Collision Attacks on SPONGENT with Grouping Method
摘要
SPONGENT is a lightweight hash function based on the sponge construction, featuring a PRESENT-like round function. Although it is included in the ISO standard for lightweight cryptography, no third-party analysis of collision attacks has been conducted. This lack of analysis is primarily due to the inherent difficulty of identifying value pairs that satisfy differential characteristics in sponge-construction-based hash functions. In this paper, we propose a novel method to efficiently identify value pairs that satisfy differential characteristics for keyless permutations. To address the existing problems, we introduce a grouping method that classifies input variables into categories such as free bits, fixed bits, and interdependent groups. This categorization facilitates efficient computation of degrees of freedom by solving for valid states within each group independently. We apply this method to variants of SPONGENT and, for the first time, demonstrate collision and semi-free-start collision attacks on reduced variants.