Skip to main content
Conference ProceedingsOPEN ACCESS

Rebound attack on the full lane compression function

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2009) 5912 LNCS 106-125
DOI: 10.1007/978-3-642-10366-7_7
44Citations
Citations of this article
34Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

In this work, we apply the rebound attack to the AES based SHA-3 candidate Lane. The hash function Lane uses a permutation based compression function, consisting of a linear message expansion and 6 parallel lanes. In the rebound attack on Lane, we apply several new techniques to construct a collision for the full compression function of Lane-256 and Lane-512. Using a relatively sparse truncated differential path, we are able to solve for a valid message expansion and colliding lanes independently. Additionally, we are able to apply the inbound phase more than once by exploiting the degrees of freedom in the parallel AES states. This allows us to construct semi-free-start collisions for full Lane-256 with 296 compression function evaluations and 2 88 memory, and for full Lane-512 with 2224 compression function evaluations and 2128 memory. © 2009 Springer-Verlag.

Author supplied keywords

Cite

CITATION STYLE

APA

Matusiewicz, K., Naya-Plasencia, M., Nikolić, I., Sasaki, Y., & Schläffer, M. (2009). Rebound attack on the full lane compression function. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 5912 LNCS, pp. 106–125). https://doi.org/10.1007/978-3-642-10366-7_7

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free