×

Two attacks on RadioGatún. (English) Zbl 1203.94108

Roy Chowdhury, Dipanwita (ed.) et al., Progress in cryptology – INDOCRYPT 2008. 9th international conference on cryptology in India, Kharagpur, India, December 14–17, 2008. Proceedings. Berlin: Springer (ISBN 978-3-540-89753-8/pbk). Lecture Notes in Computer Science 5365, 53-66 (2008).
Summary: We investigate the security of the hash function design called RadioGatún in a recently proposed framework of sponge functions. We show that previously introduced symmetric trails can hardly be used to construct collisions and to find a second preimage efficiently. As a generalization of truncated differentials, trails with linear and non-linear restrictions on differences are proposed. We use these trails to find semi-free-start collisions and second preimages with the meet-in-the middle approach and the complexity in the gap between claimed security level and the birthday bound. We also provide some observations on lower bounds on the complexity of our methods with respect to the length of the trail used. This is the best attack on RadioGatún.
For the entire collection see [Zbl 1154.94005].

MSC:

94A60 Cryptography
PDFBibTeX XMLCite
Full Text: DOI

References:

[1] Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Radiogatun, a belt-and-mill hash function. In: NIST Cryptographic Hash Workshop (2006)
[2] Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Sponge functions. In: ECRYPT Hash Workshop (2007), http://sponge.noekeon.org/ · Zbl 1149.94304
[3] Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: On the indifferentiability of the sponge construction. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 181–197. Springer, Heidelberg (2008) · Zbl 1149.94304 · doi:10.1007/978-3-540-78967-3_11
[4] Daemen, J.: Cipher and hash function design strategies based on linear and differential cryptanalysis. PhD thesis, K.U.Leuven (March 1995)
[5] Daemen, J., Van Assche, G.: Producing collisions for panama, instantaneously. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 1–18. Springer, Heidelberg (2007) · Zbl 1186.94432 · doi:10.1007/978-3-540-74619-5_1
[6] Daemen, J., Clapp, C.S.K.: Fast hashing and stream encryption with PANAMA. In: Vaudenay, S. (ed.) FSE 1998. LNCS, vol. 1372, pp. 60–74. Springer, Heidelberg (1998) · Zbl 1385.94024 · doi:10.1007/3-540-69710-1_5
[7] Daemen, J., Rijmen, V.: The Design of Rijndael. AES – the Advanced Encryption Standard. Springer, Heidelberg (2002) · Zbl 1065.94005
[8] Cryptographic Hash Project, http://csrc.nist.gov/groups/ST/hash/index.html
[9] http://radiogatun.noekeon.org/
[10] Knudsen, L.R., Rechberger, C., Thomsen, S.S.: The Grindahl hash functions. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 39–57. Springer, Heidelberg (2007) · Zbl 1186.94456 · doi:10.1007/978-3-540-74619-5_3
[11] Menezes, A., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1996) · Zbl 0868.94001 · doi:10.1201/9781439821916
[12] Peyrin, T.: Cryptanalysis of Grindahl. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 551–567. Springer, Heidelberg (2007) · Zbl 1153.94423 · doi:10.1007/978-3-540-76900-2_34
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. In some cases that data have been complemented/enhanced by data from zbMATH Open. This attempts to reflect the references listed in the original paper as accurately as possible without claiming completeness or a perfect matching.