Research And Application On The Rebound Attack Of Hash Function Based On AES Structure

In order to collect the next generation of standard of Hash function and replace the current SHA-2, NIST launched a worldwide solicitation activity of the new Hash Standard in 2007. Twister and Grφstl algorithm are the first and third round candidate algorithms of SHA-3, respectively. Twister and Grφstl algorithms are both based on the AES structure, representing the current design level of Hash function, and the future direction of Hash function development.After analyzing the circle structure of Twister algorithm, the diffusion of truncated differential impact the degree of freedom, as well as the development process of the degree of freedom in the middle stages that connects two rebound attacks, launched 3,4,6,7 rounds of semi-free start collision attacks on the compression function of Twsiter-512, whose computational complexities are 2⁶⁴,2¹²⁰,2¹⁹⁶,and 2¹⁹⁶ respectively. On that basis, launch a rebound attack in each circle structure, and obtain semi-free start collisions of complete compressed function of Twister algorithm; While analyzing the P and Q permutations of Gr?stl compression function, combine as well as the property of super S-box and launch 5,6 rounds semi-free start collision attack on Grφstl-256, whose computational complexity are 2⁶⁴,2¹²⁰, respectively. And, for the first time, analyze 7 rounds semi-free start collision attack on Grφstl-256, whose computational complexity is no more than the 6 rounds one's.In the end, the article offers us a comprehensive analysis of the rebound attacks and a detailed description of the specific steps in analyzing the rebound attacks, and some techniques and details that should be noticed while analyzing.