Difference between revisions of "SIMD"
m |
|||
| Line 62: | Line 62: | ||
|- style="background:#efefef;" | |- style="background:#efefef;" | ||
| Type of Analysis || Hash Function Part || Hash Size (n) || Parameters/Variants || Compression Function Calls || Memory Requirements || Reference | | Type of Analysis || Hash Function Part || Hash Size (n) || Parameters/Variants || Compression Function Calls || Memory Requirements || Reference | ||
| − | |- | + | |- |
| + | | distinguisher || compression || 512 || 12 steps || 2<sup>236</sup> || - || [https://cryptolux.org/mediawiki/uploads/0/07/Rotational_distinguishers_%28Nikolic%2C_Pieprzyk%2C_Sokolowski%2C_Steinfeld%29.pdf Nikolić,Pieprzyk,Sokołowski,Steinfeld] | ||
| + | |- | ||
| + | | distinguisher || compression || 512 || linearized message expansion, 24 steps || 2<sup>497</sup> || - || [https://cryptolux.org/mediawiki/uploads/0/07/Rotational_distinguishers_%28Nikolic%2C_Pieprzyk%2C_Sokolowski%2C_Steinfeld%29.pdf Nikolić,Pieprzyk,Sokołowski,Steinfeld] | ||
| + | |- | ||
| distinguisher || compression || 512 || full (Round 1) || 5*2<sup>425.28 || - || [http://online.tu-graz.ac.at/tug_online/voe_main2.getvolltext?pDocumentNr=125658 Mendel, Nad] | | distinguisher || compression || 512 || full (Round 1) || 5*2<sup>425.28 || - || [http://online.tu-graz.ac.at/tug_online/voe_main2.getvolltext?pDocumentNr=125658 Mendel, Nad] | ||
|- | |- | ||
|} | |} | ||
| + | <bibtex> | ||
| + | @misc{bmwNikolicPST, | ||
| + | author = {Ivica Nikolić, Josef Pieprzyk, Przemysław Sokołowski and Ron Steinfeld}, | ||
| + | title = {Rotational Cryptanalysis of (Modified) Versions of BMW and SIMD}, | ||
| + | url = {https://cryptolux.org/mediawiki/uploads/0/07/Rotational_distinguishers_%28Nikolic%2C_Pieprzyk%2C_Sokolowski%2C_Steinfeld%29.pdf}, | ||
| + | howpublished = {Available online}, | ||
| + | year = {2010}, | ||
| + | abstract ={We extend the application of rotational distinguishers to | ||
| + | classes of primitives that besides ARX, may have substractions, shifts, | ||
| + | and boolean functions. This allows us to launch rotational attacks on | ||
| + | the compression functions of two SHA-3 candidates: BMW and SIMD. | ||
| + | Specifically, we find rotational distinguishers for the compression functions | ||
| + | of: | ||
| + | 1. round 1 BMW-512, | ||
| + | 2. round 2 BMW-512, with the constant modified in one byte | ||
| + | 3. round 1,2 modified SIMD-512 reduced to 24 rounds, with linearized | ||
| + | key schedule | ||
| + | 4. round 1,2, SIMD-512 reduced to 12 rounds | ||
| + | Our attacks do not contradict any security claims of the candidates.}, | ||
| + | } | ||
| + | </bibtex> | ||
<bibtex> | <bibtex> | ||
Revision as of 14:04, 24 March 2010
1 The algorithm
- Author(s): Gaëtan Leurent, Charles Bouillaguet, Pierre-Alain Fouque
- Website: http://www.di.ens.fr/~leurent/simd.html
- NIST submission package:
- round 1: SIMDUpdate.zip (old version: SIMD.zip)
- round 2: SIMD_Round2.zip
Gaëtan Leurent, Charles Bouillaguet, Pierre-Alain Fouque - SIMD Is a Message Digest
- ,2009
- http://www.di.ens.fr/~leurent/files/SIMD.pdf
BibtexAuthor : Gaëtan Leurent, Charles Bouillaguet, Pierre-Alain Fouque
Title : SIMD Is a Message Digest
In : -
Address :
Date : 2009
Gaëtan Leurent, Charles Bouillaguet, Pierre-Alain Fouque - SIMD Is a Message Digest
- ,2008
- http://ehash.iaik.tugraz.at/uploads/4/4e/Simd.pdf
BibtexAuthor : Gaëtan Leurent, Charles Bouillaguet, Pierre-Alain Fouque
Title : SIMD Is a Message Digest
In : -
Address :
Date : 2008
2 Cryptanalysis
We distinguish between two cases: results on the complete hash function, and results on underlying building blocks.
A description of the tables is given here.
2.1 Hash function
Here we list results on the hash function according to the NIST requirements. The only allowed modification is to change the security parameter.
Recommended security parameter: total number of steps = 32
| Type of Analysis | Hash Size (n) | Parameters | Compression Function Calls | Memory Requirements | Reference |
2.2 Building blocks
Here we list results on underlying building blocks, and the hash function modified by other means than the security parameter.
Note that these results assume more direct control or access over some internal variables (aka. free-start, pseudo, compression function, block cipher, or permutation attacks).
Recommended security parameter: total number of steps = 32
| Type of Analysis | Hash Function Part | Hash Size (n) | Parameters/Variants | Compression Function Calls | Memory Requirements | Reference |
| distinguisher | compression | 512 | 12 steps | 2236 | - | Nikolić,Pieprzyk,Sokołowski,Steinfeld |
| distinguisher | compression | 512 | linearized message expansion, 24 steps | 2497 | - | Nikolić,Pieprzyk,Sokołowski,Steinfeld |
| distinguisher | compression | 512 | full (Round 1) | 5*2425.28 | - | Mendel, Nad |
Ivica Nikolić, Josef Pieprzyk, Przemysław Sokołowski, Ron Steinfeld - Rotational Cryptanalysis of (Modified) Versions of BMW and SIMD
- ,2010
- https://cryptolux.org/mediawiki/uploads/0/07/Rotational_distinguishers_%28Nikolic%2C_Pieprzyk%2C_Sokolowski%2C_Steinfeld%29.pdf
BibtexAuthor : Ivica Nikolić, Josef Pieprzyk, Przemysław Sokołowski, Ron Steinfeld
Title : Rotational Cryptanalysis of (Modified) Versions of BMW and SIMD
In : -
Address :
Date : 2010
Florian Mendel, Tomislav Nad - A Distinguisher for the Compression Function of SIMD-512
