MILP-based meet-in-the-middle preimage attack on the textsfJHxspace-512 hash function: breaking 13 rounds

Recently, meet-in-the-middle (MitM) attacks have achieved notable progress in the cryptanalysis of both advanced encryption standard (AES)-like and sponge-based constructions. As a SHA-3 competition finalist, the textsfJHxspace hash function adopts a permutation-based compression function related to the Even-Mansour structure; its underlying permutation is designed using a generalized AES design methodology. This paper proposes a MitM modeling framework tailored to the textsfJHxspace-512 permutation and employs mixed-integer linear programming (MILP) to automatically search for a 13-round MitM characteristic. Building on this, we mount a MitM preimage attack on textsfJHxspace-512 reduced to 13 out of 42 rounds, with a time complexity of 2^320 improving upon the previous best known preimage attack on 10 out of 42 rounds with a time complexity of 2^325 While the full-round textsfJHxspace hash function remains secure, our approach provides new insights and techniques for the cryptanalysis of textsfJHxspace and other related primitives.