Abstract
ESSENCE is a hash function submitted to the NIST Hash Competition that stands out as a hardware-friendly and highly parallelizable design. Previous analysis showed some non-randomness in the compression function which could not be extended to an attack on the hash function and ESSENCE remained unbroken. Preliminary analysis in its documentation argues that it resists standard differential cryptanalysis. This paper disproves this claim, showing that advanced techniques can be used to significantly reduce the cost of such attacks: using a manually found differential characteristic and an advanced search algorithm, we obtain collision attacks on the full ESSENCE-256 and ESSENCE-512, with respective complexities 267.4 and 2 134.7. In addition, we show how to use these attacks to forge valid (message, MAC) pairs for HMAC-ESSENCE-256 and HMAC-ESSENCE-512, essentially at the same cost as a collision. © 2010 Springer-Verlag.
Author supplied keywords
Cite
CITATION STYLE
Naya-Plasencia, M., Röck, A., Aumasson, J. P., Laigle-Chapuy, Y., Leurent, G., Meier, W., & Peyrin, T. (2010). Cryptanalysis of ESSENCE. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 6147 LNCS, pp. 134–152). https://doi.org/10.1007/978-3-642-13858-4_8
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
