Skip to Main content Skip to Navigation
Conference papers

Improved rebound attack on the finalist grøstl

Abstract : Grøstl is one of the five finalist hash functions of the SHA-3 competition. For entering this final phase, the designers have tweaked the submitted versions. This tweak renders inapplicable the best known distinguishers on the compression function presented by Peyrin [18] that exploited the internal permutation properties. Since the beginning of the final round, very few analysis have been published on Grøstl. Currently, the best known rebound-based results on the permutation and the compression function for the 256-bit version work up to 8 rounds, and up to 7 rounds for the 512-bit version. In this paper, we present new rebound distinguishers that work on a higher number of rounds for the permutations of both 256 and 512-bit versions of this finalist, that is 9 and 10 respectively. Our distinguishers make use of an algorithm that we propose for solving three fully active states in the middle of the differential characteristic, while the Super-Sbox technique only handles two.
Document type :
Conference papers
Complete list of metadata
Contributor : Brigitte Briot Connect in order to contact the contributor
Submitted on : Friday, January 30, 2015 - 4:31:32 PM
Last modification on : Thursday, March 17, 2022 - 10:08:37 AM

Links full text




Jérémy Jean, Maria Naya Plasencia, Thomas Peyrin. Improved rebound attack on the finalist grøstl. FSE 2012 - Proceedings of the 19th international conference on Fast Software Encryption, Mar 2012, Washington DC, United States. pp.110-126, ⟨10.1007/978-3-642-34047-5_7⟩. ⟨hal-01111620⟩



Record views