Paper 2012/278

Improved Indifferentiability Security Bound for the JH Mode

Dustin Moody, Souradyuti Paul, and Daniel Smith-Tone

Abstract

Indifferentiability security of a hash mode of operation guarantees the mode's resistance against all (meaningful) generic attacks. It is also useful to establish the security of protocols that use hash functions as random functions. The JH hash function is one of the five finalists in the ongoing NIST SHA-3 hash function competition. Despite several years of analysis, the indifferentiability security of the JH mode (with n-bit digest and 2n-bit permutation) has remained remarkably low, only at n/3 bits (FSE 2010), while the other four finalist modes -- with comparable parameter values -- offer a security guarantee of n/2 bits. In this paper, we improve the indifferentiability security bound for the JH mode to n/2 bits (e.g. from 171 to 256 bits when n=512). To put this into perspective, our result guarantees the absence of attacks on both JH-256 and JH-512 hash functions with time less than approximately 2^{256} computations of the underlying 1024-bit permutation, under the assumption that the basic permutation is structurally strong. Our bounds are optimal for JH-256, and the best, so far, for JH-512. We obtain this improved bound by establishing an isomorphism of certain query-response graphs through a careful design of the simulators and the bad events. Our experimental data strongly supports the theoretically obtained results.

Note: A few more references were added on the related work after taking into consideration the third-party comments and remarks.

Metadata
Available format(s)
PDF PS
Category
Secret-key cryptography
Publication info
Published elsewhere. Minor revision. DESIGN CODES AND CRYPTOGRAPHY
DOI
10.1007/s10623-015-0047-9
Keywords
Hash ModeNIST SHA-3 CompetitionJHIndifferentiability
Contact author(s)
souradyutip @ iitgn ac in
History
2015-07-15: last of 3 revisions
2012-05-29: received
See all versions
Short URL
https://ia.cr/2012/278
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2012/278,
      author = {Dustin Moody and Souradyuti Paul and Daniel Smith-Tone},
      title = {Improved Indifferentiability Security Bound for the JH Mode},
      howpublished = {Cryptology ePrint Archive, Paper 2012/278},
      year = {2012},
      doi = {10.1007/s10623-015-0047-9},
      note = {\url{https://eprint.iacr.org/2012/278}},
      url = {https://eprint.iacr.org/2012/278}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.