Difference between revisions of "Groestl"
Mschlaeffer (talk | contribs) (separate cryptanalysis tables) |
Mschlaeffer (talk | contribs) m |
||
| Line 31: | Line 31: | ||
We distinguish between two cases: results on the complete hash function, and results on underlying building blocks. | We distinguish between two cases: results on the complete hash function, and results on underlying building blocks. | ||
| − | A description of the | + | |
| + | A description of the tables is given [http://ehash.iaik.tugraz.at/wiki/Cryptanalysis_Categories#Individual_Hash_Function_Tables here]. | ||
Revision as of 23:42, 29 January 2010
1 The algorithm
- Author(s): Praveen Gauravaram, Lars R. Knudsen, Krystian Matusiewicz, Florian Mendel, Christian Rechberger, Martin Schläffer, Søren S. Thomsen
- Website: http://www.groestl.info
- NIST submission package:
- round 1/2: Grostl_Round2.zip (old version: Grostl.zip)
Praveen Gauravaram, Lars R. Knudsen, Krystian Matusiewicz, Florian Mendel, Christian Rechberger, Martin Schläffer, Søren S. Thomsen - Grøstl -- a SHA-3 candidate
- ,2008
- http://www.groestl.info/Groestl.pdf
BibtexAuthor : Praveen Gauravaram, Lars R. Knudsen, Krystian Matusiewicz, Florian Mendel, Christian Rechberger, Martin Schläffer, Søren S. Thomsen
Title : Grøstl -- a SHA-3 candidate
In : -
Address :
Date : 2008
Praveen Gauravaram, Lars R. Knudsen, Krystian Matusiewicz, Florian Mendel, Christian Rechberger, Martin Schläffer, Søren S. Thomsen - Grøstl Addendum
- ,2009
- http://groestl.info/Groestl-addendum.pdf
BibtexAuthor : Praveen Gauravaram, Lars R. Knudsen, Krystian Matusiewicz, Florian Mendel, Christian Rechberger, Martin Schläffer, Søren S. Thomsen
Title : Grøstl Addendum
In : -
Address :
Date : 2009
2 Cryptanalysis
We distinguish between two cases: results on the complete hash function, and results on underlying building blocks.
A description of the tables is given here.
2.1 Hash function
Here we list results on the actual hash function. The only allowed modification is to change the security parameter.
Recommended security parameters: 10 rounds (n=224,256); 14 rounds (n=384,512)
2.2 Building blocks
Here we list results on underlying building blocks, and the hash function modified by other means than the security parameter.
Note that these results assume more direct control or access over some internal variables (aka. free-start, pseudo, compression function, block cipher, or permutation attacks).
| Type of Analysis | Hash Function Part | Hash Size (n) | Parameters/Variants | Compression Function Calls | Memory Requirements | Reference |
| observation | block cipher | all | Barreto | |||
| observation | hash | all | Kelsey | |||
| semi-free-start collision | compression | 256 | 6 rounds | 2120 | 264 | Mendel,Rechberger,Schläffer,Thomsen |
| semi-free-start collision | compression | 256 | 6 rounds | 264 | 264 | Mendel,Peyrin,Rechberger,Schläffer |
| distinguisher | output transformation | 256 | 7 rounds | 256 | - | Mendel,Peyrin,Rechberger,Schläffer |
| distinguisher | permutation | 256 | 7 rounds | 255 | - | Mendel,Peyrin,Rechberger,Schläffer |
Paulo S. L. M. Barreto - An observation on Grøstl
- ,2008
- http://www.larc.usp.br/~pbarreto/Grizzly.pdf
BibtexAuthor : Paulo S. L. M. Barreto
Title : An observation on Grøstl
In : -
Address :
Date : 2008
John Kelsey - Some notes on Grøstl
- ,2009
- http://ehash.iaik.tugraz.at/uploads/d/d0/Grostl-comment-april28.pdf
BibtexAuthor : John Kelsey
Title : Some notes on Grøstl
In : -
Address :
Date : 2009
Florian Mendel, Christian Rechberger, Martin Schläffer, Søren S. Thomsen - The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Grøstl
- FSE 5665:260-276,2009
- http://online.tu-graz.ac.at/tug_online/voe_main2.getVollText?pDocumentNr=124409&pCurrPk=40943
BibtexAuthor : Florian Mendel, Christian Rechberger, Martin Schläffer, Søren S. Thomsen
Title : The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Grøstl
In : FSE -
Address :
Date : 2009
Florian Mendel, Thomas Peyrin, Christian Rechberger, Martin Schläffer - Improved Cryptanalysis of the Reduced Grøstl Compression Function, ECHO Permutation and AES Block Cipher
- SAC ,2009
- http://online.tu-graz.ac.at/tug_online/voe_main2.getVollText?pDocumentNr=124407&pCurrPk=44420
BibtexAuthor : Florian Mendel, Thomas Peyrin, Christian Rechberger, Martin Schläffer
Title : Improved Cryptanalysis of the Reduced Grøstl Compression Function, ECHO Permutation and AES Block Cipher
In : SAC -
Address :
Date : 2009
