Collision Spectrum, Entropy Loss, T-Sponges, and Cryptanalysis of GLUON-64

Perrin, Léo Paul; Khovratovich, Dmitry

doi:10.1007/978-3-662-46706-0_5

Reference : Collision Spectrum, Entropy Loss, T-Sponges, and Cryptanalysis of GLUON-64


	Document type :	Scientific congresses, symposiums and conference proceedings : Paper published in a book
	Discipline(s) :	Engineering, computing & technology : Computer science
	To cite this reference:	http://hdl.handle.net/10993/17938

Title :	Collision Spectrum, Entropy Loss, T-Sponges, and Cryptanalysis of GLUON-64
Language :	English
Author, co-author :	Perrin, Léo Paul [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
	Khovratovich, Dmitry [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
Publication date :	Mar-2014
Main document title :	Fast Software Encryption - 21th International Workshop, FSE 2014, London, March 3-5, 2014
Publisher :	Springer
Collection and collection volume :	Lecture Notes in Computer Science; 8540
Pages :	82-103
Peer reviewed :	Yes
On invitation :	No
Audience :	International
Event name :	21st International Workshop on Fast Software Encryption
Event date :	from 03-03-2014 to 05-03-2014.
Event place (city) :	London
Event country :	United Kingdom
Keywords :	[en] Random function ; Collision Probability Spectrum ; GLUON
Abstract :	[en] In this paper, we investigate the security provided by iterative non-injective functions. We introduce the Collision Probabilities Spectrum (CPS) to quantify how far from a permutation a function is. In particular, we show that the size of the iterated image of such a function decreases linearly with the number of iterations and that collision trees of quadratic size appear. We discuss the influence of the CPS over collision search efficiency by connecting it with the function's balance. We then show that the security of a so-called T-Sponge is only marginally impacted by the number of collisions occurring because of the update function. However, the loss of entropy in the update function can lead to a greatly simplified preimage search for a particular family of messages if the rate is small. Consequences of the entropy loss when duplexing the sponge to provide one-pass authenticated encryption and for Davies-Meyer construction are also studied. Finally, we use a heuristic method to estimate the CPS of the update function of GLUON-64. Applying our results, we prove for instance that if a message is only known to end with a sequence of 1 Mb (respectively 1 Gb) of zero bytes, then it is possible to find a preimage for its digest in time $2^{115.3}$ (respectively $2^{105.3}$) instead of $2^{128}$.
Funders :	Fonds National de la Recherche - FnR
Name of the research project :	I2R-DIR-PFN-12ACRY > CORE 2012 C12/IS/4009992 ACRYPT - APllied Cryptography for I > 01/07/2013 - 30/06/2016 > BIRYUKOV Alex
Target :	Researchers
Permalink :	http://hdl.handle.net/10993/17938
DOI :	10.1007/978-3-662-46706-0_5

File(s) associated to this reference

Fulltext file(s):

	File	Commentary	Version	Size	Access
Open access	223.pdf		Author preprint	456.21 kB	View/Open

All documents in ORBi^lu are protected by a user license.

University of Luxembourg Library | Feedback | Legal notices