Difference between revisions of "Grindahl-256"
From The ECRYPT Hash Function Website
Crechberger (talk | contribs) |
|||
| (11 intermediate revisions by 3 users not shown) | |||
| Line 1: | Line 1: | ||
== Specification == | == Specification == | ||
| − | + | * Specification: [http://www2.mat.dtu.dk/people/Lars.R.Knudsen/grindahl/ Web page of the Grindahl hash functions] | |
| − | * digest size: | + | |
| + | |||
| + | '''Grindahl-256''' | ||
| + | * digest size: 256 bits | ||
* max. message length: < 2<sup>64</sup> bits | * max. message length: < 2<sup>64</sup> bits | ||
| − | * compression function: | + | * compression function: 32-bit message block, 52 byte state |
| − | + | ||
| − | --> | + | |
| + | <bibtex> | ||
| + | @inproceedings{fseKnudsenRT07, | ||
| + | author = {Lars R. Knudsen and Christian Rechberger and Søren S. Thomsen}, | ||
| + | title = {The Grindahl Hash Functions}, | ||
| + | pages = {39-57}, | ||
| + | url = {http://dx.doi.org/10.1007/978-3-540-74619-5_3}, | ||
| + | editor = {Alex Biryukov}, | ||
| + | booktitle = {FSE}, | ||
| + | publisher = {Springer}, | ||
| + | series = {LNCS}, | ||
| + | volume = {4593}, | ||
| + | year = {2007}, | ||
| + | isbn = {978-3-540-74617-1}, | ||
| + | abstract = {In this paper we propose the Grindahl hash functions, | ||
| + | which are based on components of the Rijndael algorithm. To make collision | ||
| + | search sufficiently difficult, this design has the important feature that | ||
| + | no low-weight characteristics form collisions, and at the same time it limits | ||
| + | access to the state. We propose two concrete hash functions, Grindahl-256 | ||
| + | and Grindahl-512 with claimed security levels with respect to collision, | ||
| + | preimage and second preimage attacks of 2<sup>128</sup> and 2<sup>256</sup>, respectively. Both | ||
| + | proposals have lower memory requirements than other hash functions at comparable speeds and security levels.}, | ||
| + | } | ||
| + | </bibtex> | ||
== Cryptanalysis == | == Cryptanalysis == | ||
| Line 12: | Line 38: | ||
=== Best Known Results === | === Best Known Results === | ||
| − | + | The best collision attack on Grindahl-256 was published by Peyrin. It has complexity of about 2<sup>112</sup> hash evaluations. There are no known preimage-style attacks. | |
---- | ---- | ||
=== Generic Attacks === | === Generic Attacks === | ||
| − | * [[ | + | * Grindahl is not a design follwing the Merkle-Damgaard construction principle. [[GenericAttacksHash| Generic Attacks on Hash Functions]] |
| + | |||
---- | ---- | ||
Latest revision as of 21:32, 16 March 2008
Contents
1 Specification
- Specification: Web page of the Grindahl hash functions
Grindahl-256
- digest size: 256 bits
- max. message length: < 264 bits
- compression function: 32-bit message block, 52 byte state
Lars R. Knudsen, Christian Rechberger, Søren S. Thomsen - The Grindahl Hash Functions
- FSE 4593:39-57,2007
- http://dx.doi.org/10.1007/978-3-540-74619-5_3
BibtexAuthor : Lars R. Knudsen, Christian Rechberger, Søren S. Thomsen
Title : The Grindahl Hash Functions
In : FSE -
Address :
Date : 2007
2 Cryptanalysis
2.1 Best Known Results
The best collision attack on Grindahl-256 was published by Peyrin. It has complexity of about 2112 hash evaluations. There are no known preimage-style attacks.
2.2 Generic Attacks
- Grindahl is not a design follwing the Merkle-Damgaard construction principle. Generic Attacks on Hash Functions
2.3 Collision Attacks
Thomas Peyrin - Cryptanalysis of Grindahl
- ASIACRYPT 4833:551-567,2007
- http://dx.doi.org/10.1007/978-3-540-76900-2_34
BibtexAuthor : Thomas Peyrin
Title : Cryptanalysis of Grindahl
In : ASIACRYPT -
Address :
Date : 2007
