Welcome!
To use the personalized features of this site, please log in or register.
If you have forgotten your username or password, we can help.
|
 |
Practical Collisions for SHAMATA-256
| |
|
Practical Collisions for SHAMATA-256
Sebastiaan Indesteege18, 19, Florian Mendel20, Bart Preneel18, 19 and Martin Schläffer20
| (18) |
Department of Electrical Engineering ESAT/COSIC, Katholieke Universiteit Leuven., Kasteelpark Arenberg 10, B–3001 Heverlee, Belgium |
| (19) |
Interdisciplinary Institute for BroadBand Technology (IBBT), Belgium |
| (20) |
Institute for Applied Information Processing and Communications, Inffeldgasse 16a, A–8010 Graz, Austria |
Abstract
In this paper, we present a collision attack on the SHA-3 submission SHAMATA. SHAMATA is a stream cipher-like hash function
design with components of the AES, and it is one of the fastest submitted hash functions. In our attack, we show weaknesses
in the message injection and state update of SHAMATA. It is possible to find certain message differences that do not get changed
by the message expansion and non-linear part of the state update function. This allows us to find a differential path with
a complexity of about 296 for SHAMATA-256 and about 2110 for SHAMATA-512, using a linear low-weight codeword search. Using an efficient guess-and-determine technique we can significantly
improve the complexity of this differential path for SHAMATA-256. With a complexity of about 240 we are even able to construct practical collisions for the full hash function SHAMATA-256.
Keywords SHAMATA - SHA-3 candidate - hash function - collision attack
Fulltext Preview (Small, Large)
 References secured to subscribers.
|
|
|
|
|
|