Skip to Main content Skip to Navigation
Conference papers

Improved rebound attack on the finalist grøstl

Jérémy Jean 1 Maria Naya Plasencia 2 Thomas Peyrin 3
1 CASCADE - Construction and Analysis of Systems for Confidentiality and Authenticity of Data and Entities
DI-ENS - Département d'informatique de l'École normale supérieure, Inria Paris-Rocquencourt, CNRS - Centre National de la Recherche Scientifique : UMR 8548
Abstract : Grøstl is one of the five finalist hash functions of the SHA-3 competition. For entering this final phase, the designers have tweaked the submitted versions. This tweak renders inapplicable the best known distinguishers on the compression function presented by Peyrin [18] that exploited the internal permutation properties. Since the beginning of the final round, very few analysis have been published on Grøstl. Currently, the best known rebound-based results on the permutation and the compression function for the 256-bit version work up to 8 rounds, and up to 7 rounds for the 512-bit version. In this paper, we present new rebound distinguishers that work on a higher number of rounds for the permutations of both 256 and 512-bit versions of this finalist, that is 9 and 10 respectively. Our distinguishers make use of an algorithm that we propose for solving three fully active states in the middle of the differential characteristic, while the Super-Sbox technique only handles two.
Document type :
Conference papers
Complete list of metadata
Contributor : Brigitte Briot <>
Submitted on : Friday, January 30, 2015 - 4:31:32 PM
Last modification on : Tuesday, May 4, 2021 - 2:06:02 PM

Links full text




Jérémy Jean, Maria Naya Plasencia, Thomas Peyrin. Improved rebound attack on the finalist grøstl. FSE 2012 - Proceedings of the 19th international conference on Fast Software Encryption, Mar 2012, Washington DC, United States. pp.110-126, ⟨10.1007/978-3-642-34047-5_7⟩. ⟨hal-01111620⟩



Record views