Paper 2020/561
Exploiting Weak Diffusion of Gimli: Improved Distinguishers and Preimage Attacks
Fukang Liu, Takanori Isobe, and Willi Meier
Abstract
The Gimli permutation proposed in CHES 2017 was designed for cross-platform performance. One main strategy to achieve such a goal is to utilize a sparse linear layer (Small-Swap and Big-Swap), which occurs every two rounds. In addition, the round constant addition occurs every four rounds and only one 32-bit word is affected by it. The above two facts have been recently exploited to construct a distinguisher for the full Gimli permutation with time complexity
Note: This is a major revision. We removed the 21-round and 24-round distinguisher and will focus on the 18-round distinguisher as well as the improved full-round distinguisher based on a new property of the SP-box.
Metadata
- Available format(s)
-
PDF
- Category
- Secret-key cryptography
- Publication info
- Published elsewhere. ToSC 2021 (Issue 1)
- Keywords
- hash functionGimliGimli-HashGimli-XOFpreimage attackdistinguisher
- Contact author(s)
-
liufukangs @ 163 com
takanori isobe @ ai u-hyogo ac jp
willimeier48 @ gmail com - History
- 2021-02-08: last of 5 revisions
- 2020-05-15: received
- See all versions
- Short URL
- https://ia.cr/2020/561
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2020/561, author = {Fukang Liu and Takanori Isobe and Willi Meier}, title = {Exploiting Weak Diffusion of Gimli: Improved Distinguishers and Preimage Attacks}, howpublished = {Cryptology {ePrint} Archive, Paper 2020/561}, year = {2020}, url = {https://eprint.iacr.org/2020/561} }