cryptanalysis of the lane hash function

Int Assoc Cryptol ResThe LANE4 hash function is designed by Sebastiaan In-desteege and Bart Preneel. It is now a first round candidate of NISTs SHA-3 competition. The LANE hash function contains four concrete designs with different digest length of 224, 256, 384 and 512. The LANE hash function uses two permutations P and Q, which consist of different number of AES1-like rounds. LANE-224/256 uses 6-round P and 3-round Q. LANE-384/512 uses 8-round P and 4-round Q. We will use LANE-n-(a,b) to denote a. variant of LANE with a-round P, b-round Q and a digest length n. We have found a semi-free start collision attack on reduced-round LANE-256-(3,3) with complexity of 2(62) compression function evaluations and 2(69) memory. This technique call be applied to LANE-512-(3,4) to get a semi-free start collision attack with the same complexity of 2(62) and 2(69) memory. We also propose a collision attack on LANE-512-(3,4) with complexity of 2(94) and 2(133) memory