Difference between revisions of "ECHO"

From The ECRYPT Hash Function Website
m
(separate cryptanalysis tables)
Line 26: Line 26:
 
}
 
}
 
</bibtex>
 
</bibtex>
 +
  
 
== Cryptanalysis ==
 
== Cryptanalysis ==
 +
 +
We distinguish between two cases: results on the complete hash function, and results on underlying building blocks.
 +
A description of the following tables is given [http://ehash.iaik.tugraz.at/wiki/Cryptanalysis_Categories#Individual_Hash_Function_Tables here].
 +
 +
 +
=== Hash function ===
 +
 +
Here we list results on the actual hash function. The only allowed modification is to change the security parameter.
 +
 +
Recommended security parameters: '''8''' rounds (n=224,256); '''10''' rounds (n=384,512)
 +
 +
 +
=== Building blocks ===
 +
 +
Here we list results on underlying building blocks, and the hash function modified by other means than the security parameter.
 +
 +
Note that these results assume more direct control or access over some internal variables (aka. free-start, pseudo, compression function, block cipher, or permutation attacks).
  
 
{| border="1" cellpadding="4" cellspacing="0" class="wikitable" style="text-align:center"                   
 
{| border="1" cellpadding="4" cellspacing="0" class="wikitable" style="text-align:center"                   
Line 37: Line 55:
 
|}   
 
|}   
 
                
 
                
A description of this table is given [http://ehash.iaik.tugraz.at/wiki/Cryptanalysis_Categories#Individual_Hash_Function_Tables here].
+
 
  
  

Revision as of 21:41, 29 January 2010

1 The algorithm


Ryad Benadjila, Olivier Billet, Henri Gilbert, Gilles Macario-Rat, Thomas Peyrin, Matt Robshaw, Yannick Seurin - SHA-3 Proposal: ECHO

,2009
http://crypto.rd.francetelecom.com/echo/doc/echo_description_1-5.pdf
Bibtex
Author : Ryad Benadjila, Olivier Billet, Henri Gilbert, Gilles Macario-Rat, Thomas Peyrin, Matt Robshaw, Yannick Seurin
Title : SHA-3 Proposal: ECHO
In : -
Address :
Date : 2009

Ryad Benadjila, Olivier Billet, Henri Gilbert, Gilles Macario-Rat, Thomas Peyrin, Matt Robshaw, Yannick Seurin - SHA-3 Proposal: ECHO

,2008
http://crypto.rd.francetelecom.com/echo/doc/echo_description.pdf
Bibtex
Author : Ryad Benadjila, Olivier Billet, Henri Gilbert, Gilles Macario-Rat, Thomas Peyrin, Matt Robshaw, Yannick Seurin
Title : SHA-3 Proposal: ECHO
In : -
Address :
Date : 2008


2 Cryptanalysis

We distinguish between two cases: results on the complete hash function, and results on underlying building blocks. A description of the following tables is given here.


2.1 Hash function

Here we list results on the actual hash function. The only allowed modification is to change the security parameter.

Recommended security parameters: 8 rounds (n=224,256); 10 rounds (n=384,512)


2.2 Building blocks

Here we list results on underlying building blocks, and the hash function modified by other means than the security parameter.

Note that these results assume more direct control or access over some internal variables (aka. free-start, pseudo, compression function, block cipher, or permutation attacks).

Type of Analysis Hash Function Part Hash Size (n) Parameters/Variants Compression Function Calls Memory Requirements Reference
distinguisher permutation all 7 rounds 2384 264 Mendel,Peyrin,Rechberger,Schläffer



Florian Mendel, Thomas Peyrin, Christian Rechberger, Martin Schläffer - Improved Cryptanalysis of the Reduced Grøstl Compression Function, ECHO Permutation and AES Block Cipher

SAC ,2009
http://online.tu-graz.ac.at/tug_online/voe_main2.getVollText?pDocumentNr=110408
Bibtex
Author : Florian Mendel, Thomas Peyrin, Christian Rechberger, Martin Schläffer
Title : Improved Cryptanalysis of the Reduced Grøstl Compression Function, ECHO Permutation and AES Block Cipher
In : SAC -
Address :
Date : 2009