Difference between revisions of "ESSENCE"
From The ECRYPT Hash Function Website
m (Updated results and BibTeX) |
m (Abstract corrected) |
||
Line 89: | Line 89: | ||
year = {2009}, | year = {2009}, | ||
note = {\url{http://eprint.iacr.org/}}, | note = {\url{http://eprint.iacr.org/}}, | ||
− | abstract = {ESSENCE is a hash function submitted to the NIST Hash Competition that stands out as a hardware-friendly and highly parallelizable design, and that has thus far remained unbroken. Preliminary analysis in its documentation argues that it resists standard differential cryptanalysis. This paper disproves this claim, showing that advanced techniques can be used to significantly reduce the cost of such attacks: using a manually found differential | + | abstract = {ESSENCE is a hash function submitted to the NIST Hash Competition that stands out as a hardware-friendly and highly parallelizable design, and that has thus far remained unbroken. Preliminary analysis in its documentation argues that it resists standard differential cryptanalysis. This paper disproves this claim, showing that advanced techniques can be used to significantly reduce the cost of such attacks: using a manually found differential path and a nontrivial search algorithm, we obtain shortcut collision attacks on the full ESSENCE-256 and ESSENCE-512, with respective complexities $2^{67.4}$ and $2^{134.7}$. As an aside, we show how to use these attacks for forging valid message/MAC pairs for HMAC-ESSENCE-256 and HMAC-ESSENCE-512, essentially at the same cost as a collision.}, |
} | } |
Revision as of 17:50, 10 September 2009
1 The algorithm
- Authors: Jason Worth Martin
- Website: http://www.math.jmu.edu/~martin/essence/
- NIST submission package: ESSENCE.zip
Jason Worth Martin - ESSENCE: A Candidate Hashing Algorithm for the NIST Competition
- ,2008
- http://www.math.jmu.edu/~martin/essence/Supporting_Documentation/essence_NIST.pdf
BibtexAuthor : Jason Worth Martin
Title : ESSENCE: A Candidate Hashing Algorithm for the NIST Competition
In : -
Address :
Date : 2008
Jason Worth Martin - ESSENCE: A Family of Cryptographic Hashing Algorithms
- ,2008
- http://www.math.jmu.edu/~martin/essence/Supporting_Documentation/essence_compression.pdf
BibtexAuthor : Jason Worth Martin
Title : ESSENCE: A Family of Cryptographic Hashing Algorithms
In : -
Address :
Date : 2008
Jason Worth Martin - ESSENCE: Errata
- ,2008
- http://www.math.jmu.edu/~martin/essence/Supporting_Documentation/essence_errata.pdf
BibtexAuthor : Jason Worth Martin
Title : ESSENCE: Errata
In : -
Address :
Date : 2008
2 Cryptanalysis
Type of Analysis | Hash Function Part | Hash Size (n) | Parameters/Variants | Compression Function Calls | Memory Requirements | Reference |
observation | compression function | all | - | - | Mouha,Thomsen,Turan | |
observation | compression function | all | - | - | Mouha et al. | |
key recovery | block cipher | 256 | 14 rounds | 2225 | - | Mouha et al. |
key recovery | block cipher | 512 | 14 rounds | 2450 | - | Mouha et al. |
pseudo-collision | hash | 512 | 31 rounds | 2254.6 | - | Mouha et al. |
collision | hash | 224/256 | 267.4 | - | Naya-Plasencia et al. | |
collision | hash | 384/512 | 2134.7 | - | Naya-Plasencia et al. |
A description of this table is given here.
Nicky Mouha, Søren S. Thomsen, Meltem Sönmez Turan - Observations of non-randomness in the ESSENCE compression function
- ,2009
- http://www.mat.dtu.dk/people/S.Thomsen/essence/Essence-obs.pdf
BibtexAuthor : Nicky Mouha, Søren S. Thomsen, Meltem Sönmez Turan
Title : Observations of non-randomness in the ESSENCE compression function
In : -
Address :
Date : 2009
Nicky Mouha, Gautham Sekar, Jean-Philippe Aumasson, Thomas Peyrin, Søren S. Thomsen, Meltem Sönmez Turan, Bart Preneel - Cryptanalysis of the ESSENCE Family of Hash Functions
- ,2009
- http://www.nickymouha.be/papers/Essence-MouhaSekar.pdf
BibtexAuthor : Nicky Mouha, Gautham Sekar, Jean-Philippe Aumasson, Thomas Peyrin, Søren S. Thomsen, Meltem Sönmez Turan, Bart Preneel
Title : Cryptanalysis of the ESSENCE Family of Hash Functions
In : -
Address :
Date : 2009
<bibtex> @misc{essenceNRALLMP09,
author = {María Naya-Plasencia and Andrea Röck and Jean-Philippe Aumasson and Yann Laigle-Chapuy and Gaëtan Leurent and Willi Meier and Thomas Peyrin}, title = {Cryptanalysis of ESSENCE}, howpublished = {Cryptology ePrint Archive, Report 2009/302}, year = {2009}, note = {\url{http://eprint.iacr.org/}}, abstract = {ESSENCE is a hash function submitted to the NIST Hash Competition that stands out as a hardware-friendly and highly parallelizable design, and that has thus far remained unbroken. Preliminary analysis in its documentation argues that it resists standard differential cryptanalysis. This paper disproves this claim, showing that advanced techniques can be used to significantly reduce the cost of such attacks: using a manually found differential path and a nontrivial search algorithm, we obtain shortcut collision attacks on the full ESSENCE-256 and ESSENCE-512, with respective complexities $2^{67.4}$ and $2^{134.7}$. As an aside, we show how to use these attacks for forging valid message/MAC pairs for HMAC-ESSENCE-256 and HMAC-ESSENCE-512, essentially at the same cost as a collision.},
}