Preimage Attacks on Reduced Troika with Divide-and-Conquer Methods

被引:2
作者
Liu, Fukang [1 ,3 ]
Isobe, Takanori [2 ,3 ]
机构
[1] East China Normal Univ, Shanghai, Peoples R China
[2] Natl Inst Informat & Commun Technol, Tokyo, Japan
[3] Univ Hyogo, Kobe, Hyogo, Japan
来源
ADVANCES IN INFORMATION AND COMPUTER SECURITY, IWSEC 2019 | 2019年 / 11689卷
关键词
Hash function; Troika; Preimage; Guess-and-determine; Divide-and-conquer; MILP;
D O I
10.1007/978-3-030-26834-3_18
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Troika is a recently proposed sponge-based hash function for IOTA's ternary architecture and platform, which is developed by CYBERCRYPT. In this paper, we introduce the preimage attack on 2 and 3 rounds of Troika with a divide-and-conquer approach. Instead of directly matching a given hash value, we propose equivalent conditions to determine whether a message is the preimage before computing the complete hash value. As a result, for the two-round hash value that can be generated with one block, we can search the preimage only in a valid space and efficiently enumerate the messages which can satisfy most of the equivalent conditions with a guess-and-determine technique. For the three-round preimage attack, an MILP-based method is applied to separate the one-block message space into two parts in order to obtain the best advantage over brute force. Our experiments show that the time complexity of the preimage attack on 2 (out of 24) rounds of Troika can be improved to 379, which is 3164 times faster than the brute force. For the preimage attack on 3 (out of 24) rounds of Troika, we can obtain an advantage of 325.7 over brute force. In addition, how to construct the second preimage for two-round Troika in seconds is presented as well. Our attacks do not threaten the security of Troika.
引用
收藏
页码:306 / 326
页数:21
相关论文
共 9 条
[1]  
[Anonymous], 2018, TERN HASH FUNCT
[2]  
[Anonymous], 2011, SYMM KEY ENCR WORKSH
[3]   Cube Attacks and Cube-Attack-Like Cryptanalysis on the Round-Reduced Keccak Sponge Function [J].
Dinur, Itai ;
Morawiecki, Pawel ;
Pieprzyk, Josef ;
Srebrny, Marian ;
Straus, Michal .
ADVANCES IN CRYPTOLOGY - EUROCRYPT 2015, PT I, 2015, 9056 :733-761
[4]  
Dinur I, 2012, LECT NOTES COMPUT SC, V7549, P442, DOI 10.1007/978-3-642-34047-5_25
[5]   Linear Structures: Applications to Cryptanalysis of Round-Reduced KECCAK [J].
Guo, Jian ;
Liu, Meicheng ;
Song, Ling .
ADVANCES IN CRYPTOLOGY - ASIACRYPT 2016, PT I, 2016, 10031 :249-274
[6]  
Li T, 2017, IACR T SYMMETRIC CRY, V2017, P39, DOI 10.13154/tosc.v2017.i4.39-57
[7]  
Mouha Nicky, 2012, Information Security and Cryptology. 7th International Conference, Inscrypt 2011. Revised Selected Papers, P57, DOI 10.1007/978-3-642-34704-7_5
[8]   New Collision Attacks on Round-Reduced Keccak [J].
Qiao, Kexin ;
Song, Ling ;
Liu, Meicheng ;
Guo, Jian .
ADVANCES IN CRYPTOLOGY - EUROCRYPT 2017, PT III, 2017, 10212 :216-243
[9]   Non-full Sbox Linearization: Applications to Collision Attacks on Round-Reduced KECCAK [J].
Song, Ling ;
Liao, Guohong ;
Guo, Jian .
ADVANCES IN CRYPTOLOGY - CRYPTO 2017, PART II, 2017, 10402 :428-451