Paper 2011/023

Improved zero-sum distinguisher for full round Keccak-f permutation

Ming Duan and Xuajia Lai

Abstract

K$\textsc{eccak}$ is one of the five hash functions selected for the final round of the SHA-3 competition and its inner primitive is a permutation called K$\textsc{eccak}$-$f$. In this paper, we find that for the inverse of the only one nonlinear transformation of K$\textsc{eccak}$-$f$, the algebraic degrees of any output coordinate and of the product of any two output coordinates are both 3 and also 2 less than its size 5. Combining the observation with a proposition from an upper bound on the degree of iterated permutations, we improve the zero-sum distinguisher of full 24 rounds K$\textsc{eccak}$-$f$ permutation by lowering the size of the zero-sum partition from $2^{1590}$ to $2^{1579}$.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
hash functionshigher order differentialsalgebraic degreezero-sumSHA-3.
Contact author(s)
mduan @ sjtu edu cn
lai-xj @ cs sjtu edu cn
History
2011-01-14: received
Short URL
https://ia.cr/2011/023
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2011/023,
      author = {Ming Duan and Xuajia Lai},
      title = {Improved zero-sum distinguisher for full round Keccak-f permutation},
      howpublished = {Cryptology {ePrint} Archive, Paper 2011/023},
      year = {2011},
      url = {https://eprint.iacr.org/2011/023}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.