Difference between revisions of "Cryptanalysis Categories"
From The ECRYPT Hash Function Website
Mschlaeffer (talk | contribs) m |
Mschlaeffer (talk | contribs) m |
||
Line 1: | Line 1: | ||
For presentation reasons, we provide a simplified overview about cryptanalytic results in The SHA-3 Zoo. We only consider cryptanalytic results that have not been performed by the designers themselves and are included in the initial proposal. Exceptions are cryptanalytic results by non-designers and cryptanalytic results by designers that are not mentioned in the proposal. | For presentation reasons, we provide a simplified overview about cryptanalytic results in The SHA-3 Zoo. We only consider cryptanalytic results that have not been performed by the designers themselves and are included in the initial proposal. Exceptions are cryptanalytic results by non-designers and cryptanalytic results by designers that are not mentioned in the proposal. | ||
+ | |||
+ | |||
+ | {| border="1" cellpadding="4" cellspacing="0" align="center" class="wikitable" style="text-align:center" | ||
+ | |- style="background:#efefef;" | ||
+ | ! column !! Explanation | ||
+ | |- | ||
+ | | Attacks on Main NIST Requirements || In this column the best attack on collision, 2nd-preimage and preimage resistant is shown. To give a quick overview of the complexity of the best attack, the cells are labeled with different colors. | ||
+ | |- | ||
+ | | Attacks on other Hash Requirements || Additional requirements for a hash function not unambiguously specified by NIST yet. | ||
+ | |- | ||
+ | | Attacks on Claims by Designer || Some designers specify additional requirements of their hash functions. Attacks on these requirements are shown in this column since they do not contradict the NIST call. | ||
+ | |- | ||
+ | | External Cryptanalysis || This column should give an overview which hash functions have no external cryptanalytic results yet. | ||
+ | |- | ||
+ | |} | ||
+ | |||
+ | |||
+ | {| border="1" cellpadding="4" cellspacing="0" align="center" class="wikitable" style="text-align:center" | ||
+ | |- style="background:#efefef;" | ||
+ | ! width="100"| color !! Complexity of Result !! Explanation | ||
+ | |- | ||
+ | | style="background:greenyellow" | || compr. calls < generic || The number of compression function calls (or equivalents) is below generic attacks for collision, 2nd preimage or preimage. The complexity of the attack is very close to generic attacks and is therefore of lesser relevance. | ||
+ | |- | ||
+ | | style="background:yellow" | || compr. calls < generic - n || The number of compression function calls is below generic attacks reduced by a factor of n (hash size) for collision, 2nd preimage or preimage. Attacks in this simple model neglect memory considerations. However, attacks of this type to not exist for the SHA-2 hash functions. | ||
+ | |- | ||
+ | | style="background:orange" | || time*memory < generic || The time*memory product is below generic attacks for collision, 2nd preimage or preimage. | ||
+ | |- | ||
+ | | style="background:red" | || practical example || A practical example is given for the attack on this hash function. This is an extra category since practical examples improve the confidence in an attack. | ||
+ | |- | ||
+ | |} |
Revision as of 09:27, 24 December 2008
For presentation reasons, we provide a simplified overview about cryptanalytic results in The SHA-3 Zoo. We only consider cryptanalytic results that have not been performed by the designers themselves and are included in the initial proposal. Exceptions are cryptanalytic results by non-designers and cryptanalytic results by designers that are not mentioned in the proposal.
column | Explanation |
---|---|
Attacks on Main NIST Requirements | In this column the best attack on collision, 2nd-preimage and preimage resistant is shown. To give a quick overview of the complexity of the best attack, the cells are labeled with different colors. |
Attacks on other Hash Requirements | Additional requirements for a hash function not unambiguously specified by NIST yet. |
Attacks on Claims by Designer | Some designers specify additional requirements of their hash functions. Attacks on these requirements are shown in this column since they do not contradict the NIST call. |
External Cryptanalysis | This column should give an overview which hash functions have no external cryptanalytic results yet. |
color | Complexity of Result | Explanation |
---|---|---|
compr. calls < generic | The number of compression function calls (or equivalents) is below generic attacks for collision, 2nd preimage or preimage. The complexity of the attack is very close to generic attacks and is therefore of lesser relevance. | |
compr. calls < generic - n | The number of compression function calls is below generic attacks reduced by a factor of n (hash size) for collision, 2nd preimage or preimage. Attacks in this simple model neglect memory considerations. However, attacks of this type to not exist for the SHA-2 hash functions. | |
time*memory < generic | The time*memory product is below generic attacks for collision, 2nd preimage or preimage. | |
practical example | A practical example is given for the attack on this hash function. This is an extra category since practical examples improve the confidence in an attack. |