375528
doi
10.5281/zenodo.375528
oai:zenodo.org:375528
user-hector
user-eu
Maria Eichlseder
TU Graz
Florian Mendel
TU Graz
Cryptanalysis of Simpira v1
Christoph Dobraunig
TU Graz
info:eu-repo/semantics/openAccess
Creative Commons Attribution 4.0 International
https://creativecommons.org/licenses/by/4.0/legalcode
Simpira, permutation-based cryptography, cryptanalysis, hash functions, collisions
<p>Simpira v1 is a recently proposed family of permutations, based on the AES round function. The design includes recommendations for using the Simpira permutations in block ciphers, hash functions, or authenticated ciphers. The designers' security analysis is based on computer-aided bounds for the minimum number of active S-boxes. We<br>
show that the underlying assumptions of independence, and thus the derived bounds, are incorrect. For family member Simpira-4, we provide di erential trails with only 40 (instead of 75) active S-boxes for the recommended 15 rounds. Based on these trails, we propose full-round collision attacks on the proposed Simpira-4 Davies-Meyer hash construction, with<br>
complexity 2<sup>82.62</sup> for the recommended full 15 rounds and a truncated 256-bit hash value, and complexity 2<sup>110.16</sup> for 16 rounds and the full 512-bit hash value. These attacks violate the designers' security claims that there are no structural distinguishers with complexity below 2<sup>128</sup>.</p>
Zenodo
2017-03-07
info:eu-repo/semantics/conferencePaper
787073
user-hector
user-eu
award_title=HARDWARE ENABLED CRYPTO AND RANDOMNESS; award_number=644052; award_identifiers_scheme=url; award_identifiers_identifier=https://cordis.europa.eu/projects/644052; funder_id=00k4n6c32; funder_name=European Commission;
1579534135.775045
364914
md5:49f7933925184cdacd04e3efe5a8b45e
https://zenodo.org/records/375528/files/2016-SAC-Cryptanalysis of Simpira.pdf
public
isVersionOf
doi