Difference between revisions of "SWIFFT"

From The ECRYPT Hash Function Website
 
m (Others)
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
== Specification ==
 
== Specification ==
  
<!--
+
* digest size: 512 bits
* digest size: 160 bits
 
 
* max. message length: < 2<sup>64</sup> bits
 
* max. message length: < 2<sup>64</sup> bits
* compression function: 512-bit message block, 160-bit chaining variable
+
<!--
 +
* compression function:  
 +
-->
 
* Specification:  
 
* Specification:  
-->
+
 
 +
<bibtex>
 +
@inproceedings{fseLyubashevskyMPR08,
 +
  author    = {Vadim Lyubashevsky and Daniele Micciancio and Chris Peikert and Alon Rosen},
 +
  title    = {SWIFFT: A Modest Proposal for FFT Hashing},
 +
  booktitle = {FSE},
 +
  year      = {2008},
 +
  pages    = {54-72},
 +
  abstract  = {We propose SWIFFT, a collection of compression functions that are highly parallelizable and admit very efficient implementations on modern microprocessors. The main technique underlying our functions is a novel use of the Fast Fourier Transform (FFT) to achieve diffusion, together with a linear combination to achieve compression and confusion. We provide a detailed security analysis of concrete instantiations, and give a high-performance software implementation that exploits the inherent parallelism of the FFT algorithm. The throughput of our implementation is competitive with that of SHA-256, with additional parallelism yet to be exploited. Our functions are set apart from prior proposals (having comparable efficiency) by a supporting asymptotic security proof: it can be formally proved that finding a collision in a randomly-chosen function from the family (with noticeable probability) is at least as hard as finding short vectors in cyclic/ideal lattices in the worst case.},
 +
  url        = {http://dx.doi.org/10.1007/978-3-540-71039-4_4},
 +
  editor    = {Kaisa Nyberg},
 +
  publisher = {Springer},
 +
  series    = {LNCS},
 +
  volume    = {5086},
 +
  isbn      = {978-3-540-71038-7},
 +
}
 +
</bibtex>
  
 
== Cryptanalysis ==
 
== Cryptanalysis ==
Line 34: Line 51:
  
 
=== Others ===
 
=== Others ===
 +
 +
<bibtex>
 +
@misc{cryptoeprint:2008:493,
 +
    author = {Johannes Buchmann and Richard Lindner},
 +
    title = {Secure Parameters for SWIFFT},
 +
    howpublished = {Cryptology ePrint Archive, Report 2008/493},
 +
    year = {2008},
 +
    url= {http://eprint.iacr.org/2008/493},
 +
    abstract = {The SWIFFT compression functions, proposed by Lyubashevsky et al. at FSE 2008, are very efficient instantiations of generalized compact knapsacks. They have the unique property, that asymptotically fi�nding collisions for a random compression function implies being able to solve the worst case of computationally hard lattice problems. We present two results. First, we show that the scheme works equally efficient, when the main security parameter n is the predecessor of a prime instead of a power of two. Then, we present parameter generation algorithms for both cases. Second, we give experimental evidence that fi�nding pseudo-collisions for SWIFFT, is as hard as breaking a 87-bit symmetric cipher according to Lenstra's predictions. We then suggest conservative parameters, corresponding to 100-bit security.},
 +
}
 +
</bibtex>

Latest revision as of 09:32, 2 December 2008

1 Specification

  • digest size: 512 bits
  • max. message length: < 264 bits
  • Specification:

Vadim Lyubashevsky, Daniele Micciancio, Chris Peikert, Alon Rosen - SWIFFT: A Modest Proposal for FFT Hashing

FSE 5086:54-72,2008
http://dx.doi.org/10.1007/978-3-540-71039-4_4
Bibtex
Author : Vadim Lyubashevsky, Daniele Micciancio, Chris Peikert, Alon Rosen
Title : SWIFFT: A Modest Proposal for FFT Hashing
In : FSE -
Address :
Date : 2008

2 Cryptanalysis

2.1 Best Known Results


2.2 Generic Attacks


2.3 Collision Attacks


2.4 Second Preimage Attacks


2.5 Preimage Attacks


2.6 Others

Johannes Buchmann, Richard Lindner - Secure Parameters for SWIFFT

,2008
http://eprint.iacr.org/2008/493
Bibtex
Author : Johannes Buchmann, Richard Lindner
Title : Secure Parameters for SWIFFT
In : -
Address :
Date : 2008