Boomerang Attacks on Hash Function Using Auxiliary Differentials

In this paper we study boomerang attacks in the chosen-key setting. This is particularly relevant to hash function analysis, since many boomerang attacks have been described against ARX-based designs. We present a new way to combine message modifications, or auxiliary differentials, with the boomerang attack. We show that under some conditions, we can combine three independent paths instead of two for the classical boomerang attack. Our main result is obtained by applying this technique to round-reduced Skein-256, for which we show a distinguisher on the keyed permutation with complexity only 257, and a distinguisher on the compression function with complexity 2114. We also discuss application of the technique to Skein-512 and show some problems with the paths used in previous boomerang analysis of Skein-512.

[1]  Eli Biham,et al.  The Rectangle Attack - Rectangling the Serpent , 2001, EUROCRYPT.

[2]  David A. Wagner,et al.  The Boomerang Attack , 1999, FSE.

[3]  Sean Murphy,et al.  The Return of the Cryptographic Boomerang , 2011, IEEE Transactions on Information Theory.

[4]  Yu Sasaki,et al.  Boomerang Distinguishers on MD4-Family: First Practical Results on Full 5-Pass HAVAL , 2011, Selected Areas in Cryptography.

[5]  尚弘 島影 National Institute of Standards and Technologyにおける超伝導研究及び生活 , 2001 .

[6]  Gerhard Goos,et al.  Fast Software Encryption , 2001, Lecture Notes in Computer Science.

[7]  Mark Manulis,et al.  Cryptology and Network Security , 2012, Lecture Notes in Computer Science.

[8]  Florian Mendel,et al.  Higher-Order Differential Attack on Reduced SHA-256 , 2011, IACR Cryptol. ePrint Arch..

[9]  Keting Jia,et al.  Improved Related-Key Boomerang Attacks on Round-Reduced Threefish-512 , 2009, ISPEC.

[10]  Alex Biryukov,et al.  Boomerang Attacks on BLAKE-32 , 2011, FSE.

[11]  Yu Sasaki Boomerang Distinguishers on MD4-Based Hash Functions: First Practical Results on Full 5-Pass HAVAL Compression Function , 2013, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[12]  Moti Yung,et al.  Advances in Cryptology — CRYPTO 2002 , 2002, Lecture Notes in Computer Science.

[13]  Willi Meier,et al.  Improved Cryptanalysis of Skein , 2009, IACR Cryptol. ePrint Arch..

[14]  Shuang Wu,et al.  Near-Collisions on the Reduced-Round Compression Functions of Skein and BLAKE , 2010, CANS.

[15]  Keting Jia,et al.  Near-Collision Attack on the Step-Reduced Compression Function of Skein-256 , 2011, IACR Cryptol. ePrint Arch..

[16]  Bruce Schneier,et al.  Amplified Boomerang Attacks Against Reduced-Round MARS and Serpent , 2000, FSE.

[17]  Stefan Lucks,et al.  The Skein Hash Function Family , 2009 .

[18]  Markus Kasper,et al.  The World is Not Enough: Another Look on Second-Order DPA , 2010, IACR Cryptol. ePrint Arch..

[19]  David A. Wagner,et al.  A Generalized Birthday Problem , 2002, CRYPTO.

[20]  Benny Pinkas,et al.  Secure Two-Party Computation is Practical , 2009, IACR Cryptol. ePrint Arch..

[21]  A. J. Menezes,et al.  Advances in Cryptology - CRYPTO 2007, 27th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 19-23, 2007, Proceedings , 2007, CRYPTO.

[22]  Eli Biham,et al.  Related-Key Boomerang and Rectangle Attacks , 2005, EUROCRYPT.

[23]  Ivica Nikolic,et al.  Rotational Rebound Attacks on Reduced Skein , 2010, Journal of Cryptology.

[24]  Ivica Nikolic,et al.  Rotational Cryptanalysis of ARX , 2010, FSE.

[25]  Thomas Peyrin,et al.  Hash Functions and the (Amplified) Boomerang Attack , 2007, CRYPTO.

[26]  Ronald Cramer,et al.  Advances in Cryptology - EUROCRYPT 2005, 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, May 22-26, 2005, Proceedings , 2005, EUROCRYPT.