Presentation	2013-07-18 A Collision Attack on a Double-Block-Length Compression Function Instantiated with Round-Reduced AES-256 Jiageng CHEN, Shoichi HIROSE, Hidenori KUWAKADO, Atsuko MIYAJI,
PDF Download Page	PDF download Page Link
Abstract(in Japanese)	(See Japanese page)
Abstract(in English)	This paper presents the first collision attack on the double-block-length compression function presented at FSE 2006 instantiated with round-reduced AES-256: f_0(h_0||h_1,M)||f_1(h_0||h_1,M) such that f_0(h_0||h_1,M)=E_(h_0) ⨁ h_0 and Architecture,_1(h_0||h_1,M)=E_(h_0 ⨁ c)⨁ h_0 ⨁ c, where || represents concatenation, E is AES-256 and c is a non-zero constant. The proposed attack is a free-start collision attack. It uses the rebound attack proposed by Mendel et al. It finds a collision with time complexity 2^8 and 2^<64> for the instantiation with 6-round AES-256 and 8-round AES-256, respectively. The space complexity is negligible. The attack is effective only if the $16$-byte constant c has a single non-zero byte. It still sheds light on a gap between the ideal world and the real world: The target double-block-length compression function is shown to be optimally collision-resistant in the ideal cipher model. It also suggests how not to choose the constant.
Keyword(in Japanese)	(See Japanese page)
Keyword(in English)	hash function / compression function / AES / collision attack
Paper #	ISEC2013-19,SITE2013-14,ICSS2013-24,EMM2013-21
Date of Issue

Conference Information
Committee	ISEC
Conference Date	2013/7/11(1days)
Place (in Japanese)	(See Japanese page)
Place (in English)
Topics (in Japanese)	(See Japanese page)
Topics (in English)
Chair
Vice Chair
Secretary
Assistant

Paper Information
Registration To	Information Security (ISEC)
Language	ENG
Title (in Japanese)	(See Japanese page)
Sub Title (in Japanese)	(See Japanese page)
Title (in English)	A Collision Attack on a Double-Block-Length Compression Function Instantiated with Round-Reduced AES-256
Sub Title (in English)
Keyword(1)	hash function
Keyword(2)	compression function
Keyword(3)	AES
Keyword(4)	collision attack
1st Author's Name	Jiageng CHEN
1st Author's Affiliation	School of Information Science, JAIST()
2nd Author's Name	Shoichi HIROSE
2nd Author's Affiliation	Faculty of Engineering, University of Fukui
3rd Author's Name	Hidenori KUWAKADO
3rd Author's Affiliation	Faculty of Informatics, Kansai University
4th Author's Name	Atsuko MIYAJI
4th Author's Affiliation	School of Information Science, JAIST
Date	2013-07-18
Paper #	ISEC2013-19,SITE2013-14,ICSS2013-24,EMM2013-21
Volume (vol)	vol.113
Number (no)	135
Page	pp.pp.-
#Pages	8
Date of Issue