IACR News item: 29 December 2013
Wenling Wu, Shuang Wu, Lei Zhang, Jian Zou, Le Dong
ePrint Reportsupporting three different digest sizes: 80, 96 and 128 bits,
providing preimage security from 64 to 120 bits, second preimage
and collision security from 40 to 60 bits. LHash requires about
817 GE and 1028 GE with a serialized implementation. In faster
implementations based on function $T$, LHash requires 989 GE and
1200 GE with 54 and 72 cycles per block, respectively.
Furthermore, its energy consumption evaluated by energy per bit is
also remarkable. LHash allows to make trade-offs among security,
speed, energy consumption and implementation costs by adjusting
parameters. The design of LHash employs a kind of Feistel-PG structure in
the internal permutation, and this structure can
utilize permutation layers on
nibbles to improve the diffusion speed. The adaptability of LHash
in different environments is good, since different versions of
LHash share the same basic computing module. The low-area
implementation comes from the hardware-friendly S-box and linear
diffusion layer. We evaluate the resistance of LHash against known
attacks and confirm that LHash provides a good security margin.
Additional news items may be found on the IACR news page.