Paper 2010/538

Rotational Rebound Attacks on Reduced Skein

Dmitry Khovratovich, Ivica Nikolic, and Christian Rechberger

Abstract

In this paper we combine the recent rotational cryptanalysis with the rebound attack, which results in the best cryptanalysis of Skein, a candidate for the SHA-3 competition. The rebound attack approach was so far only applied to AES-like constructions. For the first time, we show that this approach can also be applied to very different constructions. In more detail, we develop a number of techniques that extend the reach of both the inbound and the outbound phase, leading to rotational collisions for about 53/57 out of the 72 rounds of the Skein-256/512 compression function and the Threefish cipher. At this point, the results do not threaten the security of the full-round Skein hash function. The new techniques include an analytical search for optimal input values in the rotational cryptanalysis, which allows to extend the outbound phase of the attack with a precomputation phase, an approach never used in any rebound-style attack before. Further we show how to combine multiple inside-out computations and neutral bits in the inbound phase of the rebound attack, and give well-defined rotational distinguishers as certificates of weaknesses for the compression functions and block ciphers.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Earlier version appears in Proceedings of Asiacrypt 2010
Keywords
SkeinSHA-3hash functioncompression functioncipherrotational cryptanalysisrebound attackdistinguisher.
Contact author(s)
christian rechberger @ esat kuleuven be
History
2010-10-25: received
Short URL
https://ia.cr/2010/538
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2010/538,
      author = {Dmitry Khovratovich and Ivica Nikolic and Christian Rechberger},
      title = {Rotational Rebound Attacks on Reduced Skein},
      howpublished = {Cryptology ePrint Archive, Paper 2010/538},
      year = {2010},
      note = {\url{https://eprint.iacr.org/2010/538}},
      url = {https://eprint.iacr.org/2010/538}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.