Difference between revisions of "FSB (SHA-3 submission)"
From The ECRYPT Hash Function Website
m (→The algorithm) |
Crechberger (talk | contribs) (Added Bernstein et al. implementation of generic attack against FSB) |
||
(One intermediate revision by one other user not shown) | |||
Line 4: | Line 4: | ||
* Website: [http://www-rocq.inria.fr/secret/CBCrypto/index.php?pg=fsb http://www-rocq.inria.fr/secret/CBCrypto/index.php?pg=fsb] | * Website: [http://www-rocq.inria.fr/secret/CBCrypto/index.php?pg=fsb http://www-rocq.inria.fr/secret/CBCrypto/index.php?pg=fsb] | ||
* NIST submission package: [http://csrc.nist.gov/groups/ST/hash/sha-3/Round1/documents/FSB.zip FSB.zip] | * NIST submission package: [http://csrc.nist.gov/groups/ST/hash/sha-3/Round1/documents/FSB.zip FSB.zip] | ||
− | + | ||
<bibtex> | <bibtex> | ||
Line 15: | Line 15: | ||
} | } | ||
</bibtex> | </bibtex> | ||
+ | |||
== Cryptanalysis == | == Cryptanalysis == | ||
− | + | <bibtex> | |
+ | @misc{cryptoeprint:2009:292, | ||
+ | author = {Daniel J. Bernstein and Tanja Lange and Christiane Peters and Ruben Niederhagen and Peter Schwabe}, | ||
+ | title = {Implementing Wagner's generalized birthday attack against the SHA-3 candidate FSB}, | ||
+ | howpublished = {Cryptology ePrint Archive, Report 2009/292}, | ||
+ | year = {2009}, | ||
+ | note = {\url{http://eprint.iacr.org/}}, | ||
+ | url = {http://eprint.iacr.org/2009/292.pdf}, | ||
+ | abstract = {The hash function FSB is one of the candidates submitted to NIST's competition to find the new standard hash function, SHA-3. The compression function of FSB is based on error correcting codes. In this paper we show how to use Wagner's generalized birthday attack to find collisions in FSB's compression function. In particular, we present details on our implementation attacking FSB_48, a toy version of FSB which was proposed by the FSB submitters as a training case for FSB. Our attack does not make use of any properties of the particular linear code used within FSB. FSB_48 was chosen as a target where generalized birthday attacks would be one of the strongest attacks and which could be attacked in practice. | ||
+ | |||
+ | We show how to adapt this attack so that it runs on our computer cluster of only 10 PCs which provides far less memory than the usual implementation of generalized birthday attacks would require. This situation is very interesting for estimating the security of systems against distributed attacks using contributed off-the-shelf PCs. | ||
+ | |||
+ | For the SHA-3 competition this result is meaningful in that it allows to assess the security of FSB against the strongest non-structural attack; it does not provide any insight in the security of this particular choice of linear code. } | ||
+ | } | ||
+ | } | ||
+ | </bibtex> |
Latest revision as of 14:20, 20 July 2009
1 The algorithm
- Author(s): Daniel Augot, Matthieu Finiasz, Philippe Gaborit, Stéphane Manuel, Nicolas Sendrier
- Website: http://www-rocq.inria.fr/secret/CBCrypto/index.php?pg=fsb
- NIST submission package: FSB.zip
Daniel Augot, Matthieu Finiasz, Philippe Gaborit, Stéphane Manuel, Nicolas Sendrier - SHA-3 proposal: FSB
- ,2008
- http://www-rocq.inria.fr/secret/CBCrypto/fsbdoc.pdf
BibtexAuthor : Daniel Augot, Matthieu Finiasz, Philippe Gaborit, Stéphane Manuel, Nicolas Sendrier
Title : SHA-3 proposal: FSB
In : -
Address :
Date : 2008
2 Cryptanalysis
Daniel J. Bernstein, Tanja Lange, Christiane Peters, Ruben Niederhagen, Peter Schwabe - Implementing Wagner's generalized birthday attack against the SHA-3 candidate FSB