Finding Collisions for Reduced Luffa-256 v2
نویسندگان
چکیده
Luffa is a family of cryptographic hash functions that has been selected as a second round SHA-3 candidate. This paper presents the first collision finding analysis of Luffa-256 v2 which is the 256-bit hash function in the Luffa family. We show that collisions for 4 out of 8 steps of Luffa can be found with complexity 2 using sophisticated message modification techniques. Furthermore, we present a security analysis which shows how difficult it is to apply the same approach to Luffa-256 v2 reduced to 5 steps: the resulting attack would require a complexity of 2. This analysis can be seen as an indication that the full 8 steps of the Luffa-256 v2 hash function has a large security margin against differential collision search with message modification technique.
منابع مشابه
Cryptanalysis of Luffa v2 Components
We develop a number of techniques for the cryptanalysis of the SHA-3 candidate Luffa, and apply them to various Luffa components. These techniques include a new variant of the rebound approach taking into account the specifics of Luffa. The main improvements include the construction of good truncated differential paths, the search for differences using multiple inbound phases and a fast final s...
متن کاملHigher-Order Differential Properties of Keccak and Luffa
In this paper, we identify higher-order differential and zero-sum properties in the full Keccak-f permutation, in the Luffa v1 hash function, and in components of the Luffa v2 algorithm. These structural properties rely on a new bound on the degree of iterated permutations with a nonlinear layer composed of parallel applications of smaller balanced Sboxes. These techniques yield zero-sum partit...
متن کاملCollisions for two branches of FORK-256
This note presents analysis of the compression function of a recently proposed hash function, FORK-256. We exhibit some unexpected differentials existing for the step transformation and show their possible uses in collision-finding attacks on different simplified variants of FORK-256. Finally, as a concrete application of those observations we present a method of finding chosen IV collisions fo...
متن کاملHigher Order Differential Attack on Step-Reduced Variants of Luffa v1
In this paper, a higher order differential attack on the hash function Luffa v1 is discussed. We confirmed that the algebraic degree of the permutation Qj which is an important non-linear component of Luffa grows slower than an ideal case both by the theoretical and the experimental approaches. According to our estimate, we can construct a distinguisher for step-reduced variants of Luffa v1 up ...
متن کاملPseudo-Cryptanalysis of Luffa
In this paper, we present the pseudo-collision, pseudo-second-preimage and pseudo-preimage attacks on the SHA-3 candidate algorithm Luffa. The pseudocollisions and pseudo-second-preimages can be found easily by computing the inverse of the message injection function at the beginning of Luffa. We explain in details the pseudo-preimage attacks. For Luffa-224/256, given the hash value, only 2 iter...
متن کامل