Difference between revisions of "Hamsi"
From The ECRYPT Hash Function Website
Mschlaeffer (talk | contribs) m |
Crechberger (talk | contribs) (New result on Hamsi: Message Recovery and Pseudo-Preimage Attacks on the Compression Function of Hamsi-256) |
||
| Line 34: | Line 34: | ||
A description of the tables is given [http://ehash.iaik.tugraz.at/wiki/Cryptanalysis_Categories#Individual_Hash_Function_Tables here]. | A description of the tables is given [http://ehash.iaik.tugraz.at/wiki/Cryptanalysis_Categories#Individual_Hash_Function_Tables here]. | ||
| + | Recommended security parameters: '''(3,6)''' P,P<sub>f</sub> rounds (n=224,256); '''(6,12)''' P,P<sub>f</sub> rounds (n=384,512). | ||
=== Hash function === | === Hash function === | ||
| Line 39: | Line 40: | ||
Here we list results on the actual hash function. The only allowed modification is to change the security parameter. | Here we list results on the actual hash function. The only allowed modification is to change the security parameter. | ||
| − | + | ||
{| border="1" cellpadding="4" cellspacing="0" class="wikitable" style="text-align:center" | {| border="1" cellpadding="4" cellspacing="0" class="wikitable" style="text-align:center" | ||
| Line 73: | Line 74: | ||
|- | |- | ||
| | near-collision || compression function || 224, 256 || 5 rounds || 2<sup>125</sup> || || [http://eprint.iacr.org/2009/484.pdf Wang,Wang,Jia,Wang] | | | near-collision || compression function || 224, 256 || 5 rounds || 2<sup>125</sup> || || [http://eprint.iacr.org/2009/484.pdf Wang,Wang,Jia,Wang] | ||
| + | |- | ||
| + | | | message-recovery || compression function || 224, 256 || 3 rounds || 2<sup>10.48</sup> || || [http://eprint.iacr.org/2010/057.pdf Calik,Turan] | ||
| + | |- | ||
| + | | | pseudo-2nd-preimage || hash function || 256 || (3,6) rounds || 2<sup>254.25</sup> || || [http://eprint.iacr.org/2010/057.pdf Calik,Turan] | ||
|- | |- | ||
|} | |} | ||
| Line 119: | Line 124: | ||
url = {http://eprint.iacr.org/2009/484.pdf}, | url = {http://eprint.iacr.org/2009/484.pdf}, | ||
abstract = {Hamsi-256 is designed by Özgül Kücük and it has been a candidate Hash function for the second round of SHA-3. The compression function of Hamsi-256 maps a 256-bit chaining value and a 32-bit message to a new 256-bit chaining value. As hashing a message, Hamsi-256 operates 3-round except for the last message it operates 6-round. In this paper, we will give the pseudo-near-collision for 5-round Hamsi-256. By the message modifying, the pseudo-near-collision for 3, 4 and 5 rounds can be found with $2^5$, $2^{32}$ and $2^{125}$ compression function computations respectively.}, | abstract = {Hamsi-256 is designed by Özgül Kücük and it has been a candidate Hash function for the second round of SHA-3. The compression function of Hamsi-256 maps a 256-bit chaining value and a 32-bit message to a new 256-bit chaining value. As hashing a message, Hamsi-256 operates 3-round except for the last message it operates 6-round. In this paper, we will give the pseudo-near-collision for 5-round Hamsi-256. By the message modifying, the pseudo-near-collision for 3, 4 and 5 rounds can be found with $2^5$, $2^{32}$ and $2^{125}$ compression function computations respectively.}, | ||
| + | } | ||
| + | </bibtex> | ||
| + | |||
| + | <bibtex> | ||
| + | @misc{hamsiWWJW09, | ||
| + | author = {Cagdas Calik and Meltem Sonmez Turan}, | ||
| + | title = {Message Recovery and Pseudo-Preimage Attacks on the Compression Function of Hamsi-256}, | ||
| + | howpublished = {Cryptology ePrint Archive, Report 2010/057}}, | ||
| + | year = {2010}, | ||
| + | note = {\url{http://eprint.iacr.org/}}, | ||
| + | url = {http://eprint.iacr.org/2010/057.pdf}, | ||
| + | abstract = {Hamsi is one of the second round candidates of the SHA-3 | ||
| + | competition. In this study, we present non-random differential proper- | ||
| + | ties for the compression function of the hash function Hamsi-256. Based | ||
| + | on these properties, we first demonstrate a distinguishing attack that | ||
| + | requires a few evaluations of the compression function and extend the | ||
| + | distinguisher to 5 rounds with complexity 2^83 . Then, we present a mes- | ||
| + | sage recovery attack with complexity of 2^10.48 compression function evaluations. Also, we present a pseudo-preimage attack for the compression | ||
| + | function with complexity 2^254.25 . The pseudo-preimage attack on the | ||
| + | compression function is easily converted to a pseudo second preimage | ||
| + | attack on Hamsi-256 hash function with the same complexity.}, | ||
} | } | ||
</bibtex> | </bibtex> | ||
Revision as of 21:04, 15 February 2010
1 The algorithm
- Author(s): Özgül Kücük
- Website: http://homes.esat.kuleuven.be/~okucuk/hamsi/
- NIST submission package:
- round 1/2: Hamsi_Round2.zip (old versions: Hamsi.zip, HamsiUpdate.zip)
Özgül Kücük - The Hash Function Hamsi
- ,2009
- http://www.cosic.esat.kuleuven.be/publications/article-1203.pdf
BibtexAuthor : Özgül Kücük
Title : The Hash Function Hamsi
In : -
Address :
Date : 2009
Özgül Kücük - The Hash Function Hamsi
- ,2008
- http://ehash.iaik.tugraz.at/uploads/9/95/Hamsi.pdf
BibtexAuthor : Özgül Kücük
Title : The Hash Function Hamsi
In : -
Address :
Date : 2008
2 Cryptanalysis
We distinguish between two cases: results on the complete hash function, and results on underlying building blocks.
A description of the tables is given here.
Recommended security parameters: (3,6) P,Pf rounds (n=224,256); (6,12) P,Pf rounds (n=384,512).
2.1 Hash function
Here we list results on the actual hash function. The only allowed modification is to change the security parameter.
| Type of Analysis | Hash Function Part | Hash Size (n) | Parameters/Variants | Compression Function Calls | Memory Requirements | Reference |
2.2 Building blocks
Here we list results on underlying building blocks, and the hash function modified by other means than the security parameter.
Note that these results assume more direct control or access over some internal variables (aka. free-start, pseudo, compression function, block cipher, or permutation attacks).
| Type of Analysis | Hash Function Part | Hash Size (n) | Parameters/Variants | Compression Function Calls | Memory Requirements | Reference |
| non-randomness | compression function | 224, 256 | 5 rounds | Aumasson | ||
| near-collision | compression function | 224, 256 | 3 rounds | 221 | Nikolic | |
| distinguisher | compression function | 224, 256 | 6 rounds | 227 | Aumasson,Meier | |
| distinguisher | compression function | 384, 512 | 12 rounds | 2729 | Aumasson,Meier | |
| near-collision | compression function | 224, 256 | 3 rounds | 25 | Wang,Wang,Jia,Wang | |
| near-collision | compression function | 224, 256 | 4 rounds | 232 | Wang,Wang,Jia,Wang | |
| near-collision | compression function | 224, 256 | 5 rounds | 2125 | Wang,Wang,Jia,Wang | |
| message-recovery | compression function | 224, 256 | 3 rounds | 210.48 | Calik,Turan | |
| pseudo-2nd-preimage | hash function | 256 | (3,6) rounds | 2254.25 | Calik,Turan |
Jean-Philippe Aumasson - On the pseudorandomness of Hamsi
- ,2009
- http://ehash.iaik.tugraz.at/uploads/d/db/Hamsi_nonrandomness.txt
BibtexAuthor : Jean-Philippe Aumasson
Title : On the pseudorandomness of Hamsi
In : -
Address :
Date : 2009
Ivica Nikolic - Near Collisions for the Compression Function of Hamsi-256
- ,2009
- http://rump2009.cr.yp.to/936779b3afb9b48a404b487d6865091d.pdf
BibtexAuthor : Ivica Nikolic
Title : Near Collisions for the Compression Function of Hamsi-256
In : -
Address :
Date : 2009
Jean-Philippe Aumasson, Willi Meier - Zero-sum distinguishers for reduced Keccak-f and for the core functions of Luffa and Hamsi
- ,2009
- http://www.131002.net/data/papers/AM09.pdf
BibtexAuthor : Jean-Philippe Aumasson, Willi Meier
Title : Zero-sum distinguishers for reduced Keccak-f and for the core functions of Luffa and Hamsi
In : -
Address :
Date : 2009
Meiqin Wang, Xiaoyun Wang, Keting Jia, Wei Wang - New Pseudo-Near-Collision Attack on Reduced-Round of Hamsi-256
- ,2009
- http://eprint.iacr.org/2009/484.pdf
BibtexAuthor : Meiqin Wang, Xiaoyun Wang, Keting Jia, Wei Wang
Title : New Pseudo-Near-Collision Attack on Reduced-Round of Hamsi-256
In : -
Address :
Date : 2009
Cagdas Calik, Meltem Sonmez Turan - Message Recovery and Pseudo-Preimage Attacks on the Compression Function of Hamsi-256
