Skein

From The ECRYPT Hash Function Website

Jump to: navigation, search

Contents

1 The algorithm


Niels Ferguson, Stefan Lucks, Bruce Schneier, Doug Whiting, Mihir Bellare, Tadayoshi Kohno, Jon Callas, Jesse Walker - The Skein Hash Function Family
Submission to NIST (Round 3), 2010
[Electronic Edition] [Bibtex]
Author : Niels Ferguson, Stefan Lucks, Bruce Schneier, Doug Whiting, Mihir Bellare, Tadayoshi Kohno, Jon Callas, Jesse Walker
Title : The Skein Hash Function Family
In : Submission to NIST (Round 3) -

Niels Ferguson, Stefan Lucks, Bruce Schneier, Doug Whiting, Mihir Bellare, Tadayoshi Kohno, Jon Callas, Jesse Walker - The Skein Hash Function Family
Submission to NIST (Round 2), 2009
[Electronic Edition] [Bibtex]
Author : Niels Ferguson, Stefan Lucks, Bruce Schneier, Doug Whiting, Mihir Bellare, Tadayoshi Kohno, Jon Callas, Jesse Walker
Title : The Skein Hash Function Family
In : Submission to NIST (Round 2) -

Niels Ferguson, Stefan Lucks, Bruce Schneier, Doug Whiting, Mihir Bellare, Tadayoshi Kohno, Jon Callas, Jesse Walker - The Skein Hash Function Family
Submission to NIST (Round 1), 2008
[Electronic Edition] [Bibtex]
Author : Niels Ferguson, Stefan Lucks, Bruce Schneier, Doug Whiting, Mihir Bellare, Tadayoshi Kohno, Jon Callas, Jesse Walker
Title : The Skein Hash Function Family
In : Submission to NIST (Round 1) -

2 Cryptanalysis

We distinguish between two cases: results on the complete hash function, and results on underlying building blocks.

A description of the tables is given here.

Recommended security parameter: 72 rounds (Skein-256 and Skein-512)


2.1 Hash function

Here we list results on the hash function according to the NIST requirements. The only allowed modification is to change the security parameter.

Type of Analysis Hash Size (n) Parameters Compression Function Calls Memory Requirements Reference
collision 256 2 rounds 285 - Khovratovich
collision 256 12 rounds 2126.5 - Khovratovich
collision 512 5 rounds 2192 - Khovratovich
collision 512 14 rounds 2254.5 - Khovratovich
preimage 512 22 rounds 2511.0 26 Khovratovich,Rechberger,Savelieva
preimage 512 72 rounds 2511.76 - Khovratovich,Rechberger,Savelieva


2.2 Building blocks

Here we list results on underlying building blocks, and the hash function modified by other means than the security parameter.

Note that these results assume more direct control or access over some internal variables (aka. free-start, pseudo, compression function, block cipher, or permutation attacks).

Type of Analysis Hash Function Part Hash Size (n) Parameters/Variants Compression Function Calls Memory Requirements Reference
preimage compression function 512 22 rounds 2508 26 Khovratovich,Rechberger,Savelieva
preimage compression function 512 37 rounds 2511.2 264 Khovratovich,Rechberger,Savelieva
distinguisher compression function 512 32 rounds 2104.5 - Yu,Chen,Wang
distinguisher compression function 512 36 rounds 2454 - Yu,Chen,Wang
key recovery block cipher 512 32 rounds 2181 - Yu,Chen,Wang
key recovery block cipher 512 34 rounds 2424 - Yu,Chen,Wang
near-collision compression function 256 32 rounds 2105 - Yu,Chen,Jia,Wang
distinguisher compression function all 57 rounds (Round 2) 2503 - Khovratovich,Nikolić,Rechberger
distinguisher compression function 256 53 rounds (Round 2) 2251, Skein-256 - Khovratovich,Nikolić,Rechberger
near-collision compression function all 24 rounds (No. 20-43) 2230 - Su,Wu,Wu,Dong
near-collision compression function 256 24 rounds (No. 12-35), Skein-256 260 - Su,Wu,Wu,Dong
near-collision compression function all 24 rounds, Skein-1024 2395 - Su,Wu,Wu,Dong
observations hash all Gligoroski
observations block cipher all - - - McKay,Vora
observations compression function all - - - Kaminsky
key recovery block cipher 256 39 rounds 2254.1 - Khovratovich,Nikolic
key recovery block cipher 512 42 rounds 2507 - Khovratovich,Nikolic
key recovery block cipher 512 32 rounds (Round 1) 2226 (2222) 212 Chen,Jia
key recovery block cipher 512 33 rounds (Round 1) 2352.17 (2355.5) - Chen,Jia
near collision compression function 512 17 rounds (Round 1) 224 - Aumasson,Calik,Meier,Ozen,Phan,Varici
distinguisher block cipher 512 35 rounds (Round 1) 2478 - Aumasson,Calik,Meier,Ozen,Phan,Varici
impossible differential block cipher 512 21 rounds (Round 1) - - Aumasson,Calik,Meier,Ozen,Phan,Varici
key recovery block cipher 512 32 rounds (Round 1) 2312 - Aumasson,Calik,Meier,Ozen,Phan,Varici



Dmitry Khovratovich - Bicliques for permutations: collision and preimage attacks in stronger settings
Cryptology ePrint Archive, Report 2012/141, 2012
[Electronic Edition] [Bibtex]
Author : Dmitry Khovratovich
Title : Bicliques for permutations: collision and preimage attacks in stronger settings
In : Cryptology ePrint Archive, Report 2012/141 -
[Abstract]

Dmitry Khovratovich, Christian Rechberger, Alexandra Savelieva - Bicliques for Preimages: Attacks on Skein-512 and the SHA-2 family
In Proceedings of Fast Software Encryption (FSE), LNCS, pp. , Springer, 2012
[Electronic Edition] [Bibtex]
Author : Dmitry Khovratovich, Christian Rechberger, Alexandra Savelieva
Title : Bicliques for Preimages: Attacks on Skein-512 and the SHA-2 family
In : In Proceedings of Fast Software Encryption (FSE) -
[Abstract]

Hongbo Yu, Jiazhe Chen, Xiaoyun Wang - The Boomerang Attacks on the Round-Reduced Skein-512
Cryptology ePrint Archive, Report 2012/238, 2012
[Electronic Edition] [Bibtex]
Author : Hongbo Yu, Jiazhe Chen, Xiaoyun Wang
Title : The Boomerang Attacks on the Round-Reduced Skein-512
In : Cryptology ePrint Archive, Report 2012/238 -
[Abstract]

Hongbo Yu, Jiazhe Chen, Ketingjia, Xiaoyun Wang - Near-Collision Attack on the Step-Reduced Compression Function of Skein-256
Cryptology ePrint Archive, Report 2011/148, 2011
[Electronic Edition] [Bibtex]
Author : Hongbo Yu, Jiazhe Chen, Ketingjia, Xiaoyun Wang
Title : Near-Collision Attack on the Step-Reduced Compression Function of Skein-256
In : Cryptology ePrint Archive, Report 2011/148 -
[Abstract]

Dmitry Khovratovich, Ivica Nikolić, Christian Rechberger - Rotational Rebound Attacks on Reduced Skein
In Proceedings of ASIACRYPT, LNCS 6477, pp. 1-19, Springer, 2010
[Electronic Edition] [Bibtex]
Author : Dmitry Khovratovich, Ivica Nikolić, Christian Rechberger
Title : Rotational Rebound Attacks on Reduced Skein
In : In Proceedings of ASIACRYPT -
[Abstract]

Bozhan Su, Wenling Wu, Shuang Wu, Le Dong - Near-Collisions on the Reduced-Round Compression Functions of Skein and BLAKE
In Proceedings of CANS, LNCS 6467, pp. 124-139, Springer, 2010
[Electronic Edition] [Bibtex]
Author : Bozhan Su, Wenling Wu, Shuang Wu, Le Dong
Title : Near-Collisions on the Reduced-Round Compression Functions of Skein and BLAKE
In : In Proceedings of CANS -
[Abstract]

Danilo Gligoroski - Narrow-pipe SHA-3 candidates differ significantly from ideal random functions defined over big domains
NIST mailing list, 2010
[Electronic Edition] [Bibtex]
Author : Danilo Gligoroski
Title : Narrow-pipe SHA-3 candidates differ significantly from ideal random functions defined over big domains
In : NIST mailing list -

Kerry A. McKay, Poorvi L. Vora - Pseudo-Linear Approximations for ARX Ciphers: With Application to Threefish
Cryptology ePrint Archive, Report 2010/282, 2010
[Electronic Edition] [Bibtex]
Author : Kerry A. McKay, Poorvi L. Vora
Title : Pseudo-Linear Approximations for ARX Ciphers: With Application to Threefish
In : Cryptology ePrint Archive, Report 2010/282 -
[Abstract]

Alan Kaminsky - Cube Test Analysis of the Statistical Behavior of CubeHash and Skein
Cryptology ePrint Archive, Report 2010/262, 2010
[Electronic Edition] [Bibtex]
Author : Alan Kaminsky
Title : Cube Test Analysis of the Statistical Behavior of CubeHash and Skein
In : Cryptology ePrint Archive, Report 2010/262 -
[Abstract]

Dmitry Khovratovich, Ivica Nikolic - Rotational Cryptanalysis of ARX
In Proceedings of FSE, LNCS 6147, pp. 333-346, Springer
[Electronic Edition] [Bibtex]
Author : Dmitry Khovratovich, Ivica Nikolic
Title : Rotational Cryptanalysis of ARX
In : In Proceedings of FSE -
[Abstract]

Jiazhe Chen, Keting Jia - Improved Related-key Boomerang Attacks on Round-Reduced Threefish-512
Cryptology ePrint Archive, Report 2009/526, 2009
[Electronic Edition] [Bibtex]
Author : Jiazhe Chen, Keting Jia
Title : Improved Related-key Boomerang Attacks on Round-Reduced Threefish-512
In : Cryptology ePrint Archive, Report 2009/526 -
[Abstract]

Jean-Philippe Aumasson, Cagdas Calik, Willi Meier, Onur Ozen, Raphael C.-W. Phan, Kerem Varici - Improved Cryptanalysis of Skein
In Proceedings of ASIACRYPT, LNCS 5912, pp. 542-559, Springer, 2009
[Electronic Edition] [Bibtex]
Author : Jean-Philippe Aumasson, Cagdas Calik, Willi Meier, Onur Ozen, Raphael C.-W. Phan, Kerem Varici
Title : Improved Cryptanalysis of Skein
In : In Proceedings of ASIACRYPT -
[Abstract]

Jean-Philippe Aumasson, Willi Meier, Raphael Phan - Improved analyis of Threefish
FSE 2009 rump session, slides available online, 2009
[Electronic Edition] [Bibtex]
Author : Jean-Philippe Aumasson, Willi Meier, Raphael Phan
Title : Improved analyis of Threefish
In : FSE 2009 rump session, slides available online -
Personal tools