Paper 2009/443

Rebound Attack on the Full LANE Compression Function

Krystian Matusiewicz, Maria Naya-Plasencia, Ivica Nikolic, Yu Sasaki, and Martin Schläffer

Abstract

In this work, we apply the rebound attack to the AES based SHA-3 candidate LANE. The hash function LANE uses a permutation based compression function, consisting of a linear message expansion and 6 parallel lanes. In the rebound attack on LANE, we apply several new techniques to construct a collision for the full compression function of LANE-256 and LANE-512. Using a relatively sparse truncated differential path, we are able to solve for a valid message expansion and colliding lanes independently. Additionally, we are able to apply the inbound phase more than once by exploiting the degrees of freedom in the parallel AES states. This allows us to construct semi-free-start collisions for full LANE-256 with $2^{96}$ compression function evaluations and $2^{88}$ memory, and for full LANE-512 with $2^{224}$ compression function evaluations and $2^{128}$ memory.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. A short version of this paper will appear at ASIACRYPT 2009.
Keywords
SHA-3LANEhash functioncryptanalysisrebound attacksemi-free-start collision
Contact author(s)
martin schlaeffer @ iaik tugraz at
History
2009-09-14: received
Short URL
https://ia.cr/2009/443
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2009/443,
      author = {Krystian Matusiewicz and Maria Naya-Plasencia and Ivica Nikolic and Yu Sasaki and Martin Schläffer},
      title = {Rebound Attack on the Full {LANE} Compression Function},
      howpublished = {Cryptology {ePrint} Archive, Paper 2009/443},
      year = {2009},
      url = {https://eprint.iacr.org/2009/443}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.