Paper 2019/248
Preimage Attacks on Round-reduced Keccak-224/256 via an Allocating Approach
Ting Li and Yao Sun
Abstract
We present new preimage attacks on standard Keccak-224 and Keccak-256 that are reduced to 3 and 4 rounds. An allocating approach is used in the attacks, and the whole complexity is allocated to two stages, such that fewer constraints are considered and the complexity is lowered in each stage. Specifically, we are trying to find a 2-block preimage, instead of a 1-block one, for a given hash value, and the first and second message blocks are found in two stages, respectively. Both the message blocks are constrained by a set of newly proposed conditions on the middle state, which are weaker than those brought by the initial values and the hash values. Thus, the complexities in the two stages are both lower than that of finding a 1-block preimage directly. Together with the basic allocating approach, an improved method is given to balance the complexities of two stages, and hence, obtains the optimal attacks. As a result, we present the best theoretical preimage attacks on Keccak-224 and Keccak-256 that are reduced to 3 and 4 rounds. Moreover, we practically found a (second) preimage for 3-round Keccak-224 with a complexity of 2^{39.39}.
Note: Thank Prof. Dr. Willi Meier for pointing out the mistake in Figure 9. This mistake has been fixed in this revised version.
Metadata
- Available format(s)
-
PDF
- Publication info
- Published by the IACR in EUROCRYPT 2019
- Keywords
- CryptanalysisKeccakSHA-3Preimage attack
- Contact author(s)
- sunyao @ iie ac cn
- History
- 2019-03-12: revised
- 2019-02-28: received
- See all versions
- Short URL
- https://ia.cr/2019/248
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2019/248,
author = {Ting Li and Yao Sun},
title = {Preimage Attacks on Round-reduced Keccak-224/256 via an Allocating Approach},
howpublished = {Cryptology {ePrint} Archive, Paper 2019/248},
year = {2019},
url = {https://eprint.iacr.org/2019/248}
}
