Preimage Security of KNOT-Hash
暂无分享,去创建一个
KNOT is a Round 1 submission of the ongoing NIST lightweight cryptography project. In this short note, we show that the preimage security of KNOT-Hash instances with squeezing rate half the state size is lower than the claimed security. Our attack exploits the non-randomness properties of the KNOT Sbox which reduce the preimage complexities. In particular, if 2n is the squeezing rate then the preimage security is approximately (log2( 3 4 ))−n × 2 3n 4 × (log2(3)) n 2 . For n = 64, 96 and 128, the former bound translates to 2, 2 and 2, respectively.