论文信息 - Practical Collisions for SHAMATA-256

Practical Collisions for SHAMATA-256

In this paper, we present a collision attack on the SHA-3 submission SHAMATA. SHAMATA is a stream cipher-like hash function design with components of the AES, and it is one of the fastest submitted hash functions. In our attack, we show weaknesses in the message injection and state update of SHAMATA. It is possible to find certain message differences that do not get changed by the message expansion and non-linear part of the state update function. This allows us to find a differential path with a complexity of about 296 for SHAMATA-256 and about 2110 for SHAMATA-512, using a linear low-weight codeword search. Using an efficient guess-and-determine technique we can significantly improve the complexity of this differential path for SHAMATA-256. With a complexity of about 240 we are even able to construct practical collisions for the full hash function SHAMATA-256.

[1] Gerhard Goos,et al. Fast Software Encryption , 2001, Lecture Notes in Computer Science.

[2] Joan Daemen,et al. Producing Collisions for Panama, Instantaneously , 2007, FSE.

[3] Vincent Rijmen,et al. Exploiting Coding Theory for Collision Attacks on SHA-1 , 2005, IMACC.

[4] Vincent Rijmen,et al. The Design of Rijndael , 2002, Information Security and Cryptography.

[5] Vincent Rijmen,et al. The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[6] J. Leasure,et al. Announcing request for candidate algorithm nominations for a new cryptographic hash algorithm (SHA-3 , 2007 .

[7] Joan Daemen,et al. Fast Hashing and Stream Encryption with PANAMA , 1998, FSE.

[8] Anne Canteaut,et al. A New Algorithm for Finding Minimum-Weight Words in a Linear Code: Application to McEliece’s Cryptosystem and to Narrow-Sense BCH Codes of Length , 1998 .

[9] Vincent Rijmen,et al. Producing Collisions for PANAMA , 2001, FSE.

[10] G. V. Assche,et al. Sponge Functions , 2007 .

[11] Vincent Rijmen,et al. Update on SHA-1 , 2005, CT-RSA.

[12] Colin Boyd,et al. Cryptography and Coding , 1995, Lecture Notes in Computer Science.

[13] Alfred Menezes,et al. Topics in Cryptology – CT-RSA 2005 , 2005 .