Paper 2014/305

Collision Attack on 5 Rounds of Grøstl

Florian Mendel, Vincent Rijmen, and Martin Schläffer

Abstract

In this article, we describe a novel collision attack for up to 5 rounds of the Grøstl hash function. This significantly improves upon the best previously published results on 3 rounds. By using a new type of differential trail spanning over more than one message block we are able to construct collisions for Grøstl on 4 and 5 rounds with complexity of $2^{67}$ and $2^{120}$, respectively. Both attacks need $2^{64}$ memory. Due to the generic nature of our attack we can even construct meaningful collisions in the chosen-prefix setting with the same attack complexity.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published by the IACR in FSE 2014
Keywords
hash functionsSHA-3 candidateGrøstlcollision attack
Contact author(s)
florian mendel @ iaik tugraz at
History
2014-04-30: received
Short URL
https://ia.cr/2014/305
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2014/305,
      author = {Florian Mendel and Vincent Rijmen and Martin Schläffer},
      title = {Collision Attack on 5 Rounds of Grøstl},
      howpublished = {Cryptology ePrint Archive, Paper 2014/305},
      year = {2014},
      note = {\url{https://eprint.iacr.org/2014/305}},
      url = {https://eprint.iacr.org/2014/305}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.