PhanAsiacrypt09.pdf (210.57 kB)
Improved cryptanalysis of skein
conference contribution
posted on 2010-02-10, 14:06 authored by Jean-Philippe Aumasson, Cagdas Calık, Willi Meier, Onur Ozen, Raphael C.-W. Phan, Kerem VariciThe hash function Skein is the submission of Ferguson et
al. to the NIST Hash Competition, and is arguably a serious candidate
for selection as SHA-3. This paper presents the rst third-party analysis
of Skein, with an extensive study of its main component: the block
cipher Three sh. We notably investigate near collisions, distinguishers,
impossible di erentials, key recovery using related-key di erential and
boomerang attacks. In particular, we present near collisions on up to 17
rounds, an impossible di erential on 21 rounds, a related-key boomerang
distinguisher on 34 rounds, a known-related-key boomerang distinguisher
on 35 rounds, and key recovery attacks on up to 32 rounds, out of 72 in
total for Threefish-512. None of our attacks directly extends to the full
Skein hash. However, the pseudorandomness of Threefish is required to
validate the security proofs on Skein, and our results conclude that at
least 36
History
School
- Mechanical, Electrical and Manufacturing Engineering
Citation
AUMASSON, J.P....et al., 2009. Improved cryptanalysis of skein. IN: Advances in Cryptology (ASIACRYPT 2009), Tokyo, Japan, Dec 6-10. Proceedings. Lecture Notes in Computer Science: 5912. Berlin : Springer-Verlag, pp. 542–559.Publisher
© SpringerVersion
- AM (Accepted Manuscript)
Publication date
2009Notes
This conference paper was presented at Asiacrypt '09(http://asiacrypt2009.cipher.risk.tsukuba.ac.jp/)and subsequently published in the series, Lecture Notes in Computer Science [© Springer-Verlag Berlin Heidelberg] at: http://dx.doi.org/10.1007/978-3-642-10366-7_32ISBN
9783642103650ISSN
0302-9743;1611-3349Book series
Lecture Notes in Computer Science;5912Language
- en