Keccak has become a hotspot after it has been selected as the new Hash standard SHA-3 in 2012.In this paper,give the inverse mappings ofρ,πandχmappings in SHA-3 permutation.ρmapping intends to provide intra lane diffusion along z axis.By shifting to-ward the reverse direction in terms of the same rotation constants table ofρ,can get its inverse mappingρ-1 .The inverse mapping ofπis obtained by using Gauss elimination method on the transformational matrix ofπin GF(5 ).χmapping is the only non-linear mapping of SHA-3 permutation,give its inverse mapping in the form of Boolean function expression through the truth table ofχ.By means of the inverse mappings ofρ,πandχ,a differential attack on SHA-3 can be implemented using the meet-in-the-middle thought.In addition, by using the message modification technique,the differential path can be throughχ-1 with probability 1 ,thus greatly improving the success probability of the attack.%Keccak自2012年被宣布为新一代Hash函数标准SHA-3后受到密码学界的高度关注,成为当前Hash函数研究的热点。文中给出了SHA-3轮函数中ρ、π和χ三个变换的逆变换。ρ变换只在同一道内沿z轴正向循环移位,故依据其移位距离表沿z轴负方向移位同样距离即得到其逆变换ρ-1;π变换依赖于GF (5)上一个2阶变换矩阵,利用高斯消元法对此方阵求逆可得到其逆矩阵,也即得到了π变换的逆变换;χ变换是SHA-3轮函数中唯一的非线性变换,首先列出χ变换的真值表,然后通过真值表推导得出了其逆变换χ-1的布尔函数表达式。基于ρ-1、π-1和χ-1,可利用中间相遇攻击的思想构造差分路径对SHA-3进行攻击,通过消息修改技术使差分路径以概率1通过χ-1,能够大大提高攻击成功的概率。
展开▼
