TY - GEN
T1 - Linear analysis of reduced-round CubeHash
AU - Ashur, Tomer
AU - Dunkelman, Orr
PY - 2011
Y1 - 2011
N2 - Recent developments in the field of cryptanalysis of hash functions has inspired NIST to announce a competition for selecting a new cryptographic hash function to join the SHA family of standards. One of the 14 second-round candidates was CubeHash designed by Daniel J. Bernstein. CubeHash is a unique hash function in the sense that it does not iterate a common compression function, and offers a structure which resembles a sponge function, even though it is not exactly a sponge function. In this paper we analyze reduced-round variants of CubeHash where the adversary controls the full 1024-bit input to reduced-round Cube- Hash and can observe its full output. We show that linear approximations with high biases exist in reduced-round variants. For example, we present an 11-round linear approximation with bias of 2-∈235, which allows distinguishing 11-round CubeHash using about 2470 queries. We also discuss the extension of this distinguisher to 12 rounds using message modification techniques. Finally, we present a linear distinguisher for 14-round CubeHash which uses about 2812 queries.
AB - Recent developments in the field of cryptanalysis of hash functions has inspired NIST to announce a competition for selecting a new cryptographic hash function to join the SHA family of standards. One of the 14 second-round candidates was CubeHash designed by Daniel J. Bernstein. CubeHash is a unique hash function in the sense that it does not iterate a common compression function, and offers a structure which resembles a sponge function, even though it is not exactly a sponge function. In this paper we analyze reduced-round variants of CubeHash where the adversary controls the full 1024-bit input to reduced-round Cube- Hash and can observe its full output. We show that linear approximations with high biases exist in reduced-round variants. For example, we present an 11-round linear approximation with bias of 2-∈235, which allows distinguishing 11-round CubeHash using about 2470 queries. We also discuss the extension of this distinguisher to 12 rounds using message modification techniques. Finally, we present a linear distinguisher for 14-round CubeHash which uses about 2812 queries.
KW - CubeHash SHA-3 competition
KW - Linear cryptanalysis
UR - http://www.scopus.com/inward/record.url?scp=79959286452&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-21554-4_27
DO - 10.1007/978-3-642-21554-4_27
M3 - Conference contribution
AN - SCOPUS:79959286452
SN - 9783642215537
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 462
EP - 478
BT - Applied Cryptography and Network Security - 9th International Conference, ACNS 2011, Proceedings
T2 - 9th International Conference on Applied Cryptography and Network Security, ACNS 2011
Y2 - 7 June 2011 through 10 June 2011
ER -