## Cryptology ePrint Archive: Report 2018/799

Finding Ordinary Cube Variables for Keccak-MAC with Greedy Algorithm

Fukang Liu and Zhenfu Cao and Gaoli Wang

Abstract: In this paper, we introduce an alternative method to find ordinary cube variables for Keccak-MAC by making full use of the key-independent bit conditions. First, we select some potential candidates for ordinary cube variables by properly adding key-independent bit conditions, which do not multiply with the chosen conditional cube variables in the first two rounds. Then, we carefully determine the ordinary cube variables from the candidates to establish the conditional cube tester. Finally, based on our new method to recover the 128-bit key, the conditional cube attack on 7-round Keccak-MAC-128/256/384 is improved to $2^{71}$ and 6-round Keccak-MAC-512 can be attacked with at most $2^{40}$ calls to 6-round Keccak internal permutation. It should be emphasized that our new approach does not require sophisticated modeling. As far as we know, it is the first time to clearly reveal how to utilize the key-independent bit conditions to select ordinary cube variables for Keccak-MAC.

Category / Keywords: secret-key cryptography / hash function, Keccak, Keccak-MAC, ordinary cube variables, conditional cube attack

Original Publication (in the same form): IWSEC 2019

Date: received 31 Aug 2018, last revised 29 May 2019

Contact author: liufukangs at 163 com

Available format(s): PDF | BibTeX Citation

Note: This is the IWSEC 2019 version.

Short URL: ia.cr/2018/799

[ Cryptology ePrint archive ]