Paper 2010/321
Subspace Distinguisher for 5/8 Rounds of the ECHO-256 Hash Function
Martin Schläffer
Abstract
In this work we present first results for the hash function of ECHO. We provide a subspace distinguisher for 5 rounds, near-collisions on 4.5 rounds and collisions for 4 out of 8 rounds of the ECHO-256 hash function. The complexities are $2^{96}$ compression function calls for the distinguisher and near-collision attack, and $2^{64}$ for the collision attack. The memory requirements are $2^{64}$ for all attacks. Furthermore, we provide improved compression function attacks on ECHO-256 to get distinguishers on 7 rounds and near-collisions for 6 and 6.5 rounds. The compression function attacks also apply to ECHO-512. To get these results, we consider new and sparse truncated differential paths through ECHO. We are able to construct these paths by analyzing the combined MixColumns and BigMixColumns transformation. Since in these sparse truncated differential paths at most one fourth of all bytes of each ECHO state are active, missing degrees of freedom are not a problem. Therefore, we are able to mount a rebound attack with multiple inbound phases to efficiently find according message pairs for ECHO.
Metadata
- Available format(s)
-
PDF
- Publication info
- Published elsewhere. Extended version of paper published at SAC 2010
- Keywords
- hash functionsSHA-3 competitionECHOcryptanalysistruncated differential pathsrebound attacksubspace distinguishernear-collisionscollision attack
- Contact author(s)
- martin schlaeffer @ iaik tugraz at
- History
- 2010-08-06: last of 2 revisions
- 2010-05-31: received
- See all versions
- Short URL
- https://ia.cr/2010/321
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2010/321,
author = {Martin Schläffer},
title = {Subspace Distinguisher for 5/8 Rounds of the {ECHO}-256 Hash Function},
howpublished = {Cryptology {ePrint} Archive, Paper 2010/321},
year = {2010},
url = {https://eprint.iacr.org/2010/321}
}
