dc.description.abstract |
Cryptographic hash Functions are widely used for a wide range of applications such as au-
thentication of information, digital signatures and protection of pass-phrases. In the last
few years, the cryptanalysis of hash functions has gained much importance within the cryp-
tographic community. In 2004 a series of attacks by Wang et al. [19, 20] have exposed
security vulnerabilities in the design of the most widely deployed SHA-1 hash function. As
a result, the US National Institute for Standards and Technology (NIST) recommended the
replacement of SHA-1 by the SHA-2 hash function family and in 2008, they announced a
call for the design of a new SHA-3 hashing algorithm.
On October 31, 2008, the “SHA-3 competition”, organised by the National Institute of
Standards and Technology (NIST), was launched [17]. 64 algorithms were submitted, out
of which, 51 were accepted for the first round of the competition. On July 24, 2009, 14
candidates were chosen by NIST to advance to the second round of the competition. One
of the candidates accepted for the second round is called Grφstl [11], developed by Praveen
Gauravaram, Lars R. Knudsen and Krystian Matusiewicz. Grφstl further advanced to the
final round along with BLAKE [2], JH, Keccak [3], Skein [10] and became one of the top 5
proposals for SHA-3.
The report breifly specifies the Grφstl family of cryptographic hash algorithms, one of the
top 5 finalists of the SHA-3 hash function competition and a well known attack named
Rebound Attack on Grφstl. The rebound attack is a freedom degrees utilization technique
that was first proposed by Mendel et al. in [15] as an analysis of round-reduced Grφstl and
Whirlpool [18]. The main idea of the rebound attack is to use the available degrees of freedom
in a collision attack to effeciently bypass the low probability parts of a truncated differential
trail. The rebound attack consists of an inbound phase with a match-in-the-middle part to
exploit the available degrees of freedom, followed by a subsequent probabilistic outbound
phase. Report discusses available rebound attacks on reduced rounds of Grφstl-256.
The report first describes a simple method to utilize the available freedom degrees. The
original idea of rebound is then applied to reduced rounds of Grφstl- 256. Report describes
attack on 4 rounds of Grφstl-256. It further explains same rebound technique applied on 5
and 6 rounds Grφstl-256. The new technique Super Sbox Cryptanalysis [12] introduced by
Thomas Peyrin and Henri Gilbert is explained in the report alongwith its application on 7
rounds of Grφstl-256. |
en_US |