Secondly, we investigate the T-sponge construction and show how certain CPS and rate values lead to an improved preimage attack on long messages. As an example, we find collisions for the GLUON-64 internal function, approximate its CPS, and show an attack that violates the security claims. For instance, if a message ends with a sequence of 1~Mb (respectively 1~Gb) of zeros, then our preimage search takes time $2^{115.3}$ (respectively $2^{105.3}$) instead of $2^{128}$.
Category / Keywords: secret-key cryptography / random function, Collision Probability Spectrum, collision tree, T-sponge, GLUON, collision search Original Publication (in the same form): IACR-FSE-2014 Date: received 27 Mar 2014 Contact author: leo perrin at uni lu Available format(s): PDF | BibTeX Citation Version: 20140328:075220 (All versions of this report) Short URL: ia.cr/2014/223