This paper provides three important contributions to the security analysis of SIMD. First, we show a new free-start distinguisher based on symmetry relations. It allows to distinguish the compression function of SIMD from a random function with a single evaluation. Then, we show that a class of free-start distinguishers is not a threat to wide-pipe hash functions. In particular, this means that our distinguisher has a minimal impact on the security of the SIMD hash function. Intuitively, the reason why this distinguisher does not weaken the function is that getting into a symmetric state is about as hard as finding a preimage. Finally, we study differential path in SIMD, and give an upper bound on the probability of related key differential paths. Our bound is in the order of 2-n/2 using very weak assumptions. © 2011 Springer-Verlag Berlin Heidelberg.
CITATION STYLE
Bouillaguet, C., Fouque, P. A., & Leurent, G. (2011). Security analysis of SIMD. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 6544 LNCS, pp. 351–368). https://doi.org/10.1007/978-3-642-19574-7_24
Mendeley helps you to discover research relevant for your work.