Linear Analysis of Reduced-Round CubeHash

10 years 10 months ago
Linear Analysis of Reduced-Round CubeHash
Abstract. Recent developments in the field of cryptanalysis of hash functions has inspired NIST to announce a competition for selecting a new cryptographic hash function to join the SHA family of standards. One of the 14 second-round candidates is CubeHash designed by Daniel J. Bernstein. CubeHash is a unique hash function in the sense that it does not iterate a common compression function, and offers a structure which resembles a sponge function, even though it is not exactly a sponge function. In this paper we analyze reduced-round variants of CubeHash where the adversary controls the full 1024-bit input to reduced-round CubeHash and can observe its full output. We show that linear approximations with high biases exist in reduced-round variants. For example, we present an 11-round linear approximation with bias of 2−235 , which allows distinguishing 11round CubeHash using about 2470 queries. We also discuss the extension of this distinguisher to 12 rounds using message modificat...
Tomer Ashur, Orr Dunkelman
Added 24 Aug 2011
Updated 24 Aug 2011
Type Journal
Year 2011
Where ACNS
Authors Tomer Ashur, Orr Dunkelman
Comments (0)