Article

Automatic Classical and Quantum Rebound Attacks on AES-Like Hashing by Exploiting Related-Key Differentials

Authors:

Lei HuAuthors Info & Claims

Advances in Cryptology – ASIACRYPT 2021: 27th International Conference on the Theory and Application of Cryptology and Information Security, Singapore, December 6–10, 2021, Proceedings, Part I

Pages 241 - 271

https://doi.org/10.1007/978-3-030-92062-3_9

Published: 06 December 2021 Publication History

Abstract

Collision attacks on AES-like hashing (hash functions constructed by plugging AES-like ciphers or permutations into the famous PGV modes or their variants) can be reduced to the problem of finding a pair of inputs respecting a differential of the underlying AES-like primitive whose input and output differences are the same. The rebound attack due to Mendel et al. is a powerful tool for achieving this goal, whose quantum version was first considered by Hosoyamada and Sasaki at EUROCRYPT 2020. In this work, we automate the process of searching for the configurations of rebound attacks by taking related-key differentials of the underlying block cipher into account with the MILP-based approach. In the quantum setting, our model guide the search towards characteristics that minimize the resources (e.g., QRAM) and complexities of the resulting rebound attacks. We apply our method to Saturnin-hash, SKINNY, and Whirlpool and improved results are obtained.

References

[1]

Bao, Z., Guo, J., Shi, D., Yi, T.: MITM meets guess-and-determine: further improved preimage attacks against AES-like hashing. IACR Cryptology ePrint Archive 2021:575 (2021)

[2]

Barreto, P.S.L.M., Rijmen, V.: The WHIRLPOOL hashing function, Submitted to NESSIE (2000)

[3]

Beierle C et al. Robshaw M, Katz J, et al. The SKINNY family of block ciphers and its low-latency variant MANTIS Advances in Cryptology – CRYPTO 2016 2016 Heidelberg Springer 123-153

[4]

Bernstein, D.J.: Cost analysis of hash collisions: will quantum computers make SHARCS obsolete. In: SHARCS, vol. 9, p. 105 (2009)

[5]

Biryukov A and Nikolić I Gilbert H Automatic search for related-key differential characteristics in byte-oriented block ciphers: application to AES, Camellia, Khazad and others Advances in Cryptology – EUROCRYPT 2010 2010 Heidelberg Springer 322-344

[6]

Bonnetain X, Hosoyamada A, Naya-Plasencia M, Sasaki Yu, and Schrottenloher A Galbraith SD and Moriai S Quantum attacks without superposition queries: the offline Simon’s algorithm Advances in Cryptology – ASIACRYPT 2019 2019 Cham Springer 552-583

[7]

Bonnetain X, Naya-Plasencia M, and Schrottenloher A Quantum security analysis of AES IACR Trans. Symmetric Cryptol. 2019 2019 2 55-93

[8]

Brassard G, HØyer P, and Tapp A Lucchesi CL and Moura AV Quantum cryptanalysis of hash and claw-free functions LATIN’98: Theoretical Informatics 1998 Heidelberg Springer 163-169

[9]

Canteaut A et al. Saturnin: a suite of lightweight symmetric algorithms for post-quantum security IACR Trans. Symmetric Cryptol. 2020 2020 S1 160-207

[10]

Chailloux A, Naya-Plasencia M, and Schrottenloher A Takagi T and Peyrin T An efficient quantum collision search algorithm and implications on symmetric cryptography Advances in Cryptology – ASIACRYPT 2017 2017 Cham Springer 211-240

[11]

Chauhan, A.K., Kumar, A., Sanadhya, S.K.: Quantum free-start collision attacks on double block length hashing with round-reduced AES-256. IACR Trans. Symmetric Cryptol. 2021(1), 316–336 (2021)

[12]

Cid, C., Huang, T., Peyrin, T., Sasaki, Y., Song, L.: A security analysis of Deoxys and its internal tweakable block ciphers. IACR Trans. Symmetric Cryptol. 2017(3), 73–107 (2017)

[13]

Damgård IB Brassard G A design principle for hash functions Advances in Cryptology — CRYPTO’ 89 Proceedings 1990 New York Springer 416-427

[14]

Derbez P and Fouque P-A Robshaw M and Katz J Automatic search of meet-in-the-middle and impossible differential attacks Advances in Cryptology – CRYPTO 2016 2016 Heidelberg Springer 157-184

[15]

Derbez P, Fouque P-A, and Jean J Johansson T and Nguyen PQ Improved key recovery attacks on reduced-round AES in the single-key setting Advances in Cryptology – EUROCRYPT 2013 2013 Heidelberg Springer 371-387

[16]

Derbez P, Huynh P, Lallemand V, Naya-Plasencia M, Perrin L, and Schrottenloher A Micciancio D and Ristenpart T Cryptanalysis results on spook Advances in Cryptology – CRYPTO 2020 2020 Cham Springer 359-388

[17]

Dong X, Hua J, Sun S, Li Z, Wang X, and Hu L Malkin T and Peikert C Meet-in-the-middle attacks revisited: key-recovery, collision, and preimage attacks Advances in Cryptology – CRYPTO 2021 2021 Cham Springer 278-308

[18]

Dong X, Sun S, Shi D, Gao F, Wang X, and Hu L Moriai S and Wang H Quantum collision attacks on AES-like hashing with low quantum random access memories Advances in Cryptology – ASIACRYPT 2020 2020 Cham Springer 727-757

[19]

Dong, X., Zhang, Z., Sun, S., Wei, C., Wang, X., Hu, L.: Automatic classical and quantum rebound attacks on AES-like hashing by exploiting related-key differentials. Cryptology ePrint Archive, Report 2021/1119 (2021)

[20]

Fouque P-A, Jean J, and Peyrin T Canetti R and Garay JA Structural evaluation of AES and chosen-key distinguisher of 9-round Advances in Cryptology – CRYPTO 2013 2013 Heidelberg Springer 183-203

[21]

Gilbert H and Peyrin T Hong S and Iwata T Super-Sbox cryptanalysis: improved attacks for AES-like permutations Fast Software Encryption 2010 Heidelberg Springer 365-383

[22]

Giovannetti V, Lloyd S, and Maccone L Architectures for a quantum random access memory Phys. Rev. A 2008 78 5 052310

[23]

Giovannetti V, Lloyd S, and Maccone L Quantum random access memory Phys. Rev. Lett. 2008 100 16 160501

[24]

Grassi L, Naya-Plasencia M, and Schrottenloher A Peyrin T and Galbraith S Quantum algorithms for the

k

-xor problem Advances in Cryptology – ASIACRYPT 2018 2018 Cham Springer 527-559

[25]

Grover, L.K.: A fast quantum mechanical algorithm for database search. In: Proceedings of the Twenty-Eighth Annual ACM Symposium on the Theory of Computing, Philadelphia, Pennsylvania, USA, 22–24 May 1996, pp. 212–219 (1996)

[26]

Hosoyamada A and Sasaki Yu Canteaut A and Ishai Y Finding hash collisions with quantum computers by using differential trails with smaller probability than birthday bound Advances in Cryptology – EUROCRYPT 2020 2020 Cham Springer 249-279

[27]

Hosoyamada A and Sasaki Yu Malkin T and Peikert C Quantum collision attacks on reduced SHA-256 and SHA-512 Advances in Cryptology – CRYPTO 2021 2021 Cham Springer 616-646

[28]

Hosoyamada A and Sasaki Yu Smart NP Cryptanalysis against symmetric-key schemes with online classical queries and offline quantum computations Topics in Cryptology – CT-RSA 2018 2018 Cham Springer 198-218

[29]

Hosoyamada A and Sasaki Yu Catalano D and De Prisco R Quantum Demiric-Selçuk meet-in-the-middle attacks: applications to 6-round generic Feistel constructions Security and Cryptography for Networks 2018 Cham Springer 386-403

[30]

Jean J, Naya-Plasencia M, and Peyrin T Canteaut A Improved rebound attack on the finalist Grøstl Fast Software Encryption 2012 Heidelberg Springer 110-126

[31]

Jean J, Naya-Plasencia M, and Peyrin T Lange T, Lauter K, and Lisoněk P Multiple limited-birthday distinguishers and applications Selected Areas in Cryptography – SAC 2013 2014 Heidelberg Springer 533-550

[32]

Jean J, Naya-Plasencia M, and Schläffer M Miri A and Vaudenay S Improved analysis of ECHO-256 Selected Areas in Cryptography 2012 Heidelberg Springer 19-36

[33]

Jean, J., Nikolić, I., Peyrin, T., Seurin, Y.: Submission to CAESAR: Deoxys v1.41, October 2016

[34]

Kaplan, M., Leurent, G., Leverrier, A., Naya-Plasencia, M.: Breaking symmetric cryptosystems using quantum period finding. In: CRYPTO 2016, Santa Barbara, CA, USA, 14–18 August 2016, Proceedings, Part II, pp. 207–237 (2016).

[35]

Kaplan M, Leurent G, Leverrier A, and Naya-Plasencia M Quantum differential and linear cryptanalysis IACR Trans. Symmetric Cryptol. 2016 2016 1 71-94

[36]

Kuwakado, H., Morii, M.: Quantum distinguisher between the 3-round Feistel cipher and the random permutation. In: ISIT 2010, Austin, Texas, USA, 13–18 June 2010, Proceedings, pp. 2682–2685 (2010)

[37]

Kuwakado, H., Morii, M.: Security on the quantum-type Even-Mansour cipher. In: ISITA 2012, Honolulu, HI, USA, 28–31 October 2012, pp. 312–316 (2012)

[38]

Lamberger M, Mendel F, Rechberger C, Rijmen V, and Schläffer M Matsui M Rebound distinguishers: results on the full whirlpool compression function Advances in Cryptology – ASIACRYPT 2009 2009 Heidelberg Springer 126-143

[39]

Mendel F, Rechberger C, Schläffer M, and Thomsen SS Dunkelman O The rebound attack: cryptanalysis of reduced whirlpool and Fast Software Encryption 2009 Heidelberg Springer 260-276

[40]

Mendel F, Rijmen V, and Schläffer M Cid C and Rechberger C Collision attack on 5 rounds of Grøstl Fast Software Encryption 2015 Heidelberg Springer 509-521

[41]

Merkle RC Brassard G One way hash functions and DES Advances in Cryptology — CRYPTO’ 89 Proceedings 1990 New York Springer 428-446

[42]

Mouha N, Wang Q, Gu D, and Preneel B Wu C-K, Yung M, and Lin D Differential and linear cryptanalysis using mixed-integer linear programming Information Security and Cryptology 2012 Heidelberg Springer 57-76

[43]

Naya-Plasencia M Rogaway P How to improve rebound attacks Advances in Cryptology – CRYPTO 2011 2011 Heidelberg Springer 188-205

[44]

Naya-Plasencia M and Schrottenloher A Canteaut A and Ishai Y Optimal merging in quantum

k

-xor and k-sum algorithms Advances in Cryptology – EUROCRYPT 2020 2020 Cham Springer 311-340

[45]

Ni B, Dong X, Jia K, and You Q (Quantum) collision attacks on reduced simpira v2 IACR Trans. Symmetric Cryptol. 2021 2021 2 222-248

[46]

Preneel B, Govaerts R, and Vandewalle J Stinson DR Hash functions based on block ciphers: a synthetic approach Advances in Cryptology — CRYPTO’ 93 1994 Heidelberg Springer 368-378

[47]

Sasaki Yu Joux A Meet-in-the-middle preimage attacks on AES hashing modes and an application to whirlpool Fast Software Encryption 2011 Heidelberg Springer 378-396

[48]

Sasaki Yu, Li Y, Wang L, Sakiyama K, and Ohta K Abe M Non-full-active Super-Sbox analysis: applications to ECHO and Grøstl Advances in Cryptology - ASIACRYPT 2010 2010 Heidelberg Springer 38-55

[49]

Sasaki Yu, Wang L, Wu S, and Wu W Wang X and Sako K Investigating fundamental security requirements on whirlpool: improved preimage and collision attacks Advances in Cryptology – ASIACRYPT 2012 2012 Heidelberg Springer 562-579

[50]

van Oorschot PC and Wiener MJ Parallel collision search with cryptanalytic applications J. Cryptol. 1999 12 1 1-28

Cited By

Dong XLi SPham PZhang G(2023)Quantum Attacks on Hash Constructions with Low Quantum Random Access MemoryAdvances in Cryptology – ASIACRYPT 202310.1007/978-981-99-8727-6_1(3-33)Online publication date: 4-Dec-2023
https://dl.acm.org/doi/10.1007/978-981-99-8727-6_1
Cheng JQiao K(2023)Improved Graph-Based Model for Recovering Superpoly on TriviumTopics in Cryptology – CT-RSA 202310.1007/978-3-031-30872-7_9(225-251)Online publication date: 24-Apr-2023
https://dl.acm.org/doi/10.1007/978-3-031-30872-7_9
Li SLiu GPham P(2022)Rebound Attacks on Hashing with Automatic ToolsNetwork and System Security10.1007/978-3-031-23020-2_37(649-666)Online publication date: 9-Dec-2022
https://dl.acm.org/doi/10.1007/978-3-031-23020-2_37
Show More Cited By

Index Terms

Automatic Classical and Quantum Rebound Attacks on AES-Like Hashing by Exploiting Related-Key Differentials
1. Security and privacy
  1. Cryptography
    1. Public key (asymmetric) techniques
2. Theory of computation
  1. Computational complexity and cryptography

Index terms have been assigned to the content through auto-classification.

Recommendations

Triangulating Rebound Attack on AES-like Hashing
Advances in Cryptology – CRYPTO 2022
Abstract
The rebound attack was introduced by Mendel et al. at FSE 2009 to fulfill a heavy middle round of a differential path for free, utilizing the degree of freedom from states. The inbound phase was extended to 2 rounds by the Super-Sbox technique ... $^{}$
Rebound Attacks on $SKINNY$ Hashing with Automatic Tools
Network and System Security
Abstract
In ToSC’20, a new approach combining Mix-Integer Linear Programming (MILP) tool and Constraint Programming (CP) tool to search for boomerang distinguishers is proposed and later used for rebound attack in ASIACRYPT’21 and CRYPTO’22. In this work, ...
Quantum Collision Attacks on AES-Like Hashing with Low Quantum Random Access Memories
Advances in Cryptology – ASIACRYPT 2020
Abstract
At EUROCRYPT 2020, Hosoyamada and Sasaki proposed the first dedicated quantum attack on hash functions—a quantum version of the rebound attack exploiting differentials whose probabilities are too low to be useful in the classical setting. This ... $^{}$ $^{}$

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

Advances in Cryptology – ASIACRYPT 2021: 27th International Conference on the Theory and Application of Cryptology and Information Security, Singapore, December 6–10, 2021, Proceedings, Part I

Dec 2021

714 pages

ISBN:978-3-030-92061-6

DOI:10.1007/978-3-030-92062-3

Editors:
Mehdi Tibouchi
NTT Corporation, Tokyo, Japan
,
Huaxiong Wang
Nanyang Technological University, Singapore, Singapore

© International Association for Cryptologic Research 2021.

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 06 December 2021

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 03 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Dong XLi SPham PZhang G(2023)Quantum Attacks on Hash Constructions with Low Quantum Random Access MemoryAdvances in Cryptology – ASIACRYPT 202310.1007/978-981-99-8727-6_1(3-33)Online publication date: 4-Dec-2023
https://dl.acm.org/doi/10.1007/978-981-99-8727-6_1
Cheng JQiao K(2023)Improved Graph-Based Model for Recovering Superpoly on TriviumTopics in Cryptology – CT-RSA 202310.1007/978-3-031-30872-7_9(225-251)Online publication date: 24-Apr-2023
https://dl.acm.org/doi/10.1007/978-3-031-30872-7_9
Li SLiu GPham P(2022)Rebound Attacks on Hashing with Automatic ToolsNetwork and System Security10.1007/978-3-031-23020-2_37(649-666)Online publication date: 9-Dec-2022
https://dl.acm.org/doi/10.1007/978-3-031-23020-2_37
Dong XGuo JLi SPham P(2022)Triangulating Rebound Attack on AES-like HashingAdvances in Cryptology – CRYPTO 202210.1007/978-3-031-15802-5_4(94-124)Online publication date: 15-Aug-2022
https://dl.acm.org/doi/10.1007/978-3-031-15802-5_4

View Options

View options

Figures

Tables

Media

View Table of Conten