International Association for Cryptologic Research

International Association
for Cryptologic Research


Paper: Improved Differential Attacks for ECHO and Grostl

Thomas Peyrin
Search ePrint
Search Google
Abstract: We present improved cryptanalysis of two second-round SHA-3 candidates: the AES-based hash functions ECHO and GROSTL. We explain methods for building better differential trails for ECHO by increasing the granularity of the truncated differential paths previously considered. In the case of GROSTL, we describe a new technique, the internal differential attack, which shows that when using parallel computations designers should also consider the differential security between the parallel branches. Then, we exploit the recently introduced start-from-the-middle or Super-Sbox attacks, that proved to be very efficient when attacking AES-like permutations, to achieve a very efficient utilization of the available freedom degrees. Finally, we obtain the best known attacks so far for both ECHO and GROSTL. In particular, we are able to mount a distinguishing attack for the full GROSTL-256 compression function.
  title={Improved Differential Attacks for ECHO and Grostl},
  booktitle={IACR Eprint archive},
  keywords={secret-key cryptography / hash functions, cryptanalysis, ECHO, Grostl, AES, internal differential attack},
  note={published at CRYPTO 2010 14833 received 20 Apr 2010, last revised 12 Aug 2010},
  author={Thomas Peyrin},