Difference between revisions of "PANAMA"
From The ECRYPT Hash Function Website
(→Generic Attacks) |
|||
(9 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
== Specification == | == Specification == | ||
− | + | * digest size: 256 bits | |
− | * digest size: | + | * max. message length: arbitrary length |
− | * max. message length: | + | * compression function: 256-bit message block, > 1 Kbyte chaining state |
− | * compression function: | ||
* Specification: | * Specification: | ||
− | --> | + | |
+ | <bibtex> | ||
+ | @inproceedings{fseDaemenC98, | ||
+ | author = {Joan Daemen and Craig S. K. Clapp}, | ||
+ | title = {Fast Hashing and Stream Encryption with PANAMA}, | ||
+ | pages = {60-74}, | ||
+ | url = {http://link.springer.de/link/service/series/0558/bibs/1372/13720060.htm}, | ||
+ | editor = {Serge Vaudenay}, | ||
+ | booktitle = {FSE}, | ||
+ | publisher = {Springer}, | ||
+ | series = {LNCS}, | ||
+ | volume = {1372}, | ||
+ | year = {1998}, | ||
+ | isbn = {3-540-64265-X}, | ||
+ | abstract = {We present a cryptographic module that can be used both as a cryptographic hash function and as a stream cipher. High performance is achieved through a combination of low work-factor and a high degree of parallelism. Throughputs of 5.1 bits/cycle for the hashing mode and 4.7 bits/cycle for the stream cipher mode are demonstrated on a commercially available VLIW micro-processor.}, | ||
+ | } | ||
+ | </bibtex> | ||
== Cryptanalysis == | == Cryptanalysis == | ||
Line 12: | Line 27: | ||
=== Best Known Results === | === Best Known Results === | ||
+ | |||
+ | The best collision attack on PANAMA was presented by Daemen and Van Assche. The attack has a complexity of about attack 2<sup>6</sup> evaluations of the state updating function. | ||
---- | ---- | ||
=== Generic Attacks === | === Generic Attacks === | ||
− | * [[ | + | * PANAMA is not a design follwing the Merkle-Damgaard construction principle. [[GenericAttacksHash| Generic Attacks on Hash Functions]] |
---- | ---- | ||
Line 22: | Line 39: | ||
=== Collision Attacks === | === Collision Attacks === | ||
+ | <bibtex> | ||
+ | @inproceedings{fseDaemenA07, | ||
+ | author = {Joan Daemen and Gilles Van Assche}, | ||
+ | title = {Producing Collisions for Panama, Instantaneously}, | ||
+ | pages = {1-18}, | ||
+ | url = {http://dx.doi.org/10.1007/978-3-540-74619-5_1}, | ||
+ | editor = {Alex Biryukov}, | ||
+ | booktitle = {FSE}, | ||
+ | publisher = {Springer}, | ||
+ | series = {LNCS}, | ||
+ | volume = {4593}, | ||
+ | year = {2007}, | ||
+ | isbn = {978-3-540-74617-1}, | ||
+ | abstract = {We present a practical attack on the Panama hash | ||
+ | function that generates a collision in 2<sup>6</sup> evaluations of the state | ||
+ | updating function. Our attack improves that of Rijmen and coworkers | ||
+ | that had a complexity 2<sup>82</sup>, too high to produce a collision in practice. | ||
+ | This improvement comes mainly from the use of techniques to transfer | ||
+ | conditions on the state to message words instead of trying many message | ||
+ | pairs and using the ones for which the conditions are satisfied. Our | ||
+ | attack works for any arbitrary prefix message, followed by a pair of | ||
+ | suffix messages with a given difference. We give an example of a collision | ||
+ | and make the collision-generating program available. Our attack does not | ||
+ | affect the Panama stream cipher, that is still unbroken to the best of our knowledge.}, | ||
+ | } | ||
+ | </bibtex> | ||
+ | |||
+ | <bibtex> | ||
+ | @inproceedings{fseRijmenRPV01, | ||
+ | author = {Vincent Rijmen and Bart Van Rompay and Bart Preneel and Joos Vandewalle}, | ||
+ | title = {Producing Collisions for PANAMA}, | ||
+ | pages = {37-51}, | ||
+ | url = {http://link.springer.de/link/service/series/0558/bibs/2355/23550037.htm}, | ||
+ | editor = {Mitsuru Matsui}, | ||
+ | booktitle = {FSE}, | ||
+ | publisher = {Springer}, | ||
+ | series = {LNCS}, | ||
+ | volume = {2355}, | ||
+ | year = {2002}, | ||
+ | isbn = {3-540-43869-6}, | ||
+ | abstract = {PANAMA is a cryptographic module that was presented at the FSE Workshop in ’98 by Joan Daemen and Craig Clapp. It can serve both as a stream cipher and as a cryptographic hash function, with a hash result of 256 bits. PANAMA achieves high performance (for large amounts of data) because of its inherent parallelism. We will analyse the security of PANAMA when used as a hash function, and demonstrate an attack able to find collisions much faster than by birthday attack. The computational complexity of our current attack is 2^82; the required amount of memory is negligible.}, | ||
+ | } | ||
+ | </bibtex> | ||
---- | ---- | ||
Latest revision as of 09:58, 12 March 2008
Contents
1 Specification
- digest size: 256 bits
- max. message length: arbitrary length
- compression function: 256-bit message block, > 1 Kbyte chaining state
- Specification:
Joan Daemen, Craig S. K. Clapp - Fast Hashing and Stream Encryption with PANAMA
- FSE 1372:60-74,1998
- http://link.springer.de/link/service/series/0558/bibs/1372/13720060.htm
BibtexAuthor : Joan Daemen, Craig S. K. Clapp
Title : Fast Hashing and Stream Encryption with PANAMA
In : FSE -
Address :
Date : 1998
2 Cryptanalysis
2.1 Best Known Results
The best collision attack on PANAMA was presented by Daemen and Van Assche. The attack has a complexity of about attack 26 evaluations of the state updating function.
2.2 Generic Attacks
- PANAMA is not a design follwing the Merkle-Damgaard construction principle. Generic Attacks on Hash Functions
2.3 Collision Attacks
Joan Daemen, Gilles Van Assche - Producing Collisions for Panama, Instantaneously
- FSE 4593:1-18,2007
- http://dx.doi.org/10.1007/978-3-540-74619-5_1
BibtexAuthor : Joan Daemen, Gilles Van Assche
Title : Producing Collisions for Panama, Instantaneously
In : FSE -
Address :
Date : 2007
Vincent Rijmen, Bart Van Rompay, Bart Preneel, Joos Vandewalle - Producing Collisions for PANAMA
- FSE 2355:37-51,2002
- http://link.springer.de/link/service/series/0558/bibs/2355/23550037.htm
BibtexAuthor : Vincent Rijmen, Bart Van Rompay, Bart Preneel, Joos Vandewalle
Title : Producing Collisions for PANAMA
In : FSE -
Address :
Date : 2002