SECURITY ANALYSIS OF SPONGE CONSTRUCTIONS

Abstract

The sponge construction is a versatile cryptographic framework supporting keyless applications like hashing and keyed applications such as MACs and stream ciphers, with security reliant on the capacity c and the robustness of the permutation f. This paper classifies attacks into generic (e.g., collision, preimage, length extension, meet-in-the-middle) and primary (e.g., differential, linear) types, detailing their mechanisms, goals, and security bounds for both modes. Generic attacks are bounded by c, while primary attacks exploit f’s structural weaknesses to achieve lower complexity. We explore the role of key length k in security bounds for keyed modes, including potential adjustments like min(2c/2,2k) for certain attacks, and emphasize the hermetic sponge strategy to mitigate vulnerabilities. The analysis provides insights into designing secure sponge-based systems.