Paper 2012/163

Differential propagation analysis of Keccak

Joan Daemen and Gilles Van Assche

Abstract

In this paper we introduce new concepts that help read and understand low-weight differential trails in Keccak. We then propose efficient techniques to exhaustively generate all 3-round trails in its largest permutation below a given weight. This allows us to prove that any 6-round differential trail in Keccak-f[1600] has weight at least 74. In the worst-case diffusion scenario where the mixing layer acts as the identity, we refine the lower bound to 82 by systematically constructing trails using a specific representation of states.

Note: Added reference to the source code.

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. Full version of the paper presented at FSE 2012
Keywords
cryptographic hash functionKeccakdifferential cryptanalysiscomputer-aided proof
Contact author(s)
gilles vanassche @ st com
History
2012-04-26: revised
2012-03-28: received
See all versions
Short URL
https://ia.cr/2012/163
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2012/163,
      author = {Joan Daemen and Gilles Van Assche},
      title = {Differential propagation analysis of Keccak},
      howpublished = {Cryptology {ePrint} Archive, Paper 2012/163},
      year = {2012},
      url = {https://eprint.iacr.org/2012/163}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.