Difference between revisions of "Grindahl-256"

Revision as of 11:07, 11 March 2008

Lars R. Knudsen, Christian Rechberger, S\oren S. Thomsen - The Grindahl Hash Functions

FSE 4593:39-57,2007

Author : Lars R. Knudsen, Christian Rechberger, S\oren S. Thomsen
Title : The Grindahl Hash Functions
In : FSE -
Address :
Date : 2007

The best collision attack on Grindahl was published by Peyrin. It has complexity of about 2¹¹² hash evaluations.

Thomas Peyrin - Cryptanalysis of Grindahl

ASIACRYPT 4833:551-567,2007

Author : Thomas Peyrin
Title : Cryptanalysis of Grindahl
In : ASIACRYPT -
Address :
Date : 2007

@@ Line 1: / Line 1: @@
 == Specification ==
-<!--
 * digest size: 160 bits
 * max. message length: < 2<sup>64</sup> bits
 * compression function: 512-bit message block, 160-bit chaining variable
 * Specification:
--->
+<bibtex>
+@inproceedings{fseKnudsenRT07,
+  author    = {Lars R. Knudsen and Christian Rechberger and S{\o}ren S. Thomsen},
+  title     = {The Grindahl Hash Functions},
+  pages     = {39-57},
+  url        = {http://dx.doi.org/10.1007/978-3-540-74619-5_3},
+  editor    = {Alex Biryukov},
+  booktitle = {FSE},
+  publisher = {Springer},
+  series    = {LNCS},
+  volume    = {4593},
+  year      = {2007},
+  isbn      = {978-3-540-74617-1},
+  abstract  = {In this paper we propose the Grindahl hash functions,
+which are based on components of the Rijndael algorithm. To make collision
+search sufficiently difficult, this design has the important feature that
+no low-weight characteristics form collisions, and at the same time it limits
+access to the state. We propose two concrete hash functions, Grindahl-256
+and Grindahl-512 with claimed security levels with respect to collision,
+preimage and second preimage attacks of 2<sup>128</sup> and 2<sup>256</sup>, respectively. Both
+proposals have lower memory requirements than other hash functions at comparable speeds and security levels.},
+}
+</bibtex>
 == Cryptanalysis ==