Improved Integral Analysis on Tweaked Lesamnta

  • Yu Sasaki
  • Kazumaro Aoki
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7259)


In this paper, we show a known-key (middletext) distinguisher on the internal block cipher of tweaked Lesamnta reduced to 31 (out of 32) rounds, which is one of the hash functions submitted to the SHA-3 competition. Moreover, we present a distinguisher for full internal block cipher of Lesamnta with stronger assumption. Although Lesamnta was not chosen for the second round, for its tweaked version, all previous cryptanalysis can work no more than 24 rounds. We search for a new integral characteristic for the internal block cipher, and discover a 19-round integral characteristic for forward direction. We then search for an integral characteristic for backward direction, and the characteristics can be combined to full rounds with some assumption. The distinguisher for the internal block cipher of Lesamnta-256 requires 2192 query complexity and negligible memory. This is the best attack on Lesamnta compression function and its internal block cipher after the tweak.


integral attack middletext distinguisher known-key chosen-key Lesamnta hash SHA-3 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Wang, X., Yu, H.: How to Break MD5 and Other Hash Functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  2. 2.
    Wang, X., Yin, Y.L., Yu, H.: Finding Collisions in the Full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)Google Scholar
  3. 3.
    U.S. Department of Commerce, National Institute of Standards and Technology: Federal Register vol. 72, No. 212/Friday, November 2, 2007/Notices (2007),
  4. 4.
    Hirose, S., Kuwakado, H., Yoshida, H.: SHA-3 proposal: Lesamnta. Lesamnta home page (2009), Document version 1.0.1, (January 15, 2009)
  5. 5.
    Hirose, S., Ideguchi, K., Kuwakado, H., Owada, T., Preneel, B., Yoshida, H.: A Lightweight 256-Bit Hash Function for Hardware and Low-End Devices: Lesamnta-LW. In: Rhee, K.-H., Nyang, D. (eds.) ICISC 2010. LNCS, vol. 6829, pp. 151–168. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  6. 6.
    Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of applied cryptography. CRC Press (1997)Google Scholar
  7. 7.
    Bouillaguet, C., Dunkelman, O., Leurent, G., Fouque, P.-A.: Another Look at Complementation Properties. In: Hong, S., Iwata, T. (eds.) FSE 2010. LNCS, vol. 6147, pp. 347–364. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  8. 8.
    Hirose, S., Kuwakado, H., Yoshida, H.: A minor change to Lesamnta — Change of round constants — Lesamnta home page (2009), (July 18, 2009)
  9. 9.
    Bouillaguet, C., Dunkelman, O., Leurent, G., Fouque, P.-A.: Attacks on Hash Functions Based on Generalized Feistel: Application to Reduced-Round Lesamnta and SHAvite-3 512. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) SAC 2010. LNCS, vol. 6544, pp. 18–35. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  10. 10.
    Bouillaguet, C., Dunkelman, O., Leurent, G., Fouque, P.A.: Attacks on hash functions based on generalized Feistel - application to reduced-round Lesamnta and SHAvite-3 512. Cryptology ePrint Archive, Report 2009/634 (2009), (Full version of [9])
  11. 11.
    Daemen, J., Knudsen, L.R., Rijmen, V.: The Block Cipher SQUARE. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 149–165. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  12. 12.
    Daemen, J., Rijmen, V.: The design of Rijndeal: AES – the Advanced Encryption Standard (AES). Springer (2002)Google Scholar
  13. 13.
    U.S. Department of Commerce, National Institute of Standards and Technology: Specification for the ADVANCED ENCRYPTION STANDARD (AES) (Federal Information Processing Standards Publication 197) (2001)Google Scholar
  14. 14.
    Knudsen, L.R., Rijmen, V.: Known-Key Distinguishers for Some Block Ciphers. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 315–324. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  15. 15.
    Minier, M., Phan, R.C.-W., Pousse, B.: Distinguishers for Ciphers and Known Key Attack against Rijndael with Large Blocks. In: Preneel, B. (ed.) AFRICACRYPT 2009. LNCS, vol. 5580, pp. 60–76. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  16. 16.
    Biryukov, A., Nikolić, I.: A new security analysis of AES-128. In: Rump session of CRYPTO 2009 (2009),
  17. 17.
    Biryukov, A., Nikolić, I.: Automatic Search for Related-Key Differential Characteristics in Byte-Oriented Block Ciphers: Application to AES, Camellia, Khazad and Others. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 322–344. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  18. 18.
    Nikolić, I., Pieprzyk, J., Sokołowski, P., Steinfeld, R.: Known and Chosen Key Differential Distinguishers for Block Ciphers. In: Rhee, K.-H., Nyang, D. (eds.) ICISC 2010. LNCS, vol. 6829, pp. 29–48. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  19. 19.
    Aumasson, J.-P., Käsper, E., Knudsen, L.R., Matusiewicz, K., Ødegård, R., Peyrin, T., Schläffer, M.: Distinguishers for the Compression Function and Output Transformation of Hamsi-256. In: Steinfeld, R., Hawkes, P. (eds.) ACISP 2010. LNCS, vol. 6168, pp. 87–103. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  20. 20.
    Black, J., Rogaway, P., Shrimpton, T.: Black-Box Analysis of the Block-Cipher-Based Hash-Function Constructions from PGV. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 320–335. Springer, Heidelberg (2002)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Yu Sasaki
    • 1
  • Kazumaro Aoki
    • 1
  1. 1.NTT Information Sharing Platform LaboratoriesNTT CorporationMusashino-shiJapan

Personalised recommendations