Rotational Rebound Attacks on Reduced Skein

Dmitry Khovratovich, Ivica Nikolic, Christian Rechberger

    Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review


    In this paper we combine a recent rotational cryptanalysis with the rebound attack, which results in the best cryptanalysis of Skein, a candidate for the SHA-3 competition. The rebound attack approach was so far only applied to AES-like constructions. For the first time, we show that this approach can also be applied to very different constructions. In more detail, we develop a number of techniques that extend the reach of both the inbound and the outbound phase, leading to cryptanalytic results on an estimated 53/57 out of the 72 rounds of the Skein-256/512 compression function and the Threefish cipher. The new techniques include an analytical search for optimal input values in the rotational cryptanalysis, which allows to extend the outbound phase of the attack with a precomputation phase, an approach never used in any rebound-style attack before. Further we show how to combine multiple inside-out computations and neutral bits in the inbound phase of the rebound attack, and give well-defined rotational distinguishers as certificates of weaknesses for the compression functions and block ciphers.
    Original languageEnglish
    Title of host publicationAdvances in Cryptology - ASIACRYPT 2010 : 16th International Conference on the Theory and Application of Cryptology and Information Security, Singapore, December 5-9, 2010. Proceedings
    EditorsMasayuki Abe
    Publication date2010
    ISBN (Print)978-3-642-17372
    Publication statusPublished - 2010
    EventAsiacrypt 2010: 16th Annual International Conference on the Theory and Application of Cryptology and Information Security - Swissôtel Merchant Court, Singapore, Singapore, Singapore
    Duration: 5 Dec 20109 Dec 2010


    ConferenceAsiacrypt 2010
    LocationSwissôtel Merchant Court, Singapore
    SeriesLecture Notes in Computer Science


    • Skein
    • Hash function
    • Rotational cryptanalysis
    • Rebound attack
    • Distinguisher


    Dive into the research topics of 'Rotational Rebound Attacks on Reduced Skein'. Together they form a unique fingerprint.

    Cite this