Paper 2010/375

Improved Collision Attacks on the Reduced-Round Grøstl Hash Function

Kota Ideguchi, Elmar Tischhauser, and Bart Preneel

Abstract

We analyze the Grøstl hash function, which is a 2nd-round candidate of the SHA-3 competition. Using the start-from-the-middle variant of the rebound technique, we show collision attacks on the Grøstl-256 hash function reduced to 5 and 6 out of 10 rounds with time complexities $2^{48}$ and $2^{112}$, respectively. Furthermore, we demonstrate semi-free-start collision attacks on the Grøstl-224 and -256 hash functions reduced to 7 rounds and the Grøstl-224 and -256 compression functions reduced to 8 rounds. Our attacks are based on differential paths between the two permutations $P$ and $Q$ of Grøstl, a strategy introduced by Peyrin to construct distinguishers for the compression function. In this paper, we extend this approach to construct collision and semi-free-start collision attacks for both the hash and the compression function. Finally, we present improved distinguishers for reduced-round versions of the Grøstl-224 and -256 permutations.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
hash functions
Contact author(s)
kota ideguchi yf @ hitachi com
History
2010-07-02: received
Short URL
https://ia.cr/2010/375
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2010/375,
      author = {Kota Ideguchi and Elmar Tischhauser and Bart Preneel},
      title = {Improved Collision Attacks on the Reduced-Round Grøstl Hash Function},
      howpublished = {Cryptology ePrint Archive, Paper 2010/375},
      year = {2010},
      note = {\url{https://eprint.iacr.org/2010/375}},
      url = {https://eprint.iacr.org/2010/375}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.