Difference between revisions of "Grindahl-256"
From The ECRYPT Hash Function Website
Crechberger (talk | contribs) |
|||
| (12 intermediate revisions by 3 users not shown) | |||
| Line 1: | Line 1: | ||
== Specification == | == Specification == | ||
| − | + | * Specification: [http://www2.mat.dtu.dk/people/Lars.R.Knudsen/grindahl/ Web page of the Grindahl hash functions] | |
| − | * digest size: | + | |
| + | |||
| + | '''Grindahl-256''' | ||
| + | * digest size: 256 bits | ||
* max. message length: < 2<sup>64</sup> bits | * max. message length: < 2<sup>64</sup> bits | ||
| − | * compression function: | + | * compression function: 32-bit message block, 52 byte state |
| − | + | ||
| − | --> | + | |
| + | <bibtex> | ||
| + | @inproceedings{fseKnudsenRT07, | ||
| + | author = {Lars R. Knudsen and Christian Rechberger and Søren S. Thomsen}, | ||
| + | title = {The Grindahl Hash Functions}, | ||
| + | pages = {39-57}, | ||
| + | url = {http://dx.doi.org/10.1007/978-3-540-74619-5_3}, | ||
| + | editor = {Alex Biryukov}, | ||
| + | booktitle = {FSE}, | ||
| + | publisher = {Springer}, | ||
| + | series = {LNCS}, | ||
| + | volume = {4593}, | ||
| + | year = {2007}, | ||
| + | isbn = {978-3-540-74617-1}, | ||
| + | abstract = {In this paper we propose the Grindahl hash functions, | ||
| + | which are based on components of the Rijndael algorithm. To make collision | ||
| + | search sufficiently difficult, this design has the important feature that | ||
| + | no low-weight characteristics form collisions, and at the same time it limits | ||
| + | access to the state. We propose two concrete hash functions, Grindahl-256 | ||
| + | and Grindahl-512 with claimed security levels with respect to collision, | ||
| + | preimage and second preimage attacks of 2<sup>128</sup> and 2<sup>256</sup>, respectively. Both | ||
| + | proposals have lower memory requirements than other hash functions at comparable speeds and security levels.}, | ||
| + | } | ||
| + | </bibtex> | ||
== Cryptanalysis == | == Cryptanalysis == | ||
| Line 12: | Line 38: | ||
=== Best Known Results === | === Best Known Results === | ||
| − | + | The best collision attack on Grindahl-256 was published by Peyrin. It has complexity of about 2<sup>112</sup> hash evaluations. There are no known preimage-style attacks. | |
---- | ---- | ||
=== Generic Attacks === | === Generic Attacks === | ||
| − | * [[ | + | * Grindahl is not a design follwing the Merkle-Damgaard construction principle. [[GenericAttacksHash| Generic Attacks on Hash Functions]] |
| + | |||
---- | ---- | ||
=== Collision Attacks === | === Collision Attacks === | ||
| + | |||
| + | <bibtex> | ||
| + | @inproceedings{asiacryptPeyrin07, | ||
| + | author = {Thomas Peyrin}, | ||
| + | title = {Cryptanalysis of Grindahl}, | ||
| + | booktitle = {ASIACRYPT}, | ||
| + | year = {2007}, | ||
| + | editor = {Kaoru Kurosawa}, | ||
| + | publisher = {Springer}, | ||
| + | series = {LNCS}, | ||
| + | volume = {4833}, | ||
| + | isbn = {978-3-540-76899-9}, | ||
| + | pages = {551-567}, | ||
| + | url = {http://dx.doi.org/10.1007/978-3-540-76900-2_34}, | ||
| + | abstract = {Due to recent breakthroughs in hash functions cryptanalysis, some new hash schemes have been proposed. Grindahl is a novel hash function, designed by Knudsen, Rechberger and Thomsen and published at FSE 2007. It has the particularity that it follows the Rijndael design strategy, with an efficiency comparable to SHA-256. This paper provides the first cryptanalytic work on this new scheme. We show that the 256-bit version of Grindahl is not collision resistant. With a work effort of approximatively $2^112$ hash computations, one can generate a collision.}, | ||
| + | } | ||
| + | </bibtex> | ||
---- | ---- | ||
Latest revision as of 21:32, 16 March 2008
Contents
1 Specification
- Specification: Web page of the Grindahl hash functions
Grindahl-256
- digest size: 256 bits
- max. message length: < 264 bits
- compression function: 32-bit message block, 52 byte state
Lars R. Knudsen, Christian Rechberger, Søren S. Thomsen - The Grindahl Hash Functions
- FSE 4593:39-57,2007
- http://dx.doi.org/10.1007/978-3-540-74619-5_3
BibtexAuthor : Lars R. Knudsen, Christian Rechberger, Søren S. Thomsen
Title : The Grindahl Hash Functions
In : FSE -
Address :
Date : 2007
2 Cryptanalysis
2.1 Best Known Results
The best collision attack on Grindahl-256 was published by Peyrin. It has complexity of about 2112 hash evaluations. There are no known preimage-style attacks.
2.2 Generic Attacks
- Grindahl is not a design follwing the Merkle-Damgaard construction principle. Generic Attacks on Hash Functions
2.3 Collision Attacks
Thomas Peyrin - Cryptanalysis of Grindahl
- ASIACRYPT 4833:551-567,2007
- http://dx.doi.org/10.1007/978-3-540-76900-2_34
BibtexAuthor : Thomas Peyrin
Title : Cryptanalysis of Grindahl
In : ASIACRYPT -
Address :
Date : 2007
