TY - JOUR AU - Saha, Dhiman AU - Kuila, Sukhendu AU - Chowdhury, Dipanwita Roy PY - 2017/03/08 Y2 - 2024/03/28 TI - SymSum: Symmetric-Sum Distinguishers Against Round Reduced SHA3 JF - IACR Transactions on Symmetric Cryptology JA - ToSC VL - 2017 IS - 1 SE - Articles DO - 10.13154/tosc.v2017.i1.240-258 UR - https://tosc.iacr.org/index.php/ToSC/article/view/593 SP - 240-258 AB - In this work we show the existence of special sets of inputs for which the sum of the images under SHA3 exhibits a symmetric property. We develop an analytical framework which accounts for the existence of these sets. The framework constitutes identification of a generic property of iterated SPN based functions pertaining to the round-constant addition and combining it with the notion of <em>m</em>−fold vectorial derivatives for differentiation over specially selected subspaces. Based on this we propose a new distinguisher called SymSum for the SHA3 family which penetrates up to 9 rounds and outperforms the ZeroSum distinguisher by a factor of four. Interestingly, the current work is the first analysis of SHA3/Keccak that relies on round-constants but is independent of their Hamming-weights. ER -