Difference between revisions of "Shabal"

From The ECRYPT Hash Function Website
m (Correction: 2 queries instead of 1)
m (Indifferentiability with Distinguishers: Why Shabal Does Not Require Ideal Ciphers)
Line 16: Line 16:
 
</bibtex>
 
</bibtex>
  
 +
<bibtex>
 +
@misc{cryptoeprint:2009:199,
 +
    author = {Emmanuel Bresson and Anne Canteaut and Benoit Chevallier-Mames and Christophe Clavier and Thomas Fuhr and Aline Gouget and Thomas Icart and Jean-Francois Misarsky and Maria Naya-Plasencia and Pascal Paillier and Thomas Pornin and Jean-Rene Reinhard and Celine Thuillet and Marion Videau},
 +
    title = {Indifferentiability with Distinguishers: Why Shabal Does Not Require Ideal Ciphers},
 +
    howpublished = {Cryptology ePrint Archive, Report 2009/199},
 +
    year = {2009},
 +
    url = {http://eprint.iacr.org/2009/199.pdf},
 +
    abstract = {Shabal is based on a new provably secure mode of operation. Some related-key distinguishers for the underlying keyed permutation have been exhibited recently by Aumasson et al. and Knudsen et al., but with no visible impact on the security of Shabal. This paper then aims at extensively studying such distinguishers for the keyed permutation used in Shabal, and at clarifying the impact that they exert on the security of the full hash function. Most interestingly, a new security proof for Shabal's mode of operation is provided where the keyed permutation is not assumed to be an ideal cipher anymore, but observes a distinguishing property i.e., an explicit relation verified by all its inputs and outputs. As a consequence of this extended proof, all known distinguishers for the keyed permutation are proven not to weaken the security of Shabal. In our study, we provide the foundation of a generalization of the indifferentiability framework to biased random primitives, this part being of independent interest.},
 +
}
 +
</bibtex>
  
 
== Cryptanalysis ==
 
== Cryptanalysis ==

Revision as of 08:00, 30 June 2009

1 The algorithm

  • Author(s): Emmanuel Bresson, Anne Canteaut, Benoît Chevallier-Mames, Christophe Clavier, Thomas Fuhr, Aline Gouget, Thomas Icart, Jean-François Misarsky, Marìa Naya-Plasencia, Pascal Paillier, Thomas Pornin, Jean-René Reinhard, Céline Thuillet, Marion Videau
  • Website: http://www.shabal.com/
  • NIST submission package: Shabal.zip


Emmanuel Bresson, Anne Canteaut, Benoît Chevallier-Mames, Christophe Clavier, Thomas Fuhr, Aline Gouget, Thomas Icart, Jean-François Misarsky, Marìa Naya-Plasencia, Pascal Paillier, Thomas Pornin, Jean-René Reinhard, Céline Thuillet, Marion Videau - Shabal, a Submission to NIST’s Cryptographic Hash Algorithm Competition

,2008
http://ehash.iaik.tugraz.at/uploads/6/6c/Shabal.pdf
Bibtex
Author : Emmanuel Bresson, Anne Canteaut, Benoît Chevallier-Mames, Christophe Clavier, Thomas Fuhr, Aline Gouget, Thomas Icart, Jean-François Misarsky, Marìa Naya-Plasencia, Pascal Paillier, Thomas Pornin, Jean-René Reinhard, Céline Thuillet, Marion Videau
Title : Shabal, a Submission to NIST’s Cryptographic Hash Algorithm Competition
In : -
Address :
Date : 2008

Emmanuel Bresson, Anne Canteaut, Benoit Chevallier-Mames, Christophe Clavier, Thomas Fuhr, Aline Gouget, Thomas Icart, Jean-Francois Misarsky, Maria Naya-Plasencia, Pascal Paillier, Thomas Pornin, Jean-Rene Reinhard, Celine Thuillet, Marion Videau - Indifferentiability with Distinguishers: Why Shabal Does Not Require Ideal Ciphers

,2009
http://eprint.iacr.org/2009/199.pdf
Bibtex
Author : Emmanuel Bresson, Anne Canteaut, Benoit Chevallier-Mames, Christophe Clavier, Thomas Fuhr, Aline Gouget, Thomas Icart, Jean-Francois Misarsky, Maria Naya-Plasencia, Pascal Paillier, Thomas Pornin, Jean-Rene Reinhard, Celine Thuillet, Marion Videau
Title : Indifferentiability with Distinguishers: Why Shabal Does Not Require Ideal Ciphers
In : -
Address :
Date : 2009

2 Cryptanalysis

Type of Analysis Hash Function Part Hash Size (n) Parameters/Variants Compression Function Calls Memory Requirements Reference
non-randomness permutation all (p,r)=(3,12) 212 Aumasson
non-randomness permutation all any (p,r) 1 Knudsen,Matusiewicz,Thomsen
non-randomness permutation all any (p,r) 2 Aumasson,Mashatan,Meier

A description of this table is given here.


Jean-Philippe Aumasson - On the pseudorandomness of Shabal's keyed permutation

,2009
http://131002.net/data/papers/Aum09.pdf
Bibtex
Author : Jean-Philippe Aumasson
Title : On the pseudorandomness of Shabal's keyed permutation
In : -
Address :
Date : 2009

Lars R. Knudsen, Krystian Matusiewicz, Søren S. Thomsen - Observations on the Shabal keyed permutation

,2009
http://www.mat.dtu.dk/people/S.Thomsen/shabal/shabal.pdf
Bibtex
Author : Lars R. Knudsen, Krystian Matusiewicz, Søren S. Thomsen
Title : Observations on the Shabal keyed permutation
In : -
Address :
Date : 2009

Jean-Philippe Aumasson, Atefeh Mashatan, Willi Meier - More on Shabal's permutation

,2009
http://131002.net/data/papers/AMM09.pdf
Bibtex
Author : Jean-Philippe Aumasson, Atefeh Mashatan, Willi Meier
Title : More on Shabal's permutation
In : -
Address :
Date : 2009