Cryptology ePrint Archive: Report 2008/467

Cryptanalysis of EnRUPT

Dmitry Khovratovich and Ivica Nikolic

Abstract: In this paper we present a preimage attack on EnRUPT-512. We exploit the fact that the internal state is only a little bit larger than the critical security level: 1152 bits against 1024 bits. The absence of a message expansion and a fairly simple compression function allow us to fix the values for some state words and thus reduce the size of birthday state space in the meet-in-the-middle attack under 1024 bits. Equations that arise through the analysis are solved using look-up tables. The complexity of the attack is around 2^{480} compression function calls and the memory requirement is around 2^{384}.

Category / Keywords: secret-key cryptography / hash functions, cryptanalysis, sha-3

Date: received 4 Nov 2008

Contact author: khovratovich at gmail com, dmitry khovratovich@uni lu

Available formats: PDF | BibTeX Citation

Version: 20081118:202021 (All versions of this report)

Discussion forum: Show discussion | Start new discussion