Shabal

From The ECRYPT Hash Function Website

Jump to: navigation, search

Contents

1 The algorithm

  • Author(s): Emmanuel Bresson, Anne Canteaut, Benoît Chevallier-Mames, Christophe Clavier, Thomas Fuhr, Aline Gouget, Thomas Icart, Jean-François Misarsky, Marìa Naya-Plasencia, Pascal Paillier, Thomas Pornin, Jean-René Reinhard, Céline Thuillet, Marion Videau
  • Website: http://www.shabal.com/
  • NIST submission package:


Emmanuel Bresson, Anne Canteaut, Benoît Chevallier-Mames, Christophe Clavier, Thomas Fuhr, Aline Gouget, Thomas Icart, Jean-François Misarsky, Marìa Naya-Plasencia, Pascal Paillier, Thomas Pornin, Jean-René Reinhard, Céline Thuillet, Marion Videau - Shabal, a Submission to NIST’s Cryptographic Hash Algorithm Competition
Submission to NIST, 2008
[Electronic Edition] [Bibtex]
Author : Emmanuel Bresson, Anne Canteaut, Benoît Chevallier-Mames, Christophe Clavier, Thomas Fuhr, Aline Gouget, Thomas Icart, Jean-François Misarsky, Marìa Naya-Plasencia, Pascal Paillier, Thomas Pornin, Jean-René Reinhard, Céline Thuillet, Marion Videau
Title : Shabal, a Submission to NIST’s Cryptographic Hash Algorithm Competition
In : Submission to NIST -

Emmanuel Bresson, Anne Canteaut, Benoît Chevallier-Mames, Christophe Clavier, Thomas Fuhr, Aline Gouget, Thomas Icart, Jean-François Misarsky, Marìa Naya-Plasencia, Pascal Paillier, Thomas Pornin, Jean-René Reinhard, Céline Thuillet, Marion Videau - Indifferentiability with Distinguishers: Why Shabal Does Not Require Ideal Ciphers
Cryptology ePrint Archive, Report 2009/199, 2009
[Electronic Edition] [Bibtex]
Author : Emmanuel Bresson, Anne Canteaut, Benoît Chevallier-Mames, Christophe Clavier, Thomas Fuhr, Aline Gouget, Thomas Icart, Jean-François Misarsky, Marìa Naya-Plasencia, Pascal Paillier, Thomas Pornin, Jean-René Reinhard, Céline Thuillet, Marion Videau
Title : Indifferentiability with Distinguishers: Why Shabal Does Not Require Ideal Ciphers
In : Cryptology ePrint Archive, Report 2009/199 -
[Abstract]


2 Cryptanalysis

We distinguish between two cases: results on the complete hash function, and results on underlying building blocks.

A description of the tables is given here.

Recommended security parameters: (p,r)=(3,12)

2.1 Hash function

Here we list results on the hash function according to the NIST requirements. The only allowed modification is to change the security parameter.

Type of Analysis Hash Size (n) Parameters Compression Function Calls Memory Requirements Reference

2.2 Building blocks

Here we list results on underlying building blocks, and the hash function modified by other means than the security parameter.

Note that these results assume more direct control or access over some internal variables (aka. free-start, pseudo, compression function, block cipher, or permutation attacks).

Type of Analysis Hash Function Part Hash Size (n) Parameters/Variants Compression Function Calls Memory Requirements Reference
pseudo collision compression function all 45-bit difference 284 Isobe,Shirai
preimage hash all (2,12),no final loop 2497 2400 Isobe,Shirai
preimage hash all (1.5,8) 2497 2272 Isobe,Shirai
non-randomness compression function all 1 Aumasson
non-randomness permutation all 221 Novotney
non-randomness permutation all 2159 Van Assche
non-randomness(1) permutation all 2 Aumasson,Mashatan,Meier
non-randomness(1) permutation all 1 Knudsen,Matusiewicz,Thomsen
non-randomness(1) permutation all 212 Aumasson

(1)The Shabal team commented on these analyses and provide an update of their security proofs in this note.


Takanori Isobe, Taizo Shirai - Low-weight Pseudo Collision Attack on Shabal and Preimage Attack on Reduced Shabal-512
Cryptology ePrint Archive, Report 2010/434, 2010
[Electronic Edition] [Bibtex]
Author : Takanori Isobe, Taizo Shirai
Title : Low-weight Pseudo Collision Attack on Shabal and Preimage Attack on Reduced Shabal-512
In : Cryptology ePrint Archive, Report 2010/434 -
[Abstract]

Jean-Philippe Aumasson - Observation on Shabal
NIST mailing list (local link), 2010
[Electronic Edition] [Bibtex]
Author : Jean-Philippe Aumasson
Title : Observation on Shabal
In : NIST mailing list (local link) -

Peter Novotney - Distinguisher for Shabal's Permutation Function
Cryptology ePrint Archive, Report 2010/398, 2010
[Electronic Edition] [Bibtex]
Author : Peter Novotney
Title : Distinguisher for Shabal's Permutation Function
In : Cryptology ePrint Archive, Report 2010/398 -
[Abstract]

Gilles Van Assche - A rotational distinguisher on Shabal's keyed permutation and its impact on the security proofs
Available online, 2010
[Electronic Edition] [Bibtex]
Author : Gilles Van Assche
Title : A rotational distinguisher on Shabal's keyed permutation and its impact on the security proofs
In : Available online -
[Abstract]

Jean-Philippe Aumasson, Atefeh Mashatan, Willi Meier - More on Shabal's permutation
OFFICIAL COMMENT, 2009
[Electronic Edition] [Bibtex]
Author : Jean-Philippe Aumasson, Atefeh Mashatan, Willi Meier
Title : More on Shabal's permutation
In : OFFICIAL COMMENT -

Lars R. Knudsen, Krystian Matusiewicz, Søren S. Thomsen - Observations on the Shabal keyed permutation
OFFICIAL COMMENT, 2009
[Electronic Edition] [Bibtex]
Author : Lars R. Knudsen, Krystian Matusiewicz, Søren S. Thomsen
Title : Observations on the Shabal keyed permutation
In : OFFICIAL COMMENT -
[Abstract]

Jean-Philippe Aumasson - On the pseudorandomness of Shabal's keyed permutation
Available online, 2009
[Electronic Edition] [Bibtex]
Author : Jean-Philippe Aumasson
Title : On the pseudorandomness of Shabal's keyed permutation
In : Available online -
[Abstract]
Personal tools