salle A. Turing CE4
24 janvier 2012 - 14h00
Boomerang attacks against ARX hash functions.
par Gaëtan Leurent de Université du Luxembourg
Abstract: In this work we study differential attacks -- and in particular boomerang
attacks -- against ARX-based hash functions such as Blake and Skein. ARX
designs are quite popular, but analysis of these schemes is hard because
differentials path must be constructed and verified at the bit level.
The first part of the talk will describe an improvement to boomerang attacks
when used in the context of hash functions. We present a new way to combine
message modifications, or auxiliary differentials, with the boomerang
attack. We show that under some conditions, we can combine three
independent paths instead of two for the classical boomerang attack. This
leads to a semi-practical distinguisher for the compression function of
Skein-256 (reduced to 32 rounds), and for the inner permutation of Blake-256
(reduced to 8 rounds).
In the second part of the talk, we study the details of differential paths.
We describe some techniques to compute constraints that must be satisfied by
the messages and show that many previous results are based on paths that are
not satisfiable. For our new attacks, the paths have been verified by
building actual messages, since the complexity is low enough.
Les tranparents de la presentation.