Improved Preimage Attacks on 3-Round Keccak-224/256

In this paper, we provide an improved method on preimage attacks of standard 3-round Keccak-224/256. Our method is based on the work by Li and Sun. Their strategy is to find a 2-block preimage instead of a 1-block one by constructing the first and second message blocks in two stages. Under this stra...

Full description

Saved in:
Bibliographic Details
Published inIACR Transactions on Symmetric Cryptology Vol. 2021; no. 3; pp. 84 - 101
Main Authors Lin, Xiaoen, He, Le, Yu, Hongbo
Format Journal Article
LanguageEnglish
Published Ruhr-Universität Bochum 17.09.2021
Subjects
Keccak
Linear structure
Preimage attack
SHA-3
Online AccessGet full text

Cover

More Information
Summary:In this paper, we provide an improved method on preimage attacks of standard 3-round Keccak-224/256. Our method is based on the work by Li and Sun. Their strategy is to find a 2-block preimage instead of a 1-block one by constructing the first and second message blocks in two stages. Under this strategy, they design a new linear structure for 2-round Keccak-224/256 with 194 degrees of freedom left, which is able to construct the second message block with a complexity of 231/262. However, the bottleneck of this strategy is that the first stage needs much more expense than the second one. Therefore, we improve the first stage by using two techniques. The first technique is constructing multi-block messages rather than one-block message in the first stage, which can reach a better inner state. The second technique is setting restricting equations more efficiently, which can work in 3-round Keccak-256. As a result, the complexity of finding a preimage for 3-round Keccak-224/256 can be decreased from 238/281 to 232/265.
ISSN:2519-173X
2519-173X
DOI:10.46586/tosc.v2021.i3.84-101