### Rotational Rebound Attacks on Reduced Skein

Dmitry Khovratovich, Ivica Nikolic, and Christian Rechberger

##### Abstract

In this paper we combine the recent rotational cryptanalysis with the rebound attack, which results in the best cryptanalysis of Skein, a candidate for the SHA-3 competition. The rebound attack approach was so far only applied to AES-like constructions. For the first time, we show that this approach can also be applied to very different constructions. In more detail, we develop a number of techniques that extend the reach of both the inbound and the outbound phase, leading to rotational collisions for about 53/57 out of the 72 rounds of the Skein-256/512 compression function and the Threefish cipher. At this point, the results do not threaten the security of the full-round Skein hash function. The new techniques include an analytical search for optimal input values in the rotational cryptanalysis, which allows to extend the outbound phase of the attack with a precomputation phase, an approach never used in any rebound-style attack before. Further we show how to combine multiple inside-out computations and neutral bits in the inbound phase of the rebound attack, and give well-defined rotational distinguishers as certificates of weaknesses for the compression functions and block ciphers.

Available format(s)
Category
Secret-key cryptography
Publication info
Published elsewhere. Earlier version appears in Proceedings of Asiacrypt 2010
Keywords
SkeinSHA-3hash functioncompression functioncipherrotational cryptanalysisrebound attackdistinguisher.
Contact author(s)
christian rechberger @ esat kuleuven be
History
Short URL
https://ia.cr/2010/538

CC BY

BibTeX

@misc{cryptoeprint:2010/538,
author = {Dmitry Khovratovich and Ivica Nikolic and Christian Rechberger},
title = {Rotational Rebound Attacks on Reduced Skein},
howpublished = {Cryptology ePrint Archive, Paper 2010/538},
year = {2010},
note = {\url{https://eprint.iacr.org/2010/538}},
url = {https://eprint.iacr.org/2010/538}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.