Difference between revisions of "SMASH"
From The ECRYPT Hash Function Website
(→Spezification) |
Crechberger (talk | contribs) (→Best Known Results) |
||
(5 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
== Specification == | == Specification == | ||
− | + | ||
− | * digest size: | + | * digest size: 256/512 bits |
− | * max. message length: < 2<sup> | + | * max. message length: < 2<sup>128</sup> / < 2<sup>256</sup>bits |
− | * compression function: 512-bit message block, | + | * compression function: 256/512-bit message block, 256/512-bit chaining variable |
* Specification: | * Specification: | ||
− | --> | + | |
+ | <bibtex> | ||
+ | @inproceedings{fseKnudsen05, | ||
+ | author = {Lars R. Knudsen}, | ||
+ | title = {SMASH - A Cryptographic Hash Function}, | ||
+ | pages = {228-242}, | ||
+ | url = {http://dx.doi.org/10.1007/11502760_15}, | ||
+ | editor = {Henri Gilbert and Helena Handschuh}, | ||
+ | booktitle = {FSE}, | ||
+ | publisher = {Springer}, | ||
+ | series = {LNCS}, | ||
+ | volume = {3557}, | ||
+ | year = {2005}, | ||
+ | isbn = {3-540-26541-4}, | ||
+ | abstract = {This paper presents a new hash function design, which is different from the popular designs of the MD4-family. Seen in the light of recent attacks on MD4, MD5, SHA-0, SHA-1, and on RIPEMD, there is a need to consider other hash function design strategies. The paper presents also a concrete hash function design named SMASH. One version has a hash code of 256 bits and appears to be at least as fast as SHA-256.}, | ||
+ | } | ||
+ | </bibtex> | ||
== Cryptanalysis == | == Cryptanalysis == | ||
Line 12: | Line 28: | ||
=== Best Known Results === | === Best Known Results === | ||
− | + | Practical collision and second preimage attacks. No preimage attacks. | |
---- | ---- | ||
Line 21: | Line 37: | ||
=== Collision Attacks === | === Collision Attacks === | ||
+ | <bibtex> | ||
+ | @inproceedings{sacryptPramstallerRR05, | ||
+ | author = {Norbert Pramstaller and Christian Rechberger and Vincent Rijmen}, | ||
+ | title = {Breaking a New Hash Function Design Strategy Called SMASH}, | ||
+ | booktitle = {Selected Areas in Cryptography}, | ||
+ | year = {2005}, | ||
+ | pages = {233-244}, | ||
+ | url = {http://dx.doi.org/10.1007/11693383_16}, | ||
+ | editor = {Bart Preneel and Stafford E. Tavares}, | ||
+ | publisher = {Springer}, | ||
+ | series = {LNCS}, | ||
+ | volume = {3897}, | ||
+ | isbn = {3-540-33108-5}, | ||
+ | abstract = {We present a collision attack on SMASH. SMASH was proposed as a new hash function design strategy that does not rely on the structure of the MD4 family. The presented attack method allows us to produce almost any desired difference in the chaining variables of the iterated hash function. Due to the absence of a secret key, we are able to construct differences with probability 1. Furthermore, we get only few constraints on the colliding messages, which allows us to construct meaningful collisions. The presented collision attack uses negligible resources and we conjecture that it works for all hash functions built following the design strategy of SMASH.}, | ||
+ | } | ||
+ | </bibtex> | ||
---- | ---- |
Latest revision as of 14:17, 27 March 2008
Contents
1 Specification
- digest size: 256/512 bits
- max. message length: < 2128 / < 2256bits
- compression function: 256/512-bit message block, 256/512-bit chaining variable
- Specification:
Lars R. Knudsen - SMASH - A Cryptographic Hash Function
- FSE 3557:228-242,2005
- http://dx.doi.org/10.1007/11502760_15
BibtexAuthor : Lars R. Knudsen
Title : SMASH - A Cryptographic Hash Function
In : FSE -
Address :
Date : 2005
2 Cryptanalysis
2.1 Best Known Results
Practical collision and second preimage attacks. No preimage attacks.
2.2 Generic Attacks
2.3 Collision Attacks
Norbert Pramstaller, Christian Rechberger, Vincent Rijmen - Breaking a New Hash Function Design Strategy Called SMASH
- Selected Areas in Cryptography 3897:233-244,2005
- http://dx.doi.org/10.1007/11693383_16
BibtexAuthor : Norbert Pramstaller, Christian Rechberger, Vincent Rijmen
Title : Breaking a New Hash Function Design Strategy Called SMASH
In : Selected Areas in Cryptography -
Address :
Date : 2005
2.4 Second Preimage Attacks
Mario Lamberger, Norbert Pramstaller, Christian Rechberger, Vincent Rijmen - Second Preimages for SMASH
- CT-RSA pp. 101-111,2007
- http://dx.doi.org/10.1007/11967668_7
BibtexAuthor : Mario Lamberger, Norbert Pramstaller, Christian Rechberger, Vincent Rijmen
Title : Second Preimages for SMASH
In : CT-RSA -
Address :
Date : 2007