Difference between revisions of "AURORA"
From The ECRYPT Hash Function Website
m (Minor fix) |
(added 2nd preiamge and collision attack on AURORA-512) |
||
| Line 19: | Line 19: | ||
== Cryptanalysis == | == Cryptanalysis == | ||
| − | + | {| border="1" cellpadding="4" cellspacing="0" class="wikitable" style="text-align:center" | |
| + | |- style="background:#efefef;" | ||
| + | | Type of Analysis || Hash Function Part || Hash Size (n) || Parameters/Variants || Compression Function Calls || Memory Requirements || Reference | ||
| + | |- | ||
| + | | style="background:orange" | 2nd preimage || hash || 512 || || 2<sup>291</sup> || 2<sup>31.5</sup> || [http://eprint.iacr.org/2009/113.pdf} Ferguson, Lucks] | ||
| + | |- | ||
| + | | style="background:yellow" | collision || hash || 512 || || 2<sup>234.5</sup> || 2<sup>229.6</sup> || [http://eprint.iacr.org/2009/113.pdf} Ferguson, Lucks] | ||
| + | |- | ||
| + | | style="background:yellow" | 2nd preimage || hash || 512 || || 2<sup>290</sup> || 2<sup>288</sup> || [http://eprint.iacr.org/2009/112.pdf} Sasaki] | ||
| + | |- | ||
| + | | style="background:yellow" | collision || hash || 512 || || 2<sup>236</sup> || 2<sup>236</sup> || [http://eprint.iacr.org/2009/106.pdf} Sasaki] | ||
| + | |- | ||
| + | |} | ||
| + | |||
| + | A description of this table is given [http://ehash.iaik.tugraz.at/wiki/Cryptanalysis_Categories#Individual_Hash_Function_Tables here]. | ||
| + | |||
| + | |||
| + | <bibtex> | ||
| + | @misc{cryptoeprint:2009:113, | ||
| + | author = {Niels Ferguson and Stefan Lucks}, | ||
| + | title = {Attacks on AURORA-512 and the Double-Mix Merkle-Damgaard Transform}, | ||
| + | howpublished = {Cryptology ePrint Archive, Report 2009/113}, | ||
| + | year = {2009}, | ||
| + | note = {\url{http://eprint.iacr.org/}}, | ||
| + | url = {http://eprint.iacr.org/2009/113.pdf}, | ||
| + | abstract = {We analyse the Double-Mix Merkle-Damgaard construction (DMMD) used in the AURORA family of hash functions. We show that DMMD falls short of providing the expected level of security. Specifically, we are able to find 2nd pre-images for AURORA-512 in time 2^{291}, and collisions in time 2^{234.4}. A limited-memory variant finds collisions in time 2^{249}.}, | ||
| + | } | ||
| + | </bibtex> | ||
| + | |||
| + | <bibtex> | ||
| + | @misc{cryptoeprint:2009:112, | ||
| + | author = {Yu Sasaki}, | ||
| + | title = {A 2nd-Preimage Attack on AURORA-512}, | ||
| + | howpublished = {Cryptology ePrint Archive, Report 2009/112}, | ||
| + | year = {2009}, | ||
| + | note = {\url{http://eprint.iacr.org/}}, | ||
| + | url = {http://eprint.iacr.org/2009/112.pdf}, | ||
| + | abstract = {In this note, we present a 2nd-preimage attack on AURORA-512, which is one of the candidates for SHA-3. Our attack can generate 2nd-preimages of any given message, in particular, the attack complexity becomes optimal when the message length is 9 blocks or more. In such a case, the attack complexity is approximately $2^{290}$ AURORA-512 operations, which is less than the brute force attack on AURORA-512, namely, $2^{512-\log_2{9}}\approx2^{508}$. Our attack exploits some weakness in the mode of operation.}, | ||
| + | } | ||
| + | </bibtex> | ||
| + | |||
| + | <bibtex> | ||
| + | @misc{cryptoeprint:2009:106, | ||
| + | author = {Yu Sasaki}, | ||
| + | title = {A Collision Attack on AURORA-512}, | ||
| + | howpublished = {Cryptology ePrint Archive, Report 2009/106}, | ||
| + | year = {2009}, | ||
| + | note = {\url{http://eprint.iacr.org/}}, | ||
| + | url ={http://eprint.iacr.org/2009/106.pdf}, | ||
| + | abstract = { In this note, we present a collision attack on AURORA-512, which is one of the candidates for SHA-3. The attack complexity is approximately $2^{236}$ AURORA-512 operations, which is less than the birthday bound of AURORA-512, namely, $2^{256}$. Our attack exploits some weakness in the mode of operation.}, | ||
| + | } | ||
| + | </bibtex> | ||
Revision as of 09:51, 11 March 2009
1 The algorithm
- Author(s): Tetsu Iwata, Kyoji Shibutani, Taizo Shirai, Shiho Moriai, Toru Akishita
- Website: http://www.sony.net/aurora/
- NIST submission package: AURORA.zip
Tetsu Iwata, Kyoji Shibutani, Taizo Shirai, Shiho Moriai, Toru Akishita - AURORA: A Cryptographic Hash Algorithm Family
- ,2008
- http://ehash.iaik.tugraz.at/uploads/b/ba/AURORA.pdf
BibtexAuthor : Tetsu Iwata, Kyoji Shibutani, Taizo Shirai, Shiho Moriai, Toru Akishita
Title : AURORA: A Cryptographic Hash Algorithm Family
In : -
Address :
Date : 2008
2 Cryptanalysis
| Type of Analysis | Hash Function Part | Hash Size (n) | Parameters/Variants | Compression Function Calls | Memory Requirements | Reference |
| 2nd preimage | hash | 512 | 2291 | 231.5 | Ferguson, Lucks | |
| collision | hash | 512 | 2234.5 | 2229.6 | Ferguson, Lucks | |
| 2nd preimage | hash | 512 | 2290 | 2288 | Sasaki | |
| collision | hash | 512 | 2236 | 2236 | Sasaki |
A description of this table is given here.
Niels Ferguson, Stefan Lucks - Attacks on AURORA-512 and the Double-Mix Merkle-Damgaard Transform
- ,2009
- http://eprint.iacr.org/2009/113.pdf
BibtexAuthor : Niels Ferguson, Stefan Lucks
Title : Attacks on AURORA-512 and the Double-Mix Merkle-Damgaard Transform
In : -
Address :
Date : 2009
Yu Sasaki - A 2nd-Preimage Attack on AURORA-512
- ,2009
- http://eprint.iacr.org/2009/112.pdf
BibtexAuthor : Yu Sasaki
Title : A 2nd-Preimage Attack on AURORA-512
In : -
Address :
Date : 2009
Yu Sasaki - A Collision Attack on AURORA-512
