Zero-Sum Partitions of PHOTON Permutations

Qingju Wang, Lorenzo Grassi, Christian Rechberger

Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

87 Downloads (Pure)


We describe an approach to zero-sum partitions using Todo's division property at EUROCRYPT 2015. It follows the inside-out methodology, and includes MILP-assisted search for the forward and backward trails, and subspace approach to connect those two trails that is less restrictive than commonly done.As an application we choose PHOTON, a family of sponge-like hash function proposals that was recently standardized by ISO. With respect to the security claims made by the designers, we for the first time show zero-sum partitions for almost all of those full 12-round permutation variants that use a 4-bit S-Box. As with essentially any other zero-sum property in the literature, also here the gap between a generic attack and the shortcut is small.
Original languageEnglish
Title of host publicationTopics in Cryptology – CT-RSA 2018
EditorsNigel P. Smart
Number of pages21
Publication date2018
ISBN (Print)978-3-319-76952-3
ISBN (Electronic)978-3-319-7693-0
Publication statusPublished - 2018
EventRSA Conference 2018 - San Fancisco, United States
Duration: 16 Apr 201820 Apr 2018


ConferenceRSA Conference 2018
CountryUnited States
CitySan Fancisco
SeriesLecture Notes in Computer Science


  • Integral
  • Division property
  • Zero-sum MILP
  • Subspace


Dive into the research topics of 'Zero-Sum Partitions of PHOTON Permutations'. Together they form a unique fingerprint.

Cite this