Preimage attacks on reduced‐round Keccak hash functions by solving algebraic systems

In this paper, improved preimage attacks are presented on 3‐round Keccak‐256 and Keccak‐512 and 4‐round Keccak‐256 based on algebraic methods. The authors propose some new properties about the components of Keccak permutation, reconsider the existing preimage attacks, and further refine the linearisation processes of quadratic bits to lower the complexities. For 3‐round Keccak‐256 and Keccak‐512, priority is given to values with higher probability for quadratic bits, such that the guessing complexities decrease from slightly more than 265 and 2440 to 264.79 and 2424, respectively. For preimage attack on 4‐round Keccak‐256, some strategies of saving degrees of freedom are applied to solve Boolean multivariate quadratic systems and reduce the guessing complexity from 2196 to 2188. Improved preimage attacks on 3‐round Keccak‐256 and Keccak‐512 and 4‐round Keccak‐256 based on algebraic methods are presented. For 3‐round Keccak‐256 and Keccak‐512, the authors take advantage of the non‐uniform distribution of the output of \(\chi\) to show a method of linearisation. For preimage attack on 4‐round Keccak‐256, some strategies of saving degrees of freedom are applied to solve Boolean multivariate quadratic systems and reduce the complexity.