<p>With the growing prevalence of compact and resource-constrained computing devices, demand for lightweight cryptographic schemes is burgeoning. <Emphasis FontCategory="NonProportional">Xoodyak-Hash</Emphasis>, a lightweight hash function that entered the final round of the NIST Lightweight Cryptography (LWC), has received extensive attention owing to its security and high efficiency. Meet-in-the-Middle (MitM) attack serves as an effective method for the analysis of sponge-based hashing. Nevertheless, constrained by the large search space, the optimization of MitM attack remains to be further investigated. We introduce an improved approach, overall-weak-diffusion structure searching strategy, to identify a weak diffusion neutral set in the heuristic two-stage searching strategy, and apply it to 3-round <Emphasis FontCategory="NonProportional">Xoodyak-Hash</Emphasis>. Ultimately, the time complexity of MitM collision attack against 3-round <Emphasis FontCategory="NonProportional">Xoodyak-Hash</Emphasis> is reduced to <InlineEquation ID="IEq1"> <EquationSource Format="TEX">\(2^{124.24}\)</EquationSource> <EquationSource Format="MATHML"><math> <msup> <mn>2</mn> <mrow> <mn>124.24</mn> </mrow> </msup> </math></EquationSource> </InlineEquation> and the memory is <InlineEquation ID="IEq2"> <EquationSource Format="TEX">\({2}^{123}\)</EquationSource> <EquationSource Format="MATHML"><math> <msup> <mrow> <mn>2</mn> </mrow> <mn>123</mn> </msup> </math></EquationSource> </InlineEquation>. To our knowledge, this establishes the most efficient collision attack against 3-round <Emphasis FontCategory="NonProportional">Xoodyak-Hash</Emphasis>, which lowers both the time and memory complexities by half compared to the current best results achieved at CRYPTO 2024. Furthermore, this paper also evaluates the resistance of 3-round <Emphasis FontCategory="NonProportional">Xoodyak</Emphasis>-like hashing against MitM collision attack and provides recommendations for parameter selection.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Improved meet-in-the-middle collision attack on round-reduced Xoodyak

  • Mingyao Gao,
  • Shun Zhang,
  • Jie Guan,
  • Tairong Shi,
  • Senpeng Wang

摘要

With the growing prevalence of compact and resource-constrained computing devices, demand for lightweight cryptographic schemes is burgeoning. Xoodyak-Hash, a lightweight hash function that entered the final round of the NIST Lightweight Cryptography (LWC), has received extensive attention owing to its security and high efficiency. Meet-in-the-Middle (MitM) attack serves as an effective method for the analysis of sponge-based hashing. Nevertheless, constrained by the large search space, the optimization of MitM attack remains to be further investigated. We introduce an improved approach, overall-weak-diffusion structure searching strategy, to identify a weak diffusion neutral set in the heuristic two-stage searching strategy, and apply it to 3-round Xoodyak-Hash. Ultimately, the time complexity of MitM collision attack against 3-round Xoodyak-Hash is reduced to \(2^{124.24}\) 2 124.24 and the memory is \({2}^{123}\) 2 123 . To our knowledge, this establishes the most efficient collision attack against 3-round Xoodyak-Hash, which lowers both the time and memory complexities by half compared to the current best results achieved at CRYPTO 2024. Furthermore, this paper also evaluates the resistance of 3-round Xoodyak-like hashing against MitM collision attack and provides recommendations for parameter selection.