IACR News item: 28 November 2012
Gaetan Leurent
ePrint Reportbuild upon the generalized characteristics of de Cannière and Rechberger
and the multi-bit constraints of Leurent. We describe a more efficient
way to propagate multi-bit constraints, that allows us to use the
complete set of 2^32 2.5-bit constraints, instead of the reduced sets
used by Leurent.
As a result, we are able to build complex non-linear differential
characteristics for reduced versions of the hash function Skein. We
present several characteristics for use in various attack scenarios;
this results in attacks with a relatively low complexity, in relatively
strong settings. In particular, we show practical free-start and
semi-free-start collision attacks for 20 rounds and 12 rounds of
Skein-256, respectively.
To the best of our knowledge, these are the first examples of complex
differential trails are build for pure ARX designs. We believe this is
an important work to assess the security of ARX designs against
differential cryptanalysis. Our improved tools will be publicly available
with the final version of this paper.
Additional news items may be found on the IACR news page.