Linearization Framework for Collision Attacks: Application to CubeHash and MD6
2009 (English)In: ADVANCES IN CRYPTOLOGY - ASIACRYPT 2009 / [ed] Matsui, M, 2009, 560-577 p.Conference paper (Refereed)
In this paper, an improved differential cryptanalysis framework for finding collisions in hash functions is provided. Its principle is based on linearization of compression functions in order to find low weight differential characteristics as initiated by Chabaud and Joux. This is formalized and refined however in several ways: for the problem of finding a conforming message pair whose differential trail follows a linear trail, a condition function is introduced so that finding a collision is equivalent to finding a preimage of the zero vector under the condition function. Then, the dependency table concept shows how much influence every input bit of the condition function has on each output bit. Careful analysis of the dependency table reveals degrees of freedom that can be exploited in accelerated preimage reconstruction under the condition function. These concepts are applied to an in-depth collision analysis of reduced-round versions of the two SHA-3 candidates Cube Hash and MD6, and are demonstrated to give by far the best currently known collision attacks on these SHA-3 candidates.
Place, publisher, year, edition, pages
2009. 560-577 p.
, Lecture Notes in Computer Science, ISSN 0302-9743 ; 5912
Hash functions, collisions, differential attack, SHA-3, CubeHash, MD6
IdentifiersURN: urn:nbn:se:kth:diva-70201DOI: 10.1007/978-3-642-10366-7_33ISI: 000278095700033ISBN: 978-3-642-10365-0OAI: oai:DiVA.org:kth-70201DiVA: diva2:486072
15th International Conference on the Theory and Application of Cryptology and Information Security. Tokyo, JAPAN. DEC 06-10, 2009
QC 201202202012-01-302012-01-302012-02-20Bibliographically approved