Cryptology ePrint Archive: Report 2010/375

Improved Collision Attacks on the Reduced-Round Grøstl Hash Function

Kota Ideguchi and Elmar Tischhauser and Bart Preneel

Abstract: We analyze the Grøstl hash function, which is a 2nd-round candidate of the SHA-3 competition. Using the start-from-the-middle variant of the rebound technique, we show collision attacks on the Grøstl-256 hash function reduced to 5 and 6 out of 10 rounds with time complexities $2^{48}$ and $2^{112}$, respectively. Furthermore, we demonstrate semi-free-start collision attacks on the Grøstl-224 and -256 hash functions reduced to 7 rounds and the Grøstl-224 and -256 compression functions reduced to 8 rounds. Our attacks are based on differential paths between the two permutations $P$ and $Q$ of Grøstl, a strategy introduced by Peyrin to construct distinguishers for the compression function. In this paper, we extend this approach to construct collision and semi-free-start collision attacks for both the hash and the compression function. Finally, we present improved distinguishers for reduced-round versions of the Grøstl-224 and -256 permutations.

Category / Keywords: secret-key cryptography / hash functions

Date: received 1 Jul 2010

Contact author: kota ideguchi yf at hitachi com

Available format(s): PDF | BibTeX Citation

Version: 20100702:085449 (All versions of this report)

Short URL: ia.cr/2010/375

Discussion forum: Show discussion | Start new discussion