Difference between revisions of "NaSHA"
From The ECRYPT Hash Function Website
m |
(Collision Attack on NaSHA-384/512) |
||
| Line 32: | Line 32: | ||
|- | |- | ||
| style="background:yellow" | collision || hash || 512 || || 2<sup>192</sup> || ? || [http://eprint.iacr.org/2008/519.pdf Ji,Liangyu,Xu] | | style="background:yellow" | collision || hash || 512 || || 2<sup>192</sup> || ? || [http://eprint.iacr.org/2008/519.pdf Ji,Liangyu,Xu] | ||
| + | |- | ||
| + | | style="background:yellow" | collision || hash || 384,512 || || 2<sup>128</sup> || ? || [http://eprint.iacr.org/2009/026.pdf Z. Li, D. Li] | ||
|- | |- | ||
|} | |} | ||
| Line 47: | Line 49: | ||
abstract = {We present a free-start collision and a free-start preimage | abstract = {We present a free-start collision and a free-start preimage | ||
attack on NaSHA. The attacks exploit the fact that when the state, obtained | attack on NaSHA. The attacks exploit the fact that when the state, obtained | ||
| − | after the linear transformation, is only partially | + | after the linear transformation, is only partially fixed then the |
quasigroup operations are fully determined. The free-start collision attack | quasigroup operations are fully determined. The free-start collision attack | ||
requires $2^{32}$ computations for all digests. The free-start preimage | requires $2^{32}$ computations for all digests. The free-start preimage | ||
| Line 64: | Line 66: | ||
url = {http://eprint.iacr.org/2008/519.pdf}, | url = {http://eprint.iacr.org/2008/519.pdf}, | ||
abstract = {The hash function NaSHA is a new algorithm proposed for SHA-3. It follows the wide-pipe structure and compression function adopts quasigroup transformations. These properties of operation in quasigroup raise obstacles to analysis. However, The high probability difference to cause inner collision can be found in the quasigroup transformations. We propose a collision attack to NaSHA-512 with the complexity is 2^{192}, which is lower than the complexity of birthday attack to NaSHA-512. Using the similar method, we can find free-start collision on all versions with negligible complexity.}, | abstract = {The hash function NaSHA is a new algorithm proposed for SHA-3. It follows the wide-pipe structure and compression function adopts quasigroup transformations. These properties of operation in quasigroup raise obstacles to analysis. However, The high probability difference to cause inner collision can be found in the quasigroup transformations. We propose a collision attack to NaSHA-512 with the complexity is 2^{192}, which is lower than the complexity of birthday attack to NaSHA-512. Using the similar method, we can find free-start collision on all versions with negligible complexity.}, | ||
| + | } | ||
| + | </bibtex> | ||
| + | |||
| + | <bibtex> | ||
| + | @misc{cryptoeprint:2009:026, | ||
| + | author = {Zhimin Li and Daofeng Li}, | ||
| + | title = {Collision Attack on NaSHA-384/512}, | ||
| + | howpublished = {Cryptology ePrint Archive, Report 2009/026}, | ||
| + | year = {2009}, | ||
| + | url = {http://eprint.iacr.org/2009/026.pdf}, | ||
| + | abstract = { In this paper, we present a collision attack on the hash function NaSHA for the output sizes 384-bit and 512-bit. This attack is based on the the weakness in the generate course of the state words and the fact that the quasigroup operation used in the compression function is only determined by partial state words. Its complexity is about $2^{128}$ (much lower than the complexity of the corresponding birthday attack) and its probability is more than $(1- \frac{2}{{2^{64} - 1}})^2$ ($\gg \frac{1}{2}$).}, | ||
} | } | ||
</bibtex> | </bibtex> | ||
Revision as of 11:58, 14 January 2009
1 The algorithm
- Author(s): Smile Markovski, Aleksandra Mileva
- Website: http://inf.ugd.edu.mk/images/stories/file/Mileva/Nasha.htm
- NIST submission package: NaSHA.zip
Smile Markovski, Aleksandra Mileva - 2.B.1 Algorithm Specification
- ,2008
- http://inf.ugd.edu.mk/images/stories/file/Mileva/part2b1.pdf
BibtexAuthor : Smile Markovski, Aleksandra Mileva
Title : 2.B.1 Algorithm Specification
In : -
Address :
Date : 2008
2 Cryptanalysis
| Type of Analysis | Hash Function Part | Hash Size (n) | Parameters/Variants | Compression Function Calls | Memory Requirements | Reference |
| free-start collision | compression | all | 232 | ? | Nikolić,Khovratovich | |
| free-start preimage | compression | 224,256 | ~2128 | ? | Nikolić,Khovratovich | |
| free-start preimage | compression | 384,512 | ~2256 | ? | Nikolić,Khovratovich | |
| free-start collision | compression | all | - | - | Ji,Liangyu,Xu | |
| collision | hash | 512 | 2192 | ? | Ji,Liangyu,Xu | |
| collision | hash | 384,512 | 2128 | ? | Z. Li, D. Li |
A description of this table is given here.
Ivica Nikolić, Dmitry Khovratovich - Free-start attacks on NaSHA
- ,2008
- http://ehash.iaik.tugraz.at/uploads/3/33/Free-start_attacks_on_Nasha.pdf
BibtexAuthor : Ivica Nikolić, Dmitry Khovratovich
Title : Free-start attacks on NaSHA
In : -
Address :
Date : 2008
Li Ji, Xu Liangyu, Guan Xu - Collision attack on NaSHA-512
- ,2008
- http://eprint.iacr.org/2008/519.pdf
BibtexAuthor : Li Ji, Xu Liangyu, Guan Xu
Title : Collision attack on NaSHA-512
In : -
Address :
Date : 2008
Zhimin Li, Daofeng Li - Collision Attack on NaSHA-384/512
