Difference between revisions of "Skein"

From The ECRYPT Hash Function Website
m (added link to SkeinUpdate.zip)
(ePrint reference added)
Line 24: Line 24:
 
|-
 
|-
 
|-     
 
|-     
|  near collision || compression function || 512 || 17 rounds || 2<sup>24</sup> || - || [http://131002.net/data/talks/threefish_rump.pdf Aumasson,Meier,Phan]
+
|  near collision || compression function || 512 || 17 rounds || 2<sup>24</sup> || - || [http://eprint.iacr.org/2009/438.pdf Aumasson,Calik,Meier,Ozen,Phan,Varici]
 
|-     
 
|-     
|  distinguisher || block cipher || 512 || 17 rounds || 2<sup>4</sup> || - || [http://131002.net/data/talks/threefish_rump.pdf Aumasson,Meier,Phan]
+
|  distinguisher || block cipher || 512 || 35 rounds || 2<sup>478</sup> || - || [http://eprint.iacr.org/2009/438.pdf Aumasson,Calik,Meier,Ozen,Phan,Varici]
 
|-  
 
|-  
|  impossible differential || block cipher || 512 || 21 rounds || - || - || [http://131002.net/data/talks/threefish_rump.pdf Aumasson,Meier,Phan]
+
|  impossible differential || block cipher || 512 || 21 rounds || - || - || [http://eprint.iacr.org/2009/438.pdf Aumasson,Calik,Meier,Ozen,Phan,Varici]
|-  
+
|-      
|  key recovery || block cipher || 512 || 23 rounds || 2<sup>274</sup> || - || [http://131002.net/data/talks/threefish_rump.pdf Aumasson,Meier,Phan]
+
|  key recovery || block cipher || 512 || 34 rounds || 2<sup>398</sup> || - || [http://eprint.iacr.org/2009/438.pdf Aumasson,Calik,Meier,Ozen,Phan,Varici]
|- 
 
|  key recovery || block cipher || 512 || 24 rounds || 2<sup>431</sup> || - || [http://131002.net/data/talks/threefish_rump.pdf Aumasson,Meier,Phan]
 
|-     
 
|  key recovery || block cipher || 512 || 25 rounds || 2<sup>441</sup> || - || [http://131002.net/data/talks/threefish_rump.pdf Aumasson,Meier,Phan]
 
 
|-           
 
|-           
 
|}         
 
|}         
Line 40: Line 36:
 
A description of this table is given [http://ehash.iaik.tugraz.at/wiki/Cryptanalysis_Categories#Individual_Hash_Function_Tables here].
 
A description of this table is given [http://ehash.iaik.tugraz.at/wiki/Cryptanalysis_Categories#Individual_Hash_Function_Tables here].
  
 +
 +
<bibtex>
 +
@misc{skeinA+09,
 +
    author = {Jean-Philippe Aumasson and Cagdas Calik and Willi Meier and Onur Ozen and Raphael C.-W. Phan and Kerem Varici},
 +
    title = {Improved Cryptanalysis of Skein},
 +
    howpublished = {Cryptology ePrint Archive, Report 2009/438},
 +
    year = {2009},
 +
    url = {http://eprint.iacr.org/2009/438.pdf},
 +
    note = {\url{http://eprint.iacr.org/}},
 +
    abstract={The hash function Skein is the submission of Ferguson et al. to the NIST Hash Competition, and is arguably a serious candidate for selection as SHA-3. This paper presents the first third-party analysis of Skein, with an extensive study of its main component: the block cipher Threefish. We notably investigate near collisions, distinguishers, impossible differentials, key recovery using related-key differential and boomerang attacks. In particular, we present near collisions on up to 17 rounds, an impossible differential on 21 rounds, a related-key boomerang distinguisher on 34 rounds, a known-related-key boomerang distinguisher on 35 rounds, and key recovery attacks on up to 32 rounds, out of 72 in total for Threefish-512. None of our attacks directly extends to the full Skein hash. However, the pseudorandomness of Threefish is required to validate the security proofs on Skein, and our results conclude that at least 36 rounds of Threefish seem required for optimal security guarantees.},
 +
}
 +
</bibtex>
 +
 +
 +
=== Archive ===
  
 
<bibtex>
 
<bibtex>

Revision as of 08:46, 14 September 2009

1 The algorithm


Niels Ferguson, Stefan Lucks, Bruce Schneier, Doug Whiting, Mihir Bellare, Tadayoshi Kohno, Jon Callas, Jesse Walker - The Skein Hash Function Family

,2008
http://www.schneier.com/skein.pdf
Bibtex
Author : Niels Ferguson, Stefan Lucks, Bruce Schneier, Doug Whiting, Mihir Bellare, Tadayoshi Kohno, Jon Callas, Jesse Walker
Title : The Skein Hash Function Family
In : -
Address :
Date : 2008


2 Cryptanalysis

Type of Analysis Hash Function Part Hash Size (n) Parameters/Variants Compression Function Calls Memory Requirements Reference
near collision compression function 512 17 rounds 224 - Aumasson,Calik,Meier,Ozen,Phan,Varici
distinguisher block cipher 512 35 rounds 2478 - Aumasson,Calik,Meier,Ozen,Phan,Varici
impossible differential block cipher 512 21 rounds - - Aumasson,Calik,Meier,Ozen,Phan,Varici
key recovery block cipher 512 34 rounds 2398 - Aumasson,Calik,Meier,Ozen,Phan,Varici

A description of this table is given here.


Jean-Philippe Aumasson, Cagdas Calik, Willi Meier, Onur Ozen, Raphael C.-W. Phan, Kerem Varici - Improved Cryptanalysis of Skein

,2009
http://eprint.iacr.org/2009/438.pdf
Bibtex
Author : Jean-Philippe Aumasson, Cagdas Calik, Willi Meier, Onur Ozen, Raphael C.-W. Phan, Kerem Varici
Title : Improved Cryptanalysis of Skein
In : -
Address :
Date : 2009


2.1 Archive

Jean-Philippe Aumasson, Willi Meier, Raphael Phan - Improved analyis of Threefish

,2009
http://131002.net/data/talks/threefish_rump.pdf
Bibtex
Author : Jean-Philippe Aumasson, Willi Meier, Raphael Phan
Title : Improved analyis of Threefish
In : -
Address :
Date : 2009