Abstract
In this paper, we investigate Keccak — the cryptographic hash function adopted as the SHA-3 standard. We propose a malicious variant of the function, where new round constants are introduced. We show that for such a variant, collision and preimage attacks are possible. We also identify a class of weak keys for malicious Keccak working in the MAC mode. Ideas presented in the paper were verified by implementing the attacks on the function with the 128-bit hash. Additionally, we show how the idea of malicious Keccak could be used in differential fault analysis against real Keccak working in the keyed mode such as the authenticated encryption mode.
Get full access to this article
View all access options for this article.