Improved practical attacks on round-reduced Keccak

Itai Dinur, Orr Dunkelman, Adi Shamir

Research output: Contribution to journalArticlepeer-review

Abstract

The Keccak hash function is the winner of NIST's SHA-3 competition, and so far it showed remarkable resistance against practical collision finding attacks: After several years of cryptanalysis and a lot of effort, the largest number of Keccak rounds for which actual collisions were found was only 2. In this paper, we develop improved collision finding techniques which enable us to double this number. More precisely, we can now find within a few minutes on a single PC actual collisions in the standard Keccak-224 and Keccak-256, where the only modification is to reduce their number of rounds to 4. When we apply our techniques to 5-round Keccak, we can get in a few days near collisions, where the Hamming distance is 5 in the case of Keccak-224 and 10 in the case of Keccak-256. Our new attack combines differential and algebraic techniques, and uses the fact that each round of Keccak is only a quadratic mapping in order to efficiently find pairs of messages which follow a high probability differential characteristic. Since full Keccak has 24 rounds, our attack does not threaten the security of the hash function.

Original languageEnglish
Pages (from-to)183-209
Number of pages27
JournalJournal of Cryptology
Volume27
Issue number2
DOIs
StatePublished - Apr 2014

Bibliographical note

Funding Information:
The second author was supported in part by the Israel Science Foundation through grant No. 827/12.

Keywords

  • Collision
  • Cryptanalysis
  • Keccak
  • Near-collision
  • Practical attack
  • SHA-3

ASJC Scopus subject areas

  • Software
  • Computer Science Applications
  • Applied Mathematics

Fingerprint

Dive into the research topics of 'Improved practical attacks on round-reduced Keccak'. Together they form a unique fingerprint.

Cite this