Difference between revisions of "SWIFFT"

From The ECRYPT Hash Function Website
(Others)
m (Others)
 
Line 58: Line 58:
 
     howpublished = {Cryptology ePrint Archive, Report 2008/493},
 
     howpublished = {Cryptology ePrint Archive, Report 2008/493},
 
     year = {2008},
 
     year = {2008},
     note = {\url{http://eprint.iacr.org/}},
+
     url= {http://eprint.iacr.org/2008/493},
 
     abstract = {The SWIFFT compression functions, proposed by Lyubashevsky et al. at FSE 2008, are very efficient instantiations of generalized compact knapsacks. They have the unique property, that asymptotically fi�nding collisions for a random compression function implies being able to solve the worst case of computationally hard lattice problems. We present two results. First, we show that the scheme works equally efficient, when the main security parameter n is the predecessor of a prime instead of a power of two. Then, we present parameter generation algorithms for both cases. Second, we give experimental evidence that fi�nding pseudo-collisions for SWIFFT, is as hard as breaking a 87-bit symmetric cipher according to Lenstra's predictions. We then suggest conservative parameters, corresponding to 100-bit security.},
 
     abstract = {The SWIFFT compression functions, proposed by Lyubashevsky et al. at FSE 2008, are very efficient instantiations of generalized compact knapsacks. They have the unique property, that asymptotically fi�nding collisions for a random compression function implies being able to solve the worst case of computationally hard lattice problems. We present two results. First, we show that the scheme works equally efficient, when the main security parameter n is the predecessor of a prime instead of a power of two. Then, we present parameter generation algorithms for both cases. Second, we give experimental evidence that fi�nding pseudo-collisions for SWIFFT, is as hard as breaking a 87-bit symmetric cipher according to Lenstra's predictions. We then suggest conservative parameters, corresponding to 100-bit security.},
 
}
 
}
 
</bibtex>
 
</bibtex>

Latest revision as of 09:32, 2 December 2008

1 Specification

  • digest size: 512 bits
  • max. message length: < 264 bits
  • Specification:

Vadim Lyubashevsky, Daniele Micciancio, Chris Peikert, Alon Rosen - SWIFFT: A Modest Proposal for FFT Hashing

FSE 5086:54-72,2008
http://dx.doi.org/10.1007/978-3-540-71039-4_4
Bibtex
Author : Vadim Lyubashevsky, Daniele Micciancio, Chris Peikert, Alon Rosen
Title : SWIFFT: A Modest Proposal for FFT Hashing
In : FSE -
Address :
Date : 2008

2 Cryptanalysis

2.1 Best Known Results


2.2 Generic Attacks


2.3 Collision Attacks


2.4 Second Preimage Attacks


2.5 Preimage Attacks


2.6 Others

Johannes Buchmann, Richard Lindner - Secure Parameters for SWIFFT

,2008
http://eprint.iacr.org/2008/493
Bibtex
Author : Johannes Buchmann, Richard Lindner
Title : Secure Parameters for SWIFFT
In : -
Address :
Date : 2008