National Institute of Standards and Technology
Indifferentiability security of a hash mode of operation guarantees the mode's resistance against all (meaningful) generic attacks. It is also useful to establish the security of protocols that use hash functions as random functions. The JH hash function is one of the five finalists in the ongoing NIST SHA-3 hash function competition. Despite several years of analysis, the indifferentiability security of the JH mode (with n-bit digest and 2n-bit permutation) has remained remarkably low, only at n=3 bits (FSE 2010), while the other four finalist modes - with comparable parameter values - offer a security guarantee of n=2 bits. In this paper, the authors improve the indifferentiability security bound for the JH mode to n=2 bits (e.g. from 171 to 256 bits when n = 512).