Abstract
We propose a hash function based on three design principles: the sponge construction, ARX operations, and the wide trail strategy. While the sponge construction applies generically to any sufficiently strong permutation, the wide trail strategy and the ARX operations are naturally somewhat incompatible. We show that while the ARX operations provide only very weakly nonlinear S-boxes, it is possible to build very strong linear diffusion layers with them. As a result, the wide trail argument, which bounds the attacker’s success probability in terms of the minimum number of active S-boxes across two rounds, survives. The proposed hash function is one of a very select group of ARX ciphers featuring rigorous bounds against differential and linear cryptanalysis.
Original language | English |
---|---|
Article number | 9 |
Pages (from-to) | 69-76 |
Number of pages | 8 |
Journal | Proceedings of the Romanian Academy, Series A |
Volume | 21 |
Issue number | 1 |
Publication status | Published - Jan 2020 |
Keywords
- Addition-rotate-xor
- Diffusion
- Hash function
- Sponge
- Wide trail strategy