Cube Attacks and Cube-Attack-Like Cryptanalysis on the Round-Reduced Keccak Sponge Function

In this paper, we comprehensively study the resistance of keyed variants of SHA-3 (Keccak) against algebraic attacks. This analysis covers a wide range of key recovery, MAC forgery and other types of attacks, breaking up to 9 rounds (out of the full 24) of the Keccak internal permutation much faster than exhaustive search. Moreover, some of our attacks on the 6-round Keccak are completely practical and were verified on a desktop PC. Our methods combine cube attacks (an algebraic key recovery attack) and related algebraic techniques with structural analysis of the Keccak permutation. These techniques should be useful in future cryptanalysis of Keccak and similar designs.

[1]  Adi Shamir,et al.  Breaking Grain-128 with Dynamic Cube Attacks , 2011, IACR Cryptol. ePrint Arch..

[2]  Shahram Khazaei,et al.  Chosen IV Statistical Analysis for Key Recovery Attacks on Stream Ciphers , 2008, AFRICACRYPT.

[3]  Adi Shamir,et al.  Collision Attacks on Up to 5 Rounds of SHA-3 Using Generalized Internal Differentials , 2013, FSE.

[4]  Gregory V. Bard,et al.  Algebraic, AIDA/Cube and Side Channel Analysis of KATAN Family of Block Ciphers , 2010, INDOCRYPT.

[5]  Joel Lathrop Cube attacks on cryptographic hash functions , 2009 .

[6]  Marian Srebrny,et al.  Security margin evaluation of SHA-3 contest finalists through SAT-based attacks , 2012, IACR Cryptol. ePrint Arch..

[7]  María Naya-Plasencia,et al.  Conditional Differential Cryptanalysis of NLFSR-Based Cryptosystems , 2010, ASIACRYPT.

[8]  Adi Shamir,et al.  New Attacks on Keccak-224 and Keccak-256 , 2012, FSE.

[9]  Willi Meier,et al.  Cube Testers and Key Recovery Attacks on Reduced-Round MD6 and Trivium , 2009, FSE.

[10]  Anne Canteaut,et al.  Higher-Order Differential Properties of Keccak and Luffa , 2011, FSE.

[11]  Xuejia Lai Higher Order Derivatives and Differential Cryptanalysis , 1994 .

[12]  Guido Bertoni,et al.  Keccak sponge function family main document , 2009 .

[13]  María Naya-Plasencia,et al.  Practical Analysis of Reduced-Round Keccak , 2011, INDOCRYPT.

[14]  Atul Luykx,et al.  Beyond 2c/2 Security in Sponge-Based Authenticated Encryption Modes , 2014, IACR Cryptol. ePrint Arch..

[15]  Adi Shamir,et al.  Cube Attacks on Tweakable Black Box Polynomials , 2009, IACR Cryptol. ePrint Arch..

[16]  Michael Vielhaber Breaking ONE.FIVIUM by AIDA an Algebraic IV Differential Attack , 2007, IACR Cryptol. ePrint Arch..

[17]  Guido Bertoni,et al.  Duplexing the sponge: single-pass authenticated encryption and other applications , 2011, IACR Cryptol. ePrint Arch..