[Resource Topic] 2016/878: Linear Structures: Applications to Cryptanalysis of Round-Reduced Keccak

Welcome to the resource topic for 2016/878

Title:
Linear Structures: Applications to Cryptanalysis of Round-Reduced Keccak

Authors: Jian Guo, Meicheng Liu, Ling Song

Abstract:

In this paper, we analyze the security of round-reduced versions of the Keccak hash function family. Based on the work pioneered by Aumasson and Meier, and Dinur et al., we formalize and develop a technique named linear structure, which allows linearization of the underlying permutation of Keccak for up to 3 rounds with large number of variable spaces. As a direct application, it extends the best zero-sum distinguishers by 2 rounds without increasing the complexities. We also apply linear structures to preimage attacks against Keccak. By carefully studying the properties of the underlying Sbox, we show bilinear structures and find ways to convert the information on the output bits to linear functions on input bits. These findings, combined with linear structures, lead us to preimage attacks against up to 4-round Keccak with reduced complexities. An interesting feature of such preimage attacks is low complexities for small variants. As extreme examples, we can now find preimages of 3-round SHAKE128 with complexity 1, as well as the first practical solutions to two 3-round instances of Keccak challenge. Both zero-sum distinguishers and preimage attacks are verified by implementations. It is noted that the attacks here are still far from threatening the security of the full 24-round Keccak.

ePrint: https://eprint.iacr.org/2016/878

Talk: https://www.youtube.com/watch?v=nVe2t3cAkB8

Slides: https://iacr.org/cryptodb/archive/2016/ASIACRYPT/presentation/27900.pdf

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .