SHAvite-3

From The ECRYPT Hash Function Website

Jump to: navigation, search

Contents

1 The algorithm


Eli Biham, Orr Dunkelman - The SHAvite-3 Hash Function
Submission to NIST (Round 2), 2009
[Electronic Edition] [Bibtex]
Author : Eli Biham, Orr Dunkelman
Title : The SHAvite-3 Hash Function
In : Submission to NIST (Round 2) -

Eli Biham, Orr Dunkelman - The SHAvite-3 Hash Function
Submission to NIST (Round 1), 2008
[Electronic Edition] [Bibtex]
Author : Eli Biham, Orr Dunkelman
Title : The SHAvite-3 Hash Function
In : Submission to NIST (Round 1) -


2 Cryptanalysis

We distinguish between two cases: results on the complete hash function, and results on underlying building blocks.

A description of the tables is given here.

Recommended security parameter: 12 rounds (n=224,256); 14 rounds (n=384,512)

2.1 Hash function

Here we list results on the hash function according to the NIST requirements. The only allowed modification is to change the security parameter.

Type of Analysis Hash Size (n) Parameters Compression Function Calls Memory Requirements Reference
second preimage 512 10 rounds 2497 216 Gauravaram et al.
second preimage 512 9 rounds 2496 216 Bouillaguet et al.


2.2 Building blocks

Here we list results on underlying building blocks, and the hash function modified by other means than the security parameter.

Note that these results assume more direct control or access over some internal variables (aka. free-start, pseudo, compression function, block cipher, or permutation attacks).

Type of Analysis Hash Function Part Hash Size (n) Parameters/Variants Compression Function Calls Memory Requirements Reference
observations hash all Gligoroski
pseudo-preimage compression 512 14 rounds 2384+s 2128-s Gauravaram et al.
pseudo-collision compression 512 14 rounds 2192 2128 Gauravaram et al.
pseudo-collision compression all full (Round 1) Peyrin
pseudo-collision compression 256 full (Round 1) Nandi,Paul
impossible differential block cipher 224,256 5 rounds - - submission document
impossible differential block cipher 384,512 9 rounds - - submission document


Danilo Gligoroski - Narrow-pipe SHA-3 candidates differ significantly from ideal random functions defined over big domains
NIST mailing list, 2010
[Electronic Edition] [Bibtex]
Author : Danilo Gligoroski
Title : Narrow-pipe SHA-3 candidates differ significantly from ideal random functions defined over big domains
In : NIST mailing list -

Praveen Gauravaram, Gaëtan Leurent, Florian Mendel, Maria Naya-Plasencia, Thomas Peyrin, Christian Rechberger, Martin Schläffer - Cryptanalysis of the 10-Round Hash and Full Compression Function of SHAvite-3-512
In Proceedings of Africacrypt, LNCS 6055, pp. 419 - 436, Springer, 2010
[Electronic Edition] [Bibtex]
Author : Praveen Gauravaram, Gaëtan Leurent, Florian Mendel, Maria Naya-Plasencia, Thomas Peyrin, Christian Rechberger, Martin Schläffer
Title : Cryptanalysis of the 10-Round Hash and Full Compression Function of SHAvite-3-512
In : In Proceedings of Africacrypt -
[Abstract]

Charles Bouillaguet, Orr Dunkelman, Gaëtan Leurent, Pierre-Alain Fouque - Attacks on Hash Functions based on Generalized Feistel - Application to Reduced-Round Lesamnta and SHAvite-3_{512}
Cryptology ePrint Archive, Report 2009/634, 2009
[Electronic Edition] [Bibtex]
Author : Charles Bouillaguet, Orr Dunkelman, Gaëtan Leurent, Pierre-Alain Fouque
Title : Attacks on Hash Functions based on Generalized Feistel - Application to Reduced-Round Lesamnta and SHAvite-3_{512}
In : Cryptology ePrint Archive, Report 2009/634 -
[Abstract]

Thomas Peyrin - Chosen-salt, chosen-counter, pseudo-collision on SHAvite-3 compression function
Available online, 2009
[Electronic Edition] [Bibtex]
Author : Thomas Peyrin
Title : Chosen-salt, chosen-counter, pseudo-collision on SHAvite-3 compression function
In : Available online -

Mridul Nandi, Souradyuti Paul - OFFICIAL COMMENT: SHAvite-3
Available online, 2009
[Electronic Edition] [Bibtex]
Author : Mridul Nandi, Souradyuti Paul
Title : OFFICIAL COMMENT: SHAvite-3
In : Available online -
Personal tools