2 research outputs found
LHash: A Lightweight Hash Function (Full Version)
In this paper, we propose a new lightweight hash function
supporting three different digest sizes: 80, 96 and 128 bits,
providing preimage security from 64 to 120 bits, second preimage
and collision security from 40 to 60 bits. LHash requires about
817 GE and 1028 GE with a serialized implementation. In faster
implementations based on function , LHash requires 989 GE and
1200 GE with 54 and 72 cycles per block, respectively.
Furthermore, its energy consumption evaluated by energy per bit is
also remarkable. LHash allows to make trade-offs among security,
speed, energy consumption and implementation costs by adjusting
parameters. The design of LHash employs a kind of Feistel-PG structure in
the internal permutation, and this structure can
utilize permutation layers on
nibbles to improve the diffusion speed. The adaptability of LHash
in different environments is good, since different versions of
LHash share the same basic computing module. The low-area
implementation comes from the hardware-friendly S-box and linear
diffusion layer. We evaluate the resistance of LHash against known
attacks and confirm that LHash provides a good security margin
practical rebound attack on 12-round cheetah-256
Natl Secur Res Inst, Elect Telecommunicat Res Inst, Natl Inst Math Sci, Korea Internet & Secur Agcy, Korea Univ BK21 Info Secur Ubiquitous Environm, Seoul Natl Univ Res Inst Math, Korean Federat Sci & Technol Soc, Chungnam Natl Univ, Internet Intrus ResponseTechnol Res Ctr, MarkAny, SG Advantech, AhnLab, LG CNS, Korea UnivIn this paper, we propose cryptanalysis of the hash function Cheetah-256. Cheetah is accepted as a first round candidate of SHA-3 competition hosted by NIST 1, but it is not in the second round. First, we discuss relation between degrees of freedom injected from round message blocks and round number of a pseudo-collision attack on hash functions with S boxes and MDS diffusion. A pseudo-collision attack on 8-round Cheetah-256 can be derived by trivially applying original rebound techniques. Then, we propose a rebound differential path for semi-free start collision attack on 12-round Cheetah-256 and an observation of the neutral bytes influence on state values. Based on this observation, algebraic message modifications are designed using the neutral bytes and total complexity is reduced to 2(24). This is a practical rebound attack