International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Triangulating Rebound Attack on AES-like Hashing

Authors:
Xiaoyang Dong , Tsinghua University
Jian Guo , Nanyang Technological University
Shun Li , Nanyang Technological University
Phuong Pham , Nanyang Technological University
Download:
Search ePrint
Search Google
Presentation: Slides
Conference: CRYPTO 2022
Abstract: Rebound attack was introduced by Mendel et al. at FSE~2009 to fulfill a heavy middle round of a differential path for free, utilizing the degree of freedom from states. The inbound phase was extended to 2 rounds by Super-Sbox technique invented by Lamberger et al. at ASIACRYPT~2009 and Gilbert and Peyrin at FSE~2010. In ASIACRYPT~2010, Sasaki et al. further reduced the requirement of memory by introducing the non-full-active Super-Sbox. In this paper, we further develop this line of research by introducing Super-Inbound, which is able to connect multiple 1-round or 2-round (non-full-active) Super-Sbox inbound phases by utilizing fully the degrees of freedom from both states and key, yet without the use of large memory. This essentially extends the inbound phase by up to 3 rounds. We applied this technique to find classic or quantum collisions on several AES-like hash functions, and improved the attacked round number by 1 to 5 in targets including AES-128 and Skinny hashing modes, Saturnin-hash, and Gr{\o}stl-512. To demonstrate the correctness of our attacks, the semi-free-start collision on 6-round AES-128-MMO/MP with estimated time complexity $2^{24}$ in classical setting was implemented and an example pair was found instantly on a standard PC.
Video from CRYPTO 2022
BibTeX
@inproceedings{crypto-2022-32127,
  title={Triangulating Rebound Attack on AES-like Hashing},
  publisher={Springer-Verlag},
  author={Xiaoyang Dong and Jian Guo and Shun Li and Phuong Pham},
  year=2022
}