Difference between revisions of "Dynamic SHA"

From The ECRYPT Hash Function Website
m (Cryptanalysis)
m ("224/256" chaned to "224,256" etc.)
 
(4 intermediate revisions by the same user not shown)
Line 25: Line 25:
 
| Type of Analysis || Hash Function Part || Hash Size (n) || Parameters/Variants || Compression Function Calls || Memory Requirements ||  Reference  
 
| Type of Analysis || Hash Function Part || Hash Size (n) || Parameters/Variants || Compression Function Calls || Memory Requirements ||  Reference  
 
|-
 
|-
| style="background:orange" | collision|| hash || 256||  || 2<sup>114</sup> || - || [http://ehash.iaik.tugraz.at/uploads/c/c2/Dsha.pdf Indesteege]
+
| length-extension || hash || all ||  || - || - || [http://ehash.iaik.tugraz.at/uploads/e/e7/Dynamic-sha_length-extension.txt Klima]
 +
|-
 +
| style="background:red" | collision|| hash || 256||  || 2<sup>23</sup> || - || [http://homes.esat.kuleuven.be/~sindeste/dsha.html Indesteege]
 
|-                   
 
|-                   
| style="background:orange" | collision|| hash || 512||  || 2<sup>170</sup> || - || [http://ehash.iaik.tugraz.at/uploads/c/c2/Dsha.pdf Indesteege]
+
| style="background:red" | collision|| hash || 512||  || 2<sup>24</sup> || - || [http://homes.esat.kuleuven.be/~sindeste/dsha.html Indesteege]
 
|-     
 
|-     
| preimage|| compression|| 256||  || 2<sup>216</sup> || - || [http://ehash.iaik.tugraz.at/uploads/c/c2/Dsha.pdf Indesteege]
+
| style="background:orange" | 2nd preimage || hash || 224,256 ||  || 2<sup>216</sup> || - || [http://eprint.iacr.org/2009/184.pdf Aumasson,Dunkelman,Indesteege,Preneel]
|-    
+
|-
| preimage|| compression|| 512||  || 2<sup>256</sup> || - || [http://ehash.iaik.tugraz.at/uploads/c/c2/Dsha.pdf Indesteege]
+
| style="background:orange" | 2nd preimage || hash || 384,512 ||  || 2<sup>256</sup> || - || [http://eprint.iacr.org/2009/184.pdf Aumasson,Dunkelman,Indesteege,Preneel]
|-            
+
|- 
| length-extension || hash || all ||  || - || - || [http://ehash.iaik.tugraz.at/uploads/e/e7/Dynamic-sha_length-extension.txt Klima]
+
| style="background:orange" | preimage || hash || 224,256 ||  || 2<sup>225</sup> || - || [http://eprint.iacr.org/2009/184.pdf Aumasson,Dunkelman,Indesteege,Preneel]
|-                  
+
|-  
 +
| style="background:orange" | preimage || hash || 224,256 ||  || 2<sup>262</sup> || - || [http://eprint.iacr.org/2009/184.pdf Aumasson,Dunkelman,Indesteege,Preneel]
 +
|-                      
 
|}                     
 
|}                     
  
Line 41: Line 45:
  
 
<bibtex>
 
<bibtex>
@misc{DynamicSHAI09,
+
@misc{DynamicSHAK08,
 +
  author    = {Vlastimil Klima},
 +
  title    = {Dynamic SHA is vulnerable to generic attacks},
 +
  url = {http://ehash.iaik.tugraz.at/uploads/e/e7/Dynamic-sha_length-extension.txt},
 +
  howpublished = {OFFICIAL COMMENT (local link)},
 +
  year = {2008},
 +
}
 +
</bibtex>
 +
 
 +
<bibtex>
 +
@misc{DynamicSHAI09a,
 
   author    = {Sebastiaan Indesteege},
 
   author    = {Sebastiaan Indesteege},
   title    = {Cryptanalysis of Dynamic SHA},
+
   title    = {Practical Collisions for Dynamic SHA},
   url = {http://ehash.iaik.tugraz.at/uploads/c/c2/Dsha.pdf},
+
   url = {http://homes.esat.kuleuven.be/~sindeste/dsha.html},
   howpublished = {presentation slides available online (local link)},
+
   howpublished = {Available online},
 
   year = {2009},
 
   year = {2009},
 
}
 
}
Line 51: Line 65:
  
 
<bibtex>
 
<bibtex>
@misc{DynamicSHAK08,
+
@misc{DynamicSHA2ADIP09,
   author    = {Vlastimil Klima},
+
    author = {Jean-Philippe Aumasson and Orr Dunkelman and Sebastiaan Indesteege and Bart Preneel},
   title    = {Dynamic SHA is vulnerable to generic attacks},
+
    title = {Cryptanalysis of Dynamic SHA(2)},
   url = {http://ehash.iaik.tugraz.at/uploads/e/e7/Dynamic-sha_length-extension.txt},
+
    howpublished = {Cryptology ePrint Archive, Report 2009/184},
   howpublished = {OFFICIAL COMMENT (local link)},
+
    year = {2009},
   year = {2008},
+
    url = {http://eprint.iacr.org/2009/184.pdf},
 +
    note = {\url{http://eprint.iacr.org/}},
 +
    abstract = {In this paper, we analyze the hash functions Dynamic SHA
 +
and Dynamic SHA2, which have been selected as first round candidates
 +
in the NIST Hash Competition. These two hash functions rely heavily
 +
on data-dependent rotations, similar to the ones used in certain block ci-
 +
phers, e.g., RC5. Our analysis suggests that in the case of hash functions,
 +
where the attacker has more control over the rotations, this approach is
 +
less favorable, as we present practical, or close to practical, collision at-
 +
tacks on both Dynamic SHA and Dynamic SHA2. Moreover, we present
 +
a preimage attack on Dynamic SHA that is faster than exhaustive search.},
 +
}
 +
</bibtex>
 +
 
 +
 
 +
=== Archive ===
 +
 
 +
<bibtex>
 +
@misc{DynamicSHAI09,
 +
   author    = {Sebastiaan Indesteege},
 +
   title    = {Cryptanalysis of Dynamic SHA},
 +
   url = {http://ehash.iaik.tugraz.at/uploads/c/c2/Dsha.pdf},
 +
   howpublished = {FSE 2009 rump session, slides available online (local link)},
 +
   year = {2009},
 
}
 
}
 
</bibtex>
 
</bibtex>

Latest revision as of 13:57, 4 June 2009

1 The algorithm


Zijie Xu - Dynamic SHA

,2008
http://ehash.iaik.tugraz.at/uploads/e/e2/DyamicSHA.pdf
Bibtex
Author : Zijie Xu
Title : Dynamic SHA
In : -
Address :
Date : 2008


2 Cryptanalysis

Type of Analysis Hash Function Part Hash Size (n) Parameters/Variants Compression Function Calls Memory Requirements Reference
length-extension hash all - - Klima
collision hash 256 223 - Indesteege
collision hash 512 224 - Indesteege
2nd preimage hash 224,256 2216 - Aumasson,Dunkelman,Indesteege,Preneel
2nd preimage hash 384,512 2256 - Aumasson,Dunkelman,Indesteege,Preneel
preimage hash 224,256 2225 - Aumasson,Dunkelman,Indesteege,Preneel
preimage hash 224,256 2262 - Aumasson,Dunkelman,Indesteege,Preneel

A description of this table is given here.


Vlastimil Klima - Dynamic SHA is vulnerable to generic attacks

,2008
http://ehash.iaik.tugraz.at/uploads/e/e7/Dynamic-sha_length-extension.txt
Bibtex
Author : Vlastimil Klima
Title : Dynamic SHA is vulnerable to generic attacks
In : -
Address :
Date : 2008

Sebastiaan Indesteege - Practical Collisions for Dynamic SHA

,2009
http://homes.esat.kuleuven.be/~sindeste/dsha.html
Bibtex
Author : Sebastiaan Indesteege
Title : Practical Collisions for Dynamic SHA
In : -
Address :
Date : 2009

Jean-Philippe Aumasson, Orr Dunkelman, Sebastiaan Indesteege, Bart Preneel - Cryptanalysis of Dynamic SHA(2)

,2009
http://eprint.iacr.org/2009/184.pdf
Bibtex
Author : Jean-Philippe Aumasson, Orr Dunkelman, Sebastiaan Indesteege, Bart Preneel
Title : Cryptanalysis of Dynamic SHA(2)
In : -
Address :
Date : 2009


2.1 Archive

Sebastiaan Indesteege - Cryptanalysis of Dynamic SHA

,2009
http://ehash.iaik.tugraz.at/uploads/c/c2/Dsha.pdf
Bibtex
Author : Sebastiaan Indesteege
Title : Cryptanalysis of Dynamic SHA
In : -
Address :
Date : 2009