Paper 2023/036

Differential analysis of the ternary hash function Troika

Christina Boura, University Paris-Saclay, UVSQ
Margot Funk, University Paris-Saclay, UVSQ
Yann Rotella, University Paris-Saclay, UVSQ

Troika is a sponge-based hash function designed by Kölbl, Tischhauser, Bogdanov and Derbez in 2019. Its specificity is that it is defined over $\mathbb{F}_3$ in order to be used inside IOTA’s distributed ledger but could also serve in all settings requiring the generation of ternary randomness. To be used in practice, Troika needs to be proven secure against state-of-the-art cryptanalysis. However, there are today almost no analysis tools for ternary designs. In this article we take a step in this direction by analyzing the propagation of differential trails of Troika and by providing bounds on the weight of its trails. For this, we adapt a well-known framework for trail search designed for KECCAK and provide new advanced techniques to handle the search on $\mathbb{F}_3$. Our work demonstrates that providing analysis tools for non-binary designs is a highly non-trivial research direction that needs to be enhanced in order to better understand the real security offered by such non-conventional primitives.

Available format(s)
Attacks and cryptanalysis
Publication info
Published elsewhere. SAC 2022
differential cryptanalysisTroikaternary design
Contact author(s)
christina boura @ uvsq fr
margot funk @ uvsq fr
yann rotella @ uvsq fr
2023-01-19: approved
2023-01-11: received
See all versions
Short URL
Creative Commons Attribution


      author = {Christina Boura and Margot Funk and Yann Rotella},
      title = {Differential analysis of the ternary hash function Troika},
      howpublished = {Cryptology ePrint Archive, Paper 2023/036},
      year = {2023},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.