Difference between revisions of "Groestl"

Revision as of 13:57, 10 September 2009

1 The algorithm

Author(s): Praveen Gauravaram, Lars R. Knudsen, Krystian Matusiewicz, Florian Mendel, Christian Rechberger, Martin Schläffer, Søren S. Thomsen
Website: http://www.groestl.info
NIST submission package: Grostl.zip

Praveen Gauravaram, Lars R. Knudsen, Krystian Matusiewicz, Florian Mendel, Christian Rechberger, Martin Schläffer, Søren S. Thomsen - Grøstl -- a SHA-3 candidate

,2008

http://www.groestl.info/Groestl.pdf
Bibtex

Author : Praveen Gauravaram, Lars R. Knudsen, Krystian Matusiewicz, Florian Mendel, Christian Rechberger, Martin Schläffer, Søren S. Thomsen
Title : Grøstl -- a SHA-3 candidate
In : -
Address :
Date : 2008

2 Cryptanalysis

Type of Analysis	Hash Function Part	Hash Size (n)	Parameters/Variants	Compression Function Calls	Memory Requirements	Reference
observation	block cipher	all				Barreto
observation	hash	all				Kelsey
semi-free-start collision	compression	256	6 rounds	2¹²⁰	2⁶⁴	Mendel,Rechberger,Schläffer,Thomsen
semi-free-start collision	compression	256	6 rounds	2⁶⁴	2⁶⁴	Mendel,Peyrin,Rechberger,Schläffer
distinguisher	output transformation	256	7 rounds	2⁵⁶	-	Mendel,Peyrin,Rechberger,Schläffer
distinguisher	permutation	256	7 rounds	2⁵⁵	-	Mendel,Peyrin,Rechberger,Schläffer

A description of this table is given here.

Paulo S. L. M. Barreto - An observation on Grøstl

,2008

http://www.larc.usp.br/~pbarreto/Grizzly.pdf
Bibtex

Author : Paulo S. L. M. Barreto
Title : An observation on Grøstl
In : -
Address :
Date : 2008

John Kelsey - Some notes on Grøstl

,2009

http://ehash.iaik.tugraz.at/uploads/d/d0/Grostl-comment-april28.pdf
Bibtex

Author : John Kelsey
Title : Some notes on Grøstl
In : -
Address :
Date : 2009

Florian Mendel, Christian Rechberger, Martin Schläffer, Søren S. Thomsen - The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Grøstl

FSE 5665:260-276,2009

http://online.tu-graz.ac.at/tug_online/voe_main2.getVollText?pDocumentNr=107049
Bibtex

Author : Florian Mendel, Christian Rechberger, Martin Schläffer, Søren S. Thomsen
Title : The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Grøstl
In : FSE -
Address :
Date : 2009

Florian Mendel, Thomas Peyrin, Christian Rechberger, Martin Schläffer - Improved Cryptanalysis of the Reduced Grøstl Compression Function, ECHO Permutation and AES Block Cipher

SAC ,2009

http://online.tu-graz.ac.at/tug_online/voe_main2.getVollText?pDocumentNr=110408
Bibtex

Author : Florian Mendel, Thomas Peyrin, Christian Rechberger, Martin Schläffer
Title : Improved Cryptanalysis of the Reduced Grøstl Compression Function, ECHO Permutation and AES Block Cipher
In : SAC -
Address :
Date : 2009

@@ Line 29: / Line 29: @@
 | semi-free-start collision || compression || 256 || 6 rounds || 2<sup>120</sup> || 2<sup>64</sup> || [http://online.tu-graz.ac.at/tug_online/voe_main2.getVollText?pDocumentNr=107049 Mendel,Rechberger,Schläffer,Thomsen]
 |-
-| semi-free-start collision || compression || 256 || 6 rounds || 2<sup>64</sup> || 2<sup>64</sup> || [http://online.tu-graz.ac.at/tug_online/voe_main2.getVollText?pDocumentNr=106996 Mendel,Peyrin,Rechberger,Schläffer]
+| semi-free-start collision || compression || 256 || 6 rounds || 2<sup>64</sup> || 2<sup>64</sup> || [http://online.tu-graz.ac.at/tug_online/voe_main2.getVollText?pDocumentNr=110408 Mendel,Peyrin,Rechberger,Schläffer]
 |-
-| semi-free-start collision || compression || 256 || 7 rounds || 2<sup>112</sup> || 2<sup>64</sup> || [http://online.tu-graz.ac.at/tug_online/voe_main2.getVollText?pDocumentNr=106996 Mendel,Peyrin,Rechberger,Schläffer]
+| distinguisher || output transformation || 256 || 7 rounds || 2<sup>56</sup> || - || [http://online.tu-graz.ac.at/tug_online/voe_main2.getVollText?pDocumentNr=110408 Mendel,Peyrin,Rechberger,Schläffer]
 |-
-|}
+| distinguisher || permutation || 256 || 7 rounds || 2<sup>55</sup> || - || [http://online.tu-graz.ac.at/tug_online/voe_main2.getVollText?pDocumentNr=110408 Mendel,Peyrin,Rechberger,Schläffer]
+|-
+|}
 A description of this table is given [http://ehash.iaik.tugraz.at/wiki/Cryptanalysis_Categories#Individual_Hash_Function_Tables here].
@@ Line 82: / Line 84: @@
    author    = {Florian Mendel and Thomas Peyrin and Christian Rechberger and Martin Schläffer},
    title     = {Improved Cryptanalysis of the Reduced Grøstl Compression Function, ECHO Permutation and AES Block Cipher},
-   url = {http://online.tu-graz.ac.at/tug_online/voe_main2.getVollText?pDocumentNr=106996},
+   url = {http://online.tu-graz.ac.at/tug_online/voe_main2.getVollText?pDocumentNr=110408},
    booktitle  = {SAC},
    year       = {2009},
    note = {To appear}
-   abstract = {In this paper, we propose two new ways to mount attacks on the SHA-3 candidates Gr{\o}stl, and ECHO, and apply these attacks also to the AES. Our results improve upon and extend the rebound attack. Using the new techniques, we are able to extend the number of rounds in which available degrees of freedom can be used. As a result, we present the first attack on 7 rounds for the Gr{\o}stl-256 compression function, as well as an improved known-key distinguisher for 7 rounds of the AES block cipher and the internal permutation used in ECHO.}
+   abstract = {In this paper, we propose two new ways to mount attacks on the SHA-3 candidates Gr{\o}stl, and ECHO, and apply these attacks also to the AES. Our results improve upon and extend the rebound attack. Using the new techniques, we are able to extend the number of rounds in which available degrees of freedom can be used. As a result, we present the first attack on 7 rounds for the Gr{\o}stl-256 output transformation and improve the semi-free-start collision attack on 6 rounds. Further, we present an improved known-key distinguisher for 7 rounds of the AES block cipher and the internal permutation used in ECHO.}
 </bibtex>

Difference between revisions of "Groestl"

Revision as of 13:57, 10 September 2009

1 The algorithm

2 Cryptanalysis

Navigation menu

Views

Personal tools

Navigation

Search

Tools