Self-Dierential Cryptanalysis of Up to 5 Rounds of SHA-3
On October 2-nd 2012 NIST announced its selection of the Keccak scheme as the new SHA-3 hash standard. In this paper, the authors present the first published collision finding attacks on reduced-round versions of Keccak-384 and Keccak-512, providing actual collisions for 3-round versions, and describing attacks which are much faster than birthday attacks for 4-round Keccak-384. For Keccak-256, they increase the number of rounds which can be attacked to 5. All these results are based on a new type of self-differential attack, which makes it possible to map a large number of Keccak inputs into a relatively small subset of possible outputs with a surprisingly large probability, which makes it easier to find random collisions in this subset.