Abstract
Grøstl is one of 14 second round candidates of the NIST SHA-3 competition. Cryptanalytic results on the wide-pipe compression function of Grøstl-256 have already been published. However, little is known about the hash function, arguably a much more interesting cryptanalytic setting. Also, Grøstl-512 has not been analyzed yet. In this paper, we show the first cryptanalytic attacks on reduced-round versions of the Grøstl hash functions. These results are obtained by several extensions of the rebound attack. We present a collision attack on 4/10 rounds of the Grøstl-256 hash function and 5/14 rounds of the Grøstl-
512 hash functions. Additionally, we give the best collision attack for reduced-round (7/10 and 7/14) versions of the compression function of Grøstl-256 and Grøstl-512.
512 hash functions. Additionally, we give the best collision attack for reduced-round (7/10 and 7/14) versions of the compression function of Grøstl-256 and Grøstl-512.
| Original language | English |
|---|---|
| Book series | Lecture Notes in Computer Science |
| Volume | 5985 |
| Pages (from-to) | 350–365 |
| ISSN | 0302-9743 |
| DOIs | |
| Publication status | Published - 2010 |
| Event | CT-RSA 2010: The Cryptographers’ Track at the RSA Conference 2010 - San Francisco, CA, United States Duration: 1 Mar 2010 → 5 Mar 2010 |
Conference
| Conference | CT-RSA 2010 |
|---|---|
| Country/Territory | United States |
| City | San Francisco, CA |
| Period | 01/03/2010 → 05/03/2010 |
Keywords
- Hash function
- Cryptanalysis
- Collisions
- Rebound attack