Meanwhile, we illustrate that the shuffle used in the example of EGFN (\(k=8\)) shown in its original published paper is not optimal according to the new criterion HashR. The results give some new suggestions for designers when using the improved GFS or EFGN. All in all, the new criterion may guide the design of the block cipher.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
Note that the number of rounds attacked for 4-branch GFS with cyclic shift is 8 in Ref. [20]. The reason is that the authors avoided the shuffle in the last round. The number of attacked rounds shown in our paper are all whole rounds including every round’s shuffle.
References
Lai, X., Massey, J.L.: Hash functions based on block ciphers. In: Rueppel, R.A. (ed.) Advances in Cryptology—EUROCRYPT 92. Lecture Notes in Computer Science, vol. 658, pp. 55–70. Springer, Berlin (1993)
Hirose, S., Kuwakado, H.: A block-cipher-based hash function using an MMO-type double-block compression function. In: Chow, S.S.M., Liu, J.K., Hui, L.C.K., Yiu, S.M. (eds.) Provable Security. Lecture Notes in Computer Science, vol. 8782, pp. 71–86. Springer, Berlin (2014)
Quisquater, J.-J., Girault, M.: 2n-Bit hash-functions using n-bit symmetric block cipher algorithms. In: Quisquater, J.-J., Vandewalle, J. (eds.) Advances in Cryptology—EUROCRYPT 89. Lecture Notes in Computer Science, vol. 434, pp. 102–109. Springer, Berlin (1990)
Preneel, B., Govaerts, R., Vandewalle, J.: Hash functions based on block ciphers: a synthetic approach. In: Stinson, D.R. (ed.) Advances in Cryptology—CRYPTO 93. Lecture Notes in Computer Science, vol. 773, pp. 368–378. Springer, New York (1994)
Biham, E., Dunkelman, O.: The Shavite-3 hash function. Submission to NIST (Round 2) (2009)
Hirose, S., Kuwakado, H.,Yoshida, H.: SHA-3 proposal: Lesamnta. Lesamnta home page (2009). Document version 1.0.1, http://www.hitachi.com/rd/yrl/crypto/lesamnta/ (2009)
Baecher, P., Farshim, P., Fischlin, M., Stam, M.: Ideal-cipher (ir)reducibility for blockcipher-based hash functions. In: Johansson, T., Nguyen, P.Q. (eds.) Advances in Cryptology—EUROCRYPT 2013. Lecture Notes in Computer Science, vol. 7881, pp. 426–443. Springer, Berlin (2013)
Gong, Z., Lai, X., Chen, K.: A synthetic indifferentiability analysis of some block-cipher-based hash functions. Des. Codes Cryptogr. 48(3), 293–305 (2008)
Wei, L., Peyrin, T., Sokołowski, P., Ling, S., Pieprzyk, J., Wang, H.: On the (in)security of IDEA in various hashing modes. In: Canteaut, A. (ed.) Fast Software Encryption. Lecture Notes in Computer Science, vol. 7549, pp. 163–179. Springer, Berlin (2012)
Biryukov, A., Nikolić, I.: Complementing Feistel ciphers. In: Moriai, S. (ed.) Fast Software Encryption. Lecture Notes in Computer Science, vol. 8424, pp. 3–18. Springer, Berlin (2014)
Knudsen, L.R., Rijmen, V.: Known-key distinguishers for some block ciphers. In: Kurosawa, K. (ed.) Advances in Crypotology—ASIACRYPT 2007. Lecture Notes in Computer Science, vol. 4833, pp. 315–324. Springer, Berlin (2007)
Sasaki, Y., Yasuda, K.: Known-key distinguishers on 11-round feistel and collision attacks on its hashing modes. In: Joux, A. (ed.) Fast Software Encryption. Lecture Notes in Computer Science, vol. 6733, pp. 397–415. Springer, Berlin (2011)
Mendel, F., Rechberger, C., Schläffer, M., Thomsen, S.S.: The rebound attack: cryptanalysis of reduced Whirlpool and Grøstl. In: Dunkelman, O. (ed.) Fast Software Encryption. Lecture Notes in Computer Science, vol. 5665, pp. 260–276. Springer, Berlin (2009)
Dong, L., Wu, W., Wu, S., Zou, J.: Known-key distinguishers on type-1 Feistel scheme and near-collision attacks on its hashing modes. Front. Comput. Sci. 8(3), 513–525 (2014)
Suzaki, T., Minematsu, K.: Improving the generalized Feistel. In: Hong, S., Iwata, T. (eds.) Fast Software Encryption. Lecture Notes in Computer Science, vol. 6147, pp. 19–39. Springer, Berlin (2010)
Suzaki, T., Minematsu, K., Morioka, S., Kobayashi, E.: TWINE: a lightweight block cipher for multiple platforms. In: Knudsen, L.R., Wu, H. (eds.) Selected Areas in Cryptography. Lecture Notes in Computer Science, vol. 7707, pp. 339–354. Springer, Berlin (2013)
Berger, T.P., Minier, M., Thomas, G.: Extended generalized Feistel networks using matrix representation. In: Lange, T., Lauter, K., Lisoněk, P. (eds.) Selected Areas in Cryptography—SAC 2013. Lecture Notes in Computer Science, pp. 289–305. Springer, Berlin (2014)
Khovratovich, D.: Bicliques for permutations: collision and preimage attacks in stronger settings. In: Wang, X., Sako, K. (eds.) Advances in Cryptology—ASIACRYPT 2012. Lecture Notes in Computer Science, vol. 7658, pp. 544–561. Springer, Berlin (2012)
Li, J., Isobe, T., Shibutani, K.: Converting meet-in-the-middle preimage attack into pseudo collision attack: application to SHA-2. In: Canteaut, A. (ed.) Fast Software Encryption. Lecture Notes in Computer Science, vol. 7549, pp. 264–286. Springer, Berlin (2012)
Agrawal, M., Chang, D., Ghosh, M., Sanadhya, S.-K.: Collision attack on 4-branch, type-2 GFN based hash functions using sliced biclique cryptanalysis technique. In: Information Security and Cryptology, vol. 8957, pp. 343–360. Springer, Berlin (2014)
Bogdanov, A., Khovratovich, D., Rechberger, C.: Biclique cryptanalysis of the full AES. In: Lee, D.H., Wang, X. (eds.) Advances in Cryptology—ASIACRYPT 2011. Lecture Notes in Computer Science, vol. 7073, pp. 344–371. Springer, Berlin (2011)
Abed, F., Forler, C., List, E., Lucks, S., Wenzel, J.: A framework for automated independent-biclique cryptanalysis. In: Moriai, S. (ed.) Fast Software Encryption. Lecture Notes in Computer Science, vol. 8424, pp. 561–581. Springer, Berlin (2014)
Nyberg, K.: Generalized Feistel networks. In: Kim, K., Matsumoto, T. (eds.) Advances in Cryptology—ASIACRYPT 96. Lecture Notes in Computer Science, vol. 116, pp. 91–104. Springer, Berlin (1996)
Acknowledgments
We would like to thank anonymous referees for their helpful comments and suggestions. The research presented in this paper is supported by the National Basic Research Program of China (No. 2013CB338002) and National Natural Science Foundation of China (No. 61272476, No. 61232009 and No. 61202420).
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by M. Paterson.
Appendix
Appendix
Rights and permissions
About this article
Cite this article
Wang, Y., Wu, W. New criterion for diffusion property and applications to improved GFS and EGFN. Des. Codes Cryptogr. 81, 393–412 (2016). https://doi.org/10.1007/s10623-015-0161-8
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10623-015-0161-8