Abstract
In December of 2010 NIST selected five SHA-3 finalists — BLAKE, Grøstl, JH, Keccak, and Skein to advance to the third (and final) round of the SHA-3 competition. At present most specialists and scholars focus on the design and the attacks on these hash functions. However, it is very significant to study some properties of their primitives and underlying permutations. Because some properties reflect the pseudo-randomness of the structures. Moreover, they help us to find new cryptanalysis for some block cipher structures. In this paper, we analyze the resistance of JH and Grøstl-512 against structural properties built on integral distinguishers. And then 31.5 (out of 42) rounds integral distinguishers for JH compression function and 11.5 (out of 14) rounds for Grøstl-512 compression function are presented.
Article PDF
Similar content being viewed by others
Avoid common mistakes on your manuscript.
References
The SHA-3 Zoo http://ehash.iaik.tugraz.at/wiki/The SHA-3 Zoo.
L. R. Knudsen and V. Rijmen. Known-key distinguishers for some block ciphers. In: K. Kurosawa, (ed.), the 13th Annual International Conference on the Theory and Application of Cryptology & Information Security, Springer, Heidelberg, 2007, Lecture Notes in Computer Science, Vol. 4833, 315–324.
A. Biryukov, D. Khovratovich, and I. Nikolic. Distinguisher and related-key attack on the full AES-256. In: S. Halevi (ed.), the 29th International Cryptology Conference, Springer, Heidelberg, 2009, Lecture Notes in Computer Science, Vol. 5677, 231–249.
A. Biryukov and D. Khovratovich. Related-key cryptanalysis of the full AES-192 and AES-256. In: M. Matsui (ed.), the 15th Annual International Conference on the Theory and Application of Cryptology & Information Security, Springer, Heidelberg, 2009, Lecture Notes in Computer Science, Vol. 5912, 1–18.
H. Wu. The Hash function JH. Submission to NIST, http://icsd.i2r.astar.edu.sg/staff/hongjun/jh/jh.pdf, 2008.
F. Mendel and S. S. Thomsen. An observation on JH-512. http://ehash.iaik.tugraz.at/uploads/d/da/Jhpreimage.pdf.
V. Rijmen, D. Toz, and K. Varici. Rebound attack on reduced-round versions of JH. The 17th International Workshop on Fast Software Encryption, Springer, Heidelberg, 2010, Lecture Notes in Computer Science, Vol. 6147, 286C303.
F. Mendel, C. Rechberger, M. Schlaffer, et al. The rebound attack: cryptanalysis of reduced whirlpool and Grøstl. The 16th International Workshop on Fast Software Encryption, Springer, Heidelberg, 2009, Lecture Notes in Computer Science 5665, 260–276.
K. Ideguchi, E. Tischhauser, and B. Preneel. Improved collision attacks on the reduced-round Grøstl Hash function. The 13th Information Security Conference, Springer, Heidelberg, 2010, Lecture Notes in Computer Science 6531, 1–16.
F. Mendel, C. Rechberger, M. Schlaffer, et al. Rebound attacks on the reduced Grøstl hash function. The Cryptographers’ Track at the RSA Conference 2010, Springer, Heidelberg, 2010, Lecture Notes in Computer Science, Vol. 5985, 350–365.
Y. Sasaki, Y. Li, L. Wang, K. Sakiyama, and K. Ohta New Non. Ideal properties of AES-based permutations: applications to ECHO and Grøstl. The 16th Annual International Conference on the Theory and Application of Cryptology & Information Security, Springer, Heidelberg, 2010, Lecture Notes in Computer Science 6477, 38–55.
T. Peyrin. Improved differential attacks for ECHO and Grøstl. Cryptology ePrint Archive, Report 2010/223, to appear in Crypto 2010. http://eprint.iacr.org/.
S. Galice and M. Minier. Improving integral attacks against Rijndael-256 up to 9 rounds. In: S. Vaudenay, (ed.), AFRICACRYPT 2008, Springer, Heidelberg, 2008, Lecture Notes in Computer Science, Vol. 5023, 1–15.
M. Minier, R. C. W. Phan, and B. Pousse. Distinguishers for ciphers and known key attack against Rijndael with large blocks. In: B. Preneel, (ed.), AFRICACRYPT 2009, Springer, Heidelberg, 2009, Lecture Notes in Computer Science, Vol. 5580, 60–76.
C. Boura and A. Canteaut. A zero-sum property for the Keccak-f permutation with 18 rounds. National Institute of Standards and Technology mailing list, 2010.
P. Gauravaram, L. R. Knudsen, K. Matusiewicz, et al. Grøstl — a SHA-3 candidate. Submission to NIST, 2008.
J. P. Aumasson, E. Kasper, L. R. Knudsen, et al. Distinguishers for the compression function and output transformation of Hamsi-256. Cryptology ePrint Archive, Report 2010 / 091. The 15th Australasian Conference on Information Security and Privacy, http://eprint.iacr.org/.
M. Minier, R. C. W. Phan, and B. Pousse. Interal distinguishers of some SHA-3 candidates. The 9th International Conference on Cryptology and Network Security, Springer, Heidelberg, 2010, Lecture Notes in Computer Science, Vol. 6467, 106–123.
J. Daemen, L. Knudsen, and V. Rijmen. The block cipher Square. In: E. Biham, (ed.), the 4th International Workshop on Fast Software Encryption, Springer, Heidelberg, 1997, Lecture Notes in Computer Science, Vol. 1267, 149–165.
L. Knudsen and D. Wagner. Integral cryptanalysis. In: J. Daemen, V. Rijmen, (eds.), the 9th International Workshop on Fast Software Encryption, Springer, Heidelberg, 2002, Lecture Notes in Computer Science, Vol. 2365, 112–127.
Author information
Authors and Affiliations
Corresponding author
Additional information
Supported by the National Natural Science Foundation of China (No. 60873259 and No. 60903212), and Knowledge Innovation Project of the Chinese Academy of Sciences.
Communication author: Li Yanjun, born in 1979, female, Ph.D. candidate.
About this article
Cite this article
Li, Y., Wu, W. & Dong, L. Integral distinguishers of JH and Grøstl-512. J. Electron.(China) 29, 94–102 (2012). https://doi.org/10.1007/s11767-012-0779-x
Received:
Revised:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11767-012-0779-x