Paper 2011/624

New attacks on Keccak-224 and Keccak-256

Itai Dinur, Orr Dunkelman, and Adi Shamir

Abstract

The Keccak hash function is one of the five finalists in NIST's SHA-3 competition, and so far it showed remarkable resistance against practical collision finding attacks: After several years of cryptanalysis and a lot of effort, the largest number of Keccak rounds for which actual collisions were found was only 2. In this paper we develop improved collision finding techniques which enable us to double this number. More precisely, we can now find within a few minutes on a single PC actual collisions in standard Keccak-224 and Keccak-256, where the only modification is to reduce their number of rounds to 4. When we apply our techniques to 5-round Keccak, we can get in a few days excellent near collisions, where the Hamming distance is 5 in the case of Keccak-224 and 10 in the case of Keccak-256. Our new attack combines differential and algebraic techniques, and uses the fact that each round of Keccak is only a quadratic mapping in order to efficiently find pairs of messages which follow a high probability differential characteristic.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
CryptanalysisSHA-3Keccakcollisionnear-collisionpractical attack
Contact author(s)
itaid @ weizmann ac il
History
2011-11-21: received
Short URL
https://ia.cr/2011/624
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2011/624,
      author = {Itai Dinur and Orr Dunkelman and Adi Shamir},
      title = {New attacks on Keccak-224 and Keccak-256},
      howpublished = {Cryptology {ePrint} Archive, Paper 2011/624},
      year = {2011},
      url = {https://eprint.iacr.org/2011/624}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.