Planned intervention: On Wednesday April 3rd 05:30 UTC Zenodo will be unavailable for up to 2-10 minutes to perform a storage cluster upgrade.
Published November 13, 2016 | Version v1
Conference paper Open

Analysis of the Kupyna-256 Hash Function

  • 1. TU Graz

Description

The hash function Kupyna was recently published as the Ukrainian standard DSTU 7564:2014. It is structurally very similar to the SHA-3 finalist GrØstl, but differs in details of the round transformations.

Most notably, some of the round constants are added with a modular addition, rather than bitwise xor. This change prevents a straightforward application of some recent attacks, in particular of the rebound attacks on the compression function of similar AES-like hash constructions. However, we show that it is actually possible to mount rebound attacks, despite the presence of modular constant additions. More specifically, we describe collision attacks on the compression function for 6 (out of 10) rounds of Kupyna-256 with an attack complexity of 270, and for 7 rounds with complexity 2125:8. In addition, we have been able to use the rebound attack for creating collisions for the round-reduced hash function itself. This is possible for 4 rounds of Kupyna-256 with complexity 267 and for 5 rounds with complexity 2120.

Notes

H2020 HECTOR 644052

Files

HECTOR-Analysis-Kupyna-Hash-Function-2016.pdf

Files (457.7 kB)

Name Size Download all
md5:b8e426aef67f4b4386281c3e5935e209
457.7 kB Preview Download

Additional details