Difference between revisions of "BLAKE"
From The ECRYPT Hash Function Website
m (updated link to round 2 submission) |
Crechberger (talk | contribs) (split tables template) |
||
| Line 19: | Line 19: | ||
== Cryptanalysis == | == Cryptanalysis == | ||
| + | We distinguish between two cases: results on the complete hash function, and results on the building blocks. | ||
| + | A description of these tables is given [http://ehash.iaik.tugraz.at/wiki/Cryptanalysis_Categories#Individual_Hash_Function_Tables here]. | ||
| − | + | === Hash function === | |
| + | Here we list results on the actual hash function. The only allowed modification is to change the security parameter. | ||
{| border="1" cellpadding="4" cellspacing="0" class="wikitable" style="text-align:center" | {| border="1" cellpadding="4" cellspacing="0" class="wikitable" style="text-align:center" | ||
|- style="background:#efefef;" | |- style="background:#efefef;" | ||
| − | | Type of Analysis || | + | | Type of Analysis || Hash Size (n) || Parameters || Compression Function Calls || Memory Requirements || Reference |
|- | |- | ||
| − | | | + | | preimage || 224,256 || 2.5/10 rounds || 2<sup>n-15</sup> || - || [http://eprint.iacr.org/2009/238.pdf Ji,Liangyu] |
|- | |- | ||
| − | | | + | | preimage || 384 || 2.5/10 rounds || 2<sup>355</sup> || - || [http://eprint.iacr.org/2009/238.pdf Ji,Liangyu] |
|- | |- | ||
| − | | preimage || | + | | preimage || 512 || 2.5/10 rounds || 2<sup>481</sup> || - || [http://eprint.iacr.org/2009/238.pdf Ji,Liangyu] |
|- | |- | ||
| − | | | + | |} |
| + | |||
| + | === Underlying building blocks === | ||
| + | Here we list results that assume more direct control or access over some internal variables (aka. free-start, pseudo, compression function, block cipher, or permutation attacks). | ||
| + | {| border="1" cellpadding="4" cellspacing="0" class="wikitable" style="text-align:center" | ||
| + | |- style="background:#efefef;" | ||
| + | | Type of Analysis || Hash Function Part || Hash Size (n) || Parameters/Variants || Compression Function Calls || Memory Requirements || Reference | ||
| + | |- | ||
| + | | free-start collision || hash || 224,256 || 2.5/10 rounds || 2<sup>n/2-16</sup> || - || [http://eprint.iacr.org/2009/238.pdf Ji,Liangyu] | ||
|- | |- | ||
| − | | | + | | free-start collision || hash || 384,512 || 2.5/10 rounds || 2<sup>n/2-32</sup> || - || [http://eprint.iacr.org/2009/238.pdf Ji,Liangyu] |
|- | |- | ||
| − | | near-collision || compression function || 256 || 4 rounds (nb. 6-9) || 2<sup>42</sup> || - || [http://www.jguo.org/docs/blake-col.pdf Guo,Matusiewicz] | + | | near-collision || compression function || 256 || 4/10 rounds (nb. 6-9) || 2<sup>42</sup> || - || [http://www.jguo.org/docs/blake-col.pdf Guo,Matusiewicz] |
|- | |- | ||
|} | |} | ||
| − | + | ||
Revision as of 16:40, 28 January 2010
1 The algorithm
- Author(s): Jean-Philippe Aumasson, Luca Henzen, Willi Meier, Raphael C.-W. Phan
- Website: http://131002.net/blake/
- NIST submission package:
- round 1/2: BLAKE_Round2.zip (old versions: BLAKE.zip, BLAKEUpdate.zip)
Jean-Philippe Aumasson, Luca Henzen, Willi Meier, Raphael C.-W. Phan - SHA-3 proposal BLAKE
- ,2008
- http://131002.net/blake/blake.pdf
BibtexAuthor : Jean-Philippe Aumasson, Luca Henzen, Willi Meier, Raphael C.-W. Phan
Title : SHA-3 proposal BLAKE
In : -
Address :
Date : 2008
2 Cryptanalysis
We distinguish between two cases: results on the complete hash function, and results on the building blocks. A description of these tables is given here.
2.1 Hash function
Here we list results on the actual hash function. The only allowed modification is to change the security parameter.
| Type of Analysis | Hash Size (n) | Parameters | Compression Function Calls | Memory Requirements | Reference |
| preimage | 224,256 | 2.5/10 rounds | 2n-15 | - | Ji,Liangyu |
| preimage | 384 | 2.5/10 rounds | 2355 | - | Ji,Liangyu |
| preimage | 512 | 2.5/10 rounds | 2481 | - | Ji,Liangyu |
2.2 Underlying building blocks
Here we list results that assume more direct control or access over some internal variables (aka. free-start, pseudo, compression function, block cipher, or permutation attacks).
| Type of Analysis | Hash Function Part | Hash Size (n) | Parameters/Variants | Compression Function Calls | Memory Requirements | Reference |
| free-start collision | hash | 224,256 | 2.5/10 rounds | 2n/2-16 | - | Ji,Liangyu |
| free-start collision | hash | 384,512 | 2.5/10 rounds | 2n/2-32 | - | Ji,Liangyu |
| near-collision | compression function | 256 | 4/10 rounds (nb. 6-9) | 242 | - | Guo,Matusiewicz |
Li Ji, Xu Liangyu - Attacks on Round-Reduced BLAKE
- ,2009
- http://eprint.iacr.org/2009/238.pdf
BibtexAuthor : Li Ji, Xu Liangyu
Title : Attacks on Round-Reduced BLAKE
In : -
Address :
Date : 2009
Jian Guo, Krystian Matusiewicz - Round-Reduced Near-Collisions of BLAKE-32
