International Association for Cryptologic Research

International Association
for Cryptologic Research

IACR News item: 30 April 2014

Florian Mendel, Vincent Rijmen, Martin Schläffer
ePrint Report ePrint Report
In this article, we describe a novel collision attack for up to 5 rounds of the Grøstl hash function. This significantly improves upon the best previously published results on 3 rounds. By using a new type of differential trail spanning over more than one message block we are able to construct collisions for Grøstl on 4 and 5 rounds with complexity of $2^{67}$ and $2^{120}$, respectively. Both attacks need $2^{64}$ memory. Due to the generic nature of our attack we can even construct meaningful collisions in the chosen-prefix setting with the same attack complexity.

Expand

Additional news items may be found on the IACR news page.