Abstract
ESSENCE is a family of cryptographic hash functions, accepted to the first round of NIST's SHA-3 competition. This paper presents the first known attacks on ESSENCE. We present a semi-free-start collision attack on 31 out of 32 rounds of ESSENCE-512, invalidating the design claim that at least 24 rounds of ESSENCE are secure against differential cryptanalysis. We develop a novel technique to satisfy the first nine rounds of the differential characteristic. Non-randomness in the outputs of the feedback function F is used to construct several distinguishers on a 14-round ESSENCE block cipher and the corresponding compression function, each requiring only 2^17 output bits. This observation is extended to key-recovery attacks on the block cipher. Next, we show that the omission of round constants allows slid pairs and fixed points to be found. These attacks are independent of the number of rounds. Finally, we suggest several countermeasures against these attacks, while still keeping the design simple and easy to analyze.
Original language | English |
---|---|
Title of host publication | Information Security and Cryptology : 5th International Conference, Inscrypt 2009, Beijing, China, December 12-15, 2009. Revised Selected Papers |
Publisher | Springer |
Publication date | 2010 |
Pages | 15-34 |
DOIs | |
Publication status | Published - 2010 |
Event | International Conference of Information Security and Cryptology - Beijing, China Duration: 1 Jan 2009 → … Conference number: 5th |
Conference
Conference | International Conference of Information Security and Cryptology |
---|---|
Number | 5th |
City | Beijing, China |
Period | 01/01/2009 → … |
Series | Lecture Notes in Computer Science |
---|---|
Number | 6151 |