Paper 2019/1115
Collision Attacks on Round-Reduced Gimli-Hash/Ascon-Xof/Ascon-Hash
Rui Zong, Xiaoyang Dong, and Xiaoyun Wang
Abstract
The NIST-approved lightweight cryptography competition is an ongoing project to look for some algorithms as lightweight cryp- tographic standards. Recently, NIST chooses 32 algorithms from the 57 submissions as Round 2 candidates. Gimli and Ascon are both the Round 2 candidates. In this paper, we analyze the security of their hash mode against collision attacks. Con- cretely, we mount collision attacks on three hash functions: Gimli-Hash, Ascon-Xof and Ascon-Hash. These three hash functions are all based on sponge constructions. We give two attack strategies for searching collisions in sponge-based hash functions. Following one strategy, we give two non-practical collision attacks: a 6-round collision attack on Gimli-Hash with time complexity 2113and a 2-round collision attack on Ascon-Hash with time complexity 2125. Following the other strategy, we give a practical attack on 2-round Ascon-Xof with a 64-bit output. The time complexity is 215. We search for the differential characteristics using the MILP technique and the target differential algorithm.
Metadata
- Available format(s)
-
PDF
- Category
- Secret-key cryptography
- Publication info
- Preprint. MINOR revision.
- Keywords
- Collision AttackGimli-HashAscon-XofAscon-HashAttack StrategySponge-based Hash Function
- Contact author(s)
- zongrui3 @ 163 com
- History
- 2019-10-03: last of 2 revisions
- 2019-10-01: received
- See all versions
- Short URL
- https://ia.cr/2019/1115
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2019/1115,
author = {Rui Zong and Xiaoyang Dong and Xiaoyun Wang},
title = {Collision Attacks on Round-Reduced Gimli-Hash/Ascon-Xof/Ascon-Hash},
howpublished = {Cryptology {ePrint} Archive, Paper 2019/1115},
year = {2019},
url = {https://eprint.iacr.org/2019/1115}
}
