Rebound attack on reduced-round versions of JH

Authors:
Vincent Rijmen;Deniz Toz;Kerem Varici
Affiliations:
Katholieke Univ. Leuven, Dept. of Electronical Eng., ESAT, SCD-COSIC, and Interdisciplinary Inst. for BroadBand Techn., Leuven-Heverlee, Belgium and Inst. for Applied Inf. Processing and Communica ...;Katholieke Universiteit Leuven, Department of Electronical Engineering, ESAT, SCD-COSIC, and Interdisciplinary Institute for BroadBand Technology, Leuven-Heverlee, Belgium;Katholieke Universiteit Leuven, Department of Electronical Engineering, ESAT, SCD-COSIC, and Interdisciplinary Institute for BroadBand Technology, Leuven-Heverlee, Belgium
Venue:
FSE'10 Proceedings of the 17th international conference on Fast software encryption
Year:
2010

Citing 9
Cited 4

The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Grøstl

Fast Software Encryption
Short Chosen-Prefix Collisions for MD5 and the Creation of a Rogue CA Certificate

CRYPTO '09 Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology
Improved Cryptanalysis of the Reduced Grøstl Compression Function, ECHO Permutation and AES Block Cipher

Selected Areas in Cryptography
Rebound Attack on the Full Lane Compression Function

ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Rebound Distinguishers: Results on the Full Whirlpool Compression Function

ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Collisions for 70-step SHA-1: on the full cost of collision search

SAC'07 Proceedings of the 14th international conference on Selected areas in cryptography
Finding SHA-1 characteristics: general results and applications

ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
Finding collisions in the full SHA-1

CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Cryptanalysis of the hash functions MD4 and RIPEMD

EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques

How to improve rebound attacks

CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
Rebound attack on JH42

ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
Known-Key distinguisher on round-reduced 3d block cipher

WISA'11 Proceedings of the 12th international conference on Information Security Applications
Unaligned rebound attack: application to keccak

FSE'12 Proceedings of the 19th international conference on Fast Software Encryption

Quantified Score

Hi-index	0.00

Visualization

Abstract

JH, designed by Wu, is one of the 14 second-round candidates in the NIST Hash Competition. This paper presents the first analysis results of JH by using rebound attack. We first investigate a variant of the JH hash function family for d = 4 and describe how the attack works. Then, we apply the attack for d = 8, which is the version submitted to the competition. As a result, we obtain a semi-free-start collision for 16 rounds (out of 35.5) of JH for all hash sizes with 2179.24 compression function calls. We then extend our attack to 19 (and 22) rounds and present a 1008-bit (and 896-bit) semi-free-start near-collision on the JH compression function with 2156.77 (2156.56) compression function calls, 2152.28 memory access and 2143.70-bytes of memory.