Paper 2010/223

Improved Differential Attacks for ECHO and Grostl

Thomas Peyrin

Abstract

We present improved cryptanalysis of two second-round SHA-3 candidates: the AES-based hash functions ECHO and GROSTL. We explain methods for building better differential trails for ECHO by increasing the granularity of the truncated differential paths previously considered. In the case of GROSTL, we describe a new technique, the internal differential attack, which shows that when using parallel computations designers should also consider the differential security between the parallel branches. Then, we exploit the recently introduced start-from-the-middle or Super-Sbox attacks, that proved to be very efficient when attacking AES-like permutations, to achieve a very efficient utilization of the available freedom degrees. Finally, we obtain the best known attacks so far for both ECHO and GROSTL. In particular, we are able to mount a distinguishing attack for the full GROSTL-256 compression function.

Note: Extended final version of the CRYPTO 2010 article.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. published at CRYPTO 2010
Keywords
hash functionscryptanalysisECHOGrostlAESinternal differential attack
Contact author(s)
thomas peyrin @ gmail com
History
2010-08-12: last of 5 revisions
2010-04-28: received
See all versions
Short URL
https://ia.cr/2010/223
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2010/223,
      author = {Thomas Peyrin},
      title = {Improved Differential Attacks for {ECHO} and Grostl},
      howpublished = {Cryptology {ePrint} Archive, Paper 2010/223},
      year = {2010},
      url = {https://eprint.iacr.org/2010/223}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.