International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

SymSum: Symmetric-Sum Distinguishers Against Round Reduced SHA3

Authors:
Dhiman Saha , Crypto Research Lab, Department of Computer Science and Engineering, IIT Kharagpur
Sukhendu Kuila , Department of Mathematics, Vidyasagar University
Dipanwita Roy Chowdhury , Crypto Research Lab, Department of Computer Science and Engineering, IIT Kharagpur
Download:
DOI: 10.13154/tosc.v2017.i1.240-258
URL: http://tosc.iacr.org/index.php/ToSC/article/view/593
Search ePrint
Search Google
Abstract: In this work we show the existence of special sets of inputs for which the sum of the images under SHA3 exhibits a symmetric property. We develop an analytical framework which accounts for the existence of these sets. The framework constitutes identification of a generic property of iterated SPN based functions pertaining to the round-constant addition and combining it with the notion of m−fold vectorial derivatives for differentiation over specially selected subspaces. Based on this we propose a new distinguisher called SymSum for the SHA3 family which penetrates up to 9 rounds and outperforms the ZeroSum distinguisher by a factor of four. Interestingly, the current work is the first analysis of SHA3/Keccak that relies on round-constants but is independent of their Hamming-weights.
BibTeX
@article{tosc-2017-28098,
  title={SymSum: Symmetric-Sum Distinguishers Against Round Reduced SHA3},
  journal={IACR Trans. Symmetric Cryptol.},
  publisher={Ruhr-Universität Bochum},
  volume={2017, Issue 1},
  pages={240-258},
  url={http://tosc.iacr.org/index.php/ToSC/article/view/593},
  doi={10.13154/tosc.v2017.i1.240-258},
  author={Dhiman Saha and Sukhendu Kuila and Dipanwita Roy Chowdhury},
  year=2017
}