Abstract
In this work, we apply the rebound attack to the AES based SHA-3 candidate Lane. The hash function Lane uses a permutation based compression function, consisting of a linear message expansion and 6 parallel lanes. In the rebound attack on Lane, we apply several new techniques to construct a collision for the full compression function of Lane-256 and Lane-512. Using a relatively sparse truncated differential path, we are able to solve for a valid message expansion and colliding lanes independently. Additionally, we are able to apply the inbound phase more than once by exploiting the degrees of freedom in the parallel AES states. This allows us to construct semi-free-start collisions for full Lane-256 with 2^96 compression function evaluations and 2^88 memory, and for full Lane-512 with 2^224 compression function evaluations and 2^128 memory.
| Original language | English |
|---|---|
| Title of host publication | Advances in Cryptology -- ASIACRYPT 2009 |
| Editors | Mitsuru Matsui |
| Number of pages | 722 |
| Volume | 5912 |
| Publisher | Springer |
| Publication date | 2009 |
| Edition | 1 |
| Pages | 106-125 |
| ISBN (Print) | 978-3-642-10365-0 |
| DOIs | |
| Publication status | Published - 2009 |
| Event | 15th Annual International Conference on the Theory and Application of Cryptology and Information Security - Tokyo, Japan Duration: 6 Dec 2009 → 10 Dec 2009 Conference number: 15 http://asiacrypt2009.cipher.risk.tsukuba.ac.jp/ |
Conference
| Conference | 15th Annual International Conference on the Theory and Application of Cryptology and Information Security |
|---|---|
| Number | 15 |
| Country/Territory | Japan |
| City | Tokyo |
| Period | 06/12/2009 → 10/12/2009 |
| Internet address |
| Series | Lecture Notes in Computer Science |
|---|---|
| Number | 5912 |
| ISSN | 0302-9743 |
Keywords
- hash function
- cryptanalysis
- semi-free-start collision
- SHA-3
- rebound attack
- LANE