International Association
for Cryptologic Research

A double-block-length (DBL) hash mode of block ciphers, MJH has been

proved to be collision-resistant in the ideal cipher model upto

$2^{2n/3- \\log n}$ queries. In this paper we provide first

cryptanalytic results for MJH. We show that a collision attack on

MJH has the time complexity below the birthday bound. When block

ciphers with 128-bit blocks are used, it has time complexity around

$2^{124}$, which is to be compared to the birthday attack having

complexity $2^{128}$. We also give a preimage attack on MJH. It has

the time complexity of $2^{3n/2+1}$ with $n$-bit block ciphers,

which is to be compared to the brute force attack having complexity

$2^{2n}$.