ECHO

From The ECRYPT Hash Function Website

Jump to: navigation, search

Contents

1 The algorithm


Ryad Benadjila, Olivier Billet, Henri Gilbert, Gilles Macario-Rat, Thomas Peyrin, Matt Robshaw, Yannick Seurin - SHA-3 Proposal: ECHO
Submission to NIST (updated), 2009
[Electronic Edition] [Bibtex]
Author : Ryad Benadjila, Olivier Billet, Henri Gilbert, Gilles Macario-Rat, Thomas Peyrin, Matt Robshaw, Yannick Seurin
Title : SHA-3 Proposal: ECHO
In : Submission to NIST (updated) -

Ryad Benadjila, Olivier Billet, Henri Gilbert, Gilles Macario-Rat, Thomas Peyrin, Matt Robshaw, Yannick Seurin - SHA-3 Proposal: ECHO
Submission to NIST, 2008
[Electronic Edition] [Bibtex]
Author : Ryad Benadjila, Olivier Billet, Henri Gilbert, Gilles Macario-Rat, Thomas Peyrin, Matt Robshaw, Yannick Seurin
Title : SHA-3 Proposal: ECHO
In : Submission to NIST -




2 Cryptanalysis

We distinguish between two cases: results on the complete hash function, and results on underlying building blocks.

A description of the tables is given here.

Recommended security parameter: 8 rounds (n=224,256); 10 rounds (n=384,512)

2.1 Hash function

Here we list results on the hash function according to the NIST requirements. The only allowed modification is to change the security parameter.

Type of Analysis Hash Size (n) Parameters Compression Function Calls Memory Requirements Reference
collision(1) 256 5 rounds 2112 285.3 Schläffer

(1) In this attack some problems in the previous attacks (pointed out by Jean,Fouque) have been corrected.


2.2 Building blocks

Here we list results on underlying building blocks, and the hash function modified by other means than the security parameter.

Note that these results assume more direct control or access over some internal variables (aka. free-start, pseudo, compression function, block cipher, or permutation attacks).

Type of Analysis Hash Function Part Hash Size (n) Parameters/Variants Compression Function Calls Memory Requirements Reference
distinguisher permutation 256 8 rounds 2151 267 Naya-Plasencia
distinguisher permutation 224,256 8 rounds 2182 237 Sasaki,Li,Wang,Sakayima,Ohta
distinguisher(1) (chosen salt) compression function 256 7 rounds 2160 2128 Schläffer
free-start collision(1) (chosen salt) compression function 256 6 rounds 2160 2128 Schläffer
semi-free-start collision compression function 256 4 rounds 252 216 Jean,Fouque
semi-free-start collision compression function 256 3 rounds 264 264 Peyrin
distinguisher compression function 256 4 rounds 264 264 Peyrin
semi-free-start collision compression function 512 3 rounds 296 264 Peyrin
distinguisher compression function 512 6 rounds 296 264 Peyrin
distinguisher permutation all 8 rounds 2768 2512 Gilbert,Peyrin
distinguisher permutation all 7 rounds 2384 264 Mendel,Peyrin,Rechberger,Schläffer
distinguisher permutation all 7 rounds 2896 - submission document

(1) In this attack some problems in the previous attacks (pointed out by Jean,Fouque) have been corrected.


María Naya-Plasencia - Scrutinizing rebound attacks: new algorithms for improving the complexities
Cryptology ePrint Archive, Report 2010/607, 2010
[Electronic Edition] [Bibtex]
Author : María Naya-Plasencia
Title : Scrutinizing rebound attacks: new algorithms for improving the complexities
In : Cryptology ePrint Archive, Report 2010/607 -
[Abstract]

Yu Sasaki, Yang Li, Lei Wang, Kazuo Sakiyama, Kazuo Ohta - New Non-Ideal Properties of AES-Based Permutations: Applications to ECHO and Grøstl
Second SHA-3 Candidate Conference, 2010
[Electronic Edition] [Bibtex]
Author : Yu Sasaki, Yang Li, Lei Wang, Kazuo Sakiyama, Kazuo Ohta
Title : New Non-Ideal Properties of AES-Based Permutations: Applications to ECHO and Grøstl
In : Second SHA-3 Candidate Conference -
[Abstract]

Martin Schläffer - Improved Collisions for Reduced ECHO-256
Cryptology ePrint Archive, Report 2010/588, 2010
[Electronic Edition] [Bibtex]
Author : Martin Schläffer
Title : Improved Collisions for Reduced ECHO-256
In : Cryptology ePrint Archive, Report 2010/588 -
[Abstract]

Jérémy Jean, Pierre-Alain Fouque - Practical Near-Collisions and Collisions on Round-Reduced ECHO-256 Compression Function
Cryptology ePrint Archive, Report 2010/569, 2010
[Electronic Edition] [Bibtex]
Author : Jérémy Jean, Pierre-Alain Fouque
Title : Practical Near-Collisions and Collisions on Round-Reduced ECHO-256 Compression Function
In : Cryptology ePrint Archive, Report 2010/569 -
[Abstract]

Martin Schläffer - Subspace Distinguisher for 5/8 Rounds of the ECHO-256 Hash Function
Cryptology ePrint Archive, Report 2010/321, 2010
[Electronic Edition] [Bibtex]
Author : Martin Schläffer
Title : Subspace Distinguisher for 5/8 Rounds of the ECHO-256 Hash Function
In : Cryptology ePrint Archive, Report 2010/321 -
[Abstract]

Thomas Peyrin - Improved Differential Attacks for ECHO and Grostl
Cryptology ePrint Archive, Report 2010/223, 2010
[Bibtex]
Author : Thomas Peyrin
Title : Improved Differential Attacks for ECHO and Grostl
In : Cryptology ePrint Archive, Report 2010/223 -
[Abstract]

Henri Gilbert, Thomas Peyrin - Super-Sbox Cryptanalysis: Improved Attacks for AES-like permutations
In Proceedings of FSE, LNCS, pp. , 2010
[Electronic Edition] [Bibtex]
Author : Henri Gilbert, Thomas Peyrin
Title : Super-Sbox Cryptanalysis: Improved Attacks for AES-like permutations
In : In Proceedings of FSE -
[Abstract]

Florian Mendel, Thomas Peyrin, Christian Rechberger, Martin Schläffer - Improved Cryptanalysis of the Reduced Grøstl Compression Function, ECHO Permutation and AES Block Cipher
In Proceedings of SAC, 5867, pp. 16-35, 2009
[Electronic Edition] [Bibtex]
Author : Florian Mendel, Thomas Peyrin, Christian

Rechberger, Martin Schläffer
Title : Improved Cryptanalysis of the Reduced Grøstl

Compression Function, ECHO Permutation and AES Block Cipher
In : In Proceedings of SAC -
[Abstract]
Personal tools