Difference between revisions of "Skein"
From The ECRYPT Hash Function Website
m (same param for all n's) |
(Added Kaminsky and McCay/Vora's papers) |
||
| Line 59: | Line 59: | ||
| Type of Analysis || Hash Function Part || Hash Size (n) || Parameters/Variants || Compression Function Calls || Memory Requirements || Reference | | Type of Analysis || Hash Function Part || Hash Size (n) || Parameters/Variants || Compression Function Calls || Memory Requirements || Reference | ||
|- | |- | ||
| − | |- | + | |- |
| + | | observations || block cipher || all || - || - || - || [http://eprint.iacr.org/2010/282.pdf McCay,Vora] | ||
| + | |- | ||
| + | | observations || compression function || all || - || - || - || [http://eprint.iacr.org/2010/262.pdf Kaminsky] | ||
| + | |- | ||
| + | | key recovery || block cipher || 256 || 39 rounds || 2<sup>254.1</sup> || - || [http://cryptolux.org/mediawiki/uploads/5/5b/Rotational_Cryptanalysis_of_Skein.pdf Khovratovich,Nikolic] | ||
| + | |- | ||
| + | | key recovery || block cipher || 512 || 42 rounds|| 2<sup>507</sup> || - || [http://cryptolux.org/mediawiki/uploads/5/5b/Rotational_Cryptanalysis_of_Skein.pdf Khovratovich,Nikolic] | ||
| + | |- | ||
| + | | key recovery || block cipher || 512 || 32 rounds (Round 1) || 2<sup>226</sup> (2<sup>222</sup>) || 2<sup>12</sup> || [http://eprint.iacr.org/2009/526.pdf Chen,Jia] | ||
| + | |- | ||
| + | | key recovery || block cipher || 512 || 33 rounds (Round 1) || 2<sup>352.17</sup> (2<sup>355.5</sup>) || - || [http://eprint.iacr.org/2009/526.pdf Chen,Jia] | ||
| + | |- | ||
| near collision || compression function || 512 || 17 rounds (Round 1) || 2<sup>24</sup> || - || [http://eprint.iacr.org/2009/438.pdf Aumasson,Calik,Meier,Ozen,Phan,Varici] | | near collision || compression function || 512 || 17 rounds (Round 1) || 2<sup>24</sup> || - || [http://eprint.iacr.org/2009/438.pdf Aumasson,Calik,Meier,Ozen,Phan,Varici] | ||
|- | |- | ||
| Line 68: | Line 80: | ||
| key recovery || block cipher || 512 || 32 rounds (Round 1) || 2<sup>312</sup> || - || [http://eprint.iacr.org/2009/438.pdf Aumasson,Calik,Meier,Ozen,Phan,Varici] | | key recovery || block cipher || 512 || 32 rounds (Round 1) || 2<sup>312</sup> || - || [http://eprint.iacr.org/2009/438.pdf Aumasson,Calik,Meier,Ozen,Phan,Varici] | ||
|- | |- | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
|} | |} | ||
| + | <bibtex> | ||
| + | @misc{skeinMV10, | ||
| + | author = {Kerry A. McKay and Poorvi L. Vora}, | ||
| + | title = {Pseudo-Linear Approximations for ARX Ciphers: With Application to Threefish}, | ||
| + | howpublished = {Cryptology ePrint Archive, Report 2010/282}, | ||
| + | year = {2010}, | ||
| + | url = {http://eprint.iacr.org/2010/282.pdf}, | ||
| + | note = {\url{http://eprint.iacr.org/}}, | ||
| + | abstract = {The operations addition modulo 2^n and exclusive-or have recently been combined to obtain an efficient mechanism for nonlinearity in block cipher design. In this paper, we show that ciphers using this approach may be approximated by pseudo-linear expressions relating groups of contiguous bits of the round key, round input, and round output. The bias of an approximation can be large enough for known plaintext attacks. We demonstrate an application of this concept to a reduced-round version of the Threefish block cipher, a component of the Skein entry in the secure hash function competition.} | ||
| + | } | ||
| + | </bibtex> | ||
| + | <bibtex> | ||
| + | @misc{skeinKam10, | ||
| + | author = {Alan Kaminsky}, | ||
| + | title = {Cube Test Analysis of the Statistical Behavior of CubeHash and Skein}, | ||
| + | howpublished = {Cryptology ePrint Archive, Report 2010/262}, | ||
| + | year = {2010}, | ||
| + | url = {http://eprint.iacr.org/2010/262.pdf}, | ||
| + | note = {\url{http://eprint.iacr.org/}}, | ||
| + | abstract = {This work analyzes the statistical properties of the SHA-3 candidate cryptographic hash algorithms CubeHash and Skein to try to find nonrandom behavior. Cube tests were used to probe each algorithm's internal polynomial structure for a large number of choices of the polynomial input variables. The cube test data were calculated on a 40-core hybrid SMP cluster parallel computer. The cube test data were subjected to three statistical tests: balance, independence, and off-by-one. Although isolated statistical test failures were observed, the balance and off-by-one tests did not find nonrandom behavior overall in either CubeHash or Skein. However, the independence test did find nonrandom behavior overall in both CubeHash and Skein. } | ||
| + | } | ||
| + | </bibtex> | ||
<bibtex> | <bibtex> | ||
Revision as of 13:46, 27 May 2010
1 The algorithm
- Author(s): Niels Ferguson, Stefan Lucks, Bruce Schneier, Doug Whiting, Mihir Bellare, Tadayoshi Kohno, Jon Callas, Jesse Walker
- Website: http://www.schneier.com/skein.html; http://skein-hash.info/
- NIST submission package:
- round 1: SkeinUpdate.zip (old version: Skein.zip)
- round 2: Skein_Round2.zip
Niels Ferguson, Stefan Lucks, Bruce Schneier, Doug Whiting, Mihir Bellare, Tadayoshi Kohno, Jon Callas, Jesse Walker - The Skein Hash Function Family
- ,2009
- http://www.skein-hash.info/sites/default/files/skein1.2.pdf
BibtexAuthor : Niels Ferguson, Stefan Lucks, Bruce Schneier, Doug Whiting, Mihir Bellare, Tadayoshi Kohno, Jon Callas, Jesse Walker
Title : The Skein Hash Function Family
In : -
Address :
Date : 2009
Niels Ferguson, Stefan Lucks, Bruce Schneier, Doug Whiting, Mihir Bellare, Tadayoshi Kohno, Jon Callas, Jesse Walker - The Skein Hash Function Family
- ,2008
- http://www.skein-hash.info/sites/default/files/skein.pdf
BibtexAuthor : Niels Ferguson, Stefan Lucks, Bruce Schneier, Doug Whiting, Mihir Bellare, Tadayoshi Kohno, Jon Callas, Jesse Walker
Title : The Skein Hash Function Family
In : -
Address :
Date : 2008
2 Cryptanalysis
We distinguish between two cases: results on the complete hash function, and results on underlying building blocks.
A description of the tables is given here.
Recommended security parameter: 72 rounds
2.1 Hash function
Here we list results on the hash function according to the NIST requirements. The only allowed modification is to change the security parameter.
| Type of Analysis | Hash Size (n) | Parameters | Compression Function Calls | Memory Requirements | Reference |
2.2 Building blocks
Here we list results on underlying building blocks, and the hash function modified by other means than the security parameter.
Note that these results assume more direct control or access over some internal variables (aka. free-start, pseudo, compression function, block cipher, or permutation attacks).
| Type of Analysis | Hash Function Part | Hash Size (n) | Parameters/Variants | Compression Function Calls | Memory Requirements | Reference |
| observations | block cipher | all | - | - | - | McCay,Vora |
| observations | compression function | all | - | - | - | Kaminsky |
| key recovery | block cipher | 256 | 39 rounds | 2254.1 | - | Khovratovich,Nikolic |
| key recovery | block cipher | 512 | 42 rounds | 2507 | - | Khovratovich,Nikolic |
| key recovery | block cipher | 512 | 32 rounds (Round 1) | 2226 (2222) | 212 | Chen,Jia |
| key recovery | block cipher | 512 | 33 rounds (Round 1) | 2352.17 (2355.5) | - | Chen,Jia |
| near collision | compression function | 512 | 17 rounds (Round 1) | 224 | - | Aumasson,Calik,Meier,Ozen,Phan,Varici |
| distinguisher | block cipher | 512 | 35 rounds (Round 1) | 2478 | - | Aumasson,Calik,Meier,Ozen,Phan,Varici |
| impossible differential | block cipher | 512 | 21 rounds (Round 1) | - | - | Aumasson,Calik,Meier,Ozen,Phan,Varici |
| key recovery | block cipher | 512 | 32 rounds (Round 1) | 2312 | - | Aumasson,Calik,Meier,Ozen,Phan,Varici |
Kerry A. McKay, Poorvi L. Vora - Pseudo-Linear Approximations for ARX Ciphers: With Application to Threefish
- ,2010
- http://eprint.iacr.org/2010/282.pdf
BibtexAuthor : Kerry A. McKay, Poorvi L. Vora
Title : Pseudo-Linear Approximations for ARX Ciphers: With Application to Threefish
In : -
Address :
Date : 2010
Alan Kaminsky - Cube Test Analysis of the Statistical Behavior of CubeHash and Skein
- ,2010
- http://eprint.iacr.org/2010/262.pdf
BibtexAuthor : Alan Kaminsky
Title : Cube Test Analysis of the Statistical Behavior of CubeHash and Skein
In : -
Address :
Date : 2010
Jean-Philippe Aumasson, Cagdas Calik, Willi Meier, Onur Ozen, Raphael C.-W. Phan, Kerem Varici - Improved Cryptanalysis of Skein
- ,2009
- http://eprint.iacr.org/2009/438.pdf
BibtexAuthor : Jean-Philippe Aumasson, Cagdas Calik, Willi Meier, Onur Ozen, Raphael C.-W. Phan, Kerem Varici
Title : Improved Cryptanalysis of Skein
In : -
Address :
Date : 2009
Jiazhe Chen, Keting Jia - Improved Related-key Boomerang Attacks on Round-Reduced Threefish-512
- ,2009
- http://eprint.iacr.org/2009/526.pdf
BibtexAuthor : Jiazhe Chen, Keting Jia
Title : Improved Related-key Boomerang Attacks on Round-Reduced Threefish-512
In : -
Address :
Date : 2009
Dmitry Khovratovich, Ivica Nikolic - Rotational Cryptanalysis of ARX
- ,2010
- http://cryptolux.org/mediawiki/uploads/5/5b/Rotational_Cryptanalysis_of_Skein.pdf
BibtexAuthor : Dmitry Khovratovich, Ivica Nikolic
Title : Rotational Cryptanalysis of ARX
In : -
Address :
Date : 2010
2.3 Archive
Jean-Philippe Aumasson, Willi Meier, Raphael Phan - Improved analyis of Threefish
