Difference between revisions of "ECHO"
Crechberger (talk | contribs) m |
Mschlaeffer (talk | contribs) m |
||
Line 65: | Line 65: | ||
|- | |- | ||
| distinguisher || permutation || all || 7 rounds || 2<sup>384</sup> || 2<sup>64</sup> || [http://online.tu-graz.ac.at/tug_online/voe_main2.getVollText?pDocumentNr=110408 Mendel,Peyrin,Rechberger,Schläffer] | | distinguisher || permutation || all || 7 rounds || 2<sup>384</sup> || 2<sup>64</sup> || [http://online.tu-graz.ac.at/tug_online/voe_main2.getVollText?pDocumentNr=110408 Mendel,Peyrin,Rechberger,Schläffer] | ||
+ | |- | ||
+ | | distinguisher || permutation || all || 7 rounds || 2<sup>896</sup> || 2<sup>896</sup> || [http://crypto.rd.francetelecom.com/echo/doc/echo_description_1-5.pdf submission document] | ||
|- | |- | ||
|} | |} |
Revision as of 00:48, 16 February 2010
1 The algorithm
- Author(s): Ryad Benadjila, Olivier Billet, Henri Gilbert, Gilles Macario-Rat, Thomas Peyrin, Matt Robshaw, Yannick Seurin
- Website: http://crypto.rd.francetelecom.com/echo/
- NIST submission package:
- round 1/2: ECHO_Round2.zip (old version ECHO.zip)
Ryad Benadjila, Olivier Billet, Henri Gilbert, Gilles Macario-Rat, Thomas Peyrin, Matt Robshaw, Yannick Seurin - SHA-3 Proposal: ECHO
- ,2009
- http://crypto.rd.francetelecom.com/echo/doc/echo_description_1-5.pdf
BibtexAuthor : Ryad Benadjila, Olivier Billet, Henri Gilbert, Gilles Macario-Rat, Thomas Peyrin, Matt Robshaw, Yannick Seurin
Title : SHA-3 Proposal: ECHO
In : -
Address :
Date : 2009
Ryad Benadjila, Olivier Billet, Henri Gilbert, Gilles Macario-Rat, Thomas Peyrin, Matt Robshaw, Yannick Seurin - SHA-3 Proposal: ECHO
- ,2008
- http://crypto.rd.francetelecom.com/echo/doc/echo_description.pdf
BibtexAuthor : Ryad Benadjila, Olivier Billet, Henri Gilbert, Gilles Macario-Rat, Thomas Peyrin, Matt Robshaw, Yannick Seurin
Title : SHA-3 Proposal: ECHO
In : -
Address :
Date : 2008
2 Cryptanalysis
We distinguish between two cases: results on the complete hash function, and results on underlying building blocks.
A description of the tables is given here.
2.1 Hash function
Here we list results on the hash function according to the NIST requirements. The only allowed modification is to change the security parameter.
Recommended security parameters: 8 rounds (n=224,256); 10 rounds (n=384,512)
Type of Analysis | Hash Size (n) | Parameters | Compression Function Calls | Memory Requirements | Reference |
2.2 Building blocks
Here we list results on underlying building blocks, and the hash function modified by other means than the security parameter.
Note that these results assume more direct control or access over some internal variables (aka. free-start, pseudo, compression function, block cipher, or permutation attacks).
Recommended security parameters: 8 rounds (n=224,256); 10 rounds (n=384,512)
Type of Analysis | Hash Function Part | Hash Size (n) | Parameters/Variants | Compression Function Calls | Memory Requirements | Reference |
distinguisher | permutation | all | 8 rounds | 2768 | 2512 | Gilbert,Peyrin |
distinguisher | permutation | all | 7 rounds | 2384 | 264 | Mendel,Peyrin,Rechberger,Schläffer |
distinguisher | permutation | all | 7 rounds | 2896 | 2896 | submission document |
Henri Gilbert, Thomas Peyrin - Super-Sbox Cryptanalysis: Improved Attacks for AES-like permutations
- FSE ,2010
- http://eprint.iacr.org/2009/531.pdf
BibtexAuthor : Henri Gilbert, Thomas Peyrin
Title : Super-Sbox Cryptanalysis: Improved Attacks for AES-like permutations
In : FSE -
Address :
Date : 2010
Florian Mendel, Thomas Peyrin, Christian Rechberger, Martin Schläffer - Improved Cryptanalysis of the Reduced Grøstl
Compression Function, ECHO Permutation and AES Block Cipher
- SAC 5867:16-35,2009
- http://online.tu-graz.ac.at/tug_online/voe_main2.getVollText?pDocumentNr=124407&pCurrPk=44420
BibtexAuthor : Florian Mendel, Thomas Peyrin, ChristianRechberger, Martin Schläffer
Compression Function, ECHO Permutation and AES Block Cipher
Title : Improved Cryptanalysis of the Reduced Grøstl
In : SAC -
Address :
Date : 2009