Abstract
SIMD is one of the round 2 candidates of the public SHA-3 competition hosted by NIST. It was designed by Leurent et al.. In this paper, we present a distinguisher attack on the compression function of SIMD-512. By linearizing the compression function we construct a linear code. Using techniques from coding theory to search for low Hamming weight codewords, we can find differential characteristics with low Hamming weight (and hence high probability). In the attack the differences are introduced only in the IV. Such a characteristic is the base for our distinguisher, which can distinguish the compression function of SIMD-512 from random with a complexity of 5.2425.28 compression function calls. Furthermore, we can distinguish the output transformation of SIMD-512 from random with a complexity of about 22.2425.28 compression function calls. So far this is the first cryptanalytic result for the SIMD hash function. © 2009 Springer-Verlag.
Author supplied keywords
Cite
CITATION STYLE
Mendel, F., & Nad, T. (2009). A distinguisher for the compression function of SIMD-512. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 5922 LNCS, pp. 219–232). https://doi.org/10.1007/978-3-642-10628-6_15
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
