Paper 2013/867
LHash: A Lightweight Hash Function (Full Version)
Wenling Wu, Shuang Wu, Lei Zhang, Jian Zou, and Le Dong
Abstract
In this paper, we propose a new lightweight hash function supporting three different digest sizes: 80, 96 and 128 bits, providing preimage security from 64 to 120 bits, second preimage and collision security from 40 to 60 bits. LHash requires about 817 GE and 1028 GE with a serialized implementation. In faster implementations based on function $T$, LHash requires 989 GE and 1200 GE with 54 and 72 cycles per block, respectively. Furthermore, its energy consumption evaluated by energy per bit is also remarkable. LHash allows to make trade-offs among security, speed, energy consumption and implementation costs by adjusting parameters. The design of LHash employs a kind of Feistel-PG structure in the internal permutation, and this structure can utilize permutation layers on nibbles to improve the diffusion speed. The adaptability of LHash in different environments is good, since different versions of LHash share the same basic computing module. The low-area implementation comes from the hardware-friendly S-box and linear diffusion layer. We evaluate the resistance of LHash against known attacks and confirm that LHash provides a good security margin.
Metadata
- Available format(s)
-
PDF
- Category
- Secret-key cryptography
- Publication info
- Published elsewhere. Minor revision. Inscrypt 2013
- Keywords
- lightweighthash functionsponge functionFeistelsecurityperformance
- Contact author(s)
- zhanglei @ tca iscas ac cn
- History
- 2013-12-29: received
- Short URL
- https://ia.cr/2013/867
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2013/867,
author = {Wenling Wu and Shuang Wu and Lei Zhang and Jian Zou and Le Dong},
title = {LHash: A Lightweight Hash Function (Full Version)},
howpublished = {Cryptology ePrint Archive, Paper 2013/867},
year = {2013},
note = {\url{https://eprint.iacr.org/2013/867}},
url = {https://eprint.iacr.org/2013/867}
}
