Rotational Rebound Attacks on Reduced Skein

In this paper we combine two powerful methods of symmetric cryptanalysis: rotational cryptanalysis and the rebound attack. Rotational cryptanalysis was designed for the analysis of bit-oriented designs like ARX (Addition-Rotation-XOR) schemes. It has been applied to several hash functions and block...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Veröffentlicht in:	Journal of cryptology Jg. 27; H. 3; S. 452 - 479
Hauptverfasser:	Khovratovich, Dmitry, Nikolić, Ivica, Rechberger, Christian
Format:	Journal Article
Sprache:	Englisch
Veröffentlicht:	Boston Springer US 01.07.2014 Springer Springer Nature B.V
Schlagworte:	Algorithms Applied sciences Coding and Information Theory Combinatorics Communications Engineering Complexity Computational Mathematics and Numerical Analysis Computer Science Cryptography Design Encryption Exact sciences and technology Information, signal and communications theory Networks Permutations Probability Theory and Stochastic Processes Signal and communications theory Telecommunications and information theory Skein SHA-3 Hash function Rotational cryptanalysis Distinguisher Rebound attack Cipher Compression function Private key Block ciphering Security of data Cryptanalysis Hashing Open market
ISSN:	0933-2790, 1432-1378
Online-Zugang:	Volltext
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

Abstract	In this paper we combine two powerful methods of symmetric cryptanalysis: rotational cryptanalysis and the rebound attack. Rotational cryptanalysis was designed for the analysis of bit-oriented designs like ARX (Addition-Rotation-XOR) schemes. It has been applied to several hash functions and block ciphers, including the new standard SHA-3 (Keccak). The rebound attack is a start-from-the-middle approach for finding differential paths and conforming pairs in byte-oriented designs like Substitution-Permutation networks and AES. We apply our new compositional attack to the reduced version of the hash function Skein, a finalist of the SHA-3 competition. Our attack penetrates more than two thirds of the Skein core—the cipher Threefish, and made the designers to change the submission in order to prevent it. The rebound part of our attack has been significantly enhanced to deliver results on the largest number of rounds. We also use neutral bits and message modification methods from the practice of collision search in MD5 and SHA-1 hash functions. These methods push the rotational property through more rounds than previous analysis suggested, and eventually establish a distinguishing property for the reduced Threefish cipher. We formally prove that such a property cannot be found for an ideal cipher within the complexity limits of our attack. The complexity estimates are supported by extensive experiments.
AbstractList	In this paper we combine two powerful methods of symmetric cryptanalysis: rotational cryptanalysis and the rebound attack. Rotational cryptanalysis was designed for the analysis of bit-oriented designs like ARX (Addition-Rotation-XOR) schemes. It has been applied to several hash functions and block ciphers, including the new standard SHA-3 (Keccak). The rebound attack is a start-from-the-middle approach for finding differential paths and conforming pairs in byte-oriented designs like Substitution-Permutation networks and AES.We apply our new compositional attack to the reduced version of the hash function Skein, a finalist of the SHA-3 competition. Our attack penetrates more than two thirds of the Skein core—the cipher Threefish, and made the designers to change the submission in order to prevent it.The rebound part of our attack has been significantly enhanced to deliver results on the largest number of rounds. We also use neutral bits and message modification methods from the practice of collision search in MD5 and SHA-1 hash functions. These methods push the rotational property through more rounds than previous analysis suggested, and eventually establish a distinguishing property for the reduced Threefish cipher. We formally prove that such a property cannot be found for an ideal cipher within the complexity limits of our attack. The complexity estimates are supported by extensive experiments. In this paper we combine two powerful methods of symmetric cryptanalysis: rotational cryptanalysis and the rebound attack. Rotational cryptanalysis was designed for the analysis of bit-oriented designs like ARX (Addition-Rotation-XOR) schemes. It has been applied to several hash functions and block ciphers, including the new standard SHA-3 (Keccak). The rebound attack is a start-from-the-middle approach for finding differential paths and conforming pairs in byte-oriented designs like Substitution-Permutation networks and AES. We apply our new compositional attack to the reduced version of the hash function Skein, a finalist of the SHA-3 competition. Our attack penetrates more than two thirds of the Skein core—the cipher Threefish, and made the designers to change the submission in order to prevent it. The rebound part of our attack has been significantly enhanced to deliver results on the largest number of rounds. We also use neutral bits and message modification methods from the practice of collision search in MD5 and SHA-1 hash functions. These methods push the rotational property through more rounds than previous analysis suggested, and eventually establish a distinguishing property for the reduced Threefish cipher. We formally prove that such a property cannot be found for an ideal cipher within the complexity limits of our attack. The complexity estimates are supported by extensive experiments.
Author	Rechberger, Christian Nikolić, Ivica Khovratovich, Dmitry
Author_xml	– sequence: 1 givenname: Dmitry surname: Khovratovich fullname: Khovratovich, Dmitry email: dmitry.khovratovich@uni.lu organization: University of Luxembourg – sequence: 2 givenname: Ivica surname: Nikolić fullname: Nikolić, Ivica organization: Nanyang Technological University – sequence: 3 givenname: Christian surname: Rechberger fullname: Rechberger, Christian organization: DTU
BackLink	http://pascal-francis.inist.fr/vibad/index.php?action=getRecordDetail&idt=28569675$$DView record in Pascal Francis
BookMark	eNp9kE1LAzEQhoNUsK3-AG8L4kmi-dhsssdS_IKCUPUcsptEtl2TmmQP_ntTtiIIehpmeJ5h5p2BifPOAHCO0TVGiN9EhHDJIMIU1pghiI7AFJeUQEy5mIApqimFhNfoBMxi3GSaM06n4Grtk0qdd6ov1qbxg9PFIiXVbmPhXR7poTW6eN6azp2CY6v6aM4OdQ5e725flg9w9XT_uFysYEtFnWBFbUUINUKRslJa2YYjzCqFGdHE1o2wpbaVZiI3pS5pUzYYcaZNnWcCazoHF-PeXfAfg4lJbvwQ8oVREio4x0QIkanLA6Viq3oblGu7KHehe1fhUxLBqrriLHN85NrgYwzGyrYbX05Bdb3ESO4TlGOCMico9wlKlE38y_xe_p9DRidm1r2Z8HP739IXcuaCQQ
CitedBy_id	crossref_primary_10_1016_j_ijcip_2017_12_001 crossref_primary_10_1093_comjnl_bxab126
Cites_doi	10.1007/978-3-642-21702-9_23 10.1007/978-3-642-13858-4_19 10.1007/978-3-642-27954-6_14 10.1007/978-3-642-28496-0_2 10.1007/978-3-642-34961-4_33 10.1007/978-3-540-30574-3_6 10.1007/978-3-642-10366-7_7 10.1007/11799313_9 10.1007/978-3-540-74143-5_14 10.1007/978-3-642-04159-4_18 10.1007/978-3-642-34047-5_15 10.1007/978-3-642-10366-7_32 10.1007/978-3-540-28628-8_18 10.1007/978-3-642-25385-0_19 10.1007/978-3-642-03356-8_14 10.1007/978-3-662-43933-3_14 10.1007/978-3-642-34047-5_7 10.1007/978-3-642-03317-9_16 10.1007/11935230_2 10.1007/11733447_16 10.1007/978-3-642-10366-7_8 10.1007/978-3-642-19574-7_26 10.1007/978-3-642-25385-0_16 10.1007/11426639_3 10.1007/978-3-642-34047-5_23 10.1007/978-3-642-05445-7_2
ContentType	Journal Article
Copyright	International Association for Cryptologic Research 2013 2015 INIST-CNRS International Association for Cryptologic Research 2013.
Copyright_xml	– notice: International Association for Cryptologic Research 2013 – notice: 2015 INIST-CNRS – notice: International Association for Cryptologic Research 2013.
DBID	AAYXX CITATION IQODW JQ2
DOI	10.1007/s00145-013-9150-0
DatabaseName	CrossRef Pascal-Francis ProQuest Computer Science Collection
DatabaseTitle	CrossRef ProQuest Computer Science Collection
DatabaseTitleList	ProQuest Computer Science Collection
DeliveryMethod	fulltext_linktorsrc
Discipline	Education Computer Science Applied Sciences
EISSN	1432-1378
EndPage	479
ExternalDocumentID	28569675 10_1007_s00145_013_9150_0
GroupedDBID	-4Z -59 -5G -BR -EM -Y2 -~C -~X .4S .86 .DC .VR 06D 0R~ 0VY 199 1N0 1SB 203 28- 29K 2J2 2JN 2JY 2KG 2KM 2LR 2P1 2VQ 2~H 3-Y 30V 4.4 406 408 409 40D 40E 5GY 5QI 5VS 67Z 6NX 6TJ 78A 8TC 8UJ 95- 95. 95~ 96X AABHQ AACDK AAHNG AAIAL AAJBT AAJKR AANZL AAOBN AARHV AARTL AASML AATNV AATVU AAUYE AAWCG AAYIU AAYQN AAYTO AAYZH ABAKF ABBBX ABBXA ABDZT ABECU ABFTD ABFTV ABHLI ABHQN ABJNI ABJOX ABKCH ABKTR ABMNI ABMQK ABNWP ABQBU ABQSL ABSXP ABTEG ABTHY ABTKH ABTMW ABULA ABWNU ABXPI ACAOD ACBXY ACDTI ACGFS ACHSB ACHXU ACIWK ACKNC ACMDZ ACMLO ACOKC ACOMO ACPIV ACSNA ACZOJ ADHHG ADHIR ADIMF ADINQ ADKNI ADKPE ADMLS ADRFC ADTPH ADURQ ADYFF ADZKW AEBTG AEFIE AEFQL AEGAL AEGNC AEJHL AEJRE AEKMD AEMSY AENEX AEOHA AEPYU AESKC AETLH AEVLU AEXYK AFBBN AFEXP AFGCZ AFLOW AFQWF AFWTZ AFZKB AGAYW AGDGC AGGDS AGJBK AGMZJ AGQEE AGQMX AGRTI AGWIL AGWZB AGYKE AHAVH AHBYD AHKAY AHSBF AHYZX AIAKS AIGIU AIIXL AILAN AITGF AJBLW AJRNO AJZVZ ALMA_UNASSIGNED_HOLDINGS ALWAN AMKLP AMXSW AMYLF AMYQR AOCGG ARCSS ARMRJ ASPBG AVWKF AXYYD AYJHY AZFZN B-. BA0 BBWZM BDATZ BGNMA BSONS CAG COF CS3 CSCUP D-I DDRTE DL5 DNIVK DPUIP DU5 EBLON EBS EDO EIOEI EIS EJD ESBYG FEDTE FERAY FFXSO FIGPU FINBP FNLPD FRRFC FSGXE FWDCC GGCAI GGRSB GJIRD GNWQR GQ6 GQ7 GQ8 GXS H13 HF~ HG5 HG6 HMJXF HQYDN HRMNR HVGLF HZ~ I-F I09 IHE IJ- IKXTQ ITM IWAJR IXC IZIGR IZQ I~X I~Z J-C J0Z JBSCW JCJTX JZLTJ KDC KOV KOW LAS LLZTM M4Y MA- N2Q N9A NB0 NDZJH NPVJJ NQJWS NU0 O9- O93 O9G O9I O9J OAM P19 P2P P9O PF0 PT4 PT5 QOK QOS R4E R89 R9I RHV RIG RNI RNS ROL RPX RSV RZK S16 S1Z S26 S27 S28 S3B SAP SCJ SCLPG SCO SDH SDM SHX SISQX SJYHP SNE SNPRN SNX SOHCF SOJ SPISZ SRMVM SSLCW STPWE SZN T13 T16 TN5 TSG TSK TSV TUC TUS U2A UG4 UOJIU UTJUX UZXMN VC2 VFIZW VXZ W23 W48 WK8 YLTOR Z45 Z7R Z7X Z81 Z83 Z88 Z8M Z8R Z8U Z8W Z92 ZMTXR ~EX AAPKM AAYXX ABBRH ABDBE ABFSG ABJCF ABRTQ ACSTC ADHKG ADKFA AEZWR AFDZB AFFHD AFHIU AFKRA AFOHR AGQPQ AHPBZ AHWEU AIXLP ARAPS ATHPR AYFIA BENPR BGLVJ CCPQU CITATION HCIFZ K7- M7S PHGZM PHGZT PQGLB PTHSS IQODW JQ2
ID	FETCH-LOGICAL-c389t-63f6223e8a246adafb70156a152d2f9b8f4df6d582f94d43b4b1075de9d5881d3
IEDL.DBID	RSV
ISICitedReferencesCount	7
ISICitedReferencesURI	http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=000336370500003&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
ISSN	0933-2790
IngestDate	Wed Sep 17 23:58:16 EDT 2025 Wed Apr 02 07:17:38 EDT 2025 Tue Nov 18 21:18:11 EST 2025 Sat Nov 29 06:12:30 EST 2025 Fri Feb 21 02:32:44 EST 2025
IsDoiOpenAccess	true
IsOpenAccess	true
IsPeerReviewed	true
IsScholarly	true
Issue	3
Keywords	Skein SHA-3 Hash function Rotational cryptanalysis Distinguisher Rebound attack Cipher Compression function Private key Block ciphering Security of data Cryptanalysis Hashing Open market
Language	English
License	CC BY 4.0
LinkModel	DirectLink
MergedId	FETCHMERGED-LOGICAL-c389t-63f6223e8a246adafb70156a152d2f9b8f4df6d582f94d43b4b1075de9d5881d3
Notes	ObjectType-Article-1 SourceType-Scholarly Journals-1 ObjectType-Feature-2 content type line 14
OpenAccessLink	http://dx.doi.org/10.1007/s00145-013-9150-0
PQID	2387712888
PQPubID	2043756
PageCount	28
ParticipantIDs	proquest_journals_2387712888 pascalfrancis_primary_28569675 crossref_citationtrail_10_1007_s00145_013_9150_0 crossref_primary_10_1007_s00145_013_9150_0 springer_journals_10_1007_s00145_013_9150_0
PublicationCentury	2000
PublicationDate	2014-07-01
PublicationDateYYYYMMDD	2014-07-01
PublicationDate_xml	– month: 07 year: 2014 text: 2014-07-01 day: 01
PublicationDecade	2010
PublicationPlace	Boston
PublicationPlace_xml	– name: Boston – name: New York, NY – name: New York
PublicationTitle	Journal of cryptology
PublicationTitleAbbrev	J Cryptol
PublicationYear	2014
Publisher	Springer US Springer Springer Nature B.V
Publisher_xml	– name: Springer US – name: Springer – name: Springer Nature B.V
References	V. Klima, Tunnels in hash functions: MD5 collisions within a minute (2006). Available at http://eprint.iacr.org/2006/105.pdf WuS.FengD.WuW.LeeD.HongS.Practical rebound attack on 12-round Cheetah-256ICISC2009BerlinSpringer300314 KhovratovichD.RechbergerC.SavelievaA.Bicliques for preimages: attacks on Skein-512 and the SHA-2 familyFSE’122012BerlinSpringer244263 BiryukovA.KhovratovichD.NikolićI.Distinguisher and related-key attack on the full AES-256CRYPTO’092009BerlinSpringer231249 WangX.YuH.How to break MD5 and other hash functionsEUROCRYPT’052005BerlinSpringer1935 LeurentG.RoyA.Boomerang attacks on Hash function using auxiliary differentialsCT-RSA’122012BerlinSpringer215230 NaitoY.SasakiY.ShimoyamaT.YajimaJ.KunihiroN.OhtaK.Improved collision search for SHA-0ASIACRYPT’062006BerlinSpringer2136 BihamE.ChenR.Near-collisions of SHA-0CRYPTO’042004BerlinSpringer290305 ChenJ.JiaK.KwakJ.DengR.H.WonY.WangG.Improved related-key boomerang attacks on round-reduced Threefish-512ISPEC2010BerlinSpringer118 LambergerM.MendelF.RechbergerC.RijmenV.SchläfferM.Rebound distinguishers: results on the full Whirlpool compression functionASIACRYPT’092009BerlinSpringer126143 KhovratovichD.Bicliques for permutations: collision and preimage attacks in stronger settingsASIACRYPT’122012BerlinSpringer544561 N. Ferguson, S. Lucks, B. Schneier, D. Whiting, M. Bellare, T. Kohno, J. Callas, J. Walker, The Skein hash function family. Submission to NIST. Available at http://www.skein-hash.info/sites/default/files/skein1.1.pdf. MatusiewiczK.Naya-PlasenciaM.NikolićI.SasakiY.SchläfferM.Rebound attack on the full LANE compression functionASIACRYPT’092009BerlinSpringer106125 MendelF.NadT.SchläfferM.Finding SHA-2 characteristics: searching through a minefield of contradictionsASIACRYPT’112011BerlinSpringer288307 P. Morawiecki, J. Pieprzyk, M. Srebrny, Rotational cryptanalysis of round-reduced Keccak. Cryptology. ePrint Archive, Report 2012/546 (2012). http://eprint.iacr.org LiJ.IsobeT.ShibutaniK.Converting meet-in-the-middle preimage attack into pseudo collision attack: application to SHA-2FSE’122012BerlinSpringer264286 RijmenV.OswaldE.MenezesA.Update on SHA-1CT-RSA2005BerlinSpringer5871 BihamE.ChenR.JouxA.CarribaultP.LemuetC.JalbyW.CramerR.Collisions of SHA-0 and Reduced SHA-1EUROCRYPT’052005BerlinSpringer3657 N. Ferguson, S. Lucks, B. Schneier, D. Whiting, M. Bellare, T. Kohno, J. Callas, J. Walker, Provable security support for the Skein hash family (2009). Available at www.skein-hash.info/sites/default/files/skein-proofs.pdf JouxA.PeyrinT.Hash functions and the (amplified) boomerang attackCRYPTO’072007BerlinSpringer244263 MendelF.PeyrinT.RechbergerC.SchläfferM.Improved cryptanalysis of the reduced Grøstl compression function, ECHO permutation and AES block cipherSelected Areas in Cryptography’092009BerlinSpringer163510.1007/978-3-642-05445-7_2 G. Leurent, Construction of differential characteristics in ARX designs—application to Skein. Cryptology. ePrint Archive, Report 2012/668 (2012) JeanJ.Naya-PlasenciaM.PeyrinT.Improved rebound attack on the finalist GrøstlFSE’122012BerlinSpringer110126 BogdanovA.KhovratovichD.RechbergerC.Biclique cryptanalysis of the full AESASIACRYPT’112011BerlinSpringer344371 MendelF.RechbergerC.SchläfferM.ThomsenS.S.The rebound attack: cryptanalysis of reduced Whirlpool and GrøstlFSE’092009BerlinSpringer260276 G.V. Assche, A rotational distinguisher on Shabal’s keyed permutation and its impact on the security proofs. Available online at http://gva.noekeon.org/papers/ShabalRotation.pdf (2010) MendelF.PramstallerN.RechbergerC.RijmenV.Analysis of step-reduced SHA-256FSE’062006BerlinSpringer126143 N. Ferguson, S. Lucks, B. Schneier, D. Whiting, M. Bellare, T. Kohno, J. Callas, J. Walker, The Skein hash function family, version 1.3 (2010). Submission to NIST (Round 3). Available at http://www.skein-hash.info/sites/default/files/skein1.3.pdf DucA.GuoJ.PeyrinT.WeiL.Unaligned rebound attack: application to KeccakFSE’122012BerlinSpringer402421 KhovratovichD.NikolićI.Rotational cryptanalysis of ARXFSE’102010BerlinSpringer333346 SuB.WuW.WuS.DongL.Near-collisions on the reduced-round compression functions of Skein and BLAKECANS’102010BerlinSpringer124139 M. Daum, Cryptanalysis of Hash functions of the MD4-family. PhD thesis, Ruhr-Universität Bochum (2005) G. Bertoni, J. Daemen, M. Peeters, G.V. Assche, The Keccak reference, version 3.0 (2011). See http://keccak.noekeon.org/Keccak-reference-3.0.pdf H. Yu, J. Chen, X. Wang, Partial-collision attack on the round-reduced compression function of Skein-256, in FSE’13 (2013) AumassonJ.-P.ÇalikÇ.MeierW.ÖzenO.PhanR.C.-W.VariciK.Improved cryptanalysis of SkeinASIACRYPT’092009BerlinSpringer542559 D.J. Bernstein, Salsa20. Technical Report 2005/025. In eSTREAM. ECRYPT Stream Cipher Project (2005). See http://cr.yp.to/snuffle.html M. Stevens, On collisions for MD5. Master’s thesis, Eindhoven University of Technology, Eindhoven, Netherlands (2007) I. Nikolić, J. Pieprzyk, P. Sokolowski, R. Steinfeld, Rotational cryptanalysis of (modified) versions of BMW and SIMD (2010). Available online at https://cryptolux.org/mediawiki/uploads/0/07/Rotational_distinguishers_(Nikolic,_Pieprzyk,_Sokolowski,_Steinfeld).pdf WangX.YinY.L.YuH.ShoupV.Finding collisions in the full SHA-1CRYPTO2005BerlinSpringer1736 N. Ferguson, S. Lucks, B. Schneier, D. Whiting, M. Bellare, T. Kohno, J. Callas, J. Walker, The Skein hash function family, version 1.2 (2009). Submission to NIST (Round 2), Available at http://www.skein-hash.info/sites/default/files/skein1.2.pdf IndesteegeS.MendelF.PreneelB.RechbergerC.AvanziR.M.KeliherL.SicaF.Collisions and other non-random properties for step-reduced SHA-256Selected Areas in Cryptography’082008BerlinSpringer27629310.1007/978-3-642-04159-4_18 StandaertF.-X.PiretG.GershenfeldN.QuisquaterJ.-J.SEA: a scalable encryption algorithm for small embedded applicationsCARDIS’062006BerlinSpringer222236 SasakiY.YasudaK.Known-key distinguishers for 11-round Feistel ciphers: application to collision attacks on their hashing modesFSE’112011BerlinSpringer397415 KhovratovichD.Naya-PlasenciaM.RöckA.SchläfferM.Cryptanalysis of Luffa v2 componentsSelected Areas in Cryptography’102010BerlinSpringer38840910.1007/978-3-642-19574-7_26 NikolićI.BiryukovA.Collisions for step-reduced SHA-256FSE’082008BerlinSpringer115 KhovratovichD.NikolićI.RechbergerC.Rotational rebound attacks on reduced SkeinASIACRYPT’102010BerlinSpringer119 JeanJ.Naya-PlasenciaM.SchläfferM.Improved analysis of ECHO-256Selected Areas in Cryptography’112011BerlinSpringer193610.1007/978-3-642-28496-0_2 J. Jean (9150_CR17) 2012 D. Khovratovich (9150_CR24) 2012 F. Mendel (9150_CR33) 2006 A. Joux (9150_CR19) 2007 9150_CR27 D. Khovratovich (9150_CR22) 2010 E. Biham (9150_CR6) 2005 A. Biryukov (9150_CR7) 2009 D. Khovratovich (9150_CR21) 2010 M. Lamberger (9150_CR26) 2009 J. Chen (9150_CR9) 2010 9150_CR10 F. Mendel (9150_CR32) 2009 9150_CR15 9150_CR14 Y. Sasaki (9150_CR40) 2011 9150_CR13 9150_CR35 9150_CR12 X. Wang (9150_CR45) 2005 K. Matusiewicz (9150_CR30) 2009 9150_CR1 F. Mendel (9150_CR34) 2009 9150_CR38 D. Khovratovich (9150_CR23) 2010 E. Biham (9150_CR5) 2004 F.-X. Standaert (9150_CR41) 2006 J. Li (9150_CR29) 2012 S. Indesteege (9150_CR16) 2008 J.-P. Aumasson (9150_CR2) 2009 I. Nikolić (9150_CR37) 2008 9150_CR4 A. Duc (9150_CR11) 2012 9150_CR3 F. Mendel (9150_CR31) 2011 V. Rijmen (9150_CR39) 2005 A. Bogdanov (9150_CR8) 2011 Y. Naito (9150_CR36) 2006 X. Wang (9150_CR44) 2005 J. Jean (9150_CR18) 2011 9150_CR42 S. Wu (9150_CR46) 2009 G. Leurent (9150_CR28) 2012 9150_CR25 B. Su (9150_CR43) 2010 9150_CR47 D. Khovratovich (9150_CR20) 2012
References_xml	– reference: KhovratovichD.Bicliques for permutations: collision and preimage attacks in stronger settingsASIACRYPT’122012BerlinSpringer544561 – reference: N. Ferguson, S. Lucks, B. Schneier, D. Whiting, M. Bellare, T. Kohno, J. Callas, J. Walker, The Skein hash function family, version 1.2 (2009). Submission to NIST (Round 2), Available at http://www.skein-hash.info/sites/default/files/skein1.2.pdf – reference: KhovratovichD.NikolićI.RechbergerC.Rotational rebound attacks on reduced SkeinASIACRYPT’102010BerlinSpringer119 – reference: LambergerM.MendelF.RechbergerC.RijmenV.SchläfferM.Rebound distinguishers: results on the full Whirlpool compression functionASIACRYPT’092009BerlinSpringer126143 – reference: N. Ferguson, S. Lucks, B. Schneier, D. Whiting, M. Bellare, T. Kohno, J. Callas, J. Walker, The Skein hash function family. Submission to NIST. Available at http://www.skein-hash.info/sites/default/files/skein1.1.pdf. – reference: M. Stevens, On collisions for MD5. Master’s thesis, Eindhoven University of Technology, Eindhoven, Netherlands (2007) – reference: IndesteegeS.MendelF.PreneelB.RechbergerC.AvanziR.M.KeliherL.SicaF.Collisions and other non-random properties for step-reduced SHA-256Selected Areas in Cryptography’082008BerlinSpringer27629310.1007/978-3-642-04159-4_18 – reference: StandaertF.-X.PiretG.GershenfeldN.QuisquaterJ.-J.SEA: a scalable encryption algorithm for small embedded applicationsCARDIS’062006BerlinSpringer222236 – reference: G.V. Assche, A rotational distinguisher on Shabal’s keyed permutation and its impact on the security proofs. Available online at http://gva.noekeon.org/papers/ShabalRotation.pdf (2010) – reference: MendelF.PramstallerN.RechbergerC.RijmenV.Analysis of step-reduced SHA-256FSE’062006BerlinSpringer126143 – reference: N. Ferguson, S. Lucks, B. Schneier, D. Whiting, M. Bellare, T. Kohno, J. Callas, J. Walker, Provable security support for the Skein hash family (2009). Available at www.skein-hash.info/sites/default/files/skein-proofs.pdf – reference: JeanJ.Naya-PlasenciaM.SchläfferM.Improved analysis of ECHO-256Selected Areas in Cryptography’112011BerlinSpringer193610.1007/978-3-642-28496-0_2 – reference: MendelF.PeyrinT.RechbergerC.SchläfferM.Improved cryptanalysis of the reduced Grøstl compression function, ECHO permutation and AES block cipherSelected Areas in Cryptography’092009BerlinSpringer163510.1007/978-3-642-05445-7_2 – reference: N. Ferguson, S. Lucks, B. Schneier, D. Whiting, M. Bellare, T. Kohno, J. Callas, J. Walker, The Skein hash function family, version 1.3 (2010). Submission to NIST (Round 3). Available at http://www.skein-hash.info/sites/default/files/skein1.3.pdf – reference: V. Klima, Tunnels in hash functions: MD5 collisions within a minute (2006). Available at http://eprint.iacr.org/2006/105.pdf – reference: MatusiewiczK.Naya-PlasenciaM.NikolićI.SasakiY.SchläfferM.Rebound attack on the full LANE compression functionASIACRYPT’092009BerlinSpringer106125 – reference: NikolićI.BiryukovA.Collisions for step-reduced SHA-256FSE’082008BerlinSpringer115 – reference: I. Nikolić, J. Pieprzyk, P. Sokolowski, R. Steinfeld, Rotational cryptanalysis of (modified) versions of BMW and SIMD (2010). Available online at https://cryptolux.org/mediawiki/uploads/0/07/Rotational_distinguishers_(Nikolic,_Pieprzyk,_Sokolowski,_Steinfeld).pdf – reference: DucA.GuoJ.PeyrinT.WeiL.Unaligned rebound attack: application to KeccakFSE’122012BerlinSpringer402421 – reference: SuB.WuW.WuS.DongL.Near-collisions on the reduced-round compression functions of Skein and BLAKECANS’102010BerlinSpringer124139 – reference: ChenJ.JiaK.KwakJ.DengR.H.WonY.WangG.Improved related-key boomerang attacks on round-reduced Threefish-512ISPEC2010BerlinSpringer118 – reference: H. Yu, J. Chen, X. Wang, Partial-collision attack on the round-reduced compression function of Skein-256, in FSE’13 (2013) – reference: M. Daum, Cryptanalysis of Hash functions of the MD4-family. PhD thesis, Ruhr-Universität Bochum (2005) – reference: NaitoY.SasakiY.ShimoyamaT.YajimaJ.KunihiroN.OhtaK.Improved collision search for SHA-0ASIACRYPT’062006BerlinSpringer2136 – reference: G. Leurent, Construction of differential characteristics in ARX designs—application to Skein. Cryptology. ePrint Archive, Report 2012/668 (2012) – reference: G. Bertoni, J. Daemen, M. Peeters, G.V. Assche, The Keccak reference, version 3.0 (2011). See http://keccak.noekeon.org/Keccak-reference-3.0.pdf – reference: KhovratovichD.Naya-PlasenciaM.RöckA.SchläfferM.Cryptanalysis of Luffa v2 componentsSelected Areas in Cryptography’102010BerlinSpringer38840910.1007/978-3-642-19574-7_26 – reference: WuS.FengD.WuW.LeeD.HongS.Practical rebound attack on 12-round Cheetah-256ICISC2009BerlinSpringer300314 – reference: JeanJ.Naya-PlasenciaM.PeyrinT.Improved rebound attack on the finalist GrøstlFSE’122012BerlinSpringer110126 – reference: KhovratovichD.RechbergerC.SavelievaA.Bicliques for preimages: attacks on Skein-512 and the SHA-2 familyFSE’122012BerlinSpringer244263 – reference: WangX.YuH.How to break MD5 and other hash functionsEUROCRYPT’052005BerlinSpringer1935 – reference: LeurentG.RoyA.Boomerang attacks on Hash function using auxiliary differentialsCT-RSA’122012BerlinSpringer215230 – reference: KhovratovichD.NikolićI.Rotational cryptanalysis of ARXFSE’102010BerlinSpringer333346 – reference: D.J. Bernstein, Salsa20. Technical Report 2005/025. In eSTREAM. ECRYPT Stream Cipher Project (2005). See http://cr.yp.to/snuffle.html – reference: BiryukovA.KhovratovichD.NikolićI.Distinguisher and related-key attack on the full AES-256CRYPTO’092009BerlinSpringer231249 – reference: BihamE.ChenR.JouxA.CarribaultP.LemuetC.JalbyW.CramerR.Collisions of SHA-0 and Reduced SHA-1EUROCRYPT’052005BerlinSpringer3657 – reference: MendelF.RechbergerC.SchläfferM.ThomsenS.S.The rebound attack: cryptanalysis of reduced Whirlpool and GrøstlFSE’092009BerlinSpringer260276 – reference: BogdanovA.KhovratovichD.RechbergerC.Biclique cryptanalysis of the full AESASIACRYPT’112011BerlinSpringer344371 – reference: P. Morawiecki, J. Pieprzyk, M. Srebrny, Rotational cryptanalysis of round-reduced Keccak. Cryptology. ePrint Archive, Report 2012/546 (2012). http://eprint.iacr.org/ – reference: LiJ.IsobeT.ShibutaniK.Converting meet-in-the-middle preimage attack into pseudo collision attack: application to SHA-2FSE’122012BerlinSpringer264286 – reference: SasakiY.YasudaK.Known-key distinguishers for 11-round Feistel ciphers: application to collision attacks on their hashing modesFSE’112011BerlinSpringer397415 – reference: RijmenV.OswaldE.MenezesA.Update on SHA-1CT-RSA2005BerlinSpringer5871 – reference: WangX.YinY.L.YuH.ShoupV.Finding collisions in the full SHA-1CRYPTO2005BerlinSpringer1736 – reference: AumassonJ.-P.ÇalikÇ.MeierW.ÖzenO.PhanR.C.-W.VariciK.Improved cryptanalysis of SkeinASIACRYPT’092009BerlinSpringer542559 – reference: MendelF.NadT.SchläfferM.Finding SHA-2 characteristics: searching through a minefield of contradictionsASIACRYPT’112011BerlinSpringer288307 – reference: BihamE.ChenR.Near-collisions of SHA-0CRYPTO’042004BerlinSpringer290305 – reference: JouxA.PeyrinT.Hash functions and the (amplified) boomerang attackCRYPTO’072007BerlinSpringer244263 – start-page: 397 volume-title: FSE’11 year: 2011 ident: 9150_CR40 doi: 10.1007/978-3-642-21702-9_23 – start-page: 333 volume-title: FSE’10 year: 2010 ident: 9150_CR22 doi: 10.1007/978-3-642-13858-4_19 – start-page: 215 volume-title: CT-RSA’12 year: 2012 ident: 9150_CR28 doi: 10.1007/978-3-642-27954-6_14 – start-page: 124 volume-title: CANS’10 year: 2010 ident: 9150_CR43 – start-page: 300 volume-title: ICISC year: 2009 ident: 9150_CR46 – ident: 9150_CR42 – start-page: 19 volume-title: Selected Areas in Cryptography’11 year: 2011 ident: 9150_CR18 doi: 10.1007/978-3-642-28496-0_2 – start-page: 544 volume-title: ASIACRYPT’12 year: 2012 ident: 9150_CR20 doi: 10.1007/978-3-642-34961-4_33 – start-page: 1 volume-title: ASIACRYPT’10 year: 2010 ident: 9150_CR23 – ident: 9150_CR25 – ident: 9150_CR27 – start-page: 58 volume-title: CT-RSA year: 2005 ident: 9150_CR39 doi: 10.1007/978-3-540-30574-3_6 – ident: 9150_CR1 – ident: 9150_CR13 – start-page: 19 volume-title: EUROCRYPT’05 year: 2005 ident: 9150_CR45 – start-page: 106 volume-title: ASIACRYPT’09 year: 2009 ident: 9150_CR30 doi: 10.1007/978-3-642-10366-7_7 – start-page: 126 volume-title: FSE’06 year: 2006 ident: 9150_CR33 doi: 10.1007/11799313_9 – ident: 9150_CR15 – start-page: 244 volume-title: CRYPTO’07 year: 2007 ident: 9150_CR19 doi: 10.1007/978-3-540-74143-5_14 – start-page: 276 volume-title: Selected Areas in Cryptography’08 year: 2008 ident: 9150_CR16 doi: 10.1007/978-3-642-04159-4_18 – ident: 9150_CR38 – ident: 9150_CR3 – start-page: 244 volume-title: FSE’12 year: 2012 ident: 9150_CR24 doi: 10.1007/978-3-642-34047-5_15 – start-page: 542 volume-title: ASIACRYPT’09 year: 2009 ident: 9150_CR2 doi: 10.1007/978-3-642-10366-7_32 – start-page: 290 volume-title: CRYPTO’04 year: 2004 ident: 9150_CR5 doi: 10.1007/978-3-540-28628-8_18 – start-page: 344 volume-title: ASIACRYPT’11 year: 2011 ident: 9150_CR8 doi: 10.1007/978-3-642-25385-0_19 – start-page: 1 volume-title: FSE’08 year: 2008 ident: 9150_CR37 – start-page: 231 volume-title: CRYPTO’09 year: 2009 ident: 9150_CR7 doi: 10.1007/978-3-642-03356-8_14 – start-page: 17 volume-title: CRYPTO year: 2005 ident: 9150_CR44 – start-page: 264 volume-title: FSE’12 year: 2012 ident: 9150_CR29 – ident: 9150_CR47 doi: 10.1007/978-3-662-43933-3_14 – start-page: 110 volume-title: FSE’12 year: 2012 ident: 9150_CR17 doi: 10.1007/978-3-642-34047-5_7 – ident: 9150_CR35 – ident: 9150_CR10 – start-page: 1 volume-title: ISPEC year: 2010 ident: 9150_CR9 – ident: 9150_CR12 – start-page: 260 volume-title: FSE’09 year: 2009 ident: 9150_CR34 doi: 10.1007/978-3-642-03317-9_16 – start-page: 21 volume-title: ASIACRYPT’06 year: 2006 ident: 9150_CR36 doi: 10.1007/11935230_2 – start-page: 222 volume-title: CARDIS’06 year: 2006 ident: 9150_CR41 doi: 10.1007/11733447_16 – start-page: 126 volume-title: ASIACRYPT’09 year: 2009 ident: 9150_CR26 doi: 10.1007/978-3-642-10366-7_8 – ident: 9150_CR4 – ident: 9150_CR14 – start-page: 388 volume-title: Selected Areas in Cryptography’10 year: 2010 ident: 9150_CR21 doi: 10.1007/978-3-642-19574-7_26 – start-page: 288 volume-title: ASIACRYPT’11 year: 2011 ident: 9150_CR31 doi: 10.1007/978-3-642-25385-0_16 – start-page: 36 volume-title: EUROCRYPT’05 year: 2005 ident: 9150_CR6 doi: 10.1007/11426639_3 – start-page: 402 volume-title: FSE’12 year: 2012 ident: 9150_CR11 doi: 10.1007/978-3-642-34047-5_23 – start-page: 16 volume-title: Selected Areas in Cryptography’09 year: 2009 ident: 9150_CR32 doi: 10.1007/978-3-642-05445-7_2
SSID	ssj0017573
Score	2.0651815
Snippet	In this paper we combine two powerful methods of symmetric cryptanalysis: rotational cryptanalysis and the rebound attack. Rotational cryptanalysis was...
SourceID	proquest pascalfrancis crossref springer
SourceType	Aggregation Database Index Database Enrichment Source Publisher
StartPage	452
SubjectTerms	Algorithms Applied sciences Coding and Information Theory Combinatorics Communications Engineering Complexity Computational Mathematics and Numerical Analysis Computer Science Cryptography Design Encryption Exact sciences and technology Information, signal and communications theory Networks Permutations Probability Theory and Stochastic Processes Signal and communications theory Telecommunications and information theory
Title	Rotational Rebound Attacks on Reduced Skein
URI	https://link.springer.com/article/10.1007/s00145-013-9150-0 https://www.proquest.com/docview/2387712888
Volume	27
WOSCitedRecordID	wos000336370500003&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
hasFullText	1
inHoldings	1
isFullTextHit
isPrint
journalDatabaseRights	– providerCode: PRVAVX databaseName: SpringerLINK Contemporary 1997-Present customDbUrl: eissn: 1432-1378 dateEnd: 99991231 omitProxy: false ssIdentifier: ssj0017573 issn: 0933-2790 databaseCode: RSV dateStart: 19970101 isFulltext: true titleUrlDefault: https://link.springer.com/search?facet-content-type=%22Journal%22 providerName: Springer Nature
link	http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV3dS8MwED9k-iCIH1OxOkcffHIUujRt08chDh9kyKayt9J8wVC6sVb_fi9tWpmooI9Nk7bcJbnf9e7yA7ga-ojCKQ08EhLqUZPfmGkhPTQnQyGI4EpX58zex5MJm8-TB1vHXTTZ7k1Istqp22I3g-ZNopmJFoe-h376Nlo7ZvgaprPnNnQQh3VYOTEkZXHShjK_e8SGMdpbZQXKRdeEFhuI80uQtLI944N_ffUh7Fuo6Y7quXEEWyrvwkFD4-DaVd01xM02yeMYBtNlaX8Puih5w7nkjsrSFOK7yxybsKuS7uxFLfITeBrfPt7ceZZPwRMIS0ovCnSEaECxjNAok5nmsSmkztCES6ITzjSVOpIhwwsqacApR-cwlCrBNsS1wSl08mWuzsBlhGsShzxQGv1JITPORDAMFO6cnKKOHfAbwabCHjZuOC9e0_aY5EowKQomNYJJfQeu2yGr-qSN3zr3N7TVjiAsjBJ0ghzoNepL7aosUoQncYwGmTEHBo26Pm__-LbzP_W-gF1EVbTO6e1Bp1y_qUvYEe_lolj3q8n6AdaN4C4
linkProvider	Springer Nature
linkToHtml	http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV1LS8NAEB5EBQWxWhWjtebgyRJIk02yORaxVKxF2iq9hewLipKWJvr7nc1LKiroMZvZJMzs7nyTeQFcdW1E4YS4luM5xCI6vjFWXFioTrqcO5xJldeZHQajEZ3Nwscyjzutot0rl2R-UtfJbhrN60Az7S32bAvt9C2CCksXzB9PnmvXQeAVbuVQNykLwtqV-d0j1pTR3jJOkS-qaGixhji_OElz3dNv_OurD2C_hJpmr1gbh7AhkyY0qjYOZrmrm7pxcxnkcQSd8SIrfw-ayHndc8nsZZlOxDcXCQ4hqRTm5EXOk2N46t9ObwZW2U_B4ghLMst3lY9oQNLYIX4sYsUCnUgdowoXjgoZVUQoX3gUL4ggLiMMjUNPyBDHENe6J7CZLBJ5CiZ1mHICj7lSoT3JRcwod7uuxJOTEZSxAXbF2IiXxcZ1z4vXqC6TnDMmQsZEmjGRbcB1PWVZVNr4jbi9Jq16hkM9P0QjyIBWJb6o3JVphPAkCFAhU2pApxLX5-0f33b2J-pL2BlMH4bR8G50fw67iLBIEd_bgs1s9SYvYJu_Z_N01c4X7gdhDeMS
linkToPdf	http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwpV1LS8NAEB5ERQSxWhWjtebgyRKaJptkcyxqUSylWJXeQvYFRUlLE_39zuYlFRXEYza7CZnZZL7JPD6Ai56NKJwQ13I8h1hE5zfGigsLzUmPc4czqfI-s8NgNKLTaTgueU7TKtu9CkkWNQ26S1OSdRdCdevCN43sddKZjhx7toU--wbRefTaXZ8812GEwCtCzKEmLAvCOqz53SVWDNPOIk5RRqogt1hBn18CprkdGjT-_QR7sFtCULNf7Jl9WJNJExoVvYNZvu1NTehcJn8cQOdhnpW_DU3UiOZiMvtZpgv0zXmCQzhVCnPyImfJITwNbh6vbq2SZ8HiCFcyy3eVjyhB0tghfixixQJdYB2jaReOChlVRChfeBQPiCAuIwydRk_IEMcQ77pHsJ7ME3kMJnWYcgKPuVKhn8lFzCh3e67ELyojqHsD7ErIES-bkGsujNeobp-cCyZCwURaMJFtwGW9ZFF04PhtcntFc_UKh3p-iM6RAa1KlVH5tqYRwpYgQENNqQGdSnWfp3-828mfZp_D1vh6EA3vRvensI3AixRpvy1Yz5Zv8gw2-Xs2S5ftfA9_AFXc6_Y
openUrl	ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Rotational+Rebound+Attacks+on+Reduced+Skein&rft.jtitle=Journal+of+cryptology&rft.au=KHOVRATOVICH%2C+Dmitry&rft.au=NIKOLIC%2C+Ivica&rft.au=RECHBERGER%2C+Christian&rft.date=2014-07-01&rft.pub=Springer&rft.issn=0933-2790&rft.volume=27&rft.issue=3&rft.spage=452&rft.epage=479&rft_id=info:doi/10.1007%2Fs00145-013-9150-0&rft.externalDBID=n%2Fa&rft.externalDocID=28569675
thumbnail_l	http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=0933-2790&client=summon
thumbnail_m	http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=0933-2790&client=summon
thumbnail_s	http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=0933-2790&client=summon