**Advanced Zero-Sum Distinguishers for the Permutations of the PHOTON Family **

*Le Dong and Wenling Wu and Shuang Wu and Jian Zou *

**Abstract: **PHOTON is a new collection of lightweight hash functions which use an extended sponge construction and AES-like permutations. The family has five members, and each of them has a corresponding permutation. The state sizes of these permutations are 100 bits, 144 bits, 196 bits, 256 bits and 288 bits, respectively. In this paper, we firstly estimate the upper bounds on the algebraic degrees of some round-reduced permutations and use the spectral properties to improve them. Then, some zero-sum distinguishers are constructed basing on these upper bounds. Applying the integral properties and the super-sbox technique used on AES-like block ciphers, we can extend one or two rounds in the middle of the previous zero-sum distinguishers. On the other side, the tighter upper bounds on algebraic degrees of these permutations are obtained by using some new results introduced by C. Boura etc. Basing on these new bounds, the full-round zero-sum distinguishers of the first four permutations can be constructed. Additionally, the results do not threat the security of the hash family.

**Category / Keywords: **PHOTON, zero-sum, higher-order differential, Walsh spectrum, integral attack, super-sbox.

**Date: **received 8 Nov 2011, last revised 8 Nov 2011, withdrawn 10 Nov 2011

**Contact author: **dongle127 at 163 com

**Available format(s): **(-- withdrawn --)

**Version: **20111111:044150 (All versions of this report)

**Discussion forum: **Show discussion | Start new discussion

[ Cryptology ePrint archive ]