International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Practical Preimage Attacks on 3-Round Keccak-256 and 4-Round Keccak[r=640, c=160]

Authors:
Xiaoen Lin
Le He
Hongbo Yu
Download:
DOI: 10.46586/tosc.v2025.i1.328-356
URL: https://tosc.iacr.org/index.php/ToSC/article/view/12079
Search ePrint
Search Google
Abstract: Recently, linear structures and algebraic attacks have been widely used in preimage attacks on round-reduced Keccak. Inherited by pioneers’ work, we make some improvements for 3-round Keccak-256 and 4-round Keccak[r=640, c=160]. For 3-round Keccak-256, we introduce a three-stage model to deal with the unsatisfied restrictions while bringing more degrees of freedom at the same time. Besides, we show that guessing values for different variables will result in different complexity of solving time. With these techniques, the guessing times can be decreased to 252, and the solving time for each guess can be decreased to around 25.2 3-round Keccak calls. As a result, the complexity of finding a preimage for 3-round Keccak-256 can be decreased to around 257.2. For 4-round Keccak[r=640, c=160], an instance of the Crunchy Contest, we use some techniques to save degrees of freedom and make better linearization. Based on these techniques, we build an MILP model and obtain an attack with better complexity of around 260.9. The results of 3-round Keccak-256 and 4-round Keccak[r=640, c=160] are verified with real examples.
BibTeX
@article{tosc-2025-35397,
  title={Practical Preimage Attacks on 3-Round Keccak-256 and 4-Round Keccak[r=640, c=160]},
  journal={IACR Transactions on Symmetric Cryptology},
  publisher={Ruhr-Universität Bochum},
  volume={2025},
  pages={328-356},
  url={https://tosc.iacr.org/index.php/ToSC/article/view/12079},
  doi={10.46586/tosc.v2025.i1.328-356},
  author={Xiaoen Lin and Le He and Hongbo Yu},
  year=2025
}