### Finding Ordinary Cube Variables for Keccak-MAC with Greedy Algorithm

Fukang Liu, Zhenfu Cao, and Gaoli Wang

##### Abstract

In this paper, we introduce an alternative method to find ordinary cube variables for Keccak-MAC by making full use of the key-independent bit conditions. First, we select some potential candidates for ordinary cube variables by properly adding key-independent bit conditions, which do not multiply with the chosen conditional cube variables in the first two rounds. Then, we carefully determine the ordinary cube variables from the candidates to establish the conditional cube tester. Finally, based on our new method to recover the 128-bit key, the conditional cube attack on 7-round Keccak-MAC-128/256/384 is improved to $2^{71}$ and 6-round Keccak-MAC-512 can be attacked with at most $2^{40}$ calls to 6-round Keccak internal permutation. It should be emphasized that our new approach does not require sophisticated modeling. As far as we know, it is the first time to clearly reveal how to utilize the key-independent bit conditions to select ordinary cube variables for Keccak-MAC.

Note: This is the IWSEC 2019 version.

Available format(s)
Category
Secret-key cryptography
Publication info
Published elsewhere. IWSEC 2019
Keywords
hash functionKeccakKeccak-MACordinary cube variablesconditional cube attack
Contact author(s)
liufukangs @ 163 com
History
2019-05-30: last of 12 revisions
See all versions
Short URL
https://ia.cr/2018/799

CC BY

BibTeX

@misc{cryptoeprint:2018/799,
author = {Fukang Liu and Zhenfu Cao and Gaoli Wang},
title = {Finding Ordinary Cube Variables for Keccak-MAC with Greedy Algorithm},
howpublished = {Cryptology ePrint Archive, Paper 2018/799},
year = {2018},
note = {\url{https://eprint.iacr.org/2018/799}},
url = {https://eprint.iacr.org/2018/799}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.