A preimage attack on reduced GIMLI‐HASH with unbalanced squeezing phase. (22nd March 2022)
- Record Type:
- Journal Article
- Title:
- A preimage attack on reduced GIMLI‐HASH with unbalanced squeezing phase. (22nd March 2022)
- Main Title:
- A preimage attack on reduced GIMLI‐HASH with unbalanced squeezing phase
- Authors:
- Lee, Yongseong
Kang, Jinkeon
Chang, Donghoon
Hong, Seokhie - Abstract:
- Abstract: In Conference on Cryptographic Hardware and Embedded System 2017, Bernstein et al. proposed GIMLI, a 384‐bit permutation with 24 rounds, which aims to provide high performance on various platforms. In 2019, the full‐round (24 rounds) GIMLI permutation was used as an underlying primitive for building AEAD GIMLI‐CIPHER and hash function GIMLI‐HASH, which were submitted to the NIST Lightweight Cryptography Standardisation process and selected as one of the second‐round candidates. In Transactions on Symmetric Cryptology 2021, Liu et al. presented a preimage attack with a divide‐and‐conquer method on round‐reduced GIMLI‐HASH, which uses 5‐round GIMLI . In this paper, preimage attacks on a round‐reduced variant of GIMLI‐HASH is presented, in which the message absorbing phase uses 5‐round GIMLI and the squeezing phase uses 9‐round GIMLI . This variant is called as 5–9‐round GIMLI‐HASH . The authors' preimage attack on 5–9‐round GIMLI‐HASH requires 2 96.44 time complexity and 2 97 memory complexity. Also, this method can be reached up to round shifted 10‐round GIMLI in the squeezing phase. The authors' first attack requires the memory for storing several precomputation tables in GIMLI SP‐box operations. In the authors' second attack, a time‐memory trade‐off approach is taken, reducing memory requirements for precomputation tables but increasing computing time for solving SP‐box equations by using SAT solver. This attack requires 2 66.17 memory complexity and 2 96+ ϵ timeAbstract: In Conference on Cryptographic Hardware and Embedded System 2017, Bernstein et al. proposed GIMLI, a 384‐bit permutation with 24 rounds, which aims to provide high performance on various platforms. In 2019, the full‐round (24 rounds) GIMLI permutation was used as an underlying primitive for building AEAD GIMLI‐CIPHER and hash function GIMLI‐HASH, which were submitted to the NIST Lightweight Cryptography Standardisation process and selected as one of the second‐round candidates. In Transactions on Symmetric Cryptology 2021, Liu et al. presented a preimage attack with a divide‐and‐conquer method on round‐reduced GIMLI‐HASH, which uses 5‐round GIMLI . In this paper, preimage attacks on a round‐reduced variant of GIMLI‐HASH is presented, in which the message absorbing phase uses 5‐round GIMLI and the squeezing phase uses 9‐round GIMLI . This variant is called as 5–9‐round GIMLI‐HASH . The authors' preimage attack on 5–9‐round GIMLI‐HASH requires 2 96.44 time complexity and 2 97 memory complexity. Also, this method can be reached up to round shifted 10‐round GIMLI in the squeezing phase. The authors' first attack requires the memory for storing several precomputation tables in GIMLI SP‐box operations. In the authors' second attack, a time‐memory trade‐off approach is taken, reducing memory requirements for precomputation tables but increasing computing time for solving SP‐box equations by using SAT solver. This attack requires 2 66.17 memory complexity and 2 96+ ϵ time complexity, where ϵ is a time complexity for solving SP‐box equations. The authors' experiments using CryptoMiniSat SAT solver show that the maximum time complexity for ϵ is about 2 20.57 9‐round GIMLI . … (more)
- Is Part Of:
- IET information security. Volume 17:Number 1(2023)
- Journal:
- IET information security
- Issue:
- Volume 17:Number 1(2023)
- Issue Display:
- Volume 17, Issue 1 (2023)
- Year:
- 2023
- Volume:
- 17
- Issue:
- 1
- Issue Sort Value:
- 2023-0017-0001-0000
- Page Start:
- 66
- Page End:
- 79
- Publication Date:
- 2022-03-22
- Subjects:
- GIMLI -- GIMLI‐HASH -- hash function -- preimage attack
Computer security -- Periodicals
Cryptography -- Periodicals
Computer networks -- Security measures -- Periodicals
Database security -- Periodicals
005.8 - Journal URLs:
- https://ietresearch.onlinelibrary.wiley.com/journal/17518717 ↗
http://digital-library.theiet.org/content/journals/iet-ifs ↗
http://www.ietdl.org/IET-IFS ↗
http://www.theiet.org/ ↗ - DOI:
- 10.1049/ise2.12060 ↗
- Languages:
- English
- ISSNs:
- 1751-8709
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4363.252660
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 25086.xml