Partial-Collision Attack on the Round-Reduced Compression Function of Skein-256

The hash function Skein is one of 5 finalists of the NIST SHA-3 competition. It is based on the block cipher Threefish which only uses three primitive operations: modular addition, rotation and bitwise XOR (ARX). This paper proposes a free-start partial-collision attack on round-reduced Skein-256 by combing the rebound attack with the modular differential techniques. The main idea of our attack is to connect two short differential paths into a long one with another differential characteristic that is complicated. Following our path, we give a free-start partial-collision attack on Skein-256 reduced to 32 rounds with Hamming distance 50 and complexity about \(2^{85}\) hash computations. In particular, we provide practical near-collision examples for Skein-256 reduced to 24 rounds and 28 rounds in the fixed tweaks and choosing tweaks setting separately.

[1]  Shuang Wu,et al.  Near-Collisions on the Reduced-Round Compression Functions of Skein and BLAKE , 2010, CANS.

[2]  Florian Mendel,et al.  Rebound Attacks on the Reduced Grøstl Hash Function , 2010, CT-RSA.

[3]  Florian Mendel,et al.  The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Grøstl , 2009, FSE.

[4]  Xiaoyun Wang,et al.  How to Break MD5 and Other Hash Functions , 2005, EUROCRYPT.

[5]  Xiaoyun Wang,et al.  Finding Collisions in the Full SHA-1 , 2005, CRYPTO.

[6]  Dmitry Khovratovich,et al.  Bicliques for Preimages: Attacks on Skein-512 and the SHA-2 family , 2012, IACR Cryptol. ePrint Arch..

[7]  B. E. Eckbo,et al.  Appendix , 1826, Epilepsy Research.

[8]  Jiazhe Chen,et al.  The Boomerang Attacks on the Round-Reduced Skein-512 , 2012, Selected Areas in Cryptography.

[9]  Ivica Nikolic,et al.  Rotational Cryptanalysis of ARX , 2010, FSE.

[10]  Ivica Nikolic,et al.  Rotational Rebound Attacks on Reduced Skein , 2010, Journal of Cryptology.

[11]  Willi Meier,et al.  Improved Cryptanalysis of Skein , 2009, IACR Cryptol. ePrint Arch..

[12]  Gaëtan Leurent,et al.  Practical Near-Collisions on the Compression Function of BMW , 2011, FSE.

[13]  Vincent Rijmen,et al.  Rebound Distinguishers: Results on the Full Whirlpool Compression Function , 2009, ASIACRYPT.

[14]  Gaëtan Leurent,et al.  Boomerang Attacks on Hash Function Using Auxiliary Differentials , 2012, CT-RSA.

[15]  Stefan Lucks,et al.  The Skein Hash Function Family , 2009 .

[16]  María Naya-Plasencia,et al.  Rebound Attack on JH42 , 2011, ASIACRYPT.

[17]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .