Difference between revisions of "The SHA-3 Zoo"

From The ECRYPT Hash Function Website
(ESSENCE coloured in orange)
(round 2 candidates added)
Line 3: Line 3:
 
The idea of the SHA-3 Zoo is to give a good overview of cryptanalytic results. We try to avoid additional judgement whether a submission is broken. The answer to this question is left to NIST. However, we categorize the cryptanalytic results by their impact from very theoretic to practical attacks. A detailed description is given in [[Cryptanalysis Categories]].
 
The idea of the SHA-3 Zoo is to give a good overview of cryptanalytic results. We try to avoid additional judgement whether a submission is broken. The answer to this question is left to NIST. However, we categorize the cryptanalytic results by their impact from very theoretic to practical attacks. A detailed description is given in [[Cryptanalysis Categories]].
  
At this time, 56 out of 64 submissions to the SHA-3 competition are publicly known and available. 51 [http://csrc.nist.gov/groups/ST/hash/sha-3/Round1/submissions_rnd1.html submissions] have advanced to the first round.
+
At this time, 56 out of 64 submissions to the SHA-3 competition are publicly known and available. 51 submissions have advanced to [http://csrc.nist.gov/groups/ST/hash/sha-3/Round1/index.html Round 1] and 14 submissions have made it into [http://csrc.nist.gov/groups/ST/hash/sha-3/Round2/index.html Round 2].
So far, 10 out of 51 first round candidates have been officially conceded broken or withdrawn by the designers.
 
  
 
The following table should give a first impression on the remaining SHA-3 candidates. It shows only the best known attack, more detailed results are collected at the individual hash function pages. A description of the main table is given [[Cryptanalysis_Categories#Main_Cryptanalysis_Table | here]].
 
The following table should give a first impression on the remaining SHA-3 candidates. It shows only the best known attack, more detailed results are collected at the individual hash function pages. A description of the main table is given [[Cryptanalysis_Categories#Main_Cryptanalysis_Table | here]].
Line 10: Line 9:
 
[http://ehash.iaik.tugraz.at/index.php?title=Special:Recentchangeslinked&target=The_SHA-3_Zoo&days=7&limit=50&hideminor=1 Recent updates of the SHA-3 Zoo]
 
[http://ehash.iaik.tugraz.at/index.php?title=Special:Recentchangeslinked&target=The_SHA-3_Zoo&days=7&limit=50&hideminor=1 Recent updates of the SHA-3 Zoo]
  
 +
 +
{| border="1" cellpadding="4" cellspacing="0" align="center" class="wikitable" style="text-align:center"
 +
|- style="background:#efefef;"
 +
! width="120"| Hash Name !! width="160" | Principal Submitter !! width="150"| Best Attack on Main NIST Requirements !! width="140"| Best Attack on other Hash Requirements
 +
|-
 +
| [[BLAKE]]        || Jean-Philippe Aumasson || ||
 +
|-
 +
| [[Blue Midnight Wish]] || Svein Johan Knapskog || ||
 +
|-
 +
| [[CubeHash]]    || Daniel J. Bernstein || style="background:greenyellow" | preimage ||
 +
|-
 +
| [[ECHO]]        || Henri Gilbert || ||
 +
|-                                                                                                           
 +
| [[Fugue]]        || Charanjit S. Jutla || ||
 +
|-                                                                                                           
 +
| [[Groestl|Grøstl]] || Lars R. Knudsen || ||
 +
|-
 +
| [[Hamsi]]        || <nowiki>Özgül Kü&#231;ük</nowiki> || ||
 +
|-
 +
| [[JH]]          || Hongjun Wu || style="background:greenyellow" | preimage ||
 +
|-                                                                                                           
 +
| [[Keccak]]      || The Keccak Team || ||
 +
|-
 +
| [[Luffa]]        || Dai Watanabe || ||
 +
|-
 +
| [[Shabal]]      || <nowiki>Jean-Fran&#231;ois Misarsky</nowiki> || ||
 +
|-
 +
| [[SHAvite-3]]    || Orr Dunkelman || ||
 +
|-
 +
| [[SIMD]]        || <nowiki>Ga&#235;tan Leurent</nowiki> || ||
 +
|-
 +
| [[Skein]]        || Bruce Schneier || ||
 +
|-                                                                                                           
 +
|}
 +
 +
 +
 +
The following hash functions have advanced to Round 1 but not to Round 2:
  
 
{| border="1" cellpadding="4" cellspacing="0" align="center" class="wikitable" style="text-align:center"
 
{| border="1" cellpadding="4" cellspacing="0" align="center" class="wikitable" style="text-align:center"
Line 18: Line 55:
 
|-                                                                                                             
 
|-                                                                                                             
 
| [[AURORA]]      || Masahiro Fujita  || style="background:orange"| 2nd preimage ||
 
| [[AURORA]]      || Masahiro Fujita  || style="background:orange"| 2nd preimage ||
|-
 
| [[BLAKE]]        || Jean-Philippe Aumasson || ||
 
 
|-
 
|-
 
| [[Blender]]      || Colin Bradbury || style="background:orange" | collision, preimage || near-collision
 
| [[Blender]]      || Colin Bradbury || style="background:orange" | collision, preimage || near-collision
 
|-                                                                                                             
 
|-                                                                                                             
| [[Blue Midnight Wish]] || Svein Johan Knapskog || ||
 
|-
 
 
| [[Cheetah]]      || Dmitry Khovratovich || || length-extension
 
| [[Cheetah]]      || Dmitry Khovratovich || || length-extension
 
|-
 
|-
Line 30: Line 63:
 
|-                                                                                                             
 
|-                                                                                                             
 
| [[CRUNCH]]      || Jacques Patarin || || length-extension
 
| [[CRUNCH]]      || Jacques Patarin || || length-extension
|-
 
| [[CubeHash]]    || Daniel J. Bernstein || style="background:greenyellow" | preimage ||
 
 
|-
 
|-
 
| [[Dynamic SHA]]  || Xu Zijie || style="background:red"|collision || length-extension
 
| [[Dynamic SHA]]  || Xu Zijie || style="background:red"|collision || length-extension
Line 37: Line 68:
 
| [[Dynamic SHA2]] || Xu Zijie || style="background:orange"|collision || length-extension
 
| [[Dynamic SHA2]] || Xu Zijie || style="background:orange"|collision || length-extension
 
|-
 
|-
| [[ECHO]]        || Henri Gilbert || ||
 
|-                                                                                                           
 
 
| [[ECOH]]        || Daniel R. L. Brown || style="background:orange"| 2nd preimage ||
 
| [[ECOH]]        || Daniel R. L. Brown || style="background:orange"| 2nd preimage ||
 
|-
 
|-
Line 48: Line 77:
 
|-
 
|-
 
| [[FSB (SHA-3 submission) | FSB]] || Matthieu Finiasz || ||
 
| [[FSB (SHA-3 submission) | FSB]] || Matthieu Finiasz || ||
|-
 
| [[Fugue]]        || Charanjit S. Jutla || ||
 
|-                                                                                                           
 
| [[Groestl|Grøstl]] || Lars R. Knudsen || ||
 
|-
 
| [[Hamsi]]        || <nowiki>Özgül Kü&#231;ük</nowiki> || ||
 
|-
 
| [[JH]]          || Hongjun Wu || style="background:greenyellow" | preimage ||
 
|-                                                                                                           
 
| [[Keccak]]      || The Keccak Team || ||
 
 
|-
 
|-
 
| [[LANE]]        || Sebastiaan Indesteege || ||
 
| [[LANE]]        || Sebastiaan Indesteege || ||
 
|-                         
 
|-                         
 
| [[Lesamnta]]    || Hirotaka Yoshida || ||
 
| [[Lesamnta]]    || Hirotaka Yoshida || ||
|-
 
| [[Luffa]]        || Dai Watanabe || ||
 
 
|-
 
|-
 
| [[LUX]]          || <nowiki>Ivica Nikoli&#263;</nowiki> || style="background:orange" | collision, 2nd preimage || DRBG,HMAC
 
| [[LUX]]          || <nowiki>Ivica Nikoli&#263;</nowiki> || style="background:orange" | collision, 2nd preimage || DRBG,HMAC
Line 79: Line 96:
 
| [[Sgàil]]        || Peter Maxwell|| style="background:red" | collision ||
 
| [[Sgàil]]        || Peter Maxwell|| style="background:red" | collision ||
 
|-
 
|-
| [[Shabal]]      || <nowiki>Jean-Fran&#231;ois Misarsky</nowiki> || ||
 
|-
 
| [[SHAvite-3]]    || Orr Dunkelman || ||
 
|-
 
| [[SIMD]]        || <nowiki>Ga&#235;tan Leurent</nowiki> || ||
 
|-
 
| [[Skein]]        || Bruce Schneier || ||
 
|-                                                                                                           
 
 
| [[Spectral Hash]] || <nowiki>&#199;etin Kaya Ko&#231;</nowiki> || style="background:red" | collision ||
 
| [[Spectral Hash]] || <nowiki>&#199;etin Kaya Ko&#231;</nowiki> || style="background:red" | collision ||
 
|-
 
|-
Line 99: Line 108:
  
  
 
+
The following hash functions have been submitted to the NIST competition but did not advance to Round 1, have been conceded broken or withdrawn by the designers:
The following hash functions have been submitted to the NIST competition but did not advance to the first round, or have been conceded broken or withdrawn by the designers:
 
  
 
{| border="1" cellpadding="4" cellspacing="0" align="center" class="wikitable" style="text-align:center"
 
{| border="1" cellpadding="4" cellspacing="0" align="center" class="wikitable" style="text-align:center"

Revision as of 14:09, 27 July 2009

The SHA-3 Zoo (work in progress) is a collection of cryptographic hash functions (in alphabetical order) submitted to the SHA-3 contest (see also here). It aims to provide an overview of design and cryptanalysis of all submissions. A list of all SHA-3 submitters is also available. For a software performance related overview, see eBASH. At a separate page, we also collect hardware implementation results of the candidates. Another categorization of the SHA-3 submissions can be found here.

The idea of the SHA-3 Zoo is to give a good overview of cryptanalytic results. We try to avoid additional judgement whether a submission is broken. The answer to this question is left to NIST. However, we categorize the cryptanalytic results by their impact from very theoretic to practical attacks. A detailed description is given in Cryptanalysis Categories.

At this time, 56 out of 64 submissions to the SHA-3 competition are publicly known and available. 51 submissions have advanced to Round 1 and 14 submissions have made it into Round 2.

The following table should give a first impression on the remaining SHA-3 candidates. It shows only the best known attack, more detailed results are collected at the individual hash function pages. A description of the main table is given here.

Recent updates of the SHA-3 Zoo


Hash Name Principal Submitter Best Attack on Main NIST Requirements Best Attack on other Hash Requirements
BLAKE Jean-Philippe Aumasson
Blue Midnight Wish Svein Johan Knapskog
CubeHash Daniel J. Bernstein preimage
ECHO Henri Gilbert
Fugue Charanjit S. Jutla
Grøstl Lars R. Knudsen
Hamsi Özgül Küçük
JH Hongjun Wu preimage
Keccak The Keccak Team
Luffa Dai Watanabe
Shabal Jean-François Misarsky
SHAvite-3 Orr Dunkelman
SIMD Gaëtan Leurent
Skein Bruce Schneier


The following hash functions have advanced to Round 1 but not to Round 2:

Hash Name Principal Submitter Best Attack on Main NIST Requirements Best Attack on other Hash Requirements
ARIRANG Jongin Lim
AURORA Masahiro Fujita 2nd preimage
Blender Colin Bradbury collision, preimage near-collision
Cheetah Dmitry Khovratovich length-extension
CHI Phillip Hawkes
CRUNCH Jacques Patarin length-extension
Dynamic SHA Xu Zijie collision length-extension
Dynamic SHA2 Xu Zijie collision length-extension
ECOH Daniel R. L. Brown 2nd preimage
Edon-R Danilo Gligoroski preimage
EnRUPT Sean O'Neil collision
ESSENCE Jason Worth Martin collision
FSB Matthieu Finiasz
LANE Sebastiaan Indesteege
Lesamnta Hirotaka Yoshida
LUX Ivica Nikolić collision, 2nd preimage DRBG,HMAC
MCSSHA-3 Mikhail Maslennikov 2nd preimage
MD6 Ronald L. Rivest
NaSHA Smile Markovski collision
SANDstorm Rich Schroeppel
Sarmal Kerem Varıcı preimage
Sgàil Peter Maxwell collision
Spectral Hash Çetin Kaya Koç collision
SWIFFTX Daniele Micciancio
TIB3 Daniel Penazzi collision
Twister Michael Gorski preimage
Vortex Michael Kounavis preimage


The following hash functions have been submitted to the NIST competition but did not advance to Round 1, have been conceded broken or withdrawn by the designers:

Hash Name Principal Submitter Status Best Attack on Main NIST Requirements
Abacus Neil Sholer conceded broken 2nd-preimage
Boole Greg Rose conceded broken collision
DCH David A. Wilson conceded broken collision
HASH 2X Jason Lee not in round 1 2nd-preimage
Khichidi-1 M. Vidyasagar conceded broken collision
Maraca Robert J. Jenkins not in round 1 preimage
MeshHash Björn Fay conceded broken 2nd preimage
NKS2D Geoffrey Park not in round 1 collision
Ponic Peter Schmidt-Nielsen not in round 1 2nd-preimage
SHAMATA Orhun Kara conceded broken collision
StreamHash Michal Trojnara conceded broken collision
Tangle Rafael Alvarez conceded broken collision
WaMM John Washburn conceded broken collision
Waterfall Bob Hattersley conceded broken collision
ZK-Crypt Carmi Gressel not in round 1


Your analysis is not mentioned? Drop a line at sha3zoo@iaik.tugraz.at to let us know!