Rebound Attack on Reduced-Round Versions of JH
نویسندگان
چکیده
JH, designed by Wu, is one of the 14 second round candidates in the NIST Hash Competition. This paper presents the first analysis results of JH by using rebound attack. We first investigate a variant of the JH hash function family for d = 4 and describe how the attack works. Then, we apply the attack for d = 8, which is the version submitted to the competition. As a result, we obtain a semi-free-start collision for 16 rounds (out of 35.5) of JH for all hash sizes with 2 compression function calls. We then extend our attack to 19 rounds and present a 1008-bit semi-free-start near-collision on the JH compression function with 2 compression function calls, 2 memory access and 2-bytes of memory.
منابع مشابه
Rebound Attacks on the Reduced Grøstl Hash Function
Grøstl is one of 14 second round candidates of the NIST SHA-3 competition. Cryptanalytic results on the wide-pipe compression function of Grøstl-256 have already been published. However, little is known about the hash function, arguably a much more interesting cryptanalytic setting. Also, Grøstl-512 has not been analyzed yet. In this paper, we show the first cryptanalytic attacks on reduced-rou...
متن کاملRebound Attack on JH42
The hash function JH [20] is one of the five finalists of the NIST SHA-3 hash competition. It has been recently tweaked for the final by increasing its number of rounds from 35.5 to 42. The previously best known results on JH were semi-free-start near-collisions up to 22 rounds using multi-inbound rebound attacks. In this paper we provide a new differential path on 32 rounds. Using this path, w...
متن کاملImpossible Differential Cryptanalysis of Reduced-Round Midori64 Block Cipher (Extended Version)
Impossible differential attack is a well-known mean to examine robustness of block ciphers. Using impossible differ- ential cryptanalysis, we analyze security of a family of lightweight block ciphers, named Midori, that are designed considering low energy consumption. Midori state size can be either 64 bits for Midori64 or 128 bits for Midori128; however, both vers...
متن کاملImproved (Pseudo) Preimage Attacks on Reduced-Round GOST and Grøstl-256 and Studies on Several Truncation Patterns for AES-like Compression Functions
In this paper, we present improved preimage attacks on the reduced-round GOST hash function family, which serves as the new Russian hash standard, with the aid of techniques such as the rebound attack, the Meet-in-the-Middle preimage attack and the multicollisions. Firstly, the preimage attack on 5-round GOST-256 is proposed which is the first preimage attack for GOST-256 at the hash function l...
متن کاملA Collision Attack on a Double-Block-Length Compression Function Instantiated with Round-Reduced AES-256
This paper presents the first non-trivial collision attack on the double-block-length compression function presented at FSE 2006 instantiated with round-reduced AES-256: f0(h0∥h1,M)∥f1(h0∥h1,M) such that f0(h0∥h1,M) = Eh1∥M (h0)⊕ h0 , f1(h0∥h1,M) = Eh1∥M (h0 ⊕ c)⊕ h0 ⊕ c , where ∥ represents concatenation, E is AES-256 and c is a non-zero constant. The proposed attack is a free-start collision ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2010