Difference between revisions of "Dynamic SHA2"
From The ECRYPT Hash Function Website
m |
m (Fixed eprint number) |
||
(8 intermediate revisions by 3 users not shown) | |||
Line 5: | Line 5: | ||
* Website: | * Website: | ||
--> | --> | ||
− | * NIST submission package: [http://csrc.nist.gov/groups/ST/hash/sha-3/Round1/documents/ | + | * NIST submission package: [http://csrc.nist.gov/groups/ST/hash/sha-3/Round1/documents/DynamicSHA_2.zip DyamicSHA2.zip] |
<bibtex> | <bibtex> | ||
− | @misc{ | + | @misc{sha3Xu08a, |
author = {Zijie Xu}, | author = {Zijie Xu}, | ||
title = {Dynamic SHA2}, | title = {Dynamic SHA2}, | ||
− | url = {}, | + | url = {http://ehash.iaik.tugraz.at/uploads/5/5b/DyamicSHA2.pdf}, |
howpublished = {Submission to NIST}, | howpublished = {Submission to NIST}, | ||
year = {2008}, | year = {2008}, | ||
} | } | ||
</bibtex> | </bibtex> | ||
+ | |||
== Cryptanalysis == | == Cryptanalysis == | ||
− | + | {| border="1" cellpadding="4" cellspacing="0" class="wikitable" style="text-align:center" | |
+ | |- style="background:#efefef;" | ||
+ | | Type of Analysis || Hash Function Part || Hash Size (n) || Parameters/Variants || Compression Function Calls || Memory Requirements || Reference | ||
+ | |- | ||
+ | | length-extension || hash || all || || - || - || [http://ehash.iaik.tugraz.at/uploads/0/0e/Dynamic-sha2_length-extension.txt Klima] | ||
+ | |- | ||
+ | | near-collision || compression || 224/256 || || 2<sup>45</sup> || - || [http://eprint.iacr.org/2009/179.pdf Yu,Wang] | ||
+ | |- | ||
+ | | near-collision || compression || 384/512 || || 2<sup>75</sup> || - || [http://eprint.iacr.org/2009/179.pdf Yu,Wang] | ||
+ | |- | ||
+ | | style="background:orange" | collision || hash || 224/256 || || 2<sup>51</sup> || - || [http://eprint.iacr.org/2009/184.pdf Aumasson,Dunkelman,Indesteege,Preneel] | ||
+ | |- | ||
+ | | style="background:orange" | collision || hash || 384/512 || || 2<sup>85</sup> || - || [http://eprint.iacr.org/2009/184.pdf Aumasson,Dunkelman,Indesteege,Preneel] | ||
+ | |- | ||
+ | |} | ||
+ | |||
+ | A description of this table is given [http://ehash.iaik.tugraz.at/wiki/Cryptanalysis_Categories#Individual_Hash_Function_Tables here]. | ||
+ | |||
+ | |||
+ | <bibtex> | ||
+ | @misc{DynamicSHA2K08, | ||
+ | author = {Vlastimil Klima}, | ||
+ | title = {Dynamic SHA2 is vulnerable to generic attacks}, | ||
+ | url = {http://ehash.iaik.tugraz.at/uploads/0/0e/Dynamic-sha2_length-extension.txt}, | ||
+ | howpublished = {OFFICIAL COMMENT (local link)}, | ||
+ | year = {2008}, | ||
+ | } | ||
+ | </bibtex> | ||
+ | |||
+ | <bibtex> | ||
+ | @misc{DynamicSHA2YW09, | ||
+ | author = {Hongbo Yu and Xiaoyun Wang}, | ||
+ | title = {Near-Collision Attack on the Compression Function of Dynamic SHA2}, | ||
+ | howpublished = {Cryptology ePrint Archive, Report 2009/179}, | ||
+ | year = {2009}, | ||
+ | url = {http://eprint.iacr.org/2009/179.pdf}, | ||
+ | note = {\url{http://eprint.iacr.org/}}, | ||
+ | abstract = {In this paper, we present a near-collision attack on the compression functions of Dynamic SHA2 for all the output sizes. For the Dynamic SHA2-224/256, the complexity is about $2^{45}$ operations and for the Dynamic SHA2-384/512, the complexity is about $2^{75}$.}, | ||
+ | } | ||
+ | </bibtex> | ||
+ | |||
+ | <bibtex> | ||
+ | @misc{DynamicSHA2ADIP09, | ||
+ | author = {Jean-Philippe Aumasson and Orr Dunkelman and Sebastiaan Indesteege and Bart Preneel}, | ||
+ | title = {Cryptanalysis of Dynamic SHA(2)}, | ||
+ | howpublished = {Cryptology ePrint Archive, Report 2009/184}, | ||
+ | year = {2009}, | ||
+ | url = {http://eprint.iacr.org/2009/184.pdf}, | ||
+ | note = {\url{http://eprint.iacr.org/}}, | ||
+ | abstract = {In this paper, we analyze the hash functions Dynamic SHA | ||
+ | and Dynamic SHA2, which have been selected as first round candidates | ||
+ | in the NIST Hash Competition. These two hash functions rely heavily | ||
+ | on data-dependent rotations, similar to the ones used in certain block ci- | ||
+ | phers, e.g., RC5. Our analysis suggests that in the case of hash functions, | ||
+ | where the attacker has more control over the rotations, this approach is | ||
+ | less favorable, as we present practical, or close to practical, collision at- | ||
+ | tacks on both Dynamic SHA and Dynamic SHA2. Moreover, we present | ||
+ | a preimage attack on Dynamic SHA that is faster than exhaustive search.}, | ||
+ | } | ||
+ | </bibtex> |
Latest revision as of 11:49, 3 May 2009
1 The algorithm
- Author(s): Zijie Xu
- NIST submission package: DyamicSHA2.zip
Zijie Xu - Dynamic SHA2
- ,2008
- http://ehash.iaik.tugraz.at/uploads/5/5b/DyamicSHA2.pdf
BibtexAuthor : Zijie Xu
Title : Dynamic SHA2
In : -
Address :
Date : 2008
2 Cryptanalysis
Type of Analysis | Hash Function Part | Hash Size (n) | Parameters/Variants | Compression Function Calls | Memory Requirements | Reference |
length-extension | hash | all | - | - | Klima | |
near-collision | compression | 224/256 | 245 | - | Yu,Wang | |
near-collision | compression | 384/512 | 275 | - | Yu,Wang | |
collision | hash | 224/256 | 251 | - | Aumasson,Dunkelman,Indesteege,Preneel | |
collision | hash | 384/512 | 285 | - | Aumasson,Dunkelman,Indesteege,Preneel |
A description of this table is given here.
Vlastimil Klima - Dynamic SHA2 is vulnerable to generic attacks
- ,2008
- http://ehash.iaik.tugraz.at/uploads/0/0e/Dynamic-sha2_length-extension.txt
BibtexAuthor : Vlastimil Klima
Title : Dynamic SHA2 is vulnerable to generic attacks
In : -
Address :
Date : 2008
Hongbo Yu, Xiaoyun Wang - Near-Collision Attack on the Compression Function of Dynamic SHA2
- ,2009
- http://eprint.iacr.org/2009/179.pdf
BibtexAuthor : Hongbo Yu, Xiaoyun Wang
Title : Near-Collision Attack on the Compression Function of Dynamic SHA2
In : -
Address :
Date : 2009
Jean-Philippe Aumasson, Orr Dunkelman, Sebastiaan Indesteege, Bart Preneel - Cryptanalysis of Dynamic SHA(2)