Cryptology ePrint Archive: Report 2017/529

Non-Full Sbox Linearization: Applications to Collision Attacks on Round-Reduced Keccak

Ling Song and Guohong Liao and Jian Guo

Abstract: The Keccak hash function is the winner of the SHA-3 competition and became the SHA-3 standard of NIST in 2015. In this paper, we focus on practical collision attacks against round-reduced Keccak hash function, and two main results are achieved: the first practical collision attacks against 5-round Keccak-224 and an instance of 6-round Keccak collision challenge. Both improve the number of practically attacked rounds by one. These results are obtained by carefully studying the algebraic properties of the nonlinear layer in the underlying permutation of Keccak and applying linearization to it. In particular, techniques for partially linearizing the output bits of the nonlinear layer are proposed, utilizing which attack complexities are reduced significantly from the previous best results.

Category / Keywords: Keccak, SHA-3, hash function, collision, non-full linearization, adaptive

Original Publication (in the same form): IACR-CRYPTO-2017

Date: received 5 Jun 2017, last revised 5 Jun 2017

Contact author: songling at ntu edu sg

Available format(s): PDF | BibTeX Citation

Version: 20170607:035231 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]