Paper 2011/019

Collision Resistance of the JH Hash Function

Jooyoung Lee and Deukjo Hong


In this paper, we analyze collision resistance of the JH hash function in the ideal primitive model. The JH hash function is one of the five SHA-3 candidates accepted for the final round of evaluation. The JH hash function uses a mode of operation based on a permutation, while its security has been elusive even in the random permutation model. One can find a collision for the JH compression function only with two backward queries to the basing primitive. However, the security is significantly enhanced in iteration. For $c\leq n/2$, we prove that the JH hash function using an ideal $n$-bit permutation and producing $c$-bit outputs by truncation is collision resistant up to $O(2^{c/2})$ queries. This bound implies that the JH hash function provides the optimal collision resistance in the random permutation model.

Available format(s)
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
hash functions
Contact author(s)
jlee05 @ ensec re kr
2011-01-14: received
Short URL
Creative Commons Attribution


      author = {Jooyoung Lee and Deukjo Hong},
      title = {Collision Resistance of the JH Hash Function},
      howpublished = {Cryptology ePrint Archive, Paper 2011/019},
      year = {2011},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.