Preimage Attacks on 4-round Keccak by Solving Multivariate Quadratic Systems

In this paper, we present preimage attacks on 4-round Keccak-224/256 as well as 4-round Keccak[r = 640, c = 160, l = 80] in the preimage challenges. We revisit the Crossbred algorithm for solving the Boolean multivariate quadratic (MQ) system, propose a new view for the case D = 2 and elaborate the computational complexity. The result shows that the Crossbred algorithm outperforms brute force theoretically and practically with feasible memory costs. In our attacks, we construct Boolean MQ systems in order to make full use of variables. With the help of solving MQ systems, we successfully improve preimage attacks on Keccak-224/256 reduced to 4 rounds. Moreover, we implement the preimage attack on 4-round Keccak[r = 640, c = 160, l = 80], an instance in the Keccak preimage challenges, and find 78-bit matched near preimages. Due to the fundamental rule of solving MQ systems, the complexity elaboration of Crossbred algorithm is of independent interest.

[1]  Meiqin Wang,et al.  Conditional Cube Attack on Reduced-Round Keccak Sponge Function , 2017, EUROCRYPT.

[2]  Xiaoyun Wang,et al.  Finding Collisions in the Full SHA-1 , 2005, CRYPTO.

[3]  Xiaoyun Wang,et al.  Improved Conditional Cube Attacks on Keccak Keyed Modes with MILP Method , 2017, ASIACRYPT.

[4]  Jian Guo,et al.  Non-full Sbox Linearization: Applications to Collision Attacks on Round-Reduced Keccak , 2017, CRYPTO.

[5]  Mahesh Sreekumar Rajasree,et al.  Cryptanalysis of Round-Reduced KECCAK using Non-Linear Structures , 2019, IACR Cryptol. ePrint Arch..

[6]  João Diogo Duarte,et al.  On the Complexity of the Crossbred Algorithm , 2020, IACR Cryptol. ePrint Arch..

[7]  Yao Sun,et al.  Preimage Attacks on the Round-reduced Keccak with Cross-linear Structures , 2017, IACR Trans. Symmetric Cryptol..

[8]  Itai Dinur,et al.  Cryptanalytic Applications of the Polynomial Method for Solving Multivariate Equation Systems over GF(2) , 2021, IACR Cryptol. ePrint Arch..

[9]  Huacheng Yu,et al.  Beating Brute Force for Systems of Polynomial Equations over Finite Fields , 2017, SODA.

[10]  Takanori Isobe,et al.  Algebraic Attacks on Round-Reduced Keccak/Xoodoo , 2020, IACR Cryptol. ePrint Arch..

[11]  Jian Guo,et al.  Linear Structures: Applications to Cryptanalysis of Round-Reduced Keccak , 2016, ASIACRYPT.

[12]  Hui Chen,et al.  Cryptanalysis of the Hash Functions MD4 and RIPEMD , 2005, EUROCRYPT.

[13]  Marian Srebrny,et al.  A SAT-based preimage analysis of reduced Keccak hash functions , 2013, Inf. Process. Lett..

[14]  Yao Sun,et al.  Preimage Attacks on Round-reduced Keccak-224/256 via an Allocating Approach , 2019, IACR Cryptol. ePrint Arch..

[15]  Adi Shamir,et al.  New Attacks on Keccak-224 and Keccak-256 , 2012, FSE.

[16]  Marian Srebrny,et al.  Cube Attacks and Cube-Attack-Like Cryptanalysis on the Round-Reduced Keccak Sponge Function , 2015, EUROCRYPT.

[17]  Adi Shamir,et al.  Collision Attacks on Up to 5 Rounds of SHA-3 Using Generalized Internal Differentials , 2013, FSE.

[18]  Jian Guo,et al.  New MILP Modeling: Improved Conditional Cube Attacks to Keccak-based Constructions , 2018, IACR Cryptol. ePrint Arch..

[19]  Adi Shamir,et al.  Fast Exhaustive Search for Polynomial Systems in F2 , 2010, IACR Cryptol. ePrint Arch..

[20]  Xiaoyun Wang,et al.  Efficient Collision Search Attacks on SHA-0 , 2005, CRYPTO.

[21]  Marian Srebrny,et al.  Practical Complexity Cube Attacks on Round-Reduced Keccak Sponge Function , 2014, IACR Cryptol. ePrint Arch..

[22]  Xiaoyun Wang,et al.  How to Break MD5 and Other Hash Functions , 2005, EUROCRYPT.

[23]  Hongbo Yu,et al.  Improved Preimage Attacks on 4-Round Keccak-224/256 , 2021, IACR Trans. Symmetric Cryptol..

[24]  Meicheng Liu,et al.  New Collision Attacks on Round-Reduced Keccak , 2017, EUROCRYPT.

[25]  Marian Srebrny,et al.  Rotational Cryptanalysis of Round-Reduced Keccak , 2013, FSE.

[26]  Willi Meier,et al.  New Conditional Cube Attack on Keccak Keyed Modes , 2019, IACR Cryptol. ePrint Arch..

[27]  Antoine Joux,et al.  A Crossbred Algorithm for Solving Boolean Polynomial Systems , 2017, NuTMiC.