Difference between revisions of "AURORA"
From The ECRYPT Hash Function Website
m (Unorangized key-recovery) |
|||
(4 intermediate revisions by 3 users not shown) | |||
Line 24: | Line 24: | ||
|- | |- | ||
| style="background:orange" | 2nd preimage || hash || 512 || || 2<sup>291</sup> || 2<sup>31.5</sup> || [http://eprint.iacr.org/2009/113.pdf Ferguson, Lucks] | | style="background:orange" | 2nd preimage || hash || 512 || || 2<sup>291</sup> || 2<sup>31.5</sup> || [http://eprint.iacr.org/2009/113.pdf Ferguson, Lucks] | ||
+ | |- | ||
+ | | style="background:greenyellow" | collision || hash || 512 || || 2<sup>249</sup> || - || [http://eprint.iacr.org/2009/113.pdf Ferguson, Lucks] | ||
|- | |- | ||
| style="background:yellow" | collision || hash || 512 || || 2<sup>234.5</sup> || 2<sup>229.6</sup> || [http://eprint.iacr.org/2009/113.pdf Ferguson, Lucks] | | style="background:yellow" | collision || hash || 512 || || 2<sup>234.5</sup> || 2<sup>229.6</sup> || [http://eprint.iacr.org/2009/113.pdf Ferguson, Lucks] | ||
|- | |- | ||
− | | style="background:yellow" | 2nd preimage || hash || 512 || || 2<sup> | + | | style="background:yellow" | 2nd preimage || hash || 512 || || 2<sup>291</sup> || 2<sup>288</sup> || [http://eprint.iacr.org/2009/112.pdf Sasaki] |
|- | |- | ||
| style="background:yellow" | collision || hash || 512 || || 2<sup>236</sup> || 2<sup>236</sup> || [http://eprint.iacr.org/2009/106.pdf Sasaki] | | style="background:yellow" | collision || hash || 512 || || 2<sup>236</sup> || 2<sup>236</sup> || [http://eprint.iacr.org/2009/106.pdf Sasaki] | ||
|- | |- | ||
+ | | | key-recovery || HMAC || 512 || || 2<sup>259</sup> || - || [http://eprint.iacr.org/2009/125.pdf Sasaki] | ||
+ | |- | ||
|} | |} | ||
Line 69: | Line 73: | ||
url ={http://eprint.iacr.org/2009/106.pdf}, | url ={http://eprint.iacr.org/2009/106.pdf}, | ||
abstract = { In this note, we present a collision attack on AURORA-512, which is one of the candidates for SHA-3. The attack complexity is approximately $2^{236}$ AURORA-512 operations, which is less than the birthday bound of AURORA-512, namely, $2^{256}$. Our attack exploits some weakness in the mode of operation.}, | abstract = { In this note, we present a collision attack on AURORA-512, which is one of the candidates for SHA-3. The attack complexity is approximately $2^{236}$ AURORA-512 operations, which is less than the birthday bound of AURORA-512, namely, $2^{256}$. Our attack exploits some weakness in the mode of operation.}, | ||
+ | } | ||
+ | </bibtex> | ||
+ | |||
+ | <bibtex> | ||
+ | @misc{cryptoeprint:2009:125, | ||
+ | author = {Yu Sasaki}, | ||
+ | title = {A Full Key Recovery Attack on HMAC-AURORA-512}, | ||
+ | howpublished = {Cryptology ePrint Archive, Report 2009/125}, | ||
+ | year = {2009}, | ||
+ | note = {\url{http://eprint.iacr.org/}}, | ||
+ | abstract = {In this note, we present a full key recovery attack on HMAC-AURORA-512 when 512-bit secret keys are used and the MAC length is 512-bit long. Our attack requires $2^{257}$ queries and the off-line complexity is $2^{259}$ AURORA-512 operations, which is significantly less than the complexity of the exhaustive search for a 512-bit key. The attack can be carried out with a negligible amount of memory. Our attack can also recover the inner-key of HMAC-AURORA-384 with almost the same complexity as in HMAC-AURORA-512. This attack does not recover the outer-key of HMAC-AURORA-384, but universal forgery is possible by combining the inner-key recovery and 2nd-preimage attacks. Our attack exploits some weaknesses in the mode of operation. } | ||
} | } | ||
</bibtex> | </bibtex> |
Latest revision as of 11:26, 27 March 2009
1 The algorithm
- Author(s): Tetsu Iwata, Kyoji Shibutani, Taizo Shirai, Shiho Moriai, Toru Akishita
- Website: http://www.sony.net/aurora/
- NIST submission package: AURORA.zip
Tetsu Iwata, Kyoji Shibutani, Taizo Shirai, Shiho Moriai, Toru Akishita - AURORA: A Cryptographic Hash Algorithm Family
- ,2008
- http://ehash.iaik.tugraz.at/uploads/b/ba/AURORA.pdf
BibtexAuthor : Tetsu Iwata, Kyoji Shibutani, Taizo Shirai, Shiho Moriai, Toru Akishita
Title : AURORA: A Cryptographic Hash Algorithm Family
In : -
Address :
Date : 2008
2 Cryptanalysis
Type of Analysis | Hash Function Part | Hash Size (n) | Parameters/Variants | Compression Function Calls | Memory Requirements | Reference |
2nd preimage | hash | 512 | 2291 | 231.5 | Ferguson, Lucks | |
collision | hash | 512 | 2249 | - | Ferguson, Lucks | |
collision | hash | 512 | 2234.5 | 2229.6 | Ferguson, Lucks | |
2nd preimage | hash | 512 | 2291 | 2288 | Sasaki | |
collision | hash | 512 | 2236 | 2236 | Sasaki | |
key-recovery | HMAC | 512 | 2259 | - | Sasaki |
A description of this table is given here.
Niels Ferguson, Stefan Lucks - Attacks on AURORA-512 and the Double-Mix Merkle-Damgaard Transform
- ,2009
- http://eprint.iacr.org/2009/113.pdf
BibtexAuthor : Niels Ferguson, Stefan Lucks
Title : Attacks on AURORA-512 and the Double-Mix Merkle-Damgaard Transform
In : -
Address :
Date : 2009
Yu Sasaki - A 2nd-Preimage Attack on AURORA-512
- ,2009
- http://eprint.iacr.org/2009/112.pdf
BibtexAuthor : Yu Sasaki
Title : A 2nd-Preimage Attack on AURORA-512
In : -
Address :
Date : 2009
Yu Sasaki - A Collision Attack on AURORA-512
- ,2009
- http://eprint.iacr.org/2009/106.pdf
BibtexAuthor : Yu Sasaki
Title : A Collision Attack on AURORA-512
In : -
Address :
Date : 2009
Yu Sasaki - A Full Key Recovery Attack on HMAC-AURORA-512