Difference between revisions of "Keccak"
From The ECRYPT Hash Function Website
m (Added Boura/Canteaut result) |
GVanAssche (talk | contribs) m |
||
| Line 60: | Line 60: | ||
| cube attack || partial preimage || 224 || 4 rounds || 2<sup>19</sup> || ? || [http://www.cs.rit.edu/~jal6806/thesis/thesis.pdf Joel,Lathrop] | | cube attack || partial preimage || 224 || 4 rounds || 2<sup>19</sup> || ? || [http://www.cs.rit.edu/~jal6806/thesis/thesis.pdf Joel,Lathrop] | ||
|- | |- | ||
| − | | distinguisher || permutation || all || 16 rounds || 2<sup>1023.88</sup> || || [http://www.131002.net/data/papers/AM09.pdf Aumasson,Meier] | + | | distinguisher<sup>(1)</sup> || permutation || all || 16 rounds || 2<sup>1023.88</sup> || || [http://www.131002.net/data/papers/AM09.pdf Aumasson,Meier] |
|- | |- | ||
| − | | distinguisher || permutation || all || 18 rounds || 2<sup>1370</sup> || || [http://www-roc.inria.fr/secret/Anne.Canteaut/Publications/zero_sum.pdf Boura,Canteaut] | + | | distinguisher<sup>(1)</sup> || permutation || all || 18 rounds || 2<sup>1370</sup> || || [http://www-roc.inria.fr/secret/Anne.Canteaut/Publications/zero_sum.pdf Boura,Canteaut] |
|- | |- | ||
|} | |} | ||
A description of this table is given [http://ehash.iaik.tugraz.at/wiki/Cryptanalysis_Categories#Individual_Hash_Function_Tables here]. | A description of this table is given [http://ehash.iaik.tugraz.at/wiki/Cryptanalysis_Categories#Individual_Hash_Function_Tables here]. | ||
| + | |||
| + | <sup>(1)</sup>The Keccak team commented on these distinguishers and provide generic constructions in [http://keccak.noekeon.org/NoteZeroSum.pdf this note]. | ||
| Line 122: | Line 124: | ||
which was the number of rounds in the previous version of | which was the number of rounds in the previous version of | ||
Keccak submitted to the SHA-3 competition..}, | Keccak submitted to the SHA-3 competition..}, | ||
| + | </bibtex> | ||
| + | |||
| + | <bibtex> | ||
| + | @misc{KeccakNoteZeroSum, | ||
| + | author = {G. Bertoni and J. Daemen and M. Peeters and G. Van Assche}, | ||
| + | title = {Note on zero-sum distinguishers of Keccak-f}, | ||
| + | url = {http://keccak.noekeon.org/NoteZeroSum.pdf}, | ||
| + | howpublished = {NIST mailing list}, | ||
| + | year = {2010}, | ||
| + | } | ||
</bibtex> | </bibtex> | ||
Revision as of 12:15, 20 January 2010
1 The algorithm
- Author(s): Guido Bertoni, Joan Daemen, Michaël Peeters and Gilles Van Assche
- Website: http://keccak.noekeon.org/
- NIST submission package:
- round 1: Keccak.zip
- round 2: Keccak_Round2.zip
G. Bertoni, J. Daemen, M. Peeters, G. Van Assche - Keccak specifications
- ,2009
- http://keccak.noekeon.org/Keccak-specifications-2.pdf
BibtexAuthor : G. Bertoni, J. Daemen, M. Peeters, G. Van Assche
Title : Keccak specifications
In : -
Address :
Date : 2009
G. Bertoni, J. Daemen, M. Peeters, G. Van Assche - Keccak sponge function family main document
- ,2009
- http://keccak.noekeon.org/Keccak-main-2.0.pdf
BibtexAuthor : G. Bertoni, J. Daemen, M. Peeters, G. Van Assche
Title : Keccak sponge function family main document
In : -
Address :
Date : 2009
G. Bertoni, J. Daemen, M. Peeters, G. Van Assche - Keccak specifications
- ,2008
- http://keccak.noekeon.org/Keccak-specifications.pdf
BibtexAuthor : G. Bertoni, J. Daemen, M. Peeters, G. Van Assche
Title : Keccak specifications
In : -
Address :
Date : 2008
G. Bertoni, J. Daemen, M. Peeters, G. Van Assche - Keccak sponge function family main document
- ,2008
- http://keccak.noekeon.org/Keccak-main-1.0.pdf
BibtexAuthor : G. Bertoni, J. Daemen, M. Peeters, G. Van Assche
Title : Keccak sponge function family main document
In : -
Address :
Date : 2008
2 Cryptanalysis
| Type of Analysis | Hash Function Part | Hash Size (n) | Parameters/Variants | Compression Function Calls | Memory Requirements | Reference |
| observations | permutation | all | Aumasson,Khovratovich | |||
| cube attack | partial preimage | 224 | 4 rounds | 219 | ? | Joel,Lathrop |
| distinguisher(1) | permutation | all | 16 rounds | 21023.88 | Aumasson,Meier | |
| distinguisher(1) | permutation | all | 18 rounds | 21370 | Boura,Canteaut |
A description of this table is given here.
(1)The Keccak team commented on these distinguishers and provide generic constructions in this note.
Jean-Philippe Aumasson, Dmitry Khovratovich - First Analysis of Keccak
- ,2009
- http://131002.net/data/papers/AK09.pdf
BibtexAuthor : Jean-Philippe Aumasson, Dmitry Khovratovich
Title : First Analysis of Keccak
In : -
Address :
Date : 2009
Joel Lathrop - Cube Attacks on Cryptographic Hash Functions
- ,2009
- http://www.cs.rit.edu/~jal6806/thesis/thesis.pdf
BibtexAuthor : Joel Lathrop
Title : Cube Attacks on Cryptographic Hash Functions
In : -
Address :
Date : 2009
Jean-Philippe Aumasson, Willi Meier - Zero-sum distinguishers for reduced Keccak-f and for the core functions of Luffa and Hamsi
- ,2009
- http://www.131002.net/data/papers/AM09.pdf
BibtexAuthor : Jean-Philippe Aumasson, Willi Meier
Title : Zero-sum distinguishers for reduced Keccak-f and for the core functions of Luffa and Hamsi
In : -
Address :
Date : 2009
Christina Boura, Anne Canteaut - A Zero-Sum property for the Keccak-f Permutation with 18 Rounds
- ,2010
- http://www-roc.inria.fr/secret/Anne.Canteaut/Publications/zero_sum.pdf
BibtexAuthor : Christina Boura, Anne Canteaut
Title : A Zero-Sum property for the Keccak-f Permutation with 18 Rounds
In : -
Address :
Date : 2010
G. Bertoni, J. Daemen, M. Peeters, G. Van Assche - Note on zero-sum distinguishers of Keccak-f
