Cryptanalysis of the ESSENCE Family of Hash Functions View Full Text


Ontology type: schema:Chapter      Open Access: True


Chapter Info

DATE

2010

AUTHORS

Nicky Mouha , Gautham Sekar , Jean-Philippe Aumasson , Thomas Peyrin , Søren S. Thomsen , Meltem Sönmez Turan , Bart Preneel

ABSTRACT

ESSENCE is a family of cryptographic hash functions, accepted to the first round of NIST’s SHA-3 competition. This paper presents the first known attacks on ESSENCE. We present a semi-free-start collision attack on 31 out of 32 rounds of ESSENCE-512, invalidating the design claim that at least 24 rounds of ESSENCE are secure against differential cryptanalysis. We develop a novel technique to satisfy the first nine rounds of the differential characteristic. Non-randomness in the outputs of the feedback function F is used to construct several distinguishers on a 14-round ESSENCE block cipher and the corresponding compression function, each requiring only 217 output bits. This observation is extended to key-recovery attacks on the block cipher. Next, we show that the omission of round constants allows slid pairs and fixed points to be found. These attacks are independent of the number of rounds. Finally, we suggest several countermeasures against these attacks, while still keeping the design simple and easy to analyze. More... »

PAGES

15-34

Identifiers

URI

http://scigraph.springernature.com/pub.10.1007/978-3-642-16342-5_2

DOI

http://dx.doi.org/10.1007/978-3-642-16342-5_2

DIMENSIONS

https://app.dimensions.ai/details/publication/pub.1051981001


Indexing Status Check whether this publication has been indexed by Scopus and Web Of Science using the SN Indexing Status Tool
Incoming Citations Browse incoming citations for this publication using opencitations.net

JSON-LD is the canonical representation for SciGraph data.

TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT

[
  {
    "@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json", 
    "about": [
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/08", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Information and Computing Sciences", 
        "type": "DefinedTerm"
      }, 
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0804", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Data Format", 
        "type": "DefinedTerm"
      }
    ], 
    "author": [
      {
        "affiliation": {
          "alternateName": "Interdisciplinary Institute for BroadBand Technology\u00a0(IBBT), Belgium", 
          "id": "http://www.grid.ac/institutes/grid.56912.39", 
          "name": [
            "Department of Electrical Engineering ESAT/SCD-COSIC, Katholieke\u00a0Universiteit\u00a0Leuven, Kasteelpark\u00a0Arenberg\u00a010, B-3001, Heverlee, Belgium", 
            "Interdisciplinary Institute for BroadBand Technology\u00a0(IBBT), Belgium"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Mouha", 
        "givenName": "Nicky", 
        "id": "sg:person.014546777621.78", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.014546777621.78"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Interdisciplinary Institute for BroadBand Technology\u00a0(IBBT), Belgium", 
          "id": "http://www.grid.ac/institutes/grid.56912.39", 
          "name": [
            "Department of Electrical Engineering ESAT/SCD-COSIC, Katholieke\u00a0Universiteit\u00a0Leuven, Kasteelpark\u00a0Arenberg\u00a010, B-3001, Heverlee, Belgium", 
            "Interdisciplinary Institute for BroadBand Technology\u00a0(IBBT), Belgium"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Sekar", 
        "givenName": "Gautham", 
        "id": "sg:person.011362012455.96", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011362012455.96"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "FHNW, Windisch, Switzerland", 
          "id": "http://www.grid.ac/institutes/grid.410380.e", 
          "name": [
            "FHNW, Windisch, Switzerland"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Aumasson", 
        "givenName": "Jean-Philippe", 
        "id": "sg:person.012606440341.66", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.012606440341.66"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Ingenico, France", 
          "id": "http://www.grid.ac/institutes/grid.435187.c", 
          "name": [
            "Ingenico, France"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Peyrin", 
        "givenName": "Thomas", 
        "id": "sg:person.011167161615.31", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011167161615.31"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Department of Mathematics, Technical University of Denmark, Matematiktorvet 303S, DK-2800, Kgs. Lyngby, Denmark", 
          "id": "http://www.grid.ac/institutes/grid.5170.3", 
          "name": [
            "Department of Mathematics, Technical University of Denmark, Matematiktorvet 303S, DK-2800, Kgs. Lyngby, Denmark"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Thomsen", 
        "givenName": "S\u00f8ren S.", 
        "id": "sg:person.010617664132.88", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.010617664132.88"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Computer Security Division, National Institute of Standards and Technology, USA", 
          "id": "http://www.grid.ac/institutes/grid.94225.38", 
          "name": [
            "Computer Security Division, National Institute of Standards and Technology, USA"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Turan", 
        "givenName": "Meltem S\u00f6nmez", 
        "id": "sg:person.014665266376.28", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.014665266376.28"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Interdisciplinary Institute for BroadBand Technology\u00a0(IBBT), Belgium", 
          "id": "http://www.grid.ac/institutes/grid.56912.39", 
          "name": [
            "Department of Electrical Engineering ESAT/SCD-COSIC, Katholieke\u00a0Universiteit\u00a0Leuven, Kasteelpark\u00a0Arenberg\u00a010, B-3001, Heverlee, Belgium", 
            "Interdisciplinary Institute for BroadBand Technology\u00a0(IBBT), Belgium"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Preneel", 
        "givenName": "Bart", 
        "id": "sg:person.011115044357.39", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011115044357.39"
        ], 
        "type": "Person"
      }
    ], 
    "datePublished": "2010", 
    "datePublishedReg": "2010-01-01", 
    "description": "ESSENCE is a family of cryptographic hash functions, accepted to the first round of NIST\u2019s SHA-3 competition. This paper presents the first known attacks on ESSENCE. We present a semi-free-start collision attack on 31 out of 32 rounds of ESSENCE-512, invalidating the design claim that at least 24 rounds of ESSENCE are secure against differential cryptanalysis. We develop a novel technique to satisfy the first nine rounds of the differential characteristic. Non-randomness in the outputs of the feedback function F is used to construct several distinguishers on a 14-round ESSENCE block cipher and the corresponding compression function, each requiring only 217 output bits. This observation is extended to key-recovery attacks on the block cipher. Next, we show that the omission of round constants allows slid pairs and fixed points to be found. These attacks are independent of the number of rounds. Finally, we suggest several countermeasures against these attacks, while still keeping the design simple and easy to analyze.", 
    "editor": [
      {
        "familyName": "Bao", 
        "givenName": "Feng", 
        "type": "Person"
      }, 
      {
        "familyName": "Yung", 
        "givenName": "Moti", 
        "type": "Person"
      }, 
      {
        "familyName": "Lin", 
        "givenName": "Dongdai", 
        "type": "Person"
      }, 
      {
        "familyName": "Jing", 
        "givenName": "Jiwu", 
        "type": "Person"
      }
    ], 
    "genre": "chapter", 
    "id": "sg:pub.10.1007/978-3-642-16342-5_2", 
    "inLanguage": "en", 
    "isAccessibleForFree": true, 
    "isPartOf": {
      "isbn": [
        "978-3-642-16341-8", 
        "978-3-642-16342-5"
      ], 
      "name": "Information Security and Cryptology", 
      "type": "Book"
    }, 
    "keywords": [
      "hash function", 
      "SHA-3 competition", 
      "block cipher", 
      "cryptographic hash functions", 
      "number of rounds", 
      "key recovery attack", 
      "start collision attack", 
      "compression function", 
      "design claims", 
      "collision attack", 
      "NIST SHA-3 competition", 
      "feedback function f", 
      "attacks", 
      "cipher", 
      "cryptanalysis", 
      "differential cryptanalysis", 
      "output bits", 
      "round constants", 
      "novel technique", 
      "slid pairs", 
      "bits", 
      "countermeasures", 
      "first round", 
      "essence", 
      "distinguisher", 
      "rounds", 
      "design", 
      "differential characteristics", 
      "technique", 
      "function", 
      "output", 
      "family", 
      "function f", 
      "number", 
      "point", 
      "omission", 
      "pairs", 
      "competition", 
      "characteristics", 
      "observations", 
      "claims", 
      "constants", 
      "paper"
    ], 
    "name": "Cryptanalysis of the ESSENCE Family of Hash Functions", 
    "pagination": "15-34", 
    "productId": [
      {
        "name": "dimensions_id", 
        "type": "PropertyValue", 
        "value": [
          "pub.1051981001"
        ]
      }, 
      {
        "name": "doi", 
        "type": "PropertyValue", 
        "value": [
          "10.1007/978-3-642-16342-5_2"
        ]
      }
    ], 
    "publisher": {
      "name": "Springer Nature", 
      "type": "Organisation"
    }, 
    "sameAs": [
      "https://doi.org/10.1007/978-3-642-16342-5_2", 
      "https://app.dimensions.ai/details/publication/pub.1051981001"
    ], 
    "sdDataset": "chapters", 
    "sdDatePublished": "2022-06-01T22:28", 
    "sdLicense": "https://scigraph.springernature.com/explorer/license/", 
    "sdPublisher": {
      "name": "Springer Nature - SN SciGraph project", 
      "type": "Organization"
    }, 
    "sdSource": "s3://com-springernature-scigraph/baseset/20220601/entities/gbq_results/chapter/chapter_157.jsonl", 
    "type": "Chapter", 
    "url": "https://doi.org/10.1007/978-3-642-16342-5_2"
  }
]
 

Download the RDF metadata as:  json-ld nt turtle xml License info

HOW TO GET THIS DATA PROGRAMMATICALLY:

JSON-LD is a popular format for linked data which is fully compatible with JSON.

curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/pub.10.1007/978-3-642-16342-5_2'

N-Triples is a line-based linked data format ideal for batch operations.

curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/pub.10.1007/978-3-642-16342-5_2'

Turtle is a human-readable linked data format.

curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/pub.10.1007/978-3-642-16342-5_2'

RDF/XML is a standard XML format for linked data.

curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/pub.10.1007/978-3-642-16342-5_2'


 

This table displays all metadata directly associated to this object as RDF triples.

173 TRIPLES      23 PREDICATES      69 URIs      62 LITERALS      7 BLANK NODES

Subject Predicate Object
1 sg:pub.10.1007/978-3-642-16342-5_2 schema:about anzsrc-for:08
2 anzsrc-for:0804
3 schema:author Na57e6c24c91c44d2aa565f3ecbd456c0
4 schema:datePublished 2010
5 schema:datePublishedReg 2010-01-01
6 schema:description ESSENCE is a family of cryptographic hash functions, accepted to the first round of NIST’s SHA-3 competition. This paper presents the first known attacks on ESSENCE. We present a semi-free-start collision attack on 31 out of 32 rounds of ESSENCE-512, invalidating the design claim that at least 24 rounds of ESSENCE are secure against differential cryptanalysis. We develop a novel technique to satisfy the first nine rounds of the differential characteristic. Non-randomness in the outputs of the feedback function F is used to construct several distinguishers on a 14-round ESSENCE block cipher and the corresponding compression function, each requiring only 217 output bits. This observation is extended to key-recovery attacks on the block cipher. Next, we show that the omission of round constants allows slid pairs and fixed points to be found. These attacks are independent of the number of rounds. Finally, we suggest several countermeasures against these attacks, while still keeping the design simple and easy to analyze.
7 schema:editor N301895fb46a74f78bbcda3addd2c87ac
8 schema:genre chapter
9 schema:inLanguage en
10 schema:isAccessibleForFree true
11 schema:isPartOf N3b5d6ad3c87a46728543f9ff6fd534c9
12 schema:keywords NIST SHA-3 competition
13 SHA-3 competition
14 attacks
15 bits
16 block cipher
17 characteristics
18 cipher
19 claims
20 collision attack
21 competition
22 compression function
23 constants
24 countermeasures
25 cryptanalysis
26 cryptographic hash functions
27 design
28 design claims
29 differential characteristics
30 differential cryptanalysis
31 distinguisher
32 essence
33 family
34 feedback function f
35 first round
36 function
37 function f
38 hash function
39 key recovery attack
40 novel technique
41 number
42 number of rounds
43 observations
44 omission
45 output
46 output bits
47 pairs
48 paper
49 point
50 round constants
51 rounds
52 slid pairs
53 start collision attack
54 technique
55 schema:name Cryptanalysis of the ESSENCE Family of Hash Functions
56 schema:pagination 15-34
57 schema:productId Nf3b8a350d5fa4dd2904f8194d72ce32a
58 Nfeb84b94abdb4e7ab5722ee2c1097c48
59 schema:publisher Ne275492455b346cea4495c4b0b4f4147
60 schema:sameAs https://app.dimensions.ai/details/publication/pub.1051981001
61 https://doi.org/10.1007/978-3-642-16342-5_2
62 schema:sdDatePublished 2022-06-01T22:28
63 schema:sdLicense https://scigraph.springernature.com/explorer/license/
64 schema:sdPublisher Nf989ba6631c041d3942b5a9d77e30911
65 schema:url https://doi.org/10.1007/978-3-642-16342-5_2
66 sgo:license sg:explorer/license/
67 sgo:sdDataset chapters
68 rdf:type schema:Chapter
69 N09d621dd1bc64758a9ed9ff255bcff7e rdf:first Nba5e4b5bf8024c7c82e0ceb44391a8fa
70 rdf:rest N32132ffba33541a6ac9417e10a25e33b
71 N26b6b447dc224aeba9851852efe85bc6 rdf:first sg:person.011362012455.96
72 rdf:rest Ndb23389bbc0845f7b07a5ab3b0462ee6
73 N27e0f8aa155c4137b2c3ee78b0566ba6 schema:familyName Lin
74 schema:givenName Dongdai
75 rdf:type schema:Person
76 N28bdea28e21047b9bb991a6698c42992 rdf:first Nbe24359278844ac287e700416966a434
77 rdf:rest rdf:nil
78 N2d9d1e0668674352a07066dfd74cc179 rdf:first sg:person.010617664132.88
79 rdf:rest Ne250dff280e442f6a91dd778891e6ab2
80 N301895fb46a74f78bbcda3addd2c87ac rdf:first Nd51a3d44874c4febb10022b3f0e1abb0
81 rdf:rest N09d621dd1bc64758a9ed9ff255bcff7e
82 N32132ffba33541a6ac9417e10a25e33b rdf:first N27e0f8aa155c4137b2c3ee78b0566ba6
83 rdf:rest N28bdea28e21047b9bb991a6698c42992
84 N3b5d6ad3c87a46728543f9ff6fd534c9 schema:isbn 978-3-642-16341-8
85 978-3-642-16342-5
86 schema:name Information Security and Cryptology
87 rdf:type schema:Book
88 N92113d731d784fc9afe4cc49a179ee40 rdf:first sg:person.011167161615.31
89 rdf:rest N2d9d1e0668674352a07066dfd74cc179
90 Na57e6c24c91c44d2aa565f3ecbd456c0 rdf:first sg:person.014546777621.78
91 rdf:rest N26b6b447dc224aeba9851852efe85bc6
92 Nba5e4b5bf8024c7c82e0ceb44391a8fa schema:familyName Yung
93 schema:givenName Moti
94 rdf:type schema:Person
95 Nbe24359278844ac287e700416966a434 schema:familyName Jing
96 schema:givenName Jiwu
97 rdf:type schema:Person
98 Nc7640696e8f341dbb9e8c5fa8a2abf6c rdf:first sg:person.011115044357.39
99 rdf:rest rdf:nil
100 Nd51a3d44874c4febb10022b3f0e1abb0 schema:familyName Bao
101 schema:givenName Feng
102 rdf:type schema:Person
103 Ndb23389bbc0845f7b07a5ab3b0462ee6 rdf:first sg:person.012606440341.66
104 rdf:rest N92113d731d784fc9afe4cc49a179ee40
105 Ne250dff280e442f6a91dd778891e6ab2 rdf:first sg:person.014665266376.28
106 rdf:rest Nc7640696e8f341dbb9e8c5fa8a2abf6c
107 Ne275492455b346cea4495c4b0b4f4147 schema:name Springer Nature
108 rdf:type schema:Organisation
109 Nf3b8a350d5fa4dd2904f8194d72ce32a schema:name doi
110 schema:value 10.1007/978-3-642-16342-5_2
111 rdf:type schema:PropertyValue
112 Nf989ba6631c041d3942b5a9d77e30911 schema:name Springer Nature - SN SciGraph project
113 rdf:type schema:Organization
114 Nfeb84b94abdb4e7ab5722ee2c1097c48 schema:name dimensions_id
115 schema:value pub.1051981001
116 rdf:type schema:PropertyValue
117 anzsrc-for:08 schema:inDefinedTermSet anzsrc-for:
118 schema:name Information and Computing Sciences
119 rdf:type schema:DefinedTerm
120 anzsrc-for:0804 schema:inDefinedTermSet anzsrc-for:
121 schema:name Data Format
122 rdf:type schema:DefinedTerm
123 sg:person.010617664132.88 schema:affiliation grid-institutes:grid.5170.3
124 schema:familyName Thomsen
125 schema:givenName Søren S.
126 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.010617664132.88
127 rdf:type schema:Person
128 sg:person.011115044357.39 schema:affiliation grid-institutes:grid.56912.39
129 schema:familyName Preneel
130 schema:givenName Bart
131 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011115044357.39
132 rdf:type schema:Person
133 sg:person.011167161615.31 schema:affiliation grid-institutes:grid.435187.c
134 schema:familyName Peyrin
135 schema:givenName Thomas
136 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011167161615.31
137 rdf:type schema:Person
138 sg:person.011362012455.96 schema:affiliation grid-institutes:grid.56912.39
139 schema:familyName Sekar
140 schema:givenName Gautham
141 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011362012455.96
142 rdf:type schema:Person
143 sg:person.012606440341.66 schema:affiliation grid-institutes:grid.410380.e
144 schema:familyName Aumasson
145 schema:givenName Jean-Philippe
146 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.012606440341.66
147 rdf:type schema:Person
148 sg:person.014546777621.78 schema:affiliation grid-institutes:grid.56912.39
149 schema:familyName Mouha
150 schema:givenName Nicky
151 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.014546777621.78
152 rdf:type schema:Person
153 sg:person.014665266376.28 schema:affiliation grid-institutes:grid.94225.38
154 schema:familyName Turan
155 schema:givenName Meltem Sönmez
156 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.014665266376.28
157 rdf:type schema:Person
158 grid-institutes:grid.410380.e schema:alternateName FHNW, Windisch, Switzerland
159 schema:name FHNW, Windisch, Switzerland
160 rdf:type schema:Organization
161 grid-institutes:grid.435187.c schema:alternateName Ingenico, France
162 schema:name Ingenico, France
163 rdf:type schema:Organization
164 grid-institutes:grid.5170.3 schema:alternateName Department of Mathematics, Technical University of Denmark, Matematiktorvet 303S, DK-2800, Kgs. Lyngby, Denmark
165 schema:name Department of Mathematics, Technical University of Denmark, Matematiktorvet 303S, DK-2800, Kgs. Lyngby, Denmark
166 rdf:type schema:Organization
167 grid-institutes:grid.56912.39 schema:alternateName Interdisciplinary Institute for BroadBand Technology (IBBT), Belgium
168 schema:name Department of Electrical Engineering ESAT/SCD-COSIC, Katholieke Universiteit Leuven, Kasteelpark Arenberg 10, B-3001, Heverlee, Belgium
169 Interdisciplinary Institute for BroadBand Technology (IBBT), Belgium
170 rdf:type schema:Organization
171 grid-institutes:grid.94225.38 schema:alternateName Computer Security Division, National Institute of Standards and Technology, USA
172 schema:name Computer Security Division, National Institute of Standards and Technology, USA
173 rdf:type schema:Organization
 




Preview window. Press ESC to close (or click here)


...