Skip to main content
SpringerLink
Log in

Internal differential collision attacks on the reduced-round Grøstl-0 hash function

  • Published:
Designs, Codes and Cryptography Aims and scope Submit manuscript

Abstract

We analyze the Grøstl-0 hash function, that is the version of Grøstl submitted to the SHA-3 competition. This paper extends Peyrin’s internal differential strategy, that uses differential paths between the permutations P and Q of Grøstl-0 to construct distinguishers of the compression function. This results in collision attacks and semi-free-start collision attacks on the Grøstl-0 hash function and compression function with reduced rounds. Specifically, we show collision attacks on the Grøstl-0-256 hash function reduced to 5 and 6 out of 10 rounds with time complexities 248 and 2112 and on the Grøstl-0-512 hash function reduced to 6 out of 14 rounds with time complexity 2183. Furthermore, we demonstrate semi-free-start collision attacks on the Grøstl-0-256 compression function reduced to 8 rounds and the Grøstl-0-512 compression function reduced to 9 rounds. Finally, we show improved distinguishers for the Grøstl-0-256 permutations with reduced rounds.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Similar content being viewed by others

References

  1. Daemen J., Rijmen V.: Design of Rijndael. Springer (2001).

  2. Daemen J., Rijmen V.: Understanding two-round differentials in AES. In: De Prisco R., Yung M. (eds.) Security and Cryptography for Networks—SCN ’06. LNCS, vol. 4116, pp. 78–94. Springer (2006)

  3. Daemen J., Rijmen V.: Plateau Characteristics, Information Security, IET, vol. 1–1, pp. 11–17 (2007).

  4. De Cannière C., Rechberger C.: Finding SHA-1 characteristics: general results and applications. In: Lai X., Chen K. (eds.) Advances in Cryptology—ASIACRYPT ’06. LNCS, vol. 4284, pp. 1–20. Springer (2006).

  5. Gauravaram P., Knudsen L.R., Matusiewicz K., Mendel F., Rechberger C., Schläffer M., Thomsen S.S.: Grøstl—a SHA-3 candidate (2008).

  6. Gauravaram P., Knudsen L.R., Matusiewicz K., Mendel F., Rechberger C., Schläffer M., Thomsen S.S.: Grøstl—a SHA-3 candidate, tweaked version (2011).

  7. Gilbert H., Peyrin T.: Super-Sbox cryptanalysis: improved attacks for AES-like permutations. In: Hong S., Iwata T. (eds.) Fast Software Encryption—FSE ’10, LNCS, vol. 6174, pp. 365–383. Springer (2010).

  8. Ideguchi K., Tischhauser E., Preneel B.: Improved collision attacks on the reduced-round Grøstl hash function. In: Burmester M., Tsudik G., Magliveras S.S., Ilić I. (eds.) Information Security— ISC ’10. LNCS, vol. 6531, pp. 1–16 (2011).

  9. Knudsen L.R.: Truncated and higher order differentials. In: Preneel B. (ed.) Fast Software Encryption—FSE ’94. LNCS, vol. 1008, pp. 196–211. Springer (1995).

  10. Knuth D.E.: The Art of Computer Programming—Seminumerical Algorithms, vol. 2, 3rd edn. Addison-Wesley (1997).

  11. Lamberger M., Mendel F., Rechberger C., Rijmen V., Schläffer M.: Rebound distinguishers: results on the full whirlpool compression function. In: Matsui M. (ed.) Advances in Cryptology—ASIACRYPT ’09. LNCS, vol. 5912, pp. 126–143. Springer (2009).

  12. Lamberger M., Mendel F., Rechberger C., Rijmen V., Schläffer M.: The Rebound Attack and Subspace Distinguishers: Application to Whirlpool, Cryptology ePrint Archive: Report 2010/198.

  13. Mendel F., Rechberger C., Schläffer M., Thomsen S.S.: The rebound attack: cryptanalysis of reduced whirlpool and Grøstl. In: Dunkelman O. (ed.) Fast Software Encryption—FSE ’09. LNCS, vol. 5665, pp. 260–276. Springer (2009).

  14. Mendel F., Peyrin T., Rechberger C., Schläffer M.: Improved cryptanalysis of the reduced Grøstl compression function, ECHO permutation and AES block cipher. In: Jacobson M.J., Rijmen V., Safavi-Naini R. (eds.) Selected Areas in Cryptography—SAC ’09. LNCS, vol. 5867, pp. 16–35. Springer (2009).

  15. Mendel F., Rechberger C., Schläffer M., Thomsen S.S.: Rebound attacks on the reduced Grøstl hash function. In: Pieprzyk J. (ed.) Topics in Cryptology—CT-RSA ’10. LNCS, vol. 5985, pp. 350–365. Springer (2010).

  16. National Institute of Standards and Technology, Announcing Request for Candidate Algorithm Nominations for a New Cryptographic Hash Algorithm (SHA-3) Family, Federal Register, 27(212), 62212–62220 (Nov. 2007)

    Google Scholar 

  17. Nikolić I., Pieprzyk J., Sokolowski P., Steinfeld R.: Known and chosen key differential distinguishers for block ciphers. In: Rhee K.H., Nyang D.H. (eds.) Information Security and Cryptology—ICISC ’10. LNCS, vol. 6829, pp. 29–48. Springer (2011).

  18. Peyrin T.: Cryptanalysis of grindahl. In: Kurosawa K. (ed.) Advances in Cryptology—ASIACRYPT ’07. LNCS, vol. 4833, pp. 551–567. Springer (2008).

  19. Peyrin T.: Improved differential attacks for ECHO and Grøstl. In: Rabin T. (ed.) Advances in Cryptology—CRYPTO ’10. LNCS, vol. 6223, pp. 370–392. Springer (2010).

  20. Sasaki Y., Li Y., Wang L., Sakiyama K., Ohta K.: Non-full-active Super-Sbox analysis: applications to ECHO and Grøstl. In: Abe M. (ed.) Advances in Cryptology—ASIACRYPT ’10. LNCS, vol. 6477, pp. 38–55. Springer (2010).

  21. Wang X., Yu H.: How to break MD5 and other hash functions. In: Cramer R. (ed.) Advances in Cryptology—EUROCRYPT ’05. LNCS, vol. 3494, pp. 19–35. Springer (2005).

  22. Wang X., Yin Y.L., Yu H.: Finding collisions in the full SHA-1. In: Shoup V. (ed.) Advances in Cryptology—CRYPTO ’05. LNCS, vol. 3621, pp. 17–36. Springer (2005).

Download references

Author information

Authors and Affiliations

  1. Systems Development Laboratory, Hitachi, LTD, Yoshida-cho 292, Totsuka, Yokohama, Kanagawa, Japan

    Kota Ideguchi

  2. ESAT-COSIC and IBBT, Katholieke Universiteit Leuven, Kasteelpark Arenberg 10, 3001, Heverlee, Belgium

    Elmar Tischhauser & Bart Preneel

  3. Fund for Scientific Research, Flanders, Belgium

    Elmar Tischhauser

Authors
  1. Kota Ideguchi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Elmar Tischhauser
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Bart Preneel
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Kota Ideguchi.

Additional information

Communicated by L. R. Knudsen.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Ideguchi, K., Tischhauser, E. & Preneel, B. Internal differential collision attacks on the reduced-round Grøstl-0 hash function. Des. Codes Cryptogr. 70, 251–271 (2014). https://doi.org/10.1007/s10623-012-9674-6

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10623-012-9674-6

Keywords

Mathematics Subject Classification

Search

Navigation