Skein
From The ECRYPT Hash Function Website
Contents |
1 The algorithm
- Author(s): Niels Ferguson, Stefan Lucks, Bruce Schneier, Doug Whiting, Mihir Bellare, Tadayoshi Kohno, Jon Callas, Jesse Walker
- Website: http://www.schneier.com/skein.html; http://skein-hash.info/
- NIST submission package:
- Round 3: Skein_FinalRnd.zip
- Round 2: Skein_Round2.zip
- Round 1: SkeinUpdate.zip (old version: Skein.zip)
- Submission to NIST (Round 3), 2010
- [Electronic Edition] [Bibtex] Author : Niels Ferguson, Stefan Lucks, Bruce Schneier, Doug Whiting, Mihir Bellare, Tadayoshi Kohno, Jon Callas, Jesse Walker
Title : The Skein Hash Function Family
In : Submission to NIST (Round 3) -
Niels Ferguson, Stefan Lucks, Bruce Schneier, Doug Whiting, Mihir Bellare, Tadayoshi Kohno, Jon Callas, Jesse Walker - The Skein Hash Function Family
- Submission to NIST (Round 2), 2009
- [Electronic Edition] [Bibtex] Author : Niels Ferguson, Stefan Lucks, Bruce Schneier, Doug Whiting, Mihir Bellare, Tadayoshi Kohno, Jon Callas, Jesse Walker
Title : The Skein Hash Function Family
In : Submission to NIST (Round 2) -
Niels Ferguson, Stefan Lucks, Bruce Schneier, Doug Whiting, Mihir Bellare, Tadayoshi Kohno, Jon Callas, Jesse Walker - The Skein Hash Function Family
- Submission to NIST (Round 1), 2008
- [Electronic Edition] [Bibtex] Author : Niels Ferguson, Stefan Lucks, Bruce Schneier, Doug Whiting, Mihir Bellare, Tadayoshi Kohno, Jon Callas, Jesse Walker
Title : The Skein Hash Function Family
In : Submission to NIST (Round 1) -
2 Cryptanalysis
We distinguish between two cases: results on the complete hash function, and results on underlying building blocks.
A description of the tables is given here.
Recommended security parameter: 72 rounds (Skein-512)
2.1 Hash function
Here we list results on the hash function according to the NIST requirements. The only allowed modification is to change the security parameter.
| Type of Analysis | Hash Size (n) | Parameters | Compression Function Calls | Memory Requirements | Reference |
2.2 Building blocks
Here we list results on underlying building blocks, and the hash function modified by other means than the security parameter.
Note that these results assume more direct control or access over some internal variables (aka. free-start, pseudo, compression function, block cipher, or permutation attacks).
| Type of Analysis | Hash Function Part | Hash Size (n) | Parameters/Variants | Compression Function Calls | Memory Requirements | Reference |
| distinguisher | compression function | all | 57 rounds (Round 2) | 2503 | - | Khovratovich,Nikolić,Rechberger |
| distinguisher | compression function | 256 | 53 rounds (Round 2) | 2251, Skein-256 | - | Khovratovich,Nikolić,Rechberger |
| near-collision | compression function | all | 24 rounds (No. 20-43) | 2230 | - | Su,Wu,Wu,Dong |
| near-collision | compression function | 256 | 24 rounds (No. 12-35), Skein-256 | 260 | - | Su,Wu,Wu,Dong |
| near-collision | compression function | all | 24 rounds, Skein-1024 | 2395 | - | Su,Wu,Wu,Dong |
| observations | hash | all | Gligoroski | |||
| observations | block cipher | all | - | - | - | McKay,Vora |
| observations | compression function | all | - | - | - | Kaminsky |
| key recovery | block cipher | 256 | 39 rounds | 2254.1 | - | Khovratovich,Nikolic |
| key recovery | block cipher | 512 | 42 rounds | 2507 | - | Khovratovich,Nikolic |
| key recovery | block cipher | 512 | 32 rounds (Round 1) | 2226 (2222) | 212 | Chen,Jia |
| key recovery | block cipher | 512 | 33 rounds (Round 1) | 2352.17 (2355.5) | - | Chen,Jia |
| near collision | compression function | 512 | 17 rounds (Round 1) | 224 | - | Aumasson,Calik,Meier,Ozen,Phan,Varici |
| distinguisher | block cipher | 512 | 35 rounds (Round 1) | 2478 | - | Aumasson,Calik,Meier,Ozen,Phan,Varici |
| impossible differential | block cipher | 512 | 21 rounds (Round 1) | - | - | Aumasson,Calik,Meier,Ozen,Phan,Varici |
| key recovery | block cipher | 512 | 32 rounds (Round 1) | 2312 | - | Aumasson,Calik,Meier,Ozen,Phan,Varici |
- In Proceedings of ASIACRYPT, LNCS 6477, pp. 1-19, Springer, 2010
- [Electronic Edition] [Bibtex] Author : Dmitry Khovratovich, Ivica Nikolić, Christian Rechberger[Abstract]
Title : Rotational Rebound Attacks on Reduced Skein
In : In Proceedings of ASIACRYPT -
Bozhan Su, Wenling Wu, Shuang Wu, Le Dong - Near-Collisions on the Reduced-Round Compression Functions of Skein and BLAKE
- In Proceedings of CANS, LNCS 6467, pp. 124-139, Springer, 2010
- [Electronic Edition] [Bibtex] Author : Bozhan Su, Wenling Wu, Shuang Wu, Le Dong[Abstract]
Title : Near-Collisions on the Reduced-Round Compression Functions of Skein and BLAKE
In : In Proceedings of CANS -
Danilo Gligoroski - Narrow-pipe SHA-3 candidates differ significantly from ideal random functions defined over big domains
- NIST mailing list, 2010
- [Electronic Edition] [Bibtex] Author : Danilo Gligoroski
Title : Narrow-pipe SHA-3 candidates differ significantly from ideal random functions defined over big domains
In : NIST mailing list -
Kerry A. McKay, Poorvi L. Vora - Pseudo-Linear Approximations for ARX Ciphers: With Application to Threefish
- Cryptology ePrint Archive, Report 2010/282, 2010
- [Electronic Edition] [Bibtex] Author : Kerry A. McKay, Poorvi L. Vora[Abstract]
Title : Pseudo-Linear Approximations for ARX Ciphers: With Application to Threefish
In : Cryptology ePrint Archive, Report 2010/282 -
Alan Kaminsky - Cube Test Analysis of the Statistical Behavior of CubeHash and Skein
- Cryptology ePrint Archive, Report 2010/262, 2010
- [Electronic Edition] [Bibtex] Author : Alan Kaminsky[Abstract]
Title : Cube Test Analysis of the Statistical Behavior of CubeHash and Skein
In : Cryptology ePrint Archive, Report 2010/262 -
Dmitry Khovratovich, Ivica Nikolic - Rotational Cryptanalysis of ARX
- In Proceedings of FSE, LNCS 6147, pp. 333-346, Springer
- [Electronic Edition] [Bibtex] Author : Dmitry Khovratovich, Ivica Nikolic[Abstract]
Title : Rotational Cryptanalysis of ARX
In : In Proceedings of FSE -
Jiazhe Chen, Keting Jia - Improved Related-key Boomerang Attacks on Round-Reduced Threefish-512
- Cryptology ePrint Archive, Report 2009/526, 2009
- [Electronic Edition] [Bibtex] Author : Jiazhe Chen, Keting Jia[Abstract]
Title : Improved Related-key Boomerang Attacks on Round-Reduced Threefish-512
In : Cryptology ePrint Archive, Report 2009/526 -
Jean-Philippe Aumasson, Cagdas Calik, Willi Meier, Onur Ozen, Raphael C.-W. Phan, Kerem Varici - Improved Cryptanalysis of Skein
- In Proceedings of ASIACRYPT, LNCS 5912, pp. 542-559, Springer, 2009
- [Electronic Edition] [Bibtex] Author : Jean-Philippe Aumasson, Cagdas Calik, Willi Meier, Onur Ozen, Raphael C.-W. Phan, Kerem Varici[Abstract]
Title : Improved Cryptanalysis of Skein
In : In Proceedings of ASIACRYPT -
Jean-Philippe Aumasson, Willi Meier, Raphael Phan - Improved analyis of Threefish
- FSE 2009 rump session, slides available online, 2009
- [Electronic Edition] [Bibtex] Author : Jean-Philippe Aumasson, Willi Meier, Raphael Phan
Title : Improved analyis of Threefish
In : FSE 2009 rump session, slides available online -
