Paper 2012/238

The Boomerang Attacks on the Round-Reduced Skein-512

Hongbo Yu, Jiazhe Chen, and XIaoyun Wang

Abstract

The hash function Skein is one of the five finalists of the NIST SHA-3 competition;it is based on the block cipher Threefish which only uses three primitive operations: modular addition, rotation and bitwise XOR (ARX). This paper studies the boomerang attacks on Skein-512. Boomerang distinguishers on the compression function reduced to 32 and 36 rounds are proposed, with complexities 2^{104.5} and 2^{454} respectively. Examples of the distinguishers on 28-round and 31-round are also given. In addition, the boomerang distinguishers are applicable to the key-recovery attacks on reduced Threefish-512. The complexities for key-recovery attacks reduced to 32-/33-/34-round are about 2^{181}, 2^{305} and 2^{424}. Because Laurent et al. [14] pointed out that the previous boomerang distinguishers for Threefish-512 are in fact not compatible, our attacks are the first valid boomerang attacks for the final round Skein-512.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Contact author(s)
yuhongbo @ mail tsinghua edu cn
History
2012-04-30: received
Short URL
https://ia.cr/2012/238
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2012/238,
      author = {Hongbo Yu and Jiazhe Chen and XIaoyun Wang},
      title = {The Boomerang Attacks on the Round-Reduced Skein-512},
      howpublished = {Cryptology {ePrint} Archive, Paper 2012/238},
      year = {2012},
      url = {https://eprint.iacr.org/2012/238}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.