Difference between revisions of "Skein"
From The ECRYPT Hash Function Website
m (Typo fixed) |
(Added Chen/Jia results) |
||
| Line 31: | Line 31: | ||
|- | |- | ||
| key recovery || block cipher || 512 || 32 rounds || 2<sup>312</sup> || - || [http://eprint.iacr.org/2009/438.pdf Aumasson,Calik,Meier,Ozen,Phan,Varici] | | key recovery || block cipher || 512 || 32 rounds || 2<sup>312</sup> || - || [http://eprint.iacr.org/2009/438.pdf Aumasson,Calik,Meier,Ozen,Phan,Varici] | ||
| − | |- | + | |- |
| + | | key recovery || block cipher || 512 || 32 rounds || 2<sup>226</sup> (2<sup>222</sup>) || 2<sup>12</sup> || [http://eprint.iacr.org/2009/526.pdf Chen,Jia] | ||
| + | |- | ||
| + | | key recovery || block cipher || 512 || 33 rounds || 2<sup>352.17</sup> (2<sup>355.5</sup>) || - || [http://eprint.iacr.org/2009/526.pdf Chen,Jia] | ||
| + | |- | ||
|} | |} | ||
| Line 49: | Line 53: | ||
</bibtex> | </bibtex> | ||
| + | <bibtex> | ||
| + | @misc{cryptoeprint:2009:526, | ||
| + | author = {Jiazhe Chen and Keting Jia}, | ||
| + | title = {Improved Related-key Boomerang Attacks on Round-Reduced Threefish-512}, | ||
| + | howpublished = {Cryptology ePrint Archive, Report 2009/526}, | ||
| + | year = {2009}, | ||
| + | url = {http://eprint.iacr.org/2009/526.pdf}, | ||
| + | note = {\url{http://eprint.iacr.org/}}, | ||
| + | abstract = {Hash function Skein is one of the 14 NIST SHA-3 second round candidates. Threefish is a tweakable block cipher as the core of Skein, defined with a 256-, 512-, and 1024-bit block size. The 512-bit block size is the primary proposal of the authors. In this paper we construct two related-key boomerang distinguishers on round-reduced Threefish-512 using the method of \emph{modular differential}. With a distinguisher on 32 rounds of Threefish-512, we improve the key recovery attack on 32 rounds of Threefish-512 proposed by Aumasson et al. Their attack requires $2^{312}$ encryptions and $2^{71}$ bytes of memory. However, our attack has a time complexity of $2^{226}$ encryptions with memory of $2^{12}$ bytes. Furthermore, we give a key recovery attack on Threefish-512 reduced to 33 rounds using a 33-round related-key boomerang distinguisher, with $2^{352.17}$ encryptions and negligible memory. Skein had been updated after it entered the second round and the results above are based on the original version. However, as the only differences between the original and the new version are the rotation constants, both of the methods can be applied to the new version with modified differential trails. For the new rotation constants, our attack on 32-round Threefish-512 has a time complexity $2^{222}$ and $2^{12}$ bytes' memory. Our attack on 33-round Threefish-512 has a time complexity $2^{355.5}$ and negligible memory.}, | ||
| + | } | ||
| + | </bibtex> | ||
=== Archive === | === Archive === | ||
Revision as of 15:28, 5 November 2009
1 The algorithm
- Author(s): Niels Ferguson, Stefan Lucks, Bruce Schneier, Doug Whiting, Mihir Bellare, Tadayoshi Kohno, Jon Callas, Jesse Walker
- Website: http://www.schneier.com/skein.html; http://skein-hash.info/
- NIST submission package: Skein.zip, SkeinUpdate.zip
Niels Ferguson, Stefan Lucks, Bruce Schneier, Doug Whiting, Mihir Bellare, Tadayoshi Kohno, Jon Callas, Jesse Walker - The Skein Hash Function Family
- ,2008
- http://www.schneier.com/skein.pdf
BibtexAuthor : Niels Ferguson, Stefan Lucks, Bruce Schneier, Doug Whiting, Mihir Bellare, Tadayoshi Kohno, Jon Callas, Jesse Walker
Title : The Skein Hash Function Family
In : -
Address :
Date : 2008
2 Cryptanalysis
| Type of Analysis | Hash Function Part | Hash Size (n) | Parameters/Variants | Compression Function Calls | Memory Requirements | Reference |
| near collision | compression function | 512 | 17 rounds | 224 | - | Aumasson,Calik,Meier,Ozen,Phan,Varici |
| distinguisher | block cipher | 512 | 35 rounds | 2478 | - | Aumasson,Calik,Meier,Ozen,Phan,Varici |
| impossible differential | block cipher | 512 | 21 rounds | - | - | Aumasson,Calik,Meier,Ozen,Phan,Varici |
| key recovery | block cipher | 512 | 32 rounds | 2312 | - | Aumasson,Calik,Meier,Ozen,Phan,Varici |
| key recovery | block cipher | 512 | 32 rounds | 2226 (2222) | 212 | Chen,Jia |
| key recovery | block cipher | 512 | 33 rounds | 2352.17 (2355.5) | - | Chen,Jia |
A description of this table is given here.
Jean-Philippe Aumasson, Cagdas Calik, Willi Meier, Onur Ozen, Raphael C.-W. Phan, Kerem Varici - Improved Cryptanalysis of Skein
- ,2009
- http://eprint.iacr.org/2009/438.pdf
BibtexAuthor : Jean-Philippe Aumasson, Cagdas Calik, Willi Meier, Onur Ozen, Raphael C.-W. Phan, Kerem Varici
Title : Improved Cryptanalysis of Skein
In : -
Address :
Date : 2009
Jiazhe Chen, Keting Jia - Improved Related-key Boomerang Attacks on Round-Reduced Threefish-512
- ,2009
- http://eprint.iacr.org/2009/526.pdf
BibtexAuthor : Jiazhe Chen, Keting Jia
Title : Improved Related-key Boomerang Attacks on Round-Reduced Threefish-512
In : -
Address :
Date : 2009
2.1 Archive
Jean-Philippe Aumasson, Willi Meier, Raphael Phan - Improved analyis of Threefish
