Internal differential collision attacks on the reduced-round Grøstl-0 hash function

Kota Ideguchi, Elmar Wolfgang Tischhauser, Bart Preneel

Research output: Contribution to journalJournal articleResearchpeer-review

Abstract

We analyze the Grøstl-0 hash function, that is the version of Grøstl submitted to the SHA-3 competition. This paper extends Peyrin’s internal differential strategy, that uses differential paths between the permutations P and Q of Grøstl-0 to construct distinguishers of the compression function. This results in collision attacks and semi-free-start collision attacks on the Grøstl-0 hash function and compression function with reduced rounds. Specifically, we show collision attacks on the Grøstl-0-256 hash function reduced to 5 and 6 out of 10 rounds with time complexities 248 and 2112 and on the Grøstl-0-512 hash function reduced to 6 out of 14 rounds with time complexity 2183. Furthermore, we demonstrate semi-free-start collision attacks on the Grøstl-0-256 compression function reduced to 8 rounds and the Grøstl-0-512 compression function reduced to 9 rounds. Finally, we show improved distinguishers for the Grøstl-0-256 permutations with reduced rounds.
Original languageEnglish
JournalDesigns, Codes and Cryptography
Volume70
Issue number3
Pages (from-to)251-271
ISSN0925-1022
DOIs
Publication statusPublished - 2014

Keywords

  • Hash function
  • Differential cryptanalysis
  • Collision attack
  • SHA-3

Fingerprint

Dive into the research topics of 'Internal differential collision attacks on the reduced-round Grøstl-0 hash function'. Together they form a unique fingerprint.

Cite this