Difference between revisions of "Keccak"
From The ECRYPT Hash Function Website
Mschlaeffer (talk | contribs) m |
Mschlaeffer (talk | contribs) (analysis updated) |
||
| Line 45: | Line 45: | ||
| observations || permutation || all || || || || [http://131002.net/data/papers/AK09.pdf Aumasson,Khovratovich] | | observations || permutation || all || || || || [http://131002.net/data/papers/AK09.pdf Aumasson,Khovratovich] | ||
|- | |- | ||
| − | | cube attack || partial preimage || 224 || 4 rounds || 2<sup>19</sup> || ? || [http://www.cs.rit.edu/~jal6806/thesis/thesis.pdf Joel Lathrop] | + | | cube attack || partial preimage || 224 || 4 rounds || 2<sup>19</sup> || ? || [http://www.cs.rit.edu/~jal6806/thesis/thesis.pdf Joel,Lathrop] |
| + | |- | ||
| + | | distinguisher || permutation || all || 16 rounds || 2<sup>1023.88</sup> || || [http://www.131002.net/data/papers/AM09.pdf Aumasson,Meier] | ||
|- | |- | ||
|} | |} | ||
| Line 75: | Line 77: | ||
abstract = {The thesis includes a successful cube attack against 4-round Keccak complete with a table of maxterms, analysis of the attack, and the estimated limits of its extension to higher numbers of rounds.}, | abstract = {The thesis includes a successful cube attack against 4-round Keccak complete with a table of maxterms, analysis of the attack, and the estimated limits of its extension to higher numbers of rounds.}, | ||
} | } | ||
| + | </bibtex> | ||
| + | |||
| + | <bibtex> | ||
| + | @misc{hamsiAM9, | ||
| + | author = {Jean-Philippe Aumasson and Willi Meier}, | ||
| + | title = {Zero-sum distinguishers for reduced Keccak-f and for the core functions of Luffa and Hamsi}, | ||
| + | url = {http://www.131002.net/data/papers/AM09.pdf}, | ||
| + | howpublished = {NIST mailing list} | ||
| + | year = {2009}, | ||
| + | abstract = {We present a new type of distinguisher, called zero-sum distinguisher, and apply it to reduced versions of the Keccak-f permutation. We obtain practical and deterministic distinguishers on up to 9 rounds, and shortcut distinguishers on up to 16 rounds, out of 18 in total. These observations do not seem to affect the security of Keccak. We also briefly describe application of zero-sum distinguishers to the core permutations of Luffa and Hamsi.}, | ||
</bibtex> | </bibtex> | ||
Revision as of 19:45, 14 September 2009
1 The algorithm
- Author(s): Guido Bertoni, Joan Daemen, Michaël Peeters and Gilles Van Assche
- Website: http://keccak.noekeon.org/
- NIST submission package: Keccak.zip
G. Bertoni, J. Daemen, M. Peeters, G. Van Assche - Keccak specifications
- ,2008
- http://keccak.noekeon.org/Keccak-specifications.pdf
BibtexAuthor : G. Bertoni, J. Daemen, M. Peeters, G. Van Assche
Title : Keccak specifications
In : -
Address :
Date : 2008
G. Bertoni, J. Daemen, M. Peeters, G. Van Assche - Keccak sponge function family main document
- ,2008
- http://keccak.noekeon.org/Keccak-main-1.0.pdf
BibtexAuthor : G. Bertoni, J. Daemen, M. Peeters, G. Van Assche
Title : Keccak sponge function family main document
In : -
Address :
Date : 2008
G. Bertoni, J. Daemen, M. Peeters, G. Van Assche - Keccak sponge function family main document
- ,2009
- http://keccak.noekeon.org/Keccak-main-1.2.pdf
BibtexAuthor : G. Bertoni, J. Daemen, M. Peeters, G. Van Assche
Title : Keccak sponge function family main document
In : -
Address :
Date : 2009
2 Cryptanalysis
| Type of Analysis | Hash Function Part | Hash Size (n) | Parameters/Variants | Compression Function Calls | Memory Requirements | Reference |
| observations | permutation | all | Aumasson,Khovratovich | |||
| cube attack | partial preimage | 224 | 4 rounds | 219 | ? | Joel,Lathrop |
| distinguisher | permutation | all | 16 rounds | 21023.88 | Aumasson,Meier |
A description of this table is given here.
Jean-Philippe Aumasson, Dmitry Khovratovich - First Analysis of Keccak
- ,2009
- http://131002.net/data/papers/AK09.pdf
BibtexAuthor : Jean-Philippe Aumasson, Dmitry Khovratovich
Title : First Analysis of Keccak
In : -
Address :
Date : 2009
Joel Lathrop - Cube Attacks on Cryptographic Hash Functions
- ,2009
- http://www.cs.rit.edu/~jal6806/thesis/thesis.pdf
BibtexAuthor : Joel Lathrop
Title : Cube Attacks on Cryptographic Hash Functions
In : -
Address :
Date : 2009
Jean-Philippe Aumasson, Willi Meier - Zero-sum distinguishers for reduced Keccak-f and for the core functions of Luffa and Hamsi
