Difference between revisions of "Groestl"
From The ECRYPT Hash Function Website
Mschlaeffer (talk | contribs) m |
Mschlaeffer (talk | contribs) (cryptanalysis of Grøstl added) |
||
| Line 24: | Line 24: | ||
|- | |- | ||
| observation || block cipher || all || || || || [http://www.larc.usp.br/~pbarreto/Grizzly.pdf Barreto] | | observation || block cipher || all || || || || [http://www.larc.usp.br/~pbarreto/Grizzly.pdf Barreto] | ||
| + | |- | ||
| + | | semi-free-start collision || compression || 256 || 6/10 rounds || 2<sup>120</sup> || 2<sup>64</sup> || [http://online.tu-graz.ac.at/tug_online/voe_main2.getVollText?pDocumentNr=99359 Mendel,Rechberger,Schläffer,Thomsen] | ||
|- | |- | ||
|} | |} | ||
| Line 39: | Line 41: | ||
abstract = {An alternative view of the Groestl SHA-3 submission is presented. It does not lead to an effective attack nor reveals a weakness in the design, but illustrates the importance of the double-width pipe in this construction.}, | abstract = {An alternative view of the Groestl SHA-3 submission is presented. It does not lead to an effective attack nor reveals a weakness in the design, but illustrates the importance of the double-width pipe in this construction.}, | ||
} | } | ||
| + | </bibtex> | ||
| + | |||
| + | <bibtex> | ||
| + | @misc{fseMRST09, | ||
| + | author = {Florian Mendel and Christian Rechberger and Martin Schläffer and Søren S. Thomsen}, | ||
| + | title = {The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Grøstl}, | ||
| + | url = {http://online.tu-graz.ac.at/tug_online/voe_main2.getVollText?pDocumentNr=99359}, | ||
| + | howpublished = {In Proceedings of FSE, Springer, To appear}, | ||
| + | year = {2009}, | ||
| + | abstract = {In this work, we propose the rebound attack, a new tool for the cryptanalysis of | ||
| + | hash functions. The idea of the rebound attack is to use the available degrees | ||
| + | of freedom in a collision attack to efficiently bypass the low probability parts | ||
| + | of a differential trail. The rebound attack consists of an inbound phase with a | ||
| + | match-in-the-middle part to exploit the available degrees of freedom, and a | ||
| + | subsequent probabilistic outbound phase. Especially on AES based hash | ||
| + | functions, the rebound attack leads to new attacks for a surprisingly high | ||
| + | number of rounds. | ||
| + | We use the rebound attack to construct collisions for 4.5 rounds of the 512-bit | ||
| + | hash function Whirlpool with a complexity of $2^{120}$ compression function | ||
| + | evaluations and negligible memory requirements. The attack can be extended to | ||
| + | a near-collision on 7.5 rounds of the compression function of Whirlpool and 8.5 | ||
| + | rounds of the similar hash function Maelstrom. Additionally, we apply the | ||
| + | rebound attack to the SHA-3 submission Grøstl, which leads to an attack on | ||
| + | 6 rounds of the Grøstl-256 compression function with a complexity of $2^{120}$ | ||
| + | and memory requirements of about $2^{64}$.} | ||
</bibtex> | </bibtex> | ||
Revision as of 11:17, 8 April 2009
1 The algorithm
- Author(s): Praveen Gauravaram, Lars R. Knudsen, Krystian Matusiewicz, Florian Mendel, Christian Rechberger, Martin Schläffer, Søren S. Thomsen
- Website: http://www.groestl.info
- NIST submission package: Grostl.zip
Praveen Gauravaram, Lars R. Knudsen, Krystian Matusiewicz, Florian Mendel, Christian Rechberger, Martin Schläffer, Søren S. Thomsen - Grøstl -- a SHA-3 candidate
- ,2008
- http://www.groestl.info/Groestl.pdf
BibtexAuthor : Praveen Gauravaram, Lars R. Knudsen, Krystian Matusiewicz, Florian Mendel, Christian Rechberger, Martin Schläffer, Søren S. Thomsen
Title : Grøstl -- a SHA-3 candidate
In : -
Address :
Date : 2008
2 Cryptanalysis
| Type of Analysis | Hash Function Part | Hash Size (n) | Parameters/Variants | Compression Function Calls | Memory Requirements | Reference |
| observation | block cipher | all | Barreto | |||
| semi-free-start collision | compression | 256 | 6/10 rounds | 2120 | 264 | Mendel,Rechberger,Schläffer,Thomsen |
A description of this table is given here.
Paulo S. L. M. Barreto - An observation on Grøstl
- ,2008
- http://www.larc.usp.br/~pbarreto/Grizzly.pdf
BibtexAuthor : Paulo S. L. M. Barreto
Title : An observation on Grøstl
In : -
Address :
Date : 2008
Florian Mendel, Christian Rechberger, Martin Schläffer, Søren S. Thomsen - The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Grøstl
