Rebound Attack on JH42

  • María Naya-Plasencia
  • Deniz Toz
  • Kerem Varici
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7073)


The hash function JH [20] is one of the five finalists of the NIST SHA-3 hash competition. It has been recently tweaked for the final by increasing its number of rounds from 35.5 to 42. The previously best known results on JH were semi-free-start near-collisions up to 22 rounds using multi-inbound rebound attacks. In this paper we provide a new differential path on 32 rounds. Using this path, we are able to build various semi-free-start internal-state near-collisions and the maximum number of rounds that we achieved is up to 37 rounds on 986 bits. Moreover, we build distinguishers in the full 42-round internal permutation. These are, to our knowledge, the first results faster than generic attack on the full internal permutation of JH42, the finalist version. These distinguishers also apply to the compression function.


hash function rebound attack JH cryptanalysis SHA-3 


  1. 1.
    Bhattacharyya, R., Mandal, A., Nandi, M.: Security Analysis of the Mode of JH Hash Function. In: Hong and Iwata [4], pp. 168–191Google Scholar
  2. 2.
    Burmester, M., Tsudik, G., Magliveras, S.S., Ilić, I. (eds.): ISC 2010. LNCS, vol. 6531. Springer, Heidelberg (2011)MATHGoogle Scholar
  3. 3.
    Gilbert, H., Peyrin, T.: Super-sbox cryptanalysis: Improved attacks for aes-like permutations. In: Hong and Iwata [4], pp. 365–383Google Scholar
  4. 4.
    Hong, S., Iwata, T. (eds.): FSE 2010. LNCS, vol. 6147. Springer, Heidelberg (2010)MATHGoogle Scholar
  5. 5.
    Ideguchi, K., Tischhauser, E., Preneel, B.: Improved collision attacks on the reduced-round grøstl hash function. In: Burmester, et al. (eds.) [2], pp. 1–16 (2010)Google Scholar
  6. 6.
    Lamberger, M., Mendel, F., Rechberger, C., Rijmen, V., Schläffer, M.: Rebound Distinguishers: Results on the Full Whirlpool Compression Function. In: Matsui [7], pp. 126–143Google Scholar
  7. 7.
    Matsui, M. (ed.): ASIACRYPT 2009. LNCS, vol. 5912. Springer, Heidelberg (2009)MATHGoogle Scholar
  8. 8.
    Matusiewicz, K., Naya-Plasencia, M., Nikolic, I., Sasaki, Y., Schläffer, M.: Rebound Attack on the Full Lane Compression Function. In: Matsui [7], pp. 106–125Google Scholar
  9. 9.
    Mendel, F., Peyrin, T., Rechberger, C., Schläffer, M.: Improved Cryptanalysis of the Reduced Grøstl Compression Function, ECHO Permutation and AES Block Cipher. In: Jacobson Jr., M.J., Rijmen, V., Safavi-Naini, R. (eds.) SAC 2009. LNCS, vol. 5867, pp. 16–35. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  10. 10.
    Mendel, F., Rechberger, C., Schläffer, M., Thomsen, S.S.: The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Grøstl. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 260–276. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  11. 11.
    Mendel, F., Rechberger, C., Schläffer, M., Thomsen, S.S.: Rebound Attacks on the Reduced Grøstl Hash Function. In: Pieprzyk, J. (ed.) CT-RSA 2010. LNCS, vol. 5985, pp. 350–365. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  12. 12.
    Naya-Plasencia, M.: How to Improve Rebound Attacks. Cryptology ePrint Archive, Report 2010/607 (2010) (extended version),,
  13. 13.
    Naya-Plasencia, M.: How to Improve Rebound Attacks. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 188–205. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  14. 14.
    Peyrin, T.: Improved Differential Attacks for Echo and Grøstl. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 370–392. Springer, Heidelberg (2010)Google Scholar
  15. 15.
    Rijmen, V., Toz, D., Varici, K.: Rebound Attack on Reduced-Round Versions of JH. In: Hong and Iwata [4], pp. 286–303Google Scholar
  16. 16.
    Rivest, R.L.: The MD5 Message-Digest Algorithm. RFC 1321 (1992),
  17. 17.
    Sasaki, Y., Li, Y., Wang, L., Sakiyama, K., Ohta, K.: Non-Full-Active Super-Sbox Analysis: Applications to ECHO and Grøstl. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 38–55. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  18. 18.
    Schläffer, M.: Subspace Distinguisher for 5/8 Rounds of the ECHO-256 Hash Function. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) SAC 2010. LNCS, vol. 6544, pp. 369–387. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  19. 19.
    of Standards, N.I., Technology: FIPS 180-1:Secure Hash Standard (1995),
  20. 20.
    Wu, H.: The Hash Function JH. Submission to NIST (2008),

Copyright information

© International Association for Cryptologic Research 2011

Authors and Affiliations

  • María Naya-Plasencia
    • 1
    • 2
  • Deniz Toz
    • 3
  • Kerem Varici
    • 3
  1. 1.FHNW WindischSwitzerland
  2. 2.University of VersaillesFrance
  3. 3.ESAT/COSIC and IBBTKatholieke Universiteit LeuvenBelgium

Personalised recommendations