LHash: A Lightweight Hash Function (Full Version)

In this paper, we propose a new lightweight hash function supporting three different digest sizes: 80, 96 and 128 bits, providing preimage security from 64 to 120 bits, second preimage and collision security from 40 to 60 bits. LHash requires about 817 GE and 1028 GE with a serialized implementation. In faster implementations based on function T , LHash requires 989 GE and 1200 GE with 54 and 72 cycles per block, respectively. Furthermore, its energy consumption evaluated by energy per bit is also remarkable. LHash allows to make trade-offs among security, speed, energy consumption and implementation costs by adjusting parameters. The design of LHash employs a kind of Feistel-PG structure in the internal permutation, and this structure can utilize permutation layers on nibbles to improve the diffusion speed. The adaptability of LHash in different environments is good, since different versions of LHash share the same basic computing module. The low-area implementation comes from the hardware-friendly S- box and linear diffusion layer. We evaluate the resistance of LHash against known attacks and confirm that LHash provides a good security margin.

[1]  Thomas Peyrin,et al.  Improved Rebound Attack on the Finalist Grøstl , 2012, FSE.

[2]  Kazuhiko Minematsu,et al.  Improving the Generalized Feistel , 2010, FSE.

[3]  Andrey Bogdanov,et al.  Hash Functions and RFID Tags: Mind the Gap , 2008, CHES.

[4]  Adi Shamir,et al.  Self-Differential Cryptanalysis of Up to 5 Rounds of SHA-3 , 2012, IACR Cryptol. ePrint Arch..

[5]  Elif Bilge Kavun,et al.  A Lightweight Implementation of Keccak Hash Function for Radio-Frequency Identification Applications , 2010, RFIDSec.

[6]  Ivica Nikolic,et al.  Rotational Cryptanalysis of ARX , 2010, FSE.

[7]  Matthew J. B. Robshaw,et al.  New Stream Cipher Designs: The eSTREAM Finalists , 2008 .

[8]  Anne Canteaut,et al.  On the Influence of the Algebraic Degree of $F^{-1}$ on the Algebraic Degree of $G \circ F$ , 2013, IEEE Transactions on Information Theory.

[9]  Vincent Rijmen,et al.  Rebound Distinguishers: Results on the Full Whirlpool Compression Function , 2009, ASIACRYPT.

[10]  Stéphane Badel,et al.  ARMADILLO: A Multi-purpose Cryptographic Primitive Dedicated to Hardware , 2010, CHES.

[11]  Willi Meier,et al.  Quark: A Lightweight Hash , 2010, Journal of Cryptology.

[12]  Thomas Peyrin,et al.  The PHOTON Family of Lightweight Hash Functions , 2011, IACR Cryptol. ePrint Arch..

[13]  Anne Canteaut,et al.  Zero-Sum Distinguishers for Iterated Permutations and Application to Keccak-f and Hamsi-256 , 2010, Selected Areas in Cryptography.

[14]  Vincent Rijmen,et al.  The Rebound Attack and Subspace Distinguishers: Application to Whirlpool , 2015, Journal of Cryptology.

[15]  Shoichi Hirose,et al.  Some Plausible Constructions of Double-Block-Length Hash Functions , 2006, FSE.

[16]  Anne Canteaut,et al.  PRINCE - A Low-latency Block Cipher for Pervasive Computing Applications (Full version) , 2012, IACR Cryptol. ePrint Arch..

[17]  Wenling Wu,et al.  LBlock: A Lightweight Block Cipher , 2011, ACNS.

[18]  Jongsung Kim,et al.  HIGHT: A New Block Cipher Suitable for Low-Resource Device , 2006, CHES.

[19]  Serge Vaudenay,et al.  Multipurpose Cryptographic Primitive ARMADILLO3 , 2012, CARDIS.

[20]  Shuang Wu,et al.  Investigating Fundamental Security Requirements on Whirlpool: Improved Preimage and Collision Attacks , 2012, ASIACRYPT.

[21]  Martin Hell,et al.  The Grain Family of Stream Ciphers , 2008, The eSTREAM Finalists.

[22]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[23]  Vincent Rijmen,et al.  Rebound Attack on Reduced-Round Versions of JH , 2010, FSE.

[24]  G. V. Assche,et al.  Sponge Functions , 2007 .

[25]  Thomas Peyrin,et al.  The LED Block Cipher , 2011, IACR Cryptol. ePrint Arch..

[26]  Andrey Bogdanov,et al.  spongent: A Lightweight Hash Function , 2011, CHES.

[27]  Yu Sasaki,et al.  Rebound Attack on the Full Lane Compression Function , 2009, ASIACRYPT.

[28]  Kyoji Shibutani,et al.  Piccolo: An Ultra-Lightweight Blockcipher , 2011, CHES.

[29]  Shuang Wu,et al.  Practical Rebound Attack on 12-Round Cheetah-256 , 2009, ICISC.

[30]  Florian Mendel,et al.  The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Grøstl , 2009, FSE.

[31]  Yu Sasaki Double-SP Is Weaker Than Single-SP: Rebound Attacks on Feistel Ciphers with Several Rounds , 2012, INDOCRYPT.

[32]  Thomas Peyrin,et al.  Super-Sbox Cryptanalysis: Improved Attacks for AES-Like Permutations , 2010, FSE.

[33]  María Naya-Plasencia,et al.  How to Improve Rebound Attacks , 2011, IACR Cryptol. ePrint Arch..

[34]  Anne Canteaut,et al.  Higher-Order Differential Properties of Keccak and Luffa , 2011, FSE.

[35]  Ivica Nikolic,et al.  Rotational Rebound Attacks on Reduced Skein , 2010, Journal of Cryptology.