Difference between revisions of "MD6"
From The ECRYPT Hash Function Website
(→Cryptanalysis) |
(→Cryptanalysis) |
||
Line 18: | Line 18: | ||
== Cryptanalysis == | == Cryptanalysis == | ||
+ | * Aumasson, Meier (mentioned in original proposal text): nonrandomness observed on a reduced version of the compression function with 18 rounds (about 2^17 operations). | ||
+ | * Dinur, Shamir (mentioned in original proposal text): cube attack on a reduced version of the compression function with 15 rounds. | ||
− | + | (MD6 has 96/104/136/168 rounds for output sizes 224/256/384/512 bits.) | |
− |
Revision as of 14:41, 2 November 2008
1 The algorithm
- Authors: Ron Rivest, Benjamin Agre, Daniel V. Bailey, Christopher Crutchfield, Yevgeniy Dodis, Kermin Elliott Fleming, Asif Khan, Jayant Krishnamurthy, Yuncheng Lin, Leo Reyzin, Emily Shen, Jim Sukha, Drew Sutherland, Eran Tromer, Yiqun Lisa Yin
- Website: http://groups.csail.mit.edu/cis/md6/
- Specification:
Ronald L. Rivest - The MD6 hash function -- A proposal to NIST for SHA-3
- ,2008
- http://groups.csail.mit.edu/cis/md6/submitted-2008-10-27/Supporting_Documentation/md6_report.pdf
BibtexAuthor : Ronald L. Rivest
Title : The MD6 hash function -- A proposal to NIST for SHA-3
In : -
Address :
Date : 2008
2 Cryptanalysis
- Aumasson, Meier (mentioned in original proposal text): nonrandomness observed on a reduced version of the compression function with 18 rounds (about 2^17 operations).
- Dinur, Shamir (mentioned in original proposal text): cube attack on a reduced version of the compression function with 15 rounds.
(MD6 has 96/104/136/168 rounds for output sizes 224/256/384/512 bits.)