Difference between revisions of "Keccak"

Type of Analysis	Hash Function Part	Hash Size (n)	Parameters/Variants	Compression Function Calls	Memory Requirements	Reference
observations	permutation	all				Aumasson,Khovratovich
cube attack	partial preimage	224	4 rounds	2¹⁹	?	Joel,Lathrop
distinguisher	permutation	all	16 rounds	2^1023.88		Aumasson,Meier
distinguisher	permutation	all	18 rounds	2¹³⁷⁰		Boura,Canteaut

A description of this table is given here.

Jean-Philippe Aumasson, Dmitry Khovratovich - First Analysis of Keccak

,2009

http://131002.net/data/papers/AK09.pdf
Bibtex

Author : Jean-Philippe Aumasson, Dmitry Khovratovich
Title : First Analysis of Keccak
In : -
Address :
Date : 2009

Joel Lathrop - Cube Attacks on Cryptographic Hash Functions

,2009

http://www.cs.rit.edu/~jal6806/thesis/thesis.pdf
Bibtex

Author : Joel Lathrop
Title : Cube Attacks on Cryptographic Hash Functions
In : -
Address :
Date : 2009

Jean-Philippe Aumasson, Willi Meier - Zero-sum distinguishers for reduced Keccak-f and for the core functions of Luffa and Hamsi

,2009

http://www.131002.net/data/papers/AM09.pdf
Bibtex

Author : Jean-Philippe Aumasson, Willi Meier
Title : Zero-sum distinguishers for reduced Keccak-f and for the core functions of Luffa and Hamsi
In : -
Address :
Date : 2009

Christina Boura, Anne Canteaut - A Zero-Sum property for the Keccak-f Permutation with 18 Rounds

,2010

http://www-roc.inria.fr/secret/Anne.Canteaut/Publications/zero_sum.pdf
Bibtex

Author : Christina Boura, Anne Canteaut
Title : A Zero-Sum property for the Keccak-f Permutation with 18 Rounds
In : -
Address :
Date : 2010

@@ Line 62: / Line 62: @@
 | distinguisher  || permutation || all || 16 rounds || 2<sup>1023.88</sup> || || [http://www.131002.net/data/papers/AM09.pdf Aumasson,Meier]
 |-
+| distinguisher  || permutation || all || 18 rounds || 2<sup>1370</sup> || || [http://www-roc.inria.fr/secret/Anne.Canteaut/Publications/zero_sum.pdf Boura,Canteaut]
+|-
 |}
@@ Line 93: / Line 95: @@
 <bibtex>
-@misc{hamsiAM9,
+@misc{keccakAM09,
    author    = {Jean-Philippe Aumasson and Willi Meier},
    title     = {Zero-sum distinguishers for reduced Keccak-f and for the core functions of Luffa and Hamsi},
@@ Line 100: / Line 102: @@
    year      = {2009},
    abstract  = {We present a new type of distinguisher, called zero-sum distinguisher, and apply it to reduced versions of the Keccak-f permutation. We obtain practical and deterministic distinguishers on up to 9 rounds, and shortcut distinguishers on up to 16 rounds, out of 18 in total. These observations do not seem to affect the security of Keccak. We also briefly describe application of zero-sum distinguishers to the core permutations of Luffa and Hamsi.},
+</bibtex>
+<bibtex>
+@misc{keccakBC10,
+  author    = {Christina Boura and Anne Canteaut},
+  title     = {A Zero-Sum property for the Keccak-f Permutation with 18 Rounds},
+  url        = {http://www-roc.inria.fr/secret/Anne.Canteaut/Publications/zero_sum.pdf},
+  howpublished = {NIST mailing list}
+  year      = {2010},
+  abstract  = {A new type of distinguishing property, named the zero-sum property
+has been recently presented by Aumasson and Meier [1]. It has
+been applied to the inner permutation of the hash function Keccak
+and it has led to a distinguishing property for the Keccak-f permutation
+up to 16 rounds, out of 24 in total. Here, we additionally exploit
+some spectral properties of the Keccak-f permutation and we improve
+the previously known upper bounds on the degree of the inverse
+permutation after a certain number of rounds. This result enables us
+to extend the zero-sum property to 18 rounds of the Keccak-f permutation,
+which was the number of rounds in the previous version of
+Keccak submitted to the SHA-3 competition..},
 </bibtex>

Difference between revisions of "Keccak"

Revision as of 22:19, 16 January 2010

1 The algorithm

2 Cryptanalysis

Navigation menu

Views

Personal tools

Navigation

Search

Tools