Paper 2011/420

Unaligned Rebound Attack - Application to Keccak

Alexandre Duc, Jian Guo, Thomas Peyrin, and Lei Wei


We analyze the internal permutations of Keccak, one of the NIST SHA-3 competition finalists, in regard to differential properties. By carefully studying the elements composing those permutations, we are able to derive most of the best known differential paths for up to 5 rounds. We use these differential paths in a rebound attack setting and adapt this powerful freedom degrees utilization in order to derive distinguishers for up to 8 rounds of the internal permutations of the submitted version of Keccak. The complexity of the 8 round distinguisher is $2^{491.47}$. Our results have been implemented and verified experimentally on a small version of Keccak. This is currently the best known differential attack against the internal permutations of Keccak.

Available format(s)
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
KeccakSHA-3hash functiondi&#64256erential cryptanalysisrebound attack
Contact author(s)
alexandre duc @ epfl ch
ntu guo @ gmail com
thomas peyrin @ gmail com
wl @ pmail ntu edu sg
2012-04-19: last of 2 revisions
2011-08-05: received
See all versions
Short URL
Creative Commons Attribution


      author = {Alexandre Duc and Jian Guo and Thomas Peyrin and Lei Wei},
      title = {Unaligned Rebound Attack - Application to Keccak},
      howpublished = {Cryptology ePrint Archive, Paper 2011/420},
      year = {2011},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.