Difference between revisions of "MAME"

From The ECRYPT Hash Function Website
(Best Known Results)
 
(3 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
== Specification ==
 
== Specification ==
  
 +
* digest size: 256 bits
 
<!--  
 
<!--  
* digest size: 160 bits
 
 
* max. message length: < 2<sup>64</sup> bits
 
* max. message length: < 2<sup>64</sup> bits
* compression function: 512-bit message block, 160-bit chaining variable
 
 
-->
 
-->
* Specification: http://events.iaik.tugraz.at/HashWorkshop07/papers/Yoshida_MAME.pdf
+
* compression function: 256-bit message block, 256-bit chaining variable
 +
* Specification: [http://www.sdl.hitachi.co.jp/english/news/2007/ches/ MAME], [http://dx.doi.org/10.1007/978-3-540-74735-2_11 CHES07]
  
 
<bibtex>
 
<bibtex>
@MISC{ecryptYoshidaWOKWKP07,
+
@inproceedings{chesYoshidaWOKWKP07,
   author = {Hirotaka Yoshida and Dai Watanabe and Katsuyuki Okeya and Jun Kitahara and Hongjun Wu and Ozgul Kucuk and Bart Preneel},
+
   author   = {Hirotaka Yoshida and Dai Watanabe and Katsuyuki Okeya and Jun Kitahara and Hongjun Wu and Ozgul Kucuk and Bart Preneel},
   title = {MAME: A compression function with reduced hardware requirements},
+
   title     = {MAME: A Compression Function with Reduced Hardware Requirements},
   howpublished = {ECRYPT Hash Workshop, Barcelona, Spain, May 24-25},
+
   booktitle = {CHES},
   year = {2007},
+
  year      = {2007},
   abstract = {This paper describes a new compression function, MAME designed for hardware-oriented hash functions which can be used in applications reduced hardware requirements. MAME takes a 256-bit message block and a 256-bit chaining variable as input and produces a 256-bit output. Seen in the light of attacks on MD5 and SHA-1, our design strategy enables us to evaluate the security of MAME against known attacks. Our design considers the security of side channel attacks against HMAC constructions employing MAME. The main use of logical operations in the design allows us to achieve a hardware implementation of MAME requiring 8.1 Kgates on 0.18 $\micro m$ technology.},
+
  pages    = {148-165},
  url = {http://events.iaik.tugraz.at/HashWorkshop07/papers/Yoshida_MAME.pdf},
+
  url        = {http://dx.doi.org/10.1007/978-3-540-74735-2_11},
 +
  editor    = {Pascal Paillier and Ingrid Verbauwhede},
 +
  publisher = {Springer},
 +
  series    = {LNCS},
 +
   volume    = {4727},
 +
  isbn      = {978-3-540-74734-5},
 +
   abstract = {This paper describes a new compression function, MAME designed for hardware-oriented hash functions which can be used in applications with reduced hardware requirements. MAME takes a 256-bit message block and a 256-bit chaining variable as input and produces a 256-bit output. In the light of recent attacks on MD5 and SHA-1, our design strategy is very conservative, and we show that our compression function is secure against various kinds of widely known attacks with very large security margins. The simple logical operations and the hardware efficient S-boxes are used to achieve a hardware implementation of MAME requiring only 8.1 Kgates on 0.18 $\micro m$ technology.},
 
}
 
}
 
</bibtex>
 
</bibtex>
Line 23: Line 29:
  
 
=== Best Known Results ===
 
=== Best Known Results ===
 
+
No attacks known.
 
----
 
----
  

Latest revision as of 12:51, 10 November 2008

1 Specification

  • digest size: 256 bits
  • compression function: 256-bit message block, 256-bit chaining variable
  • Specification: MAME, CHES07

Hirotaka Yoshida, Dai Watanabe, Katsuyuki Okeya, Jun Kitahara, Hongjun Wu, Ozgul Kucuk, Bart Preneel - MAME: A Compression Function with Reduced Hardware Requirements

CHES 4727:148-165,2007
http://dx.doi.org/10.1007/978-3-540-74735-2_11
Bibtex
Author : Hirotaka Yoshida, Dai Watanabe, Katsuyuki Okeya, Jun Kitahara, Hongjun Wu, Ozgul Kucuk, Bart Preneel
Title : MAME: A Compression Function with Reduced Hardware Requirements
In : CHES -
Address :
Date : 2007

2 Cryptanalysis

2.1 Best Known Results

No attacks known.


2.2 Generic Attacks


2.3 Collision Attacks


2.4 Second Preimage Attacks


2.5 Preimage Attacks


2.6 Others