Higher-order differential properties of Keccak and Luffa
| Autor: | Anne Canteaut, Christophe De Cannière, Christina Boura |
|---|---|
| Přispěvatelé: | Security, Cryptology and Transmissions (SECRET), Inria Paris-Rocquencourt, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria), Gemalto [Meudon], GEMALTO (GEMALTO), Department of Electrical Engineering [Leuven] (ESAT), Catholic University of Leuven - Katholieke Universiteit Leuven (KU Leuven), projet SAPHIR2, ANR-08-VERS-014,projet SAPHIR2, ANR-08-VERS-014, ANR-08-VERS-0014,SAPHIR 2,: Sécurité et Analyses de Primitives de Hachage Innovantes et Récentes 3(2008), Antoine Joux |
| Jazyk: | angličtina |
| Rok vydání: | 2010 |
| Předmět: |
Discrete mathematics
Degree (graph theory) zero-sums higher-order differentials 010102 general mathematics Hash function SHA-3 020206 networking & telecommunications Hash functions 02 engineering and technology Function (mathematics) Grøstl 01 natural sciences degree Permutation [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR] Iterated function 0202 electrical engineering electronic engineering information engineering 0101 mathematics Perfect hash function Mathematics |
| Zdroj: | Fast Software Encryption-FSE 2011 Fast Software Encryption-FSE 2011, Feb 2011, Lyngby, Denmark. pp.252-269, ⟨10.1007/978-3-642-21702-9_15⟩ Fast Software Encryption ISBN: 9783642217012 FSE |
| DOI: | 10.1007/978-3-642-21702-9_15⟩ |
| Popis: | International audience; In this paper, we identify higher-order differential and zero-sum properties in the full Keccak-f permutation, in the Luffa v1 hash function and in components of the Luffa v2 algorithm. These structural properties rely on a new bound on the degree of iterated permutations with a nonlinear layer composed of parallel applications of a number of balanced Sboxes. These techniques yield zero-sum partitions of size 2^{1575} for the full Keccak-f permutation and several observations on the Luffa hash family. We first show that Luffa v1 applied to one-block messages is a function of 255 variables with degree at most 251. This observation leads to the construction of a higher-order differential distinguisher for the full Luffa v1 hash function, similar to the one presented by Watanabe et al. on a reduced version. We show that similar techniques can be used to find all-zero higher-order differentials in the Luffa v2 compression function, but the additional blank round destroys this property in the hash function. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|