Difference between revisions of "JH"
m (updated link to round 2 submission) |
Mschlaeffer (talk | contribs) (separate cryptanalysis tables) |
||
| Line 29: | Line 29: | ||
== Cryptanalysis == | == Cryptanalysis == | ||
| + | |||
| + | We distinguish between two cases: results on the complete hash function, and results on underlying building blocks. | ||
| + | |||
| + | A description of the tables is given [http://ehash.iaik.tugraz.at/wiki/Cryptanalysis_Categories#Individual_Hash_Function_Tables here]. | ||
| + | |||
| + | |||
| + | === Hash function === | ||
| + | |||
| + | Here we list results on the actual hash function. The only allowed modification is to change the security parameter. | ||
| + | |||
| + | Recommended security parameter: '''35.5''' rounds | ||
| + | |||
| + | {| border="1" cellpadding="4" cellspacing="0" class="wikitable" style="text-align:center" | ||
| + | |- style="background:#efefef;" | ||
| + | | Type of Analysis || Hash Size (n) || Parameters/Variants || Compression Function Calls || Memory Requirements || Reference | ||
| + | |- | ||
| + | | style="background:greenyellow" | preimage<sup>(1)</sup> || 512 || || 2<sup>510.3</sup> (+ 2<sup>524</sup> MA + 2<sup>524</sup> CMP) || 2<sup>510.3</sup> (Wu: 2<sup>510.6</sup>) || [http://ehash.iaik.tugraz.at/uploads/d/da/Jh_preimage.pdf Mendel,Thomsen], [http://ehash.iaik.tugraz.at/uploads/6/6f/Jh_mt_complexity.pdf Wu] | ||
| + | |- | ||
| + | |} | ||
| + | |||
| + | <sup>(1)</sup> Wu has analyzed the exact memory requirements, additional memory accesses (MA) and comparisons (CMP) of the attack by Mendel and Thomsen. | ||
| + | |||
| + | |||
| + | === Building blocks === | ||
| + | |||
| + | Here we list results on underlying building blocks, and the hash function modified by other means than the security parameter. | ||
| + | |||
| + | Note that these results assume more direct control or access over some internal variables (aka. free-start, pseudo, compression function, block cipher, or permutation attacks). | ||
{| border="1" cellpadding="4" cellspacing="0" class="wikitable" style="text-align:center" | {| border="1" cellpadding="4" cellspacing="0" class="wikitable" style="text-align:center" | ||
| Line 38: | Line 66: | ||
| | pseudo-2nd preimage || compression || all || || - || - || [http://ehash.iaik.tugraz.at/uploads/a/a8/Jh1.txt Bagheri] | | | pseudo-2nd preimage || compression || all || || - || - || [http://ehash.iaik.tugraz.at/uploads/a/a8/Jh1.txt Bagheri] | ||
|- | |- | ||
| − | |||
| − | |||
|} | |} | ||
| − | |||
| − | |||
Revision as of 22:45, 29 January 2010
1 The algorithm
- Author(s): Hongjun Wu
- Website: http://icsd.i2r.a-star.edu.sg/staff/hongjun/jh/
- NIST submission package:
- round 1/2: JH_Round2.zip (old versions: JH.zip, JHUpdate.zip)
Hongjun Wu - The Hash Function JH
- ,2009
- http://icsd.i2r.a-star.edu.sg/staff/hongjun/jh/jh_round2.pdf
BibtexAuthor : Hongjun Wu
Title : The Hash Function JH
In : -
Address :
Date : 2009
Hongjun Wu - The Hash Function JH
- ,2008
- http://icsd.i2r.a-star.edu.sg/staff/hongjun/jh/jh.pdf
BibtexAuthor : Hongjun Wu
Title : The Hash Function JH
In : -
Address :
Date : 2008
2 Cryptanalysis
We distinguish between two cases: results on the complete hash function, and results on underlying building blocks.
A description of the tables is given here.
2.1 Hash function
Here we list results on the actual hash function. The only allowed modification is to change the security parameter.
Recommended security parameter: 35.5 rounds
| Type of Analysis | Hash Size (n) | Parameters/Variants | Compression Function Calls | Memory Requirements | Reference |
| preimage(1) | 512 | 2510.3 (+ 2524 MA + 2524 CMP) | 2510.3 (Wu: 2510.6) | Mendel,Thomsen, Wu |
(1) Wu has analyzed the exact memory requirements, additional memory accesses (MA) and comparisons (CMP) of the attack by Mendel and Thomsen.
2.2 Building blocks
Here we list results on underlying building blocks, and the hash function modified by other means than the security parameter.
Note that these results assume more direct control or access over some internal variables (aka. free-start, pseudo, compression function, block cipher, or permutation attacks).
| Type of Analysis | Hash Function Part | Hash Size (n) | Parameters/Variants | Compression Function Calls | Memory Requirements | Reference |
| pseudo-collision | compression | all | - | - | Bagheri | |
| pseudo-2nd preimage | compression | all | - | - | Bagheri |
Nasour Bagheri - Pseudo-collision and pseudo-second preimage on JH
- ,2008
- http://ehash.iaik.tugraz.at/uploads/a/a8/Jh1.txt
BibtexAuthor : Nasour Bagheri
Title : Pseudo-collision and pseudo-second preimage on JH
In : -
Address :
Date : 2008
Florian Mendel, Søren S. Thomsen - An Observation on JH-512
- ,2008
- http://ehash.iaik.tugraz.at/uploads/d/da/Jh_preimage.pdf
BibtexAuthor : Florian Mendel, Søren S. Thomsen
Title : An Observation on JH-512
In : -
Address :
Date : 2008
Hongjun Wu - The Complexity of Mendel and Thomsen's Preimage Attack on JH-512
