SymSum: Symmetric-Sum Distinguishers Against Round Reduced SHA3

Dhiman Saha; Sukhendu Kuila; Dipanwita Roy Chowdhury

Paper 2017/165

SymSum: Symmetric-Sum Distinguishers Against Round Reduced SHA3

Dhiman Saha, Sukhendu Kuila, and Dipanwita Roy Chowdhury

Abstract

In this work we show the existence of special sets of inputs for which the sum of the images under SHA3 exhibits a symmetric property. We develop an analytical framework which accounts for the existence of these sets. The framework constitutes identification of a generic property of iterated SPN based functions pertaining to the round-constant addition and combining it with the notion of $m -$ fold vectorial derivatives for differentiation over specially selected subspaces. Based on this we propose a new distinguisher called SymSum for the SHA3 family which penetrates up to 9 rounds and outperforms the ZeroSum distinguisher by a factor of four. Interestingly, the current work is the first analysis of SHA3/Keccak that relies on round-constants but is independent of their Hamming-weights.

Metadata

Available format(s): PDF
Publication info: Published by the IACR in TOSC 2017
Keywords: distinguisher Keccak SHA3 hash functions cryptanalysis zero-sums self-symmetry vectorial derivatives
Contact author(s): saha dhiman @ gmail com
History: 2017-02-24: revised; 2017-02-23: received; See all versions
Short URL: https://ia.cr/2017/165
License: CC BY

BibTeX

@misc{cryptoeprint:2017/165,
      author = {Dhiman Saha and Sukhendu Kuila and Dipanwita Roy Chowdhury},
      title = {{SymSum}: Symmetric-Sum Distinguishers Against Round Reduced {SHA3}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2017/165},
      year = {2017},
      url = {https://eprint.iacr.org/2017/165}
}