Paper 2022/731

Triangulating Rebound Attack on AES-like Hashing

Xiaoyang Dong, Tsinghua University
Jian Guo, Nanyang Technological University
Shun Li, Nanyang Technological University
Phuong Pham, Nanyang Technological University

The rebound attack was introduced by Mendel et al. at FSE 2009 to fulfill a heavy middle round of a differential path for free, utilizing the degree of freedom from states. The inbound phase was extended to 2 rounds by the Super-Sbox technique invented by Lamberger et al. at ASIACRYPT 2009 and Gilbert and Peyrin at FSE 2010. In ASIACRYPT 2010, Sasaki et al. further reduced the requirement of memory by introducing the non-full-active Super-Sbox. In this paper, we further develop this line of research by introducing Super-Inbound, which is able to connect multiple 1-round or 2-round (non-full-active) Super-Sbox inbound phases by utilizing fully the degrees of freedom from both states and key, yet without the use of large memory. This essentially extends the inbound phase by up to 3 rounds. We applied this technique to find classic or quantum collisions on several AES-like hash functions, and improved the attacked round number by 1 to 5 in targets including AES-128 and SKINNY hashing modes, Saturnin-Hash, and Grostl-512. To demonstrate the correctness of our attacks, the semi-free-start collision on 6-round AES-128-MMO/MP with estimated time complexity $2^{24}$ in classical setting was implemented and an example pair was found instantly on a standard PC.

Available format(s)
Attacks and cryptanalysis
Publication info
A major revision of an IACR publication in CRYPTO 2022
Triangulating Rebound Quantum Computation Collision Attacks Rebound Attacks Triangulation Algorithm Super-Inbound
Contact author(s)
xiaoyangdong @ tsinghua edu cn
guojian @ ntu edu sg
shun li @ ntu edu sg
pham0079 @ e ntu edu sg
2022-06-09: revised
2022-06-08: received
See all versions
Short URL
Creative Commons Attribution


      author = {Xiaoyang Dong and Jian Guo and Shun Li and Phuong Pham},
      title = {Triangulating Rebound Attack on AES-like Hashing},
      howpublished = {Cryptology ePrint Archive, Paper 2022/731},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.