Difference between revisions of "SHAMATA"
From The ECRYPT Hash Function Website
m (→Cryptanalysis) |
Mschlaeffer (talk | contribs) (Practical Collisions for SHAMATA) |
||
(6 intermediate revisions by 2 users not shown) | |||
Line 3: | Line 3: | ||
* Author(s): Adem Atalay, Orhun Kara, Ferhat Karakoc and Cevat Manap | * Author(s): Adem Atalay, Orhun Kara, Ferhat Karakoc and Cevat Manap | ||
* Website: [http://www.uekae.tubitak.gov.tr/home.do?ot=1&sid=601&pid=547 http://www.uekae.tubitak.gov.tr/home.do?ot=1&sid=601&pid=547] | * Website: [http://www.uekae.tubitak.gov.tr/home.do?ot=1&sid=601&pid=547 http://www.uekae.tubitak.gov.tr/home.do?ot=1&sid=601&pid=547] | ||
− | * | + | * NIST submission package: [http://csrc.nist.gov/groups/ST/hash/sha-3/Round1/documents/SHAMATA.zip SHAMATA.zip] |
+ | |||
<bibtex> | <bibtex> | ||
Line 17: | Line 18: | ||
== Cryptanalysis == | == Cryptanalysis == | ||
+ | |||
+ | {| border="1" cellpadding="4" cellspacing="0" class="wikitable" style="text-align:center" | ||
+ | |- style="background:#efefef;" | ||
+ | | Type of Analysis || Hash Function Part || Hash Size (n) || Parameters/Variants || Compression Function Calls || Memory Requirements || Reference | ||
+ | |- | ||
+ | | | observation || block cipher || || || || || [http://www.uni-weimar.de/cms/fileadmin/medien/medsicherheit/Research/SHA3/Observations_for_SHAMATA.pdf Fleischmann,Gorski] | ||
+ | |- | ||
+ | | | observation || block cipher || || || || || [http://www.uekae.tubitak.gov.tr/uekae_content_files/crypto/improved_analysis_of_Shamata-BC.pdf Atalay,Kara,Karakoc] | ||
+ | |- | ||
+ | | style="background:yellow" | 2nd preimage || hash || 512 || || 2<sup>451.7</sup> || 2<sup>452.7</sup> || [http://www.sdl.hitachi.co.jp/crypto/eval/shamata_2ndPI.pdf Ideguchi,Watanabe] | ||
+ | |- | ||
+ | | style="background:orange" | collision || hash || 512 || || 2<sup>128</sup> || - || [http://homes.esat.kuleuven.be/~sindeste/shamata.html Indesteege,Mendel,Rechberger,Schläffer] | ||
+ | |- | ||
+ | | style="background:red" | collision || hash || 256 || || 2<sup>40</sup> || 2<sup>29</sup> || [http://homes.esat.kuleuven.be/~sindeste/shamata.html Indesteege,Mendel,Rechberger,Schläffer] | ||
+ | |- | ||
+ | |} | ||
+ | |||
+ | A description of this table is given [http://ehash.iaik.tugraz.at/wiki/Cryptanalysis_Categories#Individual_Hash_Function_Tables here]. | ||
+ | |||
<bibtex> | <bibtex> | ||
Line 25: | Line 45: | ||
howpublished = {Available online}, | howpublished = {Available online}, | ||
year = {2008}, | year = {2008}, | ||
− | abstract = {In this note we discuss some observation of the SHA-3 candidate SHAMATA [1]. We | + | abstract = {In this note we discuss some observation of the SHA-3 candidate SHAMATA [1]. We observe that its internal block cipher is very weak, which could possibly lead to an attack on the hash function.}, |
− | |||
− | function.}, | ||
} | } | ||
</bibtex> | </bibtex> | ||
− | |||
<bibtex> | <bibtex> | ||
Line 41: | Line 58: | ||
abstract = {We state the design flaws of the 1-round block cipher SHA-MATA-BC, designed by Fleishmann and Gorski by using the building blocks of SHAMATA hash function. We fix the flaws and then show that the amended version of SHAMATA-BC is much weaker. We believe that there is no connection between security level of SHAMATA as a hash function and that of SHAMATA-BC as a block cipher}, | abstract = {We state the design flaws of the 1-round block cipher SHA-MATA-BC, designed by Fleishmann and Gorski by using the building blocks of SHAMATA hash function. We fix the flaws and then show that the amended version of SHAMATA-BC is much weaker. We believe that there is no connection between security level of SHAMATA as a hash function and that of SHAMATA-BC as a block cipher}, | ||
} | } | ||
+ | </bibtex> | ||
+ | |||
+ | <bibtex> | ||
+ | @misc{shamataIW09, | ||
+ | author = {Kota Ideguchi and Dai Watanabe}, | ||
+ | title = {Second Preimage Attack on SHAMATA-512 }, | ||
+ | url = {http://www.sdl.hitachi.co.jp/crypto/eval/shamata_2ndPI.pdf}, | ||
+ | howpublished = {Available online}, | ||
+ | year = {2009}, | ||
+ | abstract = {We present a second preimage attack on SHAMATA-512, which is a hash function of 512- | ||
+ | bit output and one of the first round candidates of the SHA-3 competition. The attack uses | ||
+ | differential paths that hold with a probability one and a meet-in-the-middle approach to find | ||
+ | second preimages. The time complexity is about $2^{451.7}$ computation of the step function and | ||
+ | the memory complexity is about $2^{452.7}$ blocks of 128 bits.}, | ||
+ | </bibtex> | ||
+ | |||
+ | <bibtex> | ||
+ | @misc{shamataIMRS09, | ||
+ | author = {Sebastiaan Indesteege and Florian Mendel and Martin Schlaeffer and Christian Rechberger}, | ||
+ | title = {Practical Collisions for SHAMATA}, | ||
+ | url = {http://homes.esat.kuleuven.be/~sindeste/shamata.html}, | ||
+ | howpublished = {Available online}, | ||
+ | year = {2009}, | ||
+ | abstract = {The attack has a complexity of about $2^{40}$ AES round computations. Note that by using a similar approach we can find collisions for SHAMATA-512 with a complexity of about $2^{128}$.}, | ||
</bibtex> | </bibtex> |
Latest revision as of 19:30, 24 February 2009
1 The algorithm
- Author(s): Adem Atalay, Orhun Kara, Ferhat Karakoc and Cevat Manap
- Website: http://www.uekae.tubitak.gov.tr/home.do?ot=1&sid=601&pid=547
- NIST submission package: SHAMATA.zip
Adem Atalay, Orhun Kara, Ferhat Karakoc, Cevat Manap - SHAMATA HASH FUNCTION ALGORITHM SPECIFICATIONS
- ,2008
- http://www.uekae.tubitak.gov.tr/uekae_content_files/crypto/SHAMATA%20Specification.pdf
BibtexAuthor : Adem Atalay, Orhun Kara, Ferhat Karakoc, Cevat Manap
Title : SHAMATA HASH FUNCTION ALGORITHM SPECIFICATIONS
In : -
Address :
Date : 2008
2 Cryptanalysis
Type of Analysis | Hash Function Part | Hash Size (n) | Parameters/Variants | Compression Function Calls | Memory Requirements | Reference |
observation | block cipher | Fleischmann,Gorski | ||||
observation | block cipher | Atalay,Kara,Karakoc | ||||
2nd preimage | hash | 512 | 2451.7 | 2452.7 | Ideguchi,Watanabe | |
collision | hash | 512 | 2128 | - | Indesteege,Mendel,Rechberger,Schläffer | |
collision | hash | 256 | 240 | 229 | Indesteege,Mendel,Rechberger,Schläffer |
A description of this table is given here.
Ewan Fleischmann, Michael Gorski - Some Observations on SHAMATA
- ,2008
- http://www.uni-weimar.de/cms/fileadmin/medien/medsicherheit/Research/SHA3/Observations_for_SHAMATA.pdf
BibtexAuthor : Ewan Fleischmann, Michael Gorski
Title : Some Observations on SHAMATA
In : -
Address :
Date : 2008
Adem Atalay, Orhun Kara, Ferhat Karakoc - Improved Cryptanalysis of SHAMATA-BC
- ,2008
- http://www.uekae.tubitak.gov.tr/uekae_content_files/crypto/improved_analysis_of_Shamata-BC.pdf
BibtexAuthor : Adem Atalay, Orhun Kara, Ferhat Karakoc
Title : Improved Cryptanalysis of SHAMATA-BC
In : -
Address :
Date : 2008
Kota Ideguchi, Dai Watanabe - Second Preimage Attack on SHAMATA-512
- ,2009
- http://www.sdl.hitachi.co.jp/crypto/eval/shamata_2ndPI.pdf
BibtexAuthor : Kota Ideguchi, Dai Watanabe
Title : Second Preimage Attack on SHAMATA-512
In : -
Address :
Date : 2009
Sebastiaan Indesteege, Florian Mendel, Martin Schlaeffer, Christian Rechberger - Practical Collisions for SHAMATA