Rebound Attack on the Full LANE Compression Function

Krystian Matusiewicz, Maria Naya-Plasencia, Ivica Nikolic, Yu Sasaki, Martin Martin Schlaeffer

    Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

    Abstract

    In this work, we apply the rebound attack to the AES based SHA-3 candidate Lane. The hash function Lane uses a permutation based compression function, consisting of a linear message expansion and 6 parallel lanes. In the rebound attack on Lane, we apply several new techniques to construct a collision for the full compression function of Lane-256 and Lane-512. Using a relatively sparse truncated differential path, we are able to solve for a valid message expansion and colliding lanes independently. Additionally, we are able to apply the inbound phase more than once by exploiting the degrees of freedom in the parallel AES states. This allows us to construct semi-free-start collisions for full Lane-256 with 2^96 compression function evaluations and 2^88 memory, and for full Lane-512 with 2^224 compression function evaluations and 2^128 memory.
    Original languageEnglish
    Title of host publicationAdvances in Cryptology -- ASIACRYPT 2009
    EditorsMitsuru Matsui
    Number of pages722
    Volume5912
    PublisherSpringer
    Publication date2009
    Edition1
    Pages106-125
    ISBN (Print)978-3-642-10365-0
    DOIs
    Publication statusPublished - 2009
    Event15th Annual International Conference on the Theory and Application of Cryptology and Information Security - Tokyo, Japan
    Duration: 6 Dec 200910 Dec 2009
    Conference number: 15
    http://asiacrypt2009.cipher.risk.tsukuba.ac.jp/

    Conference

    Conference15th Annual International Conference on the Theory and Application of Cryptology and Information Security
    Number15
    Country/TerritoryJapan
    CityTokyo
    Period06/12/200910/12/2009
    Internet address
    SeriesLecture Notes in Computer Science
    Number5912
    ISSN0302-9743

    Keywords

    • hash function
    • cryptanalysis
    • semi-free-start collision
    • SHA-3
    • rebound attack
    • LANE

    Fingerprint

    Dive into the research topics of 'Rebound Attack on the Full LANE Compression Function'. Together they form a unique fingerprint.

    Cite this