Difference between revisions of "The SHA-3 Zoo"

From The ECRYPT Hash Function Website
(Updated table of tweaks)
(Merged tables of non-round 2 functions)
Line 3: Line 3:
 
The idea of the SHA-3 Zoo is to give a good overview of cryptanalytic results. We try to avoid additional judgement whether a submission is broken. The answer to this question is left to NIST. However, we categorize the cryptanalytic results by their impact from very theoretic to practical attacks. A detailed description is given in [[Cryptanalysis Categories]].
 
The idea of the SHA-3 Zoo is to give a good overview of cryptanalytic results. We try to avoid additional judgement whether a submission is broken. The answer to this question is left to NIST. However, we categorize the cryptanalytic results by their impact from very theoretic to practical attacks. A detailed description is given in [[Cryptanalysis Categories]].
  
At this time, 56 out of 64 submissions to the SHA-3 competition are publicly known and available. 51 submissions have advanced to [http://csrc.nist.gov/groups/ST/hash/sha-3/Round1/index.html Round 1] and 14 submissions have made it into [http://csrc.nist.gov/groups/ST/hash/sha-3/Round2/index.html Round 2].
+
At this time, 56 out of 64 submissions to the SHA-3 competition are publicly known and available. 51 submissions have advanced to [http://csrc.nist.gov/groups/ST/hash/sha-3/Round1/index.html round 1] and 14 submissions have made it into [http://csrc.nist.gov/groups/ST/hash/sha-3/Round2/index.html round 2].
  
 
The following table should give a first impression on the remaining SHA-3 candidates. It shows only the best known attack, more detailed results are collected at the individual hash function pages. A description of the main table is given [[Cryptanalysis_Categories#Main_Cryptanalysis_Table | here]].
 
The following table should give a first impression on the remaining SHA-3 candidates. It shows only the best known attack, more detailed results are collected at the individual hash function pages. A description of the main table is given [[Cryptanalysis_Categories#Main_Cryptanalysis_Table | here]].
Line 48: Line 48:
  
  
The following hash functions have advanced to Round 1 but not to Round 2:
+
The following hash functions have not advanced to round 2 (functions
 +
conceded broken had advanced to round 1):
 +
 
  
 
{| border="1" cellpadding="4" cellspacing="0" align="center" class="wikitable" style="text-align:center"
 
{| border="1" cellpadding="4" cellspacing="0" align="center" class="wikitable" style="text-align:center"
 
|- style="background:#efefef;"
 
|- style="background:#efefef;"
! width="120"| Hash Name !! width="160" | Principal Submitter !! width="150"| Best Attack on Main NIST Requirements !! width="140"| Best Attack on other Hash Requirements
+
! width="120"| Hash Name !! width="160" | Principal Submitter !! width="120" | Status !! width="150"| Best Attack on Main NIST Requirements !! width="140"| Best Attack on other Hash Requirements
 +
|-
 +
| [[Abacus]]      || Neil Sholer || conceded broken || style="background:orange" | 2nd-preimage ||
 
|-
 
|-
| [[ARIRANG]]      || Jongin Lim || ||
+
| [[ARIRANG]]      || Jongin Lim || in round 1 || ||
 
|-                                                                                                             
 
|-                                                                                                             
| [[AURORA]]      || Masahiro Fujita  || style="background:orange"| 2nd preimage ||
+
| [[AURORA]]      || Masahiro Fujita  || in round 1|| style="background:orange"| 2nd preimage ||
 +
|-
 +
| [[Blender]]      || Colin Bradbury || in round 1|| style="background:orange" | collision, preimage  || near-collision
 +
|- 
 +
| [[Boole]]      || Greg Rose || conceded broken || style="background:red" | collision ||
 +
|-                                                                                                         
 +
| [[Cheetah]]      || Dmitry Khovratovich || in round 1||  || length-extension
 
|-
 
|-
| [[Blender]]     || Colin Bradbury || style="background:orange" | collision, preimage || near-collision
+
| [[CHI]]         || Phillip Hawkes || in round 1|| ||
 
|-                                                                                                             
 
|-                                                                                                             
| [[Cheetah]]     || Dmitry Khovratovich || || length-extension
+
| [[CRUNCH]]       || Jacques Patarin || in round 1||  || length-extension
 
|-
 
|-
| [[CHI]]         || Phillip Hawkes || ||
+
| [[DCH]]         || David A. Wilson || conceded broken || style="background:red" | collision ||
|-                                                                                                           
 
| [[CRUNCH]]      || Jacques Patarin || || length-extension
 
 
|-
 
|-
| [[Dynamic SHA]]  || Xu Zijie || style="background:red"|collision || length-extension
+
| [[Dynamic SHA]]  || Xu Zijie || in round 1|| style="background:red"|collision || length-extension  
 
|-
 
|-
| [[Dynamic SHA2]] || Xu Zijie || style="background:orange"|collision || length-extension
+
| [[Dynamic SHA2]] || Xu Zijie || in round 1|| style="background:orange"|collision || length-extension
 
|-
 
|-
| [[ECOH]]        || Daniel R. L. Brown || style="background:orange"| 2nd preimage ||
+
| [[ECOH]]        || Daniel R. L. Brown || in round 1|| style="background:orange"| 2nd preimage ||
 
|-
 
|-
| [[Edon-R (SHA-3 submission)|Edon-R]] || Danilo Gligoroski || style="background:yellow" | preimage ||
+
| [[Edon-R (SHA-3 submission)|Edon-R]] || Danilo Gligoroski || in round 1|| style="background:yellow" | preimage ||
 
|-
 
|-
| [[EnRUPT]]      || Sean O'Neil || style="background:red" | collision ||
+
| [[EnRUPT]]      || Sean O'Neil || in round 1|| style="background:red" | collision ||
 
|-                                                                                                             
 
|-                                                                                                             
| [[ESSENCE]]      || Jason Worth Martin || style="background:orange" | collision ||
+
| [[ESSENCE]]      || Jason Worth Martin || in round 1|| style="background:orange" | collision ||
 
|-
 
|-
| [[FSB (SHA-3 submission) | FSB]] || Matthieu Finiasz || ||
+
| [[FSB (SHA-3 submission) | FSB]] || Matthieu Finiasz || in round 1|| ||
 
|-
 
|-
| [[LANE]]         || Sebastiaan Indesteege || ||
+
| [[HASH 2X]]     || Jason Lee || not in round 1 || style="background:red" | 2nd-preimage ||
|-                        
 
| [[Lesamnta]]    || Hirotaka Yoshida || ||
 
 
|-
 
|-
| [[LUX]]         || <nowiki>Ivica Nikoli&#263;</nowiki> || style="background:orange" | collision, 2nd preimage || DRBG,HMAC
+
| [[Khichidi-1]] || M. Vidyasagar || conceded broken || style="background:red" | collision ||
|-                                                                                                           
 
| [[MCSSHA-3]]    || Mikhail Maslennikov || style="background:orange" | 2nd preimage ||
 
 
|-
 
|-
| [[MD6]]         || Ronald L. Rivest || ||
+
| [[LANE]]         || Sebastiaan Indesteege || in round 1|| ||
|-                                                                                                            
+
|-                        
| [[NaSHA]]       || Smile Markovski || style="background:orange" | collision ||
+
| [[Lesamnta]]     || Hirotaka Yoshida || in round 1|| ||
 
|-
 
|-
| [[SANDstorm]]    || Rich Schroeppel || ||
+
| [[LUX]]          || <nowiki>Ivica Nikoli&#263;</nowiki> || in round 1|| style="background:orange" | collision, 2nd preimage || DRBG,HMAC
 +
|-           
 +
| [[Maraca]]      || Robert J. Jenkins || not in round 1 || style="background:red" | preimage ||
 +
|-     
 +
| [[MeshHash]]    || Björn Fay || conceded broken || style="background:orange" | 2nd preimage ||
 +
|-                                                                                         
 +
| [[MCSSHA-3]]    || Mikhail Maslennikov || in round 1|| style="background:orange" | 2nd preimage ||
 
|-
 
|-
| [[Sarmal]]       || <nowiki>Kerem Var&#305;c&#305;</nowiki> || style="background:yellow" | preimage ||
+
| [[MD6]]         || Ronald L. Rivest || in round 1|| ||
 
|-                                                                                                             
 
|-                                                                                                             
| [[Sgàil]]        || Peter Maxwell|| style="background:red" | collision ||
+
| [[NaSHA]]        || Smile Markovski || in round 1|| style="background:orange" | collision ||
 
|-
 
|-
| [[Spectral Hash]] || <nowiki>&#199;etin Kaya Ko&#231;</nowiki> || style="background:red" | collision ||
+
| [[NKS2D]]       || Geoffrey Park || not in round 1 || style="background:red" | collision ||
 
|-
 
|-
| [[SWIFFTX]]     || Daniele Micciancio || ||
+
| [[Ponic]]       || Peter Schmidt-Nielsen || not in round 1 || style="background:yellow" | 2nd-preimage
 
|-
 
|-
| [[TIB3]]         || Daniel Penazzi || style="background:yellow" | collision ||
+
| [[SANDstorm]]   || Rich Schroeppel || in round 1|| ||
 
|-
 
|-
| [[Twister]]     || Michael Gorski || style="background:orange" | preimage ||
+
| [[Sarmal]]       || <nowiki>Kerem Var&#305;c&#305;</nowiki> || in round 1||  style="background:yellow" | preimage ||
 
|-                                                                                                             
 
|-                                                                                                             
| [[Vortex (SHA-3 submission)|Vortex]] || Michael Kounavis || style="background:yellow" | preimage ||
+
| [[Sgàil]]       || Peter Maxwell|| in round 1|| style="background:red" | collision ||
|}
 
 
 
 
 
The following hash functions have been submitted to the NIST competition but did not advance to Round 1, have been conceded broken or withdrawn by the designers:
 
 
 
{| border="1" cellpadding="4" cellspacing="0" align="center" class="wikitable" style="text-align:center"
 
|- style="background:#efefef;"
 
! width="120"| Hash Name !! width="160" | Principal Submitter !! width="120" | Status !! width="120" | Best Attack on Main NIST Requirements
 
 
|-
 
|-
| [[Abacus]]      || Neil Sholer || conceded broken || style="background:orange" | 2nd-preimage
+
| [[SHAMATA]]      || Orhun Kara || conceded broken || style="background:red" | collision ||
 
|-
 
|-
| [[Boole]]       || Greg Rose || conceded broken || style="background:red" | collision
+
| [[Spectral Hash]] || <nowiki>&#199;etin Kaya Ko&#231;</nowiki> || in round 1|| style="background:red" | collision ||
 
|-
 
|-
| [[DCH]]         || David A. Wilson || conceded broken || style="background:red" | collision
+
| [[StreamHash]]   || Michal Trojnara || conceded broken || style="background:red" | collision ||
|-                                                                                                           
 
| [[HASH 2X]]    || Jason Lee || not in round 1 || style="background:red" | 2nd-preimage
 
 
|-
 
|-
| [[Khichidi-1]] || M. Vidyasagar || conceded broken || style="background:red" | collision
+
| [[SWIFFTX]]     || Daniele Micciancio || in round 1|| ||
 
|-
 
|-
| [[Maraca]]      || Robert J. Jenkins || not in round 1 || style="background:red" | preimage
+
| [[Tangle]]      || Rafael Alvarez || conceded broken || style="background:red" | collision ||
 
|-
 
|-
| [[MeshHash]]   || Björn Fay || conceded broken || style="background:orange" | 2nd preimage
+
| [[TIB3]]         || Daniel Penazzi || in round 1|| style="background:yellow" | collision ||
 
|-
 
|-
| [[NKS2D]]       || Geoffrey Park || not in round 1 || style="background:red" | collision
+
| [[Twister]]     || Michael Gorski || in round 1|| style="background:orange" | preimage ||
|-
 
| [[Ponic]]      || Peter Schmidt-Nielsen || not in round 1 || style="background:yellow" | 2nd-preimage
 
 
|-                                                                                                             
 
|-                                                                                                             
| [[SHAMATA]]     || Orhun Kara || conceded broken || style="background:red" | collision
+
| [[Vortex (SHA-3 submission)|Vortex]] || Michael Kounavis || in round 1|| style="background:yellow" | preimage ||
|-                       
 
| [[StreamHash]]  || Michal Trojnara || conceded broken || style="background:red" | collision
 
 
|-
 
|-
| [[Tangle]]     || Rafael Alvarez || conceded broken || style="background:red" | collision
+
| [[WaMM]]       || John Washburn || conceded broken || style="background:red" | collision ||
 
|-
 
|-
| [[WaMM]]       || John Washburn || conceded broken || style="background:red" | collision
+
| [[Waterfall]]   || Bob Hattersley || conceded broken || style="background:orange" | collision ||
 
|-
 
|-
| [[Waterfall]]  || Bob Hattersley || conceded broken || style="background:orange" | collision
+
| [[ZK-Crypt]]      || Carmi Gressel || not in round 1 || ||
|-
 
| [[ZK-Crypt]]      || Carmi Gressel || not in round 1 ||
 
|-                                                                                                           
 
 
|}
 
|}
 +
  
  
 
Your analysis is not mentioned? Drop a line at sha3zoo@iaik.tugraz.at to let us know!
 
Your analysis is not mentioned? Drop a line at sha3zoo@iaik.tugraz.at to let us know!

Revision as of 11:44, 24 November 2009

The SHA-3 Zoo (work in progress) is a collection of cryptographic hash functions (in alphabetical order) submitted to the SHA-3 contest (see also here). It aims to provide an overview of design and cryptanalysis of all submissions. A list of all SHA-3 submitters is also available. For a software performance related overview, see eBASH. At a separate page, we also collect hardware implementation results of the candidates. Another categorization of the SHA-3 submissions can be found here.

The idea of the SHA-3 Zoo is to give a good overview of cryptanalytic results. We try to avoid additional judgement whether a submission is broken. The answer to this question is left to NIST. However, we categorize the cryptanalytic results by their impact from very theoretic to practical attacks. A detailed description is given in Cryptanalysis Categories.

At this time, 56 out of 64 submissions to the SHA-3 competition are publicly known and available. 51 submissions have advanced to round 1 and 14 submissions have made it into round 2.

The following table should give a first impression on the remaining SHA-3 candidates. It shows only the best known attack, more detailed results are collected at the individual hash function pages. A description of the main table is given here.

Recent updates of the SHA-3 Zoo

New: Round 2 tweaks for all candidates


Hash Name Principal Submitter Best Attack on Main NIST Requirements Best Attack on other Hash Requirements
BLAKE Jean-Philippe Aumasson
Blue Midnight Wish Svein Johan Knapskog
CubeHash Daniel J. Bernstein preimage
ECHO Henri Gilbert
Fugue Charanjit S. Jutla
Grøstl Lars R. Knudsen
Hamsi Özgül Küçük
JH Hongjun Wu preimage
Keccak The Keccak Team
Luffa Dai Watanabe
Shabal Jean-François Misarsky
SHAvite-3 Orr Dunkelman
SIMD Gaëtan Leurent
Skein Bruce Schneier


The following hash functions have not advanced to round 2 (functions conceded broken had advanced to round 1):


Hash Name Principal Submitter Status Best Attack on Main NIST Requirements Best Attack on other Hash Requirements
Abacus Neil Sholer conceded broken 2nd-preimage
ARIRANG Jongin Lim in round 1
AURORA Masahiro Fujita in round 1 2nd preimage
Blender Colin Bradbury in round 1 collision, preimage near-collision
Boole Greg Rose conceded broken collision
Cheetah Dmitry Khovratovich in round 1 length-extension
CHI Phillip Hawkes in round 1
CRUNCH Jacques Patarin in round 1 length-extension
DCH David A. Wilson conceded broken collision
Dynamic SHA Xu Zijie in round 1 collision length-extension
Dynamic SHA2 Xu Zijie in round 1 collision length-extension
ECOH Daniel R. L. Brown in round 1 2nd preimage
Edon-R Danilo Gligoroski in round 1 preimage
EnRUPT Sean O'Neil in round 1 collision
ESSENCE Jason Worth Martin in round 1 collision
FSB Matthieu Finiasz in round 1
HASH 2X Jason Lee not in round 1 2nd-preimage
Khichidi-1 M. Vidyasagar conceded broken collision
LANE Sebastiaan Indesteege in round 1
Lesamnta Hirotaka Yoshida in round 1
LUX Ivica Nikolić in round 1 collision, 2nd preimage DRBG,HMAC
Maraca Robert J. Jenkins not in round 1 preimage
MeshHash Björn Fay conceded broken 2nd preimage
MCSSHA-3 Mikhail Maslennikov in round 1 2nd preimage
MD6 Ronald L. Rivest in round 1
NaSHA Smile Markovski in round 1 collision
NKS2D Geoffrey Park not in round 1 collision
Ponic Peter Schmidt-Nielsen not in round 1 2nd-preimage
SANDstorm Rich Schroeppel in round 1
Sarmal Kerem Varıcı in round 1 preimage
Sgàil Peter Maxwell in round 1 collision
SHAMATA Orhun Kara conceded broken collision
Spectral Hash Çetin Kaya Koç in round 1 collision
StreamHash Michal Trojnara conceded broken collision
SWIFFTX Daniele Micciancio in round 1
Tangle Rafael Alvarez conceded broken collision
TIB3 Daniel Penazzi in round 1 collision
Twister Michael Gorski in round 1 preimage
Vortex Michael Kounavis in round 1 preimage
WaMM John Washburn conceded broken collision
Waterfall Bob Hattersley conceded broken collision
ZK-Crypt Carmi Gressel not in round 1


Your analysis is not mentioned? Drop a line at sha3zoo@iaik.tugraz.at to let us know!