Rebound Attack on JH42
نویسندگان
چکیده
The hash function JH [20] is one of the five finalists of the NIST SHA-3 hash competition. It has been recently tweaked for the final by increasing its number of rounds from 35.5 to 42. The previously best known results on JH were semi-free-start near-collisions up to 22 rounds using multi-inbound rebound attacks. In this paper we provide a new differential path on 32 rounds. Using this path, we are able to build various semi-free-start internal-state near-collisions and the maximum number of rounds that we achieved is up to 37 rounds on 986 bits. Moreover, we build distinguishers in the full 42-round internal permutation. These are, to our knowledge, the first results faster than generic attack on the full internal permutation of JH42, the finalist version. These distinguishers also apply to the compression function.
منابع مشابه
The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Grøstl
In this work, we propose the rebound attack, a new tool for the cryptanalysis of hash functions. The idea of the rebound attack is to use the available degrees of freedom in a collision attack to efficiently bypass the low probability parts of a differential trail. The rebound attack consists of an inbound phase with a match-in-the-middle part to exploit the available degrees of freedom, and a ...
متن کاملSensory-Neural Hearing Loss as an Early Rebound Relapse after Fingolimod Cessation in Multiple Sclerosis
Introduction: Multiple sclerosis (MS) is a lifelong disease of the brain and spinal cord. Fingolimod is an oral drug which modulates the S1P receptor and is used for relapsing remitting form of MS and can causes rebound activity if it is ceased even in a short period of washout time. Case Report: Here, we introduce a young girl, a known case of MS, who developed revers...
متن کاملGroestl Distinguishing Attack: A New Rebound Attack of an AES-like Permutation
We consider highly structured truncated differential paths to mount a new rebound attack on Grøstl-512, a hash functions based on two AES-like permutations, P1024 and Q1024, with non-square input and output registers. We explain how such differential paths can be computed using a Mixed-Integer Linear Programming approach. Together with a SuperSBox description, this allows us to build a rebound ...
متن کاملGrøstl Distinguishing Attack: A New Rebound Attack of an AES-like Permutation
We consider highly structured truncated differential paths to mount a new rebound attack on Grøstl-512, a hash functions based on two AES-like permutations, P1024 and Q1024, with non-square input and output registers. We explain how such differential paths can be computed using a Mixed-Integer Linear Programming approach. Together with a SuperSBox description, this allows us to build a rebound ...
متن کاملRebound Distinguishers: Results on the Full Whirlpool Compression Function
Whirlpool is a hash function based on a block cipher that can be seen as a scaled up variant of the AES. The main difference is the (compared to AES) extremely conservative key schedule. In this work, we present a distinguishing attack on the full compression function of Whirlpool. We obtain this result by improving the rebound attack on reduced Whirlpool with two new techniques. First, the inb...
متن کامل