Difference between revisions of "Shabal"
Mschlaeffer (talk | contribs) m |
Crechberger (talk | contribs) (added Novotney distinguisher) |
||
Line 66: | Line 66: | ||
|- | |- | ||
| | non-randomness || permutation || all || || 2<sup>159</sup> || || [http://gva.noekeon.org/papers/ShabalRotation.pdf Van Assche] | | | non-randomness || permutation || all || || 2<sup>159</sup> || || [http://gva.noekeon.org/papers/ShabalRotation.pdf Van Assche] | ||
+ | |- | ||
+ | | | non-randomness || permutation || all || || 2<sup>21</sup> || || [http://eprint.iacr.org/2010/398.pdf Novotney] | ||
|- | |- | ||
|} | |} | ||
Line 122: | Line 124: | ||
year = {2010}, | year = {2010}, | ||
abstract = {In this short note, we apply a rotational distinguisher to the keyed permutation of the SHA-3 candidate Shabal. We then discuss its applicability in the scope of Shabal's mode of operation and its impact on the security proofs.}, | abstract = {In this short note, we apply a rotational distinguisher to the keyed permutation of the SHA-3 candidate Shabal. We then discuss its applicability in the scope of Shabal's mode of operation and its impact on the security proofs.}, | ||
+ | } | ||
+ | </bibtex> | ||
+ | |||
+ | <bibtex> | ||
+ | @misc{shabalNov10, | ||
+ | author = {Peter Novotney}, | ||
+ | title = {Distinguisher for Shabal's Permutation Function}, | ||
+ | howpublished = {Cryptology ePrint Archive, Report 2010/398}, | ||
+ | year = {2010}, | ||
+ | note = {\url{http://eprint.iacr.org/}}, | ||
+ | abstract = {In this note we consider the Shabal permutation function $\mathcal{P}$ as a block cipher with input $A_p$,$B_p$ and key $C$,$M$ and describe a distinguisher with a data complexity of $2^{23}$ random inputs with a given difference. If the attacker can control one chosen bit of $B_p$, only $2^{21}$ inputs with a given difference are required on average. This distinguisher does not appear to lead directly to an attack on the full Shabal construction. }, | ||
} | } | ||
</bibtex> | </bibtex> |
Revision as of 02:58, 27 July 2010
1 The algorithm
- Author(s): Emmanuel Bresson, Anne Canteaut, Benoît Chevallier-Mames, Christophe Clavier, Thomas Fuhr, Aline Gouget, Thomas Icart, Jean-François Misarsky, Marìa Naya-Plasencia, Pascal Paillier, Thomas Pornin, Jean-René Reinhard, Céline Thuillet, Marion Videau
- Website: http://www.shabal.com/
- NIST submission package:
- round 1/2: Shabal_Round2.zip (old version: Shabal.zip)
Emmanuel Bresson, Anne Canteaut, Benoît Chevallier-Mames, Christophe Clavier, Thomas Fuhr, Aline Gouget, Thomas Icart, Jean-François Misarsky, Marìa Naya-Plasencia, Pascal Paillier, Thomas Pornin, Jean-René Reinhard, Céline Thuillet, Marion Videau - Shabal, a Submission to NIST’s Cryptographic Hash Algorithm Competition
- ,2008
- http://ehash.iaik.tugraz.at/uploads/6/6c/Shabal.pdf
BibtexAuthor : Emmanuel Bresson, Anne Canteaut, Benoît Chevallier-Mames, Christophe Clavier, Thomas Fuhr, Aline Gouget, Thomas Icart, Jean-François Misarsky, Marìa Naya-Plasencia, Pascal Paillier, Thomas Pornin, Jean-René Reinhard, Céline Thuillet, Marion Videau
Title : Shabal, a Submission to NIST’s Cryptographic Hash Algorithm Competition
In : -
Address :
Date : 2008
Emmanuel Bresson, Anne Canteaut, Benoît Chevallier-Mames, Christophe Clavier, Thomas Fuhr, Aline Gouget, Thomas Icart, Jean-François Misarsky, Marìa Naya-Plasencia, Pascal Paillier, Thomas Pornin, Jean-René Reinhard, Céline Thuillet, Marion Videau - Indifferentiability with Distinguishers: Why Shabal Does Not Require Ideal Ciphers
- ,2009
- http://eprint.iacr.org/2009/199.pdf
BibtexAuthor : Emmanuel Bresson, Anne Canteaut, Benoît Chevallier-Mames, Christophe Clavier, Thomas Fuhr, Aline Gouget, Thomas Icart, Jean-François Misarsky, Marìa Naya-Plasencia, Pascal Paillier, Thomas Pornin, Jean-René Reinhard, Céline Thuillet, Marion Videau
Title : Indifferentiability with Distinguishers: Why Shabal Does Not Require Ideal Ciphers
In : -
Address :
Date : 2009
2 Cryptanalysis
We distinguish between two cases: results on the complete hash function, and results on underlying building blocks.
A description of the tables is given here.
Recommended security parameters: (p,r)=(3,12)
2.1 Hash function
Here we list results on the hash function according to the NIST requirements. The only allowed modification is to change the security parameter.
Type of Analysis | Hash Size (n) | Parameters | Compression Function Calls | Memory Requirements | Reference |
2.2 Building blocks
Here we list results on underlying building blocks, and the hash function modified by other means than the security parameter.
Note that these results assume more direct control or access over some internal variables (aka. free-start, pseudo, compression function, block cipher, or permutation attacks).
Type of Analysis | Hash Function Part | Hash Size (n) | Parameters/Variants | Compression Function Calls | Memory Requirements | Reference |
non-randomness(1) | permutation | all | 212 | Aumasson | ||
non-randomness(1) | permutation | all | 1 | Knudsen,Matusiewicz,Thomsen | ||
non-randomness(1) | permutation | all | 2 | Aumasson,Mashatan,Meier | ||
non-randomness | permutation | all | 2159 | Van Assche | ||
non-randomness | permutation | all | 221 | Novotney |
(1)The Shabal team commented on these analyses and provide an update of their security proofs in this note.
Jean-Philippe Aumasson - On the pseudorandomness of Shabal's keyed permutation
- ,2009
- http://131002.net/data/papers/Aum09.pdf
BibtexAuthor : Jean-Philippe Aumasson
Title : On the pseudorandomness of Shabal's keyed permutation
In : -
Address :
Date : 2009
Lars R. Knudsen, Krystian Matusiewicz, Søren S. Thomsen - Observations on the Shabal keyed permutation
- ,2009
- http://www.mat.dtu.dk/people/S.Thomsen/shabal/shabal.pdf
BibtexAuthor : Lars R. Knudsen, Krystian Matusiewicz, Søren S. Thomsen
Title : Observations on the Shabal keyed permutation
In : -
Address :
Date : 2009
Jean-Philippe Aumasson, Atefeh Mashatan, Willi Meier - More on Shabal's permutation
- ,2009
- http://131002.net/data/papers/AMM09.pdf
BibtexAuthor : Jean-Philippe Aumasson, Atefeh Mashatan, Willi Meier
Title : More on Shabal's permutation
In : -
Address :
Date : 2009
Gilles Van Assche - A rotational distinguisher on Shabal's keyed permutation and its impact on the security proofs
- ,2010
- http://gva.noekeon.org/papers/ShabalRotation.pdf
BibtexAuthor : Gilles Van Assche
Title : A rotational distinguisher on Shabal's keyed permutation and its impact on the security proofs
In : -
Address :
Date : 2010
Peter Novotney - Distinguisher for Shabal's Permutation Function