Abstract
In this paper we introduce new concepts that help read and understand low-weight differential trails in Keccak. We then propose efficient techniques to exhaustively generate all 3-round trails in its largest permutation below a given weight. This allows us to prove that any 6-round differential trail in Keccak-f[1600] has weight at least 74. In the worst-case diffusion scenario where the mixing layer acts as the identity, we refine the lower bound to 82 by systematically constructing trails using a specific representation of states.
Chapter PDF
References
Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: On the Indifferentiability of the Sponge Construction. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 181–197. Springer, Heidelberg (2008), http://sponge.noekeon.org/
Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Cryptographic sponge functions (January 2011), http://sponge.noekeon.org/
Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: On alignment in Keccak. In: ECRYPT II Hash Workshop 2011 (2011)
Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: The Keccak reference (January 2011), http://keccak.noekeon.org/
Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: KeccakTools software (April 2012), http://keccak.noekeon.org/
Biham, E., Shamir, A.: Differential Cryptanalysis of DES-like Cryptosystems. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 2–21. Springer, Heidelberg (1991)
Daemen, J., Van Assche, G.: Differential propagation analysis of Keccak. Cryptology ePrint Archive, Report 2012/163 (2012), http://eprint.iacr.org/
Daemen, J., Peeters, M., Van Assche, G., Rijmen, V.: Nessie proposal: the block cipher Noekeon, Nessie submission (2000), http://gro.noekeon.org/
Daemen, J., Rijmen, V.: The design of Rijndael — AES, the advanced encryption standard. Springer (2002)
Daemen, J., Rijmen, V.: Plateau characteristics and AES. IET Information Security 1(1), 11–17 (2007)
Dinur, I., Dunkelman, O., Shamir, A.: New Attacks on Keccak-224 and Keccak-256. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 447–463. Springer, Heidelberg (2012)
Duc, A., Guo, J., Peyrin, T., Wei, L.: Unaligned rebound attack: Application to Keccak. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 407–426. Springer, Heidelberg (2012)
Gauravaram, P., Knudsen, L.R., Matusiewicz, K., Mendel, F., Rechberger, C., Schläffer, M., Thomsen, S.S.: Grøstl – a SHA-3 candidate. Submission to NIST (round 3) (2011)
Heilman, E.: Restoring the differential security of MD6. In: ECRYPT II Hash Workshop 2011 (2011)
Naya-Plasencia, M., Röck, A., Meier, W.: Practical Analysis of Reduced-Round Keccak. In: Bernstein, D.J., Chatterjee, S. (eds.) INDOCRYPT 2011. LNCS, vol. 7107, pp. 236–254. Springer, Heidelberg (2011)
NIST, Announcing request for candidate algorithm nominations for a new cryptographic hash algorithm (SHA-3) family. Federal Register Notices 72(212), 62212–62220 (2007), http://csrc.nist.gov/groups/ST/hash/index.html
Rivest, R., Agre, B., Bailey, D.V., Cheng, S., Crutchfield, C., Dodis, Y., Fleming, K.E., Khan, A., Krishnamurthy, J., Lin, Y., Reyzin, L., Shen, E., Sukha, J., Sutherland, D., Tromer, E., Yin, Y.L.: The MD6 hash function – a proposal to NIST for SHA-3. Submission to NIST (2008), http://groups.csail.mit.edu/cis/md6/
Wu, H.: The hash function JH. Submission to NIST (round 3) (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Daemen, J., Van Assche, G. (2012). Differential Propagation Analysis of Keccak. In: Canteaut, A. (eds) Fast Software Encryption. FSE 2012. Lecture Notes in Computer Science, vol 7549. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34047-5_24
Download citation
DOI: https://doi.org/10.1007/978-3-642-34047-5_24
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-34046-8
Online ISBN: 978-3-642-34047-5
eBook Packages: Computer ScienceComputer Science (R0)