Paper 2020/667

New Results on the SymSum Distinguisher on Round-Reduced SHA3

Sahiba Suryawanshi, Dhiman Saha, and Satyam Sachan

Abstract

In ToSC 2017 Saha et al. demonstrated an interesting property of SHA3 based on higher-order vectorial derivatives which led to self-symmetry based distinguishers referred to as SymSum and bettered the complexity w.r.t the well-studied ZeroSum distinguisher by a factor of 4. This work attempts to take a fresh look at this distinguisher in the light of the linearization technique developed by Guo et al. in Asiacrypt 2016. It is observed that the efficiency of SymSum against ZeroSum drops from 4 to 2 for any number of rounds linearized. This is supported by theoretical proofs. SymSum augmented with linearization can penetrate up to two more rounds as against the classical version. In addition to that, one more round is extended by inversion technique on the final hash values. The combined approach leads to distinguishers up to 9 rounds of SHA3 variants with a complexity of only 264 which is better than the equivalent ZeroSum distinguisher by the factor of 2. To the best of our knowledge this is the best distinguisher available on this many rounds of SHA3.

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. Minor revision. 12th International Conference on Cryptology, AFRICACRYPT2020 July 20-22, 2020.
Contact author(s)
sahibas @ iitbhilai ac in
History
2020-06-05: received
Short URL
https://ia.cr/2020/667
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2020/667,
      author = {Sahiba Suryawanshi and Dhiman Saha and Satyam Sachan},
      title = {New Results on the SymSum Distinguisher on Round-Reduced SHA3},
      howpublished = {Cryptology ePrint Archive, Paper 2020/667},
      year = {2020},
      note = {\url{https://eprint.iacr.org/2020/667}},
      url = {https://eprint.iacr.org/2020/667}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.