Improved cryptanalysis of the reduced Grøstl compression function, ECHO permutation and AES block cipher
Selected Areas in Cryptography: 16th Annual International Workshop, SAC 2009 …, 2009•Springer
In this paper, we propose two new ways to mount attacks on the SHA-3 candidates Grøstl,
and ECHO, and apply these attacks also to the AES. Our results improve upon and extend
the rebound attack. Using the new techniques, we are able to extend the number of rounds
in which available degrees of freedom can be used. As a result, we present the first attack on
7 rounds for the Grøstl-256 output transformation and improve the semi-free-start collision
attack on 6 rounds. Further, we present an improved known-key distinguisher for 7 rounds of …
and ECHO, and apply these attacks also to the AES. Our results improve upon and extend
the rebound attack. Using the new techniques, we are able to extend the number of rounds
in which available degrees of freedom can be used. As a result, we present the first attack on
7 rounds for the Grøstl-256 output transformation and improve the semi-free-start collision
attack on 6 rounds. Further, we present an improved known-key distinguisher for 7 rounds of …
Abstract
In this paper, we propose two new ways to mount attacks on the SHA-3 candidates Grøstl, and ECHO, and apply these attacks also to the AES. Our results improve upon and extend the rebound attack. Using the new techniques, we are able to extend the number of rounds in which available degrees of freedom can be used. As a result, we present the first attack on 7 rounds for the Grøstl-256 output transformation and improve the semi-free-start collision attack on 6 rounds. Further, we present an improved known-key distinguisher for 7 rounds of the AES block cipher and the internal permutation used in ECHO.
Springer