The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Grøstl
Fast Software Encryption
Short Chosen-Prefix Collisions for MD5 and the Creation of a Rogue CA Certificate
CRYPTO '09 Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology
Selected Areas in Cryptography
Rebound Attack on the Full Lane Compression Function
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Rebound Distinguishers: Results on the Full Whirlpool Compression Function
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Collisions for 70-step SHA-1: on the full cost of collision search
SAC'07 Proceedings of the 14th international conference on Selected areas in cryptography
Finding SHA-1 characteristics: general results and applications
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
Finding collisions in the full SHA-1
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Cryptanalysis of the hash functions MD4 and RIPEMD
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
How to improve rebound attacks
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
Known-Key distinguisher on round-reduced 3d block cipher
WISA'11 Proceedings of the 12th international conference on Information Security Applications
Unaligned rebound attack: application to keccak
FSE'12 Proceedings of the 19th international conference on Fast Software Encryption
Hi-index | 0.00 |
JH, designed by Wu, is one of the 14 second-round candidates in the NIST Hash Competition. This paper presents the first analysis results of JH by using rebound attack. We first investigate a variant of the JH hash function family for d = 4 and describe how the attack works. Then, we apply the attack for d = 8, which is the version submitted to the competition. As a result, we obtain a semi-free-start collision for 16 rounds (out of 35.5) of JH for all hash sizes with 2179.24 compression function calls. We then extend our attack to 19 (and 22) rounds and present a 1008-bit (and 896-bit) semi-free-start near-collision on the JH compression function with 2156.77 (2156.56) compression function calls, 2152.28 memory access and 2143.70-bytes of memory.