Cryptology ePrint Archive: Report 2019/1115

Collision Attacks on Round-Reduced Gimli-Hash/Ascon-Xof/Ascon-Hash

Rui Zong and Xiaoyang Dong and Xiaoyun Wang

Abstract: The NIST-approved lightweight cryptography competition is an ongoing project to look for some algorithms as lightweight cryp- tographic standards. Recently, NIST chooses 32 algorithms from the 57 submissions as Round 2 candidates. Gimli and Ascon are both the Round 2 candidates. In this paper, we analyze the security of their hash mode against collision attacks. Con- cretely, we mount collision attacks on three hash functions: Gimli-Hash, Ascon-Xof and Ascon-Hash. These three hash functions are all based on sponge constructions. We give two attack strategies for searching collisions in sponge-based hash functions. Following one strategy, we give two non-practical collision attacks: a 6-round collision attack on Gimli-Hash with time complexity 2113and a 2-round collision attack on Ascon-Hash with time complexity 2125. Following the other strategy, we give a practical attack on 2-round Ascon-Xof with a 64-bit output. The time complexity is 215. We search for the differential characteristics using the MILP technique and the target differential algorithm.

Category / Keywords: secret-key cryptography / Collision Attack, Gimli-Hash, Ascon-Xof, Ascon-Hash, Attack Strategy, Sponge-based Hash Function

Date: received 29 Sep 2019, last revised 3 Oct 2019

Contact author: zongrui3 at 163 com

Available format(s): PDF | BibTeX Citation

Version: 20191003:125957 (All versions of this report)

Short URL: ia.cr/2019/1115


[ Cryptology ePrint archive ]