Difference between revisions of "Grindahl-256"

From The ECRYPT Hash Function Website
 
 
(12 intermediate revisions by 3 users not shown)
Line 1: Line 1:
 
== Specification ==
 
== Specification ==
  
<!--  
+
* Specification: [http://www2.mat.dtu.dk/people/Lars.R.Knudsen/grindahl/ Web page of the Grindahl hash functions]
* digest size: 160 bits
+
 
 +
 
 +
'''Grindahl-256'''
 +
* digest size: 256 bits
 
* max. message length: < 2<sup>64</sup> bits
 
* max. message length: < 2<sup>64</sup> bits
* compression function: 512-bit message block, 160-bit chaining variable
+
* compression function: 32-bit message block, 52 byte state
* Specification:  
+
 
-->
+
 
 +
<bibtex>
 +
@inproceedings{fseKnudsenRT07,
 +
  author    = {Lars R. Knudsen and Christian Rechberger and S&oslash;ren S. Thomsen},
 +
  title    = {The Grindahl Hash Functions},
 +
  pages    = {39-57},
 +
  url        = {http://dx.doi.org/10.1007/978-3-540-74619-5_3},
 +
  editor    = {Alex Biryukov},
 +
  booktitle = {FSE},
 +
  publisher = {Springer},
 +
  series    = {LNCS},
 +
  volume    = {4593},
 +
  year      = {2007},
 +
  isbn      = {978-3-540-74617-1},
 +
  abstract  = {In this paper we propose the Grindahl hash functions,
 +
which are based on components of the Rijndael algorithm. To make collision
 +
search sufficiently difficult, this design has the important feature that
 +
no low-weight characteristics form collisions, and at the same time it limits
 +
access to the state. We propose two concrete hash functions, Grindahl-256
 +
and Grindahl-512 with claimed security levels with respect to collision,
 +
preimage and second preimage attacks of 2<sup>128</sup> and 2<sup>256</sup>, respectively. Both
 +
proposals have lower memory requirements than other hash functions at comparable speeds and security levels.},
 +
}
 +
</bibtex>
  
 
== Cryptanalysis ==
 
== Cryptanalysis ==
Line 12: Line 38:
  
 
=== Best Known Results ===
 
=== Best Known Results ===
 
+
The best collision attack on Grindahl-256 was published by Peyrin. It has complexity of about 2<sup>112</sup> hash evaluations. There are no known preimage-style attacks.
 
----
 
----
  
 
=== Generic Attacks ===
 
=== Generic Attacks ===
* [[GenericAttacksMerkleDamgaard| Generic Attacks on the Merkle-Damgaard Construction ]]
+
* Grindahl is not a design follwing the Merkle-Damgaard construction principle. [[GenericAttacksHash| Generic Attacks on Hash Functions]]
 +
 
  
 
----
 
----
  
 
=== Collision Attacks ===
 
=== Collision Attacks ===
 +
 +
<bibtex>
 +
@inproceedings{asiacryptPeyrin07,
 +
  author    = {Thomas Peyrin},
 +
  title    = {Cryptanalysis of Grindahl},
 +
  booktitle = {ASIACRYPT},
 +
  year      = {2007},
 +
  editor    = {Kaoru Kurosawa},
 +
  publisher = {Springer},
 +
  series    = {LNCS},
 +
  volume    = {4833},
 +
  isbn      = {978-3-540-76899-9},
 +
  pages    = {551-567},
 +
  url        = {http://dx.doi.org/10.1007/978-3-540-76900-2_34},
 +
  abstract =  {Due to recent breakthroughs in hash functions cryptanalysis, some new hash schemes have been proposed. Grindahl is a novel hash function, designed by Knudsen, Rechberger and Thomsen and published at FSE 2007. It has the particularity that it follows the Rijndael design strategy, with an efficiency comparable to SHA-256. This paper provides the first cryptanalytic work on this new scheme. We show that the 256-bit version of Grindahl is not collision resistant. With a work effort of approximatively $2^112$ hash computations, one can generate a collision.},
 +
}
 +
</bibtex>
  
 
----
 
----

Latest revision as of 21:32, 16 March 2008

1 Specification


Grindahl-256

  • digest size: 256 bits
  • max. message length: < 264 bits
  • compression function: 32-bit message block, 52 byte state


Lars R. Knudsen, Christian Rechberger, Søren S. Thomsen - The Grindahl Hash Functions

FSE 4593:39-57,2007
http://dx.doi.org/10.1007/978-3-540-74619-5_3
Bibtex
Author : Lars R. Knudsen, Christian Rechberger, Søren S. Thomsen
Title : The Grindahl Hash Functions
In : FSE -
Address :
Date : 2007

2 Cryptanalysis

2.1 Best Known Results

The best collision attack on Grindahl-256 was published by Peyrin. It has complexity of about 2112 hash evaluations. There are no known preimage-style attacks.


2.2 Generic Attacks



2.3 Collision Attacks

Thomas Peyrin - Cryptanalysis of Grindahl

ASIACRYPT 4833:551-567,2007
http://dx.doi.org/10.1007/978-3-540-76900-2_34
Bibtex
Author : Thomas Peyrin
Title : Cryptanalysis of Grindahl
In : ASIACRYPT -
Address :
Date : 2007

2.4 Second Preimage Attacks


2.5 Preimage Attacks


2.6 Others