Rebound Attacks on the Reduced Grøstl Hash Function

Florian Mendel; C. Rechberger; Martin Schlaffer; Søren S. Thomsen

doi:10.1007/978-3-642-11925-5_24

Rebound Attacks on the Reduced Grøstl Hash Function

Florian Mendel, C. Rechberger, Martin Schlaffer, Søren S. Thomsen

Research output: Contribution to journal › Conference article › Research › peer-review

Abstract

Grøstl is one of 14 second round candidates of the NIST SHA-3 competition. Cryptanalytic results on the wide-pipe compression function of Grøstl-256 have already been published. However, little is known about the hash function, arguably a much more interesting cryptanalytic setting. Also, Grøstl-512 has not been analyzed yet. In this paper, we show the first cryptanalytic attacks on reduced-round versions of the Grøstl hash functions. These results are obtained by several extensions of the rebound attack. We present a collision attack on 4/10 rounds of the Grøstl-256 hash function and 5/14 rounds of the Grøstl-
512 hash functions. Additionally, we give the best collision attack for reduced-round (7/10 and 7/14) versions of the compression function of Grøstl-256 and Grøstl-512.

Original language	English
Book series	Lecture Notes in Computer Science
Volume	5985
Pages (from-to)	350–365
ISSN	0302-9743
DOIs	https://doi.org/10.1007/978-3-642-11925-5_24
Publication status	Published - 2010
Event	CT-RSA 2010: The Cryptographers’ Track at the RSA Conference 2010 - San Francisco, CA, United States Duration: 1 Mar 2010 → 5 Mar 2010

Conference

Conference	CT-RSA 2010
Country	United States
City	San Francisco, CA
Period	01/03/2010 → 05/03/2010

Keywords

Hash function
Cryptanalysis
Collisions
Rebound attack

Access to Document

10.1007/978-3-642-11925-5_24

Fingerprint Dive into the research topics of 'Rebound Attacks on the Reduced Grøstl Hash Function'. Together they form a unique fingerprint.

Cite this

@inproceedings{52d285bf06ba4a5e9dadf5e0fd065362,

title = "Rebound Attacks on the Reduced Gr{\o}stl Hash Function",

abstract = "Gr{\o}stl is one of 14 second round candidates of the NIST SHA-3 competition. Cryptanalytic results on the wide-pipe compression function of Gr{\o}stl-256 have already been published. However, little is known about the hash function, arguably a much more interesting cryptanalytic setting. Also, Gr{\o}stl-512 has not been analyzed yet. In this paper, we show the first cryptanalytic attacks on reduced-round versions of the Gr{\o}stl hash functions. These results are obtained by several extensions of the rebound attack. We present a collision attack on 4/10 rounds of the Gr{\o}stl-256 hash function and 5/14 rounds of the Gr{\o}stl-512 hash functions. Additionally, we give the best collision attack for reduced-round (7/10 and 7/14) versions of the compression function of Gr{\o}stl-256 and Gr{\o}stl-512.",

keywords = "Hash function, Cryptanalysis, Collisions, Rebound attack",

author = "Florian Mendel and C. Rechberger and Martin Schlaffer and Thomsen, {S{\o}ren S.}",

year = "2010",

doi = "10.1007/978-3-642-11925-5_24",

language = "English",

volume = "5985",

pages = "350–365",

journal = "Lecture Notes in Computer Science",

issn = "0302-9743",

publisher = "Springer",

note = "CT-RSA 2010 : The Cryptographers{\textquoteright} Track at the RSA Conference 2010 ; Conference date: 01-03-2010 Through 05-03-2010",

}

TY - GEN

T1 - Rebound Attacks on the Reduced Grøstl Hash Function

AU - Mendel, Florian

AU - Rechberger, C.

AU - Schlaffer, Martin

AU - Thomsen, Søren S.

PY - 2010

Y1 - 2010

N2 - Grøstl is one of 14 second round candidates of the NIST SHA-3 competition. Cryptanalytic results on the wide-pipe compression function of Grøstl-256 have already been published. However, little is known about the hash function, arguably a much more interesting cryptanalytic setting. Also, Grøstl-512 has not been analyzed yet. In this paper, we show the first cryptanalytic attacks on reduced-round versions of the Grøstl hash functions. These results are obtained by several extensions of the rebound attack. We present a collision attack on 4/10 rounds of the Grøstl-256 hash function and 5/14 rounds of the Grøstl-512 hash functions. Additionally, we give the best collision attack for reduced-round (7/10 and 7/14) versions of the compression function of Grøstl-256 and Grøstl-512.

AB - Grøstl is one of 14 second round candidates of the NIST SHA-3 competition. Cryptanalytic results on the wide-pipe compression function of Grøstl-256 have already been published. However, little is known about the hash function, arguably a much more interesting cryptanalytic setting. Also, Grøstl-512 has not been analyzed yet. In this paper, we show the first cryptanalytic attacks on reduced-round versions of the Grøstl hash functions. These results are obtained by several extensions of the rebound attack. We present a collision attack on 4/10 rounds of the Grøstl-256 hash function and 5/14 rounds of the Grøstl-512 hash functions. Additionally, we give the best collision attack for reduced-round (7/10 and 7/14) versions of the compression function of Grøstl-256 and Grøstl-512.

KW - Hash function

KW - Cryptanalysis

KW - Collisions

KW - Rebound attack

U2 - 10.1007/978-3-642-11925-5_24

DO - 10.1007/978-3-642-11925-5_24

M3 - Conference article

VL - 5985

SP - 350

EP - 365

JO - Lecture Notes in Computer Science

JF - Lecture Notes in Computer Science

SN - 0302-9743

T2 - CT-RSA 2010

Y2 - 1 March 2010 through 5 March 2010

ER -