Shabal
From The ECRYPT Hash Function Website
Contents |
1 The algorithm
- Author(s): Emmanuel Bresson, Anne Canteaut, Benoît Chevallier-Mames, Christophe Clavier, Thomas Fuhr, Aline Gouget, Thomas Icart, Jean-François Misarsky, Marìa Naya-Plasencia, Pascal Paillier, Thomas Pornin, Jean-René Reinhard, Céline Thuillet, Marion Videau
- Website: http://www.shabal.com/
- NIST submission package:
- round 1/2: Shabal_Round2.zip (old version: Shabal.zip)
- Submission to NIST, 2008
- [Electronic Edition] [Bibtex] Author : Emmanuel Bresson, Anne Canteaut, Benoît Chevallier-Mames, Christophe Clavier, Thomas Fuhr, Aline Gouget, Thomas Icart, Jean-François Misarsky, Marìa Naya-Plasencia, Pascal Paillier, Thomas Pornin, Jean-René Reinhard, Céline Thuillet, Marion Videau
Title : Shabal, a Submission to NIST’s Cryptographic Hash Algorithm Competition
In : Submission to NIST -
Emmanuel Bresson, Anne Canteaut, Benoît Chevallier-Mames, Christophe Clavier, Thomas Fuhr, Aline Gouget, Thomas Icart, Jean-François Misarsky, Marìa Naya-Plasencia, Pascal Paillier, Thomas Pornin, Jean-René Reinhard, Céline Thuillet, Marion Videau - Indifferentiability with Distinguishers: Why Shabal Does Not Require Ideal Ciphers
- Cryptology ePrint Archive, Report 2009/199, 2009
- [Electronic Edition] [Bibtex] Author : Emmanuel Bresson, Anne Canteaut, Benoît Chevallier-Mames, Christophe Clavier, Thomas Fuhr, Aline Gouget, Thomas Icart, Jean-François Misarsky, Marìa Naya-Plasencia, Pascal Paillier, Thomas Pornin, Jean-René Reinhard, Céline Thuillet, Marion Videau[Abstract]
Title : Indifferentiability with Distinguishers: Why Shabal Does Not Require Ideal Ciphers
In : Cryptology ePrint Archive, Report 2009/199 -
2 Cryptanalysis
We distinguish between two cases: results on the complete hash function, and results on underlying building blocks.
A description of the tables is given here.
2.1 Hash function
Here we list results on the hash function according to the NIST requirements. The only allowed modification is to change the security parameter.
Recommended security parameters: (p,r)=(3,12)
| Type of Analysis | Hash Size (n) | Parameters | Compression Function Calls | Memory Requirements | Reference |
2.2 Building blocks
Here we list results on underlying building blocks, and the hash function modified by other means than the security parameter.
Note that these results assume more direct control or access over some internal variables (aka. free-start, pseudo, compression function, block cipher, or permutation attacks).
Recommended security parameters: (p,r)=(3,12)
| Type of Analysis | Hash Function Part | Hash Size (n) | Parameters/Variants | Compression Function Calls | Memory Requirements | Reference |
| non-randomness(1) | permutation | all | 212 | Aumasson | ||
| non-randomness(1) | permutation | all | 1 | Knudsen,Matusiewicz,Thomsen | ||
| non-randomness(1) | permutation | all | 2 | Aumasson,Mashatan,Meier |
(1)The Shabal team commented on these analyses and provide an update of their security proofs in this note.
Jean-Philippe Aumasson - On the pseudorandomness of Shabal's keyed permutation
- Available online, 2009
- [Electronic Edition] [Bibtex] Author : Jean-Philippe Aumasson[Abstract]
Title : On the pseudorandomness of Shabal's keyed permutation
In : Available online -
Lars R. Knudsen, Krystian Matusiewicz, Søren S. Thomsen - Observations on the Shabal keyed permutation
- OFFICIAL COMMENT, 2009
- [Electronic Edition] [Bibtex] Author : Lars R. Knudsen, Krystian Matusiewicz, Søren S. Thomsen[Abstract]
Title : Observations on the Shabal keyed permutation
In : OFFICIAL COMMENT -
Jean-Philippe Aumasson, Atefeh Mashatan, Willi Meier - More on Shabal's permutation
