Itai Dinur
Weizmann Institute
Collision attacks on up to 5 rounds of SHA-3 using generalized internal differentials
In this talk I will present the first published collision finding attacks on reduced-round versions of Keccak-384 and Keccak-512, providing actual collisions for 3-round versions, and describing an attack which is 2^45 times faster than birthday attacks for 4-round Keccak-384. For Keccak-256, we increase the number of rounds which can be attacked to 5. All these results are based on a generalized internal differential attack (introduced by Peyrin at Crypto 2010), and use it to map a large number of Keccak inputs into a relatively small subset of possible outputs with a surprisingly large probability. In such a squeeze attack it is easier to find random collisions in the reduced target subset by a standard birthday argument. Joint work with Orr Dunkelman and Adi Shamir.