International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Martin Schläffer

Affiliation: Infineon Technologies, Germany

Publications

Year
Venue
Title
2015
JOFC
2015
EPRINT
2015
EPRINT
2014
EPRINT
2014
EPRINT
2014
FSE
2014
FSE
2013
ASIACRYPT
2013
EUROCRYPT
2012
FSE
2011
ASIACRYPT
2011
JOFC
2010
EPRINT
Distinguishers for the Compression Function and Output Transformation of Hamsi-256
Hamsi is one of 14 remaining candidates in NIST's Hash Competition for the future hash standard SHA-3. Until now, little analysis has been published on its resistance to differential cryptanalysis, the main technique used to attack hash functions. We present a study of Hamsi's resistance to differential and higher-order differential cryptanalysis, with focus on the 256-bit version of Hamsi. Our main results are efficient distinguishers and near-collisions for its full (3-round) compression function, and distinguishers for its full (6-round) finalization function, indicating that Hamsi's building blocks do not behave ideally.
2010
EPRINT
The Rebound Attack and Subspace Distinguishers: Application to Whirlpool
We introduce the rebound attack as a variant of differential cryptanalysis on hash functions and apply it to the hash function Whirlpool, standardized by ISO/IEC. We give attacks on reduced variants of the Whirlpool hash function and the Whirlpool compression function. Next, we introduce the subspace problems as generalizations of near-collision resistance. Finally, we present distinguishers based on the rebound attack, that apply to the full compression function of Whirlpool and the underlying block cipher $W$.
2010
EPRINT
Subspace Distinguisher for 5/8 Rounds of the ECHO-256 Hash Function
Martin Schläffer
In this work we present first results for the hash function of ECHO. We provide a subspace distinguisher for 5 rounds, near-collisions on 4.5 rounds and collisions for 4 out of 8 rounds of the ECHO-256 hash function. The complexities are $2^{96}$ compression function calls for the distinguisher and near-collision attack, and $2^{64}$ for the collision attack. The memory requirements are $2^{64}$ for all attacks. Furthermore, we provide improved compression function attacks on ECHO-256 to get distinguishers on 7 rounds and near-collisions for 6 and 6.5 rounds. The compression function attacks also apply to ECHO-512. To get these results, we consider new and sparse truncated differential paths through ECHO. We are able to construct these paths by analyzing the combined MixColumns and BigMixColumns transformation. Since in these sparse truncated differential paths at most one fourth of all bytes of each ECHO state are active, missing degrees of freedom are not a problem. Therefore, we are able to mount a rebound attack with multiple inbound phases to efficiently find according message pairs for ECHO.
2009
ASIACRYPT
2009
ASIACRYPT
2009
ASIACRYPT
2009
FSE
2008
EPRINT
Collisions for Round-Reduced LAKE
Florian Mendel Martin Schläffer
LAKE is a family of cryptographic hash functions presented at FSE 2008. It is an iterated hash function and defines two main instances with a 256 bit and 512 bit hash value. In this paper, we present the first security analysis of LAKE. We show how collision attacks, exploiting the non-bijectiveness of the internal compression function of LAKE, can be mounted on reduced variants of LAKE. We show an efficient attack on the 256 bit hash function LAKE-256 reduced to 3 rounds and present an actual colliding message pair. Furthermore, we present a theoretical attack on LAKE-256 reduced to 4 rounds with a complexity of $2^{109}$. By using more sophisticated message modification techniques we expect that the attack can be extended to 5 rounds. However, for the moment our approach does not appear to be applicable to the full LAKE-256 hash function (with all 8 rounds).
2006
FSE

Program Committees

FSE 2019
FSE 2018
FSE 2015