Difference between revisions of "SHAvite-3"

From The ECRYPT Hash Function Website
m (fixed typo)
(separate cryptanalysis tables)
Line 30: Line 30:
  
 
== Cryptanalysis ==
 
== Cryptanalysis ==
 +
 +
We distinguish between two cases: results on the complete hash function, and results on underlying building blocks.
 +
 +
A description of the tables is given [http://ehash.iaik.tugraz.at/wiki/Cryptanalysis_Categories#Individual_Hash_Function_Tables here].
 +
 +
 +
=== Hash function ===
 +
 +
Here we list results on the actual hash function. The only allowed modification is to change the security parameter.
 +
 +
Recommended security parameter: '''12''' rounds (n=224,256); '''14''' rounds (n=384,512)
 +
 +
 +
=== Building blocks ===
 +
 +
Here we list results on underlying building blocks, and the hash function modified by other means than the security parameter.
 +
 +
Note that these results assume more direct control or access over some internal variables (aka. free-start, pseudo, compression function, block cipher, or permutation attacks).
  
 
{| border="1" cellpadding="4" cellspacing="0" class="wikitable" style="text-align:center"                   
 
{| border="1" cellpadding="4" cellspacing="0" class="wikitable" style="text-align:center"                   
Line 35: Line 53:
 
|  Type of Analysis || Hash Function Part || Hash Size (n) || Parameters/Variants || Compression Function Calls || Memory Requirements ||  Reference  
 
|  Type of Analysis || Hash Function Part || Hash Size (n) || Parameters/Variants || Compression Function Calls || Memory Requirements ||  Reference  
 
|-                                         
 
|-                                         
|  | pseudo-collision || compression || all || ||  ||  || [http://ehash.iaik.tugraz.at/uploads/e/ea/Peyrin-SHAvite-3.txt Peyrin]
+
|  | pseudo-collision || compression || all || (Round 1) ||  ||  || [http://ehash.iaik.tugraz.at/uploads/e/ea/Peyrin-SHAvite-3.txt Peyrin]
 
|-                                               
 
|-                                               
|  | pseudo-collision || compression || 256 || ||  ||  || [http://ehash.iaik.tugraz.at/uploads/5/5c/NandiP-SHAvite-3.txt Nandi,Paul]
+
|  | pseudo-collision || compression || 256 || (Round 1) ||  ||  || [http://ehash.iaik.tugraz.at/uploads/5/5c/NandiP-SHAvite-3.txt Nandi,Paul]
 
|-                                               
 
|-                                               
 
|}                     
 
|}                     
  
A description of this table is given [http://ehash.iaik.tugraz.at/wiki/Cryptanalysis_Categories#Individual_Hash_Function_Tables here].
+
 
  
  

Revision as of 23:06, 29 January 2010

1 The algorithm


Eli Biham, Orr Dunkelman - The SHAvite-3 Hash Function

,2009
http://www.cs.technion.ac.il/~orrd/SHAvite-3/Spec.15.09.09.pdf
Bibtex
Author : Eli Biham, Orr Dunkelman
Title : The SHAvite-3 Hash Function
In : -
Address :
Date : 2009

Eli Biham, Orr Dunkelman - The SHAvite-3 Hash Function

,2008
http://ehash.iaik.tugraz.at/uploads/f/f5/Shavite.pdf
Bibtex
Author : Eli Biham, Orr Dunkelman
Title : The SHAvite-3 Hash Function
In : -
Address :
Date : 2008


2 Cryptanalysis

We distinguish between two cases: results on the complete hash function, and results on underlying building blocks.

A description of the tables is given here.


2.1 Hash function

Here we list results on the actual hash function. The only allowed modification is to change the security parameter.

Recommended security parameter: 12 rounds (n=224,256); 14 rounds (n=384,512)


2.2 Building blocks

Here we list results on underlying building blocks, and the hash function modified by other means than the security parameter.

Note that these results assume more direct control or access over some internal variables (aka. free-start, pseudo, compression function, block cipher, or permutation attacks).

Type of Analysis Hash Function Part Hash Size (n) Parameters/Variants Compression Function Calls Memory Requirements Reference
pseudo-collision compression all (Round 1) Peyrin
pseudo-collision compression 256 (Round 1) Nandi,Paul



Thomas Peyrin - Chosen-salt, chosen-counter, pseudo-collision on SHAvite-3 compression function

,2009
http://ehash.iaik.tugraz.at/uploads/e/ea/Peyrin-SHAvite-3.txt
Bibtex
Author : Thomas Peyrin
Title : Chosen-salt, chosen-counter, pseudo-collision on SHAvite-3 compression function
In : -
Address :
Date : 2009

Mridul Nandi, Souradyuti Paul - OFFICIAL COMMENT: SHAvite-3

,2009
http://ehash.iaik.tugraz.at/uploads/5/5c/NandiP-SHAvite-3.txt
Bibtex
Author : Mridul Nandi, Souradyuti Paul
Title : OFFICIAL COMMENT: SHAvite-3
In : -
Address :
Date : 2009