Improved zero-sum distinguisher for full round Keccak-f permutation

Ming Duan; Xuajia Lai

Paper 2011/023

Improved zero-sum distinguisher for full round Keccak-f permutation

Ming Duan and Xuajia Lai

Abstract

K $\textsc e c c a k$ is one of the five hash functions selected for the final round of the SHA-3 competition and its inner primitive is a permutation called K $\textsc e c c a k$ - $f$ . In this paper, we find that for the inverse of the only one nonlinear transformation of K $\textsc e c c a k$ - $f$ , the algebraic degrees of any output coordinate and of the product of any two output coordinates are both 3 and also 2 less than its size 5. Combining the observation with a proposition from an upper bound on the degree of iterated permutations, we improve the zero-sum distinguisher of full 24 rounds K $\textsc e c c a k$ - $f$ permutation by lowering the size of the zero-sum partition from $2^{1590}$ to $2^{1579}$ .

Metadata

Available format(s): PDF
Category: Secret-key cryptography
Publication info: Published elsewhere. Unknown where it was published
Keywords: hash functions higher order differentials algebraic degree zero-sum SHA-3.
Contact author(s): mduan @ sjtu edu cn
lai-xj @ cs sjtu edu cn
History: 2011-01-14: received
Short URL: https://ia.cr/2011/023
License: CC BY

BibTeX

@misc{cryptoeprint:2011/023,
      author = {Ming Duan and Xuajia Lai},
      title = {Improved zero-sum distinguisher for full round Keccak-f permutation},
      howpublished = {Cryptology {ePrint} Archive, Paper 2011/023},
      year = {2011},
      url = {https://eprint.iacr.org/2011/023}
}