Difference between revisions of "BLAKE"
From The ECRYPT Hash Function Website
Mschlaeffer (talk | contribs) m |
(Added Ji/Liangyu's results) |
||
| Line 19: | Line 19: | ||
== Cryptanalysis == | == Cryptanalysis == | ||
| − | + | ||
| + | {| border="1" cellpadding="4" cellspacing="0" class="wikitable" style="text-align:center" | ||
| + | |- style="background:#efefef;" | ||
| + | | Type of Analysis || Hash Function Part || Hash Size (n) || Parameters/Variants || Compression Function Calls || Memory Requirements || Reference | ||
| + | |- | ||
| + | | free-start collision || hash || 224/256 || 2.5 rounds || 2<sup>n/2-16</sup> || - || [http://eprint.iacr.org/2009/238.pdf Ji,Liangyu] | ||
| + | |- | ||
| + | | free-start collision || hash || 384/512 || 2.5 rounds || 2<sup>n/2-32</sup> || - || [http://eprint.iacr.org/2009/238.pdf Ji,Liangyu] | ||
| + | |- | ||
| + | | preimage || hash || 224/256 || 2.5 rounds || 2<sup>n-15</sup> || - || [http://eprint.iacr.org/2009/238.pdf Ji,Liangyu] | ||
| + | |- | ||
| + | | preimage || hash || 384 || 2.5 rounds || 2<sup>355</sup> || - || [http://eprint.iacr.org/2009/238.pdf Ji,Liangyu] | ||
| + | |- | ||
| + | | preimage || hash || 512 || 2.5 rounds || 2<sup>481</sup> || - || [http://eprint.iacr.org/2009/238.pdf Ji,Liangyu] | ||
| + | |- | ||
| + | |} | ||
| + | |||
| + | A description of this table is given [http://ehash.iaik.tugraz.at/wiki/Cryptanalysis_Categories#Individual_Hash_Function_Tables here]. | ||
| + | |||
| + | |||
| + | <bibtex> | ||
| + | @misc{cryptoeprint:2009:238, | ||
| + | author = {Li Ji and Xu Liangyu }, | ||
| + | title = {Attacks on Round-Reduced BLAKE}, | ||
| + | howpublished = {Cryptology ePrint Archive, Report 2009/238}, | ||
| + | year = {2009}, | ||
| + | note = {\url{http://eprint.iacr.org/}}, | ||
| + | url = {http://eprint.iacr.org/2009/238.pdf}, | ||
| + | abstract = {BLAKE is a new hash family proposed for SHA-3. The core of compression function reuses the core function of ChaCha. A round-dependent permutation is used as message schedule. BLAKE is claimed to achieve full diffusion after 2 rounds. However, message words can be controlled on the first several founds. By exploiting properties of message permutation, we can attack 2.5 reduced rounds. The results do not threat the security claimed in the specification. }, | ||
| + | } | ||
| + | </bibtex> | ||
Revision as of 10:25, 31 May 2009
1 The algorithm
- Author(s): Jean-Philippe Aumasson, Luca Henzen, Willi Meier, Raphael C.-W. Phan
- Website: http://131002.net/blake/
- NIST submission package: BLAKE.zip
Jean-Philippe Aumasson, Luca Henzen, Willi Meier, Raphael C.-W. Phan - SHA-3 proposal BLAKE
- ,2008
- http://131002.net/blake/blake.pdf
BibtexAuthor : Jean-Philippe Aumasson, Luca Henzen, Willi Meier, Raphael C.-W. Phan
Title : SHA-3 proposal BLAKE
In : -
Address :
Date : 2008
2 Cryptanalysis
| Type of Analysis | Hash Function Part | Hash Size (n) | Parameters/Variants | Compression Function Calls | Memory Requirements | Reference |
| free-start collision | hash | 224/256 | 2.5 rounds | 2n/2-16 | - | Ji,Liangyu |
| free-start collision | hash | 384/512 | 2.5 rounds | 2n/2-32 | - | Ji,Liangyu |
| preimage | hash | 224/256 | 2.5 rounds | 2n-15 | - | Ji,Liangyu |
| preimage | hash | 384 | 2.5 rounds | 2355 | - | Ji,Liangyu |
| preimage | hash | 512 | 2.5 rounds | 2481 | - | Ji,Liangyu |
A description of this table is given here.
Li Ji, Xu Liangyu - Attacks on Round-Reduced BLAKE
