Difference between revisions of "Fugue"
Mschlaeffer (talk | contribs) (separate cryptanalysis tables) |
Mschlaeffer (talk | contribs) m |
||
Line 31: | Line 31: | ||
We distinguish between two cases: results on the complete hash function, and results on underlying building blocks. | We distinguish between two cases: results on the complete hash function, and results on underlying building blocks. | ||
− | A description of the | + | |
+ | A description of the tables is given [http://ehash.iaik.tugraz.at/wiki/Cryptanalysis_Categories#Individual_Hash_Function_Tables here]. | ||
Revision as of 23:41, 29 January 2010
1 The algorithm
- Author(s): Shai Halevi and William E. Hall and Charanjit S. Jutla
- Website: http://domino.research.ibm.com/comm/research_projects.nsf/pages/fugue.index.html
- NIST submission package:
- round 1/2: Fugue_Round2_Update.zip (old versions: Fugue.zip, FugueUpdate.zip, Fugue_Round2.zip)
Shai Halevi, William E. Hall, Charanjit S. Jutla - The Hash Function Fugue
- ,2009
- http://domino.research.ibm.com/comm/research_projects.nsf/pages/fugue.index.html/$FILE/fugue_09.pdf
BibtexAuthor : Shai Halevi, William E. Hall, Charanjit S. Jutla
Title : The Hash Function Fugue
In : -
Address :
Date : 2009
Shai Halevi, William E. Hall, Charanjit S. Jutla - The Hash Function Fugue
- ,2008
- http://domino.research.ibm.com/comm/research_projects.nsf/pages/fugue.index.html/$FILE/NIST-submission-Oct08-fugue.pdf
BibtexAuthor : Shai Halevi, William E. Hall, Charanjit S. Jutla
Title : The Hash Function Fugue
In : -
Address :
Date : 2008
2 Cryptanalysis
We distinguish between two cases: results on the complete hash function, and results on underlying building blocks.
A description of the tables is given here.
2.1 Hash function
Here we list results on the actual hash function. The only allowed modification is to change the security parameter.
Recommended security parameters: (k,r,t) = (2,5,13) for (n=224,256); (k,r,t) = (3,5,13) for (n=384); (k,r,t) = (4,8,13) for (n=512)
2.2 Building blocks
Here we list results on underlying building blocks, and the hash function modified by other means than the security parameter.
Note that these results assume more direct control or access over some internal variables (aka. free-start, pseudo, compression function, block cipher, or permutation attacks).