Abstract
We study known-key distinguishing and partial-collision attacks on GFN-2 structures with various block lengths in this paper. For 4-branch GFN-2, we present 15-round known-key distinguishing attack and 11-round partial-collision attack which improve previous results. We also present 17-round known-key distinguishing attack on 6-branch GFN-2 and 27-round known-key distinguishing attack on 8-branch GFN-2 and show that several partial-collision attacks are derived from them. Additionally, some attacks are valid under special conditions for the F-function.
Highlights
PreliminariesErefore, the inbound structure of F-function (ISF) contains about (2b − 1) pairs because the F-function has about (2b − 1)2×2−4 possible input-output difference pairs with the form (ΔP(1), Δ1)
In [4], Kang et al analyzed only t 4 cases of GFNs and assumed that the last-round function has no shuffle operation. ey presented a 13-round known-key distinguishing attack on GFN-2 and 9-round 1-word and 2-word partialcollision attacks on Matyas-Meyer-Oseas and MiyaguchiPreneel hash modes of GFN-2
(iii) For 8-branch GFN-2, we find a 11-round inbound structure and make a 27-round known-key distinguishing attack which is extended to 29 rounds when a 8
Summary
Erefore, the ISF contains about (2b − 1) pairs because the F-function has about (2b − 1)2×2−4 possible input-output difference pairs with the form (ΔP(1), Δ1). En, the complexity of the phase checking the validity of an input-output difference pair for the S-box is dominant in the computational complexity required for constructing the ISF. We assume that DDT of the S-box is given in advance and that DDT contains all possible input pairs for each input and output differences. It is about a×22b table lookups 22b F-function evaluations because the F-function consists of a S-boxes. See Figure 4. roughout this paper, we assume the hash mode of GFN-2 is MMO or MP whenever we explain partial-collision attacks
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
