Cryptanalysis of the ESSENCE Family of Hash Functions
Nicky Mouha , Gautham Sekar, Jean-Philippe Aumasson , Thomas Peyrin, Soren S. Thomsen , Meltem Sonmez Turan, Bart Preneel
ESSENCE is a family of cryptographic hash functions, accepted to the first round of NIST's SHA-3 competition. This paper presents the first known attacks on ESSENCE. We present a semi-free-start collision attack on 31 out of 32 rounds of ESSENCE-512, invalidating the design claim that at least 24 rounds of ESSENCE are secure against differential cryptanalysis. We develop a novel technique to satisfy the first nine rounds of the differential characteristic. Non-randomness in the outputs of the feedback function $F$ is used to construct several distinguishers on a 14-round ESSENCE block cipher and the corresponding compression function, each requiring only $2^17}$ output bits. This observation is extended to key-recovery attacks on the block cipher. Next, we show that the omission of round constants allows slid pairs and fixed points to be found. These attacks are independent of the number of rounds. Finally, we suggest several countermeasures against these attacks, while still keeping the design simple and easy to analyze.
Information Security and Cryptology (Lecture Notes in Computer Science)
December 12-15, 2009
5th International Conference on Information Security and Cryptology (Inscrypt 2009)
, Sekar, G.
, Aumasson, J.
, Peyrin, T.
, Thomsen, S.
, Sonmez Turan, M.
and Preneel, B.
Cryptanalysis of the ESSENCE Family of Hash Functions, Information Security and Cryptology (Lecture Notes in Computer Science), Beijing, CN, [online], https://doi.org/10.1007/978-3-642-16342-5_2, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=904375
(Accessed December 2, 2023)