SymSum: Symmetric-Sum Distinguishers Against Round Reduced SHA3

Authors

  • Dhiman Saha Crypto Research Lab, Department of Computer Science and Engineering, Indian Institute of Technology Kharagpur, Kharagpur, India
  • Sukhendu Kuila Department of Mathematics, Vidyasagar University, Medinipur, India
  • Dipanwita Roy Chowdhury Crypto Research Lab, Department of Computer Science and Engineering, Indian Institute of Technology Kharagpur, Kharagpur, India

DOI:

https://doi.org/10.13154/tosc.v2017.i1.240-258

Keywords:

distinguisher, Keccak, SHA3, hash functions, cryptanalysis, zero-sums, self-symmetry, vectorial derivatives

Abstract

In this work we show the existence of special sets of inputs for which the sum of the images under SHA3 exhibits a symmetric property. We develop an analytical framework which accounts for the existence of these sets. The framework constitutes identification of a generic property of iterated SPN based functions pertaining to the round-constant addition and combining it with the notion of m−fold vectorial derivatives for differentiation over specially selected subspaces. Based on this we propose a new distinguisher called SymSum for the SHA3 family which penetrates up to 9 rounds and outperforms the ZeroSum distinguisher by a factor of four. Interestingly, the current work is the first analysis of SHA3/Keccak that relies on round-constants but is independent of their Hamming-weights.

Downloads

Published

2017-03-08

Issue

Section

Articles

How to Cite

Saha, D., Kuila, S., & Chowdhury, D. R. (2017). SymSum: Symmetric-Sum Distinguishers Against Round Reduced SHA3. IACR Transactions on Symmetric Cryptology, 2017(1), 240-258. https://doi.org/10.13154/tosc.v2017.i1.240-258