Sciweavers

ASIACRYPT
2009
Springer

Rebound Attack on the Full Lane Compression Function

14 years 6 months ago
Rebound Attack on the Full Lane Compression Function
In this work, we apply the rebound attack to the AES based SHA-3 candidate Lane. The hash function Lane uses a permutation based compression function, consisting of a linear message expansion and 6 parallel lanes. In the rebound attack on Lane, we apply several new techniques to construct a collision for the full compression function of Lane-256 and Lane-512. Using a relatively sparse truncated dierential path, we are able to solve for a valid message expansion and colliding lanes independently. Additionally, we are able to apply the inbound phase more than once by exploiting the degrees of freedom in the parallel AES states. This allows us to construct semi-free-start collisions for full Lane-256 with 296 compression function evaluations and 288 memory, and for full Lane-512 with 2224 compression function evaluations and 2128 memory.
Krystian Matusiewicz, María Naya-Plasencia,
Added 25 May 2010
Updated 25 May 2010
Type Conference
Year 2009
Where ASIACRYPT
Authors Krystian Matusiewicz, María Naya-Plasencia, Ivica Nikolic, Yu Sasaki, Martin Schläffer
Comments (0)