Skein
1 The algorithm
- Author(s): Niels Ferguson, Stefan Lucks, Bruce Schneier, Doug Whiting, Mihir Bellare, Tadayoshi Kohno, Jon Callas, Jesse Walker
- Website: http://www.schneier.com/skein.html; http://skein-hash.info/
- NIST submission package:
- Round 3: Skein_FinalRnd.zip
- Round 2: Skein_Round2.zip
- Round 1: SkeinUpdate.zip (old version: Skein.zip)
Niels Ferguson, Stefan Lucks, Bruce Schneier, Doug Whiting, Mihir Bellare, Tadayoshi Kohno, Jon Callas, Jesse Walker - The Skein Hash Function Family
- ,2010
- http://www.skein-hash.info/sites/default/files/skein1.3.pdf
BibtexAuthor : Niels Ferguson, Stefan Lucks, Bruce Schneier, Doug Whiting, Mihir Bellare, Tadayoshi Kohno, Jon Callas, Jesse Walker
Title : The Skein Hash Function Family
In : -
Address :
Date : 2010
Niels Ferguson, Stefan Lucks, Bruce Schneier, Doug Whiting, Mihir Bellare, Tadayoshi Kohno, Jon Callas, Jesse Walker - The Skein Hash Function Family
- ,2009
- http://www.skein-hash.info/sites/default/files/skein1.2.pdf
BibtexAuthor : Niels Ferguson, Stefan Lucks, Bruce Schneier, Doug Whiting, Mihir Bellare, Tadayoshi Kohno, Jon Callas, Jesse Walker
Title : The Skein Hash Function Family
In : -
Address :
Date : 2009
Niels Ferguson, Stefan Lucks, Bruce Schneier, Doug Whiting, Mihir Bellare, Tadayoshi Kohno, Jon Callas, Jesse Walker - The Skein Hash Function Family
- ,2008
- http://www.skein-hash.info/sites/default/files/skein1.1.pdf
BibtexAuthor : Niels Ferguson, Stefan Lucks, Bruce Schneier, Doug Whiting, Mihir Bellare, Tadayoshi Kohno, Jon Callas, Jesse Walker
Title : The Skein Hash Function Family
In : -
Address :
Date : 2008
2 Cryptanalysis
We distinguish between two cases: results on the complete hash function, and results on underlying building blocks.
A description of the tables is given here.
Recommended security parameter: 72 rounds (Skein-256 and Skein-512)
2.1 Hash function
Here we list results on the hash function according to the NIST requirements. The only allowed modification is to change the security parameter.
| Type of Analysis | Hash Size (n) | Parameters | Compression Function Calls | Memory Requirements | Reference |
| collision | 256 | 2 rounds | 285 | - | Khovratovich |
| collision | 256 | 12 rounds | 2126.5 | - | Khovratovich |
| collision | 512 | 5 rounds | 2192 | - | Khovratovich |
| collision | 512 | 14 rounds | 2254.5 | - | Khovratovich |
| preimage | 512 | 22 rounds | 2511.0 | 26 | Khovratovich,Rechberger,Savelieva |
| preimage | 512 | 72 rounds | 2511.76 | - | Khovratovich,Rechberger,Savelieva |
2.2 Building blocks
Here we list results on underlying building blocks, and the hash function modified by other means than the security parameter.
Note that these results assume more direct control or access over some internal variables (aka. free-start, pseudo, compression function, block cipher, or permutation attacks).
| Type of Analysis | Hash Function Part | Hash Size (n) | Parameters/Variants | Compression Function Calls | Memory Requirements | Reference |
| preimage | compression function | 512 | 22 rounds | 2508 | 26 | Khovratovich,Rechberger,Savelieva |
| preimage | compression function | 512 | 37 rounds | 2511.2 | 264 | Khovratovich,Rechberger,Savelieva |
| distinguisher | compression function | 512 | 32 rounds | 2104.5 | - | Yu,Chen,Wang |
| distinguisher | compression function | 512 | 36 rounds | 2454 | - | Yu,Chen,Wang |
| key recovery | block cipher | 512 | 32 rounds | 2181 | - | Yu,Chen,Wang |
| key recovery | block cipher | 512 | 34 rounds | 2424 | - | Yu,Chen,Wang |
| near-collision | compression function | 256 | 32 rounds | 2105 | - | Yu,Chen,Jia,Wang |
| distinguisher | compression function | all | 57 rounds (Round 2) | 2503 | - | Khovratovich,Nikolić,Rechberger |
| distinguisher | compression function | 256 | 53 rounds (Round 2) | 2251, Skein-256 | - | Khovratovich,Nikolić,Rechberger |
| near-collision | compression function | all | 24 rounds (No. 20-43) | 2230 | - | Su,Wu,Wu,Dong |
| near-collision | compression function | 256 | 24 rounds (No. 12-35), Skein-256 | 260 | - | Su,Wu,Wu,Dong |
| near-collision | compression function | all | 24 rounds, Skein-1024 | 2395 | - | Su,Wu,Wu,Dong |
| observations | hash | all | Gligoroski | |||
| observations | block cipher | all | - | - | - | McKay,Vora |
| observations | compression function | all | - | - | - | Kaminsky |
| key recovery | block cipher | 256 | 39 rounds | 2254.1 | - | Khovratovich,Nikolic |
| key recovery | block cipher | 512 | 42 rounds | 2507 | - | Khovratovich,Nikolic |
| key recovery | block cipher | 512 | 32 rounds (Round 1) | 2226 (2222) | 212 | Chen,Jia |
| key recovery | block cipher | 512 | 33 rounds (Round 1) | 2352.17 (2355.5) | - | Chen,Jia |
| near collision | compression function | 512 | 17 rounds (Round 1) | 224 | - | Aumasson,Calik,Meier,Ozen,Phan,Varici |
| distinguisher | block cipher | 512 | 35 rounds (Round 1) | 2478 | - | Aumasson,Calik,Meier,Ozen,Phan,Varici |
| impossible differential | block cipher | 512 | 21 rounds (Round 1) | - | - | Aumasson,Calik,Meier,Ozen,Phan,Varici |
| key recovery | block cipher | 512 | 32 rounds (Round 1) | 2312 | - | Aumasson,Calik,Meier,Ozen,Phan,Varici |
Dmitry Khovratovich - Bicliques for permutations: collision and preimage attacks in stronger settings
- ,2012
- http://eprint.iacr.org/2012/141.pdf
BibtexAuthor : Dmitry Khovratovich
Title : Bicliques for permutations: collision and preimage attacks in stronger settings
In : -
Address :
Date : 2012
Dmitry Khovratovich, Christian Rechberger, Alexandra Savelieva - Bicliques for Preimages: Attacks on Skein-512 and the SHA-2 family
- Fast Software Encryption (FSE) ,2012
- http://eprint.iacr.org/2011/286.pdf
BibtexAuthor : Dmitry Khovratovich, Christian Rechberger, Alexandra Savelieva
Title : Bicliques for Preimages: Attacks on Skein-512 and the SHA-2 family
In : Fast Software Encryption (FSE) -
Address :
Date : 2012
Hongbo Yu, Jiazhe Chen, Xiaoyun Wang - The Boomerang Attacks on the Round-Reduced Skein-512
- ,2012
- http://eprint.iacr.org/2012/238.pdf
BibtexAuthor : Hongbo Yu, Jiazhe Chen, Xiaoyun Wang
Title : The Boomerang Attacks on the Round-Reduced Skein-512
In : -
Address :
Date : 2012
Hongbo Yu, Jiazhe Chen, Ketingjia, Xiaoyun Wang - Near-Collision Attack on the Step-Reduced Compression Function of Skein-256
- ,2011
- http://eprint.iacr.org/2011/148.pdf
BibtexAuthor : Hongbo Yu, Jiazhe Chen, Ketingjia, Xiaoyun Wang
Title : Near-Collision Attack on the Step-Reduced Compression Function of Skein-256
In : -
Address :
Date : 2011
Dmitry Khovratovich, Ivica Nikolić, Christian Rechberger - Rotational Rebound Attacks on Reduced Skein
- ASIACRYPT 6477:1-19,2010
- http://eprint.iacr.org/2010/538.pdf
BibtexAuthor : Dmitry Khovratovich, Ivica Nikolić, Christian Rechberger
Title : Rotational Rebound Attacks on Reduced Skein
In : ASIACRYPT -
Address :
Date : 2010
Bozhan Su, Wenling Wu, Shuang Wu, Le Dong - Near-Collisions on the Reduced-Round Compression Functions of Skein and BLAKE
- CANS 6467:124-139,2010
- http://eprint.iacr.org/2010/355.pdf
BibtexAuthor : Bozhan Su, Wenling Wu, Shuang Wu, Le Dong
Title : Near-Collisions on the Reduced-Round Compression Functions of Skein and BLAKE
In : CANS -
Address :
Date : 2010
Danilo Gligoroski - Narrow-pipe SHA-3 candidates differ significantly from ideal random functions defined over big domains
- ,2010
- http://people.item.ntnu.no/~danilog/Hash/Non-random-behaviour-narrow-pipe-designs-03.pdf
BibtexAuthor : Danilo Gligoroski
Title : Narrow-pipe SHA-3 candidates differ significantly from ideal random functions defined over big domains
In : -
Address :
Date : 2010
Kerry A. McKay, Poorvi L. Vora - Pseudo-Linear Approximations for ARX Ciphers: With Application to Threefish
- ,2010
- http://eprint.iacr.org/2010/282.pdf
BibtexAuthor : Kerry A. McKay, Poorvi L. Vora
Title : Pseudo-Linear Approximations for ARX Ciphers: With Application to Threefish
In : -
Address :
Date : 2010
Alan Kaminsky - Cube Test Analysis of the Statistical Behavior of CubeHash and Skein
- ,2010
- http://eprint.iacr.org/2010/262.pdf
BibtexAuthor : Alan Kaminsky
Title : Cube Test Analysis of the Statistical Behavior of CubeHash and Skein
In : -
Address :
Date : 2010
Dmitry Khovratovich, Ivica Nikolic - Rotational Cryptanalysis of ARX
- FSE 6147:333-346
- http://cryptolux.org/mediawiki/uploads/5/5b/Rotational_Cryptanalysis_of_Skein.pdf
BibtexAuthor : Dmitry Khovratovich, Ivica Nikolic
Title : Rotational Cryptanalysis of ARX
In : FSE -
Address :
Date :
Jiazhe Chen, Keting Jia - Improved Related-key Boomerang Attacks on Round-Reduced Threefish-512
- ,2009
- http://eprint.iacr.org/2009/526.pdf
BibtexAuthor : Jiazhe Chen, Keting Jia
Title : Improved Related-key Boomerang Attacks on Round-Reduced Threefish-512
In : -
Address :
Date : 2009
Jean-Philippe Aumasson, Cagdas Calik, Willi Meier, Onur Ozen, Raphael C.-W. Phan, Kerem Varici - Improved Cryptanalysis of Skein
- ASIACRYPT 5912:542-559,2009
- http://eprint.iacr.org/2009/438.pdf
BibtexAuthor : Jean-Philippe Aumasson, Cagdas Calik, Willi Meier, Onur Ozen, Raphael C.-W. Phan, Kerem Varici
Title : Improved Cryptanalysis of Skein
In : ASIACRYPT -
Address :
Date : 2009
Jean-Philippe Aumasson, Willi Meier, Raphael Phan - Improved analyis of Threefish
