Difference between revisions of "AURORA"

From The ECRYPT Hash Function Website
(added 2nd preiamge and collision attack on AURORA-512)
m (Unorangized key-recovery)
 
(5 intermediate revisions by 3 users not shown)
Line 23: Line 23:
 
|    Type of Analysis || Hash Function Part || Hash Size (n) || Parameters/Variants || Compression Function Calls || Memory Requirements ||  Reference  
 
|    Type of Analysis || Hash Function Part || Hash Size (n) || Parameters/Variants || Compression Function Calls || Memory Requirements ||  Reference  
 
|-                                         
 
|-                                         
|  style="background:orange" | 2nd preimage || hash || 512 ||  || 2<sup>291</sup> || 2<sup>31.5</sup> || [http://eprint.iacr.org/2009/113.pdf} Ferguson, Lucks]
+
|  style="background:orange" | 2nd preimage || hash || 512 ||  || 2<sup>291</sup> || 2<sup>31.5</sup> || [http://eprint.iacr.org/2009/113.pdf Ferguson, Lucks]
 
|-                                                     
 
|-                                                     
|  style="background:yellow" | collision || hash || 512 ||  || 2<sup>234.5</sup> || 2<sup>229.6</sup> || [http://eprint.iacr.org/2009/113.pdf} Ferguson, Lucks]
+
|  style="background:greenyellow" | collision || hash || 512 ||  || 2<sup>249</sup> || - || [http://eprint.iacr.org/2009/113.pdf Ferguson, Lucks]
 
|-                                                     
 
|-                                                     
|  style="background:yellow" | 2nd preimage || hash || 512 ||  || 2<sup>290</sup> || 2<sup>288</sup> || [http://eprint.iacr.org/2009/112.pdf} Sasaki]
+
|  style="background:yellow" | collision || hash || 512 ||  || 2<sup>234.5</sup> || 2<sup>229.6</sup> || [http://eprint.iacr.org/2009/113.pdf Ferguson, Lucks]
 
|-                                                     
 
|-                                                     
|  style="background:yellow" | collision || hash || 512 ||  || 2<sup>236</sup> || 2<sup>236</sup> || [http://eprint.iacr.org/2009/106.pdf} Sasaki]
+
|  style="background:yellow" | 2nd preimage || hash || 512 ||  || 2<sup>291</sup> || 2<sup>288</sup> || [http://eprint.iacr.org/2009/112.pdf Sasaki]
 +
|-                                                   
 +
|  style="background:yellow" | collision || hash || 512 ||  || 2<sup>236</sup> || 2<sup>236</sup> || [http://eprint.iacr.org/2009/106.pdf Sasaki]
 
|-   
 
|-   
 +
|  | key-recovery || HMAC || 512 ||  || 2<sup>259</sup> || - || [http://eprint.iacr.org/2009/125.pdf Sasaki]
 +
|-
 
|}                     
 
|}                     
  
Line 69: Line 73:
 
     url ={http://eprint.iacr.org/2009/106.pdf},
 
     url ={http://eprint.iacr.org/2009/106.pdf},
 
     abstract = { In this note, we present a collision attack on AURORA-512, which is one of the candidates for SHA-3. The attack complexity is approximately $2^{236}$ AURORA-512 operations, which is less than the birthday bound of AURORA-512, namely, $2^{256}$. Our attack exploits some weakness in the mode of operation.},
 
     abstract = { In this note, we present a collision attack on AURORA-512, which is one of the candidates for SHA-3. The attack complexity is approximately $2^{236}$ AURORA-512 operations, which is less than the birthday bound of AURORA-512, namely, $2^{256}$. Our attack exploits some weakness in the mode of operation.},
 +
}
 +
</bibtex>
 +
 +
<bibtex>
 +
@misc{cryptoeprint:2009:125,
 +
    author = {Yu Sasaki},
 +
    title = {A Full Key Recovery Attack on HMAC-AURORA-512},
 +
    howpublished = {Cryptology ePrint Archive, Report 2009/125},
 +
    year = {2009},
 +
    note = {\url{http://eprint.iacr.org/}},
 +
    abstract = {In this note, we present a full key recovery attack on HMAC-AURORA-512 when 512-bit secret keys are used and the MAC length is 512-bit long. Our attack requires $2^{257}$ queries and the off-line complexity is $2^{259}$ AURORA-512 operations, which is significantly less than the complexity of the exhaustive search for a 512-bit key. The attack can be carried out with a negligible amount of memory. Our attack can also recover the inner-key of HMAC-AURORA-384 with almost the same complexity as in HMAC-AURORA-512. This attack does not recover the outer-key of HMAC-AURORA-384, but universal forgery is possible by combining the inner-key recovery and 2nd-preimage attacks. Our attack exploits some weaknesses in the mode of operation. }
 
}
 
}
 
</bibtex>
 
</bibtex>

Latest revision as of 11:26, 27 March 2009

1 The algorithm


Tetsu Iwata, Kyoji Shibutani, Taizo Shirai, Shiho Moriai, Toru Akishita - AURORA: A Cryptographic Hash Algorithm Family

,2008
http://ehash.iaik.tugraz.at/uploads/b/ba/AURORA.pdf
Bibtex
Author : Tetsu Iwata, Kyoji Shibutani, Taizo Shirai, Shiho Moriai, Toru Akishita
Title : AURORA: A Cryptographic Hash Algorithm Family
In : -
Address :
Date : 2008


2 Cryptanalysis

Type of Analysis Hash Function Part Hash Size (n) Parameters/Variants Compression Function Calls Memory Requirements Reference
2nd preimage hash 512 2291 231.5 Ferguson, Lucks
collision hash 512 2249 - Ferguson, Lucks
collision hash 512 2234.5 2229.6 Ferguson, Lucks
2nd preimage hash 512 2291 2288 Sasaki
collision hash 512 2236 2236 Sasaki
key-recovery HMAC 512 2259 - Sasaki

A description of this table is given here.


Niels Ferguson, Stefan Lucks - Attacks on AURORA-512 and the Double-Mix Merkle-Damgaard Transform

,2009
http://eprint.iacr.org/2009/113.pdf
Bibtex
Author : Niels Ferguson, Stefan Lucks
Title : Attacks on AURORA-512 and the Double-Mix Merkle-Damgaard Transform
In : -
Address :
Date : 2009

Yu Sasaki - A 2nd-Preimage Attack on AURORA-512

,2009
http://eprint.iacr.org/2009/112.pdf
Bibtex
Author : Yu Sasaki
Title : A 2nd-Preimage Attack on AURORA-512
In : -
Address :
Date : 2009

Yu Sasaki - A Collision Attack on AURORA-512

,2009
http://eprint.iacr.org/2009/106.pdf
Bibtex
Author : Yu Sasaki
Title : A Collision Attack on AURORA-512
In : -
Address :
Date : 2009

Yu Sasaki - A Full Key Recovery Attack on HMAC-AURORA-512

,2009
Bibtex
Author : Yu Sasaki
Title : A Full Key Recovery Attack on HMAC-AURORA-512
In : -
Address :
Date : 2009