Paper 2010/535

Linear Analysis of Reduced-Round CubeHash

Tomer Ashur and Orr Dunkelman

Abstract

Recent developments in the field of cryptanalysis of hash functions has inspired NIST to announce a competition for selecting a new cryptographic hash function to join the SHA family of standards. One of the 14 second-round candidates is CubeHash designed by Daniel J. Bernstein. CubeHash is a unique hash function in the sense that it does not iterate a common compression function, and offers a structure which resembles a sponge function, even though it is not exactly a sponge function. In this paper we analyze reduced-round variants of CubeHash where the adversary controls the full 1024-bit input to reduced-round CubeHash and can observe its full output. We show that linear approximations with high biases exist in reduced-round variants. For example, we present an 11-round linear approximation with bias of 2^{−235}, which allows distinguishing 11-round CubeHash using about 2^{470} queries. We also discuss the extension of this distinguisher to 12 rounds using message modification techniques. Finally, we present a linear distinguisher for 14-round CubeHash which uses about 2^{812} queries.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
CubeHash SHA-3 competitionLinear cryptanalysis
Contact author(s)
orr dunkelman @ weizmann ac il
History
2010-10-19: received
Short URL
https://ia.cr/2010/535
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2010/535,
      author = {Tomer Ashur and Orr Dunkelman},
      title = {Linear Analysis of Reduced-Round CubeHash},
      howpublished = {Cryptology ePrint Archive, Paper 2010/535},
      year = {2010},
      note = {\url{https://eprint.iacr.org/2010/535}},
      url = {https://eprint.iacr.org/2010/535}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.