Disclaimer: This page refers to an external person. It only lists all the interactions between this person and the Crypto Group. Validity or accuracy of the following information is thus not guaranteed in any way.
Seminars given
February 23, 2012 - Boomerang attacks against ARX hash functions
by Dr. Gaëtan Leurent
| Abstract: | In this work we study differential attacks -- and in particular
boomerang attacks -- against ARX-based hash functions such as Blake and
Skein. ARX designs are quite popular, but analysis of these schemes is
hard because differentials path must be constructed and verified at the
bit level.
The first part of the talk will describe an improvement to boomerang
attacks when used in the context of hash functions. We present a new
way to combine message modifications, or auxiliary differentials, with
the boomerang attack. We show that under some conditions, we can
combine three independent paths instead of two for the classical
boomerang attack. This leads to a semi-practical distinguisher for the
compression function of Skein-256 (reduced to 32 rounds), and for the
inner permutation of Blake-256 (reduced to 8 rounds).
In the second part of the talk, we study the details of differential
paths. We describe some techniques to compute constraints that must be
satisfied by the messages and show that many previous results are based
on paths that are not satisfiable. For our new attacks, the paths have
been verified by building actual messages, since the complexity is low
enough. |
