### Improved Preimage Attacks on Round-Reduced Keccak-384/512

##### Abstract

This paper provides improved preimage analysis on round-reduced Keccak-384/512. Unlike low-capacity versions, Keccak-384/512 outputs from two parts of its state: an entire 320-bit plane and a 64/192-bit truncation of a second plane. Due to lack of degrees of freedom, most existing preimage analysis can only control the first 320-bit plane and achieve limited results. By thoroughly analyzing the algebraic structure of Keccak, this paper proposes a technology named extra linear dependence'', which can construct linear relations between corresponding bits from two planes. To apply the technology, this paper inherits pioneers' attack thoughts that convert output bits to linear or quadratic equations of input variables. When solving the final equation system, those linear relations can lead to extra restricting equations of output, exceeding the limit of matrix rank. As a result, the complexity of preimage attacks on 2-round and 3-round Keccak-384/512 can be decreased to $2^{39}$/$2^{204}$ and $2^{270}$/$2^{424}$ Keccak calls respectively, which are all the best known results so far. To support the theoretical analysis, this paper provides the first preimage of all 0' digest for 2-round Keccak-384, which can be obtained in one day with single core on an ordinary PC.

Available format(s)
Category
Attacks and cryptanalysis
Publication info
Preprint.
Keywords
KeccakPreimage attackLinear relation
Contact author(s)
le he @ ntu edu sg
History
2023-03-08: last of 2 revisions
See all versions
Short URL
https://ia.cr/2022/788

CC BY

BibTeX

@misc{cryptoeprint:2022/788,
author = {Le He and Xiaoen Lin and Hongbo Yu and Jian Guo},
title = {Improved Preimage Attacks on Round-Reduced Keccak-384/512},
howpublished = {Cryptology ePrint Archive, Paper 2022/788},
year = {2022},
note = {\url{https://eprint.iacr.org/2022/788}},
url = {https://eprint.iacr.org/2022/788}
}
`
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.