Difference between revisions of "The SHA-3 Zoo"
From The ECRYPT Hash Function Website
(ESSENCE coloured in orange) |
Mschlaeffer (talk | contribs) (round 2 candidates added) |
||
| Line 3: | Line 3: | ||
The idea of the SHA-3 Zoo is to give a good overview of cryptanalytic results. We try to avoid additional judgement whether a submission is broken. The answer to this question is left to NIST. However, we categorize the cryptanalytic results by their impact from very theoretic to practical attacks. A detailed description is given in [[Cryptanalysis Categories]]. | The idea of the SHA-3 Zoo is to give a good overview of cryptanalytic results. We try to avoid additional judgement whether a submission is broken. The answer to this question is left to NIST. However, we categorize the cryptanalytic results by their impact from very theoretic to practical attacks. A detailed description is given in [[Cryptanalysis Categories]]. | ||
| − | At this time, 56 out of 64 submissions to the SHA-3 competition are publicly known and available. 51 [http://csrc.nist.gov/groups/ST/hash/sha-3/Round1/ | + | At this time, 56 out of 64 submissions to the SHA-3 competition are publicly known and available. 51 submissions have advanced to [http://csrc.nist.gov/groups/ST/hash/sha-3/Round1/index.html Round 1] and 14 submissions have made it into [http://csrc.nist.gov/groups/ST/hash/sha-3/Round2/index.html Round 2]. |
| − | |||
The following table should give a first impression on the remaining SHA-3 candidates. It shows only the best known attack, more detailed results are collected at the individual hash function pages. A description of the main table is given [[Cryptanalysis_Categories#Main_Cryptanalysis_Table | here]]. | The following table should give a first impression on the remaining SHA-3 candidates. It shows only the best known attack, more detailed results are collected at the individual hash function pages. A description of the main table is given [[Cryptanalysis_Categories#Main_Cryptanalysis_Table | here]]. | ||
| Line 10: | Line 9: | ||
[http://ehash.iaik.tugraz.at/index.php?title=Special:Recentchangeslinked&target=The_SHA-3_Zoo&days=7&limit=50&hideminor=1 Recent updates of the SHA-3 Zoo] | [http://ehash.iaik.tugraz.at/index.php?title=Special:Recentchangeslinked&target=The_SHA-3_Zoo&days=7&limit=50&hideminor=1 Recent updates of the SHA-3 Zoo] | ||
| + | |||
| + | {| border="1" cellpadding="4" cellspacing="0" align="center" class="wikitable" style="text-align:center" | ||
| + | |- style="background:#efefef;" | ||
| + | ! width="120"| Hash Name !! width="160" | Principal Submitter !! width="150"| Best Attack on Main NIST Requirements !! width="140"| Best Attack on other Hash Requirements | ||
| + | |- | ||
| + | | [[BLAKE]] || Jean-Philippe Aumasson || || | ||
| + | |- | ||
| + | | [[Blue Midnight Wish]] || Svein Johan Knapskog || || | ||
| + | |- | ||
| + | | [[CubeHash]] || Daniel J. Bernstein || style="background:greenyellow" | preimage || | ||
| + | |- | ||
| + | | [[ECHO]] || Henri Gilbert || || | ||
| + | |- | ||
| + | | [[Fugue]] || Charanjit S. Jutla || || | ||
| + | |- | ||
| + | | [[Groestl|Grøstl]] || Lars R. Knudsen || || | ||
| + | |- | ||
| + | | [[Hamsi]] || <nowiki>Özgül Küçük</nowiki> || || | ||
| + | |- | ||
| + | | [[JH]] || Hongjun Wu || style="background:greenyellow" | preimage || | ||
| + | |- | ||
| + | | [[Keccak]] || The Keccak Team || || | ||
| + | |- | ||
| + | | [[Luffa]] || Dai Watanabe || || | ||
| + | |- | ||
| + | | [[Shabal]] || <nowiki>Jean-François Misarsky</nowiki> || || | ||
| + | |- | ||
| + | | [[SHAvite-3]] || Orr Dunkelman || || | ||
| + | |- | ||
| + | | [[SIMD]] || <nowiki>Gaëtan Leurent</nowiki> || || | ||
| + | |- | ||
| + | | [[Skein]] || Bruce Schneier || || | ||
| + | |- | ||
| + | |} | ||
| + | |||
| + | |||
| + | |||
| + | The following hash functions have advanced to Round 1 but not to Round 2: | ||
{| border="1" cellpadding="4" cellspacing="0" align="center" class="wikitable" style="text-align:center" | {| border="1" cellpadding="4" cellspacing="0" align="center" class="wikitable" style="text-align:center" | ||
| Line 18: | Line 55: | ||
|- | |- | ||
| [[AURORA]] || Masahiro Fujita || style="background:orange"| 2nd preimage || | | [[AURORA]] || Masahiro Fujita || style="background:orange"| 2nd preimage || | ||
| − | |||
| − | |||
|- | |- | ||
| [[Blender]] || Colin Bradbury || style="background:orange" | collision, preimage || near-collision | | [[Blender]] || Colin Bradbury || style="background:orange" | collision, preimage || near-collision | ||
|- | |- | ||
| − | |||
| − | |||
| [[Cheetah]] || Dmitry Khovratovich || || length-extension | | [[Cheetah]] || Dmitry Khovratovich || || length-extension | ||
|- | |- | ||
| Line 30: | Line 63: | ||
|- | |- | ||
| [[CRUNCH]] || Jacques Patarin || || length-extension | | [[CRUNCH]] || Jacques Patarin || || length-extension | ||
| − | |||
| − | |||
|- | |- | ||
| [[Dynamic SHA]] || Xu Zijie || style="background:red"|collision || length-extension | | [[Dynamic SHA]] || Xu Zijie || style="background:red"|collision || length-extension | ||
| Line 37: | Line 68: | ||
| [[Dynamic SHA2]] || Xu Zijie || style="background:orange"|collision || length-extension | | [[Dynamic SHA2]] || Xu Zijie || style="background:orange"|collision || length-extension | ||
|- | |- | ||
| − | |||
| − | |||
| [[ECOH]] || Daniel R. L. Brown || style="background:orange"| 2nd preimage || | | [[ECOH]] || Daniel R. L. Brown || style="background:orange"| 2nd preimage || | ||
|- | |- | ||
| Line 48: | Line 77: | ||
|- | |- | ||
| [[FSB (SHA-3 submission) | FSB]] || Matthieu Finiasz || || | | [[FSB (SHA-3 submission) | FSB]] || Matthieu Finiasz || || | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
|- | |- | ||
| [[LANE]] || Sebastiaan Indesteege || || | | [[LANE]] || Sebastiaan Indesteege || || | ||
|- | |- | ||
| [[Lesamnta]] || Hirotaka Yoshida || || | | [[Lesamnta]] || Hirotaka Yoshida || || | ||
| − | |||
| − | |||
|- | |- | ||
| [[LUX]] || <nowiki>Ivica Nikolić</nowiki> || style="background:orange" | collision, 2nd preimage || DRBG,HMAC | | [[LUX]] || <nowiki>Ivica Nikolić</nowiki> || style="background:orange" | collision, 2nd preimage || DRBG,HMAC | ||
| Line 79: | Line 96: | ||
| [[Sgàil]] || Peter Maxwell|| style="background:red" | collision || | | [[Sgàil]] || Peter Maxwell|| style="background:red" | collision || | ||
|- | |- | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| [[Spectral Hash]] || <nowiki>Çetin Kaya Koç</nowiki> || style="background:red" | collision || | | [[Spectral Hash]] || <nowiki>Çetin Kaya Koç</nowiki> || style="background:red" | collision || | ||
|- | |- | ||
| Line 99: | Line 108: | ||
| − | + | The following hash functions have been submitted to the NIST competition but did not advance to Round 1, have been conceded broken or withdrawn by the designers: | |
| − | The following hash functions have been submitted to the NIST competition but did not advance to | ||
{| border="1" cellpadding="4" cellspacing="0" align="center" class="wikitable" style="text-align:center" | {| border="1" cellpadding="4" cellspacing="0" align="center" class="wikitable" style="text-align:center" | ||
Revision as of 14:09, 27 July 2009
The SHA-3 Zoo (work in progress) is a collection of cryptographic hash functions (in alphabetical order) submitted to the SHA-3 contest (see also here). It aims to provide an overview of design and cryptanalysis of all submissions. A list of all SHA-3 submitters is also available. For a software performance related overview, see eBASH. At a separate page, we also collect hardware implementation results of the candidates. Another categorization of the SHA-3 submissions can be found here.
The idea of the SHA-3 Zoo is to give a good overview of cryptanalytic results. We try to avoid additional judgement whether a submission is broken. The answer to this question is left to NIST. However, we categorize the cryptanalytic results by their impact from very theoretic to practical attacks. A detailed description is given in Cryptanalysis Categories.
At this time, 56 out of 64 submissions to the SHA-3 competition are publicly known and available. 51 submissions have advanced to Round 1 and 14 submissions have made it into Round 2.
The following table should give a first impression on the remaining SHA-3 candidates. It shows only the best known attack, more detailed results are collected at the individual hash function pages. A description of the main table is given here.
Recent updates of the SHA-3 Zoo
| Hash Name | Principal Submitter | Best Attack on Main NIST Requirements | Best Attack on other Hash Requirements |
|---|---|---|---|
| BLAKE | Jean-Philippe Aumasson | ||
| Blue Midnight Wish | Svein Johan Knapskog | ||
| CubeHash | Daniel J. Bernstein | preimage | |
| ECHO | Henri Gilbert | ||
| Fugue | Charanjit S. Jutla | ||
| Grøstl | Lars R. Knudsen | ||
| Hamsi | Özgül Küçük | ||
| JH | Hongjun Wu | preimage | |
| Keccak | The Keccak Team | ||
| Luffa | Dai Watanabe | ||
| Shabal | Jean-François Misarsky | ||
| SHAvite-3 | Orr Dunkelman | ||
| SIMD | Gaëtan Leurent | ||
| Skein | Bruce Schneier |
The following hash functions have advanced to Round 1 but not to Round 2:
| Hash Name | Principal Submitter | Best Attack on Main NIST Requirements | Best Attack on other Hash Requirements |
|---|---|---|---|
| ARIRANG | Jongin Lim | ||
| AURORA | Masahiro Fujita | 2nd preimage | |
| Blender | Colin Bradbury | collision, preimage | near-collision |
| Cheetah | Dmitry Khovratovich | length-extension | |
| CHI | Phillip Hawkes | ||
| CRUNCH | Jacques Patarin | length-extension | |
| Dynamic SHA | Xu Zijie | collision | length-extension |
| Dynamic SHA2 | Xu Zijie | collision | length-extension |
| ECOH | Daniel R. L. Brown | 2nd preimage | |
| Edon-R | Danilo Gligoroski | preimage | |
| EnRUPT | Sean O'Neil | collision | |
| ESSENCE | Jason Worth Martin | collision | |
| FSB | Matthieu Finiasz | ||
| LANE | Sebastiaan Indesteege | ||
| Lesamnta | Hirotaka Yoshida | ||
| LUX | Ivica Nikolić | collision, 2nd preimage | DRBG,HMAC |
| MCSSHA-3 | Mikhail Maslennikov | 2nd preimage | |
| MD6 | Ronald L. Rivest | ||
| NaSHA | Smile Markovski | collision | |
| SANDstorm | Rich Schroeppel | ||
| Sarmal | Kerem Varıcı | preimage | |
| Sgàil | Peter Maxwell | collision | |
| Spectral Hash | Çetin Kaya Koç | collision | |
| SWIFFTX | Daniele Micciancio | ||
| TIB3 | Daniel Penazzi | collision | |
| Twister | Michael Gorski | preimage | |
| Vortex | Michael Kounavis | preimage |
The following hash functions have been submitted to the NIST competition but did not advance to Round 1, have been conceded broken or withdrawn by the designers:
| Hash Name | Principal Submitter | Status | Best Attack on Main NIST Requirements |
|---|---|---|---|
| Abacus | Neil Sholer | conceded broken | 2nd-preimage |
| Boole | Greg Rose | conceded broken | collision |
| DCH | David A. Wilson | conceded broken | collision |
| HASH 2X | Jason Lee | not in round 1 | 2nd-preimage |
| Khichidi-1 | M. Vidyasagar | conceded broken | collision |
| Maraca | Robert J. Jenkins | not in round 1 | preimage |
| MeshHash | Björn Fay | conceded broken | 2nd preimage |
| NKS2D | Geoffrey Park | not in round 1 | collision |
| Ponic | Peter Schmidt-Nielsen | not in round 1 | 2nd-preimage |
| SHAMATA | Orhun Kara | conceded broken | collision |
| StreamHash | Michal Trojnara | conceded broken | collision |
| Tangle | Rafael Alvarez | conceded broken | collision |
| WaMM | John Washburn | conceded broken | collision |
| Waterfall | Bob Hattersley | conceded broken | collision |
| ZK-Crypt | Carmi Gressel | not in round 1 |
Your analysis is not mentioned? Drop a line at sha3zoo@iaik.tugraz.at to let us know!
