Rebound Attack on the Full Lane Compression Function

  • Krystian Matusiewicz
  • María Naya-Plasencia
  • Ivica Nikolić
  • Yu Sasaki
  • Martin Schläffer
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5912)

Abstract

In this work, we apply the rebound attack to the AES based SHA-3 candidate Lane. The hash function Lane uses a permutation based compression function, consisting of a linear message expansion and 6 parallel lanes. In the rebound attack on Lane, we apply several new techniques to construct a collision for the full compression function of Lane-256 and Lane-512. Using a relatively sparse truncated differential path, we are able to solve for a valid message expansion and colliding lanes independently. Additionally, we are able to apply the inbound phase more than once by exploiting the degrees of freedom in the parallel AES states. This allows us to construct semi-free-start collisions for full Lane-256 with 296 compression function evaluations and 288 memory, and for full Lane-512 with 2224 compression function evaluations and 2128 memory.

Keywords

SHA-3 LANE hash function cryptanalysis rebound attack semi-free-start collision 

References

  1. 1.
    Andreeva, E.: On LANE modes of Operation. Technical Report, COSIC (2008)Google Scholar
  2. 2.
    Barreto, P.S.L.M., Rijmen, V.: The Whirlpool Hashing Function. Submitted to NESSIE (September 2000), http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html (revised May 2003)
  3. 3.
    Damgård, I.: A Design Principle for Hash Functions. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 416–427. Springer, Heidelberg (1990)Google Scholar
  4. 4.
    Gauravaram, P., Knudsen, L.R., Matusiewicz, K., Mendel, F., Rechberger, C., Schläffer, M., Thomsen, S.S.: Grøstl – a SHA-3 candidate (2008), http://www.groestl.info
  5. 5.
    Indesteege, S.: The LANE hash function. Submission to NIST (2008), http://www.cosic.esat.kuleuven.be/publications/article-1181.pdf
  6. 6.
    Knudsen, L.R.: Truncated and Higher Order Differentials. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 196–211. Springer, Heidelberg (1995)Google Scholar
  7. 7.
    Knudsen, L.R., Rechberger, C., Thomsen, S.S.: The Grindahl Hash Functions. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 39–57. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  8. 8.
    Lamberger, M., Mendel, F., Rechberger, C., Rijmen, V., Schläffer, M.: Rebound Distinguishers: Results on the Full Whirlpool Compression Function. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 126–143. Springer, Heidelberg (2009)Google Scholar
  9. 9.
    Mendel, F., Rechberger, C., Schläffer, M., Thomsen, S.S.: The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Grøstl. In: Dunkelman, O. (ed.) FSE. LNCS, vol. 5665, pp. 260–276. Springer, Heidelberg (2009)Google Scholar
  10. 10.
    Merkle, R.C.: One Way Hash Functions and DES. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 428–446. Springer, Heidelberg (1990)Google Scholar
  11. 11.
    National Institute of Standards and Technology: Announcing Request for Candidate Algorithm Nominations for a New Cryptographic Hash Algorithm (SHA-3) Family. Federal Register Notice (November 2007), http://csrc.nist.gov
  12. 12.
    Peyrin, T.: Cryptanalysis of Grindahl. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 551–567. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  13. 13.
    Wang, X., Yin, Y.L., Yu, H.: Finding Collisions in the Full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)Google Scholar
  14. 14.
    Wang, X., Yu, H.: How to Break MD5 and Other Hash Functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005)Google Scholar
  15. 15.
    Wu, S., Feng, D., Wu, W.: Cryptanalysis of the LANE Hash Function. In: Jacobson, M.J., Rijmen, V., Safavi-Naini, R. (eds.) SAC 2009. LNCS, vol. 5867, pp. 126–140. Springer, Heidelberg (2009)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Krystian Matusiewicz
    • 1
  • María Naya-Plasencia
    • 2
  • Ivica Nikolić
    • 3
  • Yu Sasaki
    • 4
  • Martin Schläffer
    • 5
  1. 1.Department of MathematicsTechnical University of DenmarkDenmark
  2. 2.INRIA project-team SECRETFrance
  3. 3.University of LuxembourgLuxembourg
  4. 4.NTT CorporationJapan
  5. 5.IAIKGraz University of TechnologyAustria

Personalised recommendations