You are looking at a specific version 20170410:133825 of this paper. See the latest version.

Paper 2017/302

Quantum preimage, 2nd-preimage, and collision resistance of SHA3

Jan Czajkowski and Leon Groot Bruinderink andAndreas Hülsing and Christian Schaffner

Abstract

SHA3 and its extendable output variant SHAKE belong to the family of sponge functions. In this work, we present formal security arguments for the quantum preimage, $2^{\text{nd}}$-preimage, and collision resistance of any sponge function. We just assume that the internally used transformation behaves like a random transformation. These are the first formal arguments that sponge functions (incl. SHA3 and SHAKE) are secure in the post-quantum setting. We even go one step further and prove that sponges are collapsing (Unruh, EUROCRYPT'16). Thereby, we can also derive the applicability of sponge functions for collapse-binding commitments. In addition to the security arguments, we also present a quantum collision attack against sponges. The complexity of our attack asymptotically matches the proven lower bound up to a square root.

Metadata
Available format(s)
PDF
Publication info
Preprint. MINOR revision.
Keywords
Post-quantum cryptographySHA3SHAKEspongeskeccakhash functionquantum securityquantum collision resistancequantum second-preimage resistancequantum preimage resistance
Contact author(s)
authors-quantum-sponges @ huelsing net
History
2017-08-15: withdrawn
2017-04-10: received
See all versions
Short URL
https://ia.cr/2017/302
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.