Difference between revisions of "MD6"

From The ECRYPT Hash Function Website
(Cryptanalysis)
(Cryptanalysis)
Line 19: Line 19:
  
  
* Aumasson, Meier: nonrandomness on the 18-round compression function (mentioned in original proposal text).
+
* Aumasson, Meier (mentioned in original proposal text): nonrandomness observed on a reduced version of the compression function with 18 rounds, instead of at least 80 in the original MD6.
* Dinur, Shamir: cube attack on the 15-round compression function (mentioned in original proposal text).
+
* Dinur, Shamir (mentioned in original proposal text): cube attack on a reduced version of the compression function with 15 rounds, instead of at least 80 in the original MD6.

Revision as of 14:27, 2 November 2008

1 The algorithm

  • Authors: Ron Rivest, Benjamin Agre, Daniel V. Bailey, Christopher Crutchfield, Yevgeniy Dodis, Kermin Elliott Fleming, Asif Khan, Jayant Krishnamurthy, Yuncheng Lin, Leo Reyzin, Emily Shen, Jim Sukha, Drew Sutherland, Eran Tromer, Yiqun Lisa Yin
  • Website: http://groups.csail.mit.edu/cis/md6/
  • Specification:

Ronald L. Rivest - The MD6 hash function -- A proposal to NIST for SHA-3

,2008
http://groups.csail.mit.edu/cis/md6/submitted-2008-10-27/Supporting_Documentation/md6_report.pdf
Bibtex
Author : Ronald L. Rivest
Title : The MD6 hash function -- A proposal to NIST for SHA-3
In : -
Address :
Date : 2008


2 Cryptanalysis

  • Aumasson, Meier (mentioned in original proposal text): nonrandomness observed on a reduced version of the compression function with 18 rounds, instead of at least 80 in the original MD6.
  • Dinur, Shamir (mentioned in original proposal text): cube attack on a reduced version of the compression function with 15 rounds, instead of at least 80 in the original MD6.