Difference between revisions of "Vortex"
From The ECRYPT Hash Function Website
Crechberger (talk | contribs) (Update on Vortex) |
|||
(One intermediate revision by one other user not shown) | |||
Line 1: | Line 1: | ||
== Specification == | == Specification == | ||
− | + | * digest size: 256 bits | |
− | * digest size: | ||
* max. message length: < 2<sup>64</sup> bits | * max. message length: < 2<sup>64</sup> bits | ||
− | * compression function: 512-bit message block, | + | * compression function: 512-bit message block, 256-bit chaining variable |
* Specification: | * Specification: | ||
− | --> | + | |
+ | <bibtex> | ||
+ | @inproceedings{iswGueronK08, | ||
+ | author = {Shay Gueron and Michael E. Kounavis}, | ||
+ | title = {Vortex: A New Family of One-Way Hash Functions Based on AES Rounds and Carry-Less Multiplication}, | ||
+ | booktitle = {ISC}, | ||
+ | year = {2008}, | ||
+ | pages = {331-340}, | ||
+ | abstract = {We present Vortex a new family of one way hash functions that can produce message digests of 256 bits. The main idea behind the design of these hash functions is that we use well known algorithms that can support very fast diffusion in a small number of steps. We also balance the cryptographic strength that comes from iterating block cipher rounds with SBox substitution and diffusion (like Whirlpool) against the need to have a lightweight implementation with as small number of rounds as possible. We use only 3 AES rounds but with a stronger key schedule. Our goal is not to protect a secret symmetric key but to support perfect mixing of the bits of the input into the hash value. Three AES rounds are followed by our variant of Galois Field multiplication. This achieves cross-mixing between 128-bit sets. We present a set of qualitative arguments why we believe Vortex is secure.}, | ||
+ | url = {http://dx.doi.org/10.1007/978-3-540-85886-7_23}, | ||
+ | editor = {Tzong-Chen Wu and Chin-Laung Lei and Vincent Rijmen and Der-Tsai Lee}, | ||
+ | publisher = {Springer}, | ||
+ | series = {LNCS}, | ||
+ | volume = {5222}, | ||
+ | isbn = {978-3-540-85884-3}, | ||
+ | } | ||
+ | </bibtex> | ||
== Cryptanalysis == | == Cryptanalysis == | ||
Line 12: | Line 27: | ||
=== Best Known Results === | === Best Known Results === | ||
− | + | Collision attacks and distinguishing attacks were found. | |
---- | ---- | ||
Line 21: | Line 36: | ||
=== Collision Attacks === | === Collision Attacks === | ||
+ | A collision attack is described in | ||
+ | <bibtex> | ||
+ | @inproceedings{ADMRT09, | ||
+ | author = {Jean-Philippe Aumasson and Orr Dunkelman and Florian Mendel and Christian Rechberger and Søren S. Thomsen}, | ||
+ | title = {Cryptanalysis of Vortex}, | ||
+ | booktitle = {AFRICACRYPT}, | ||
+ | year = {2009}, | ||
+ | publisher = {Springer}, | ||
+ | editor = {Bart Preneel}, | ||
+ | series = {LNCS}, | ||
+ | pages = {14-28}, | ||
+ | volume = {5580}, | ||
+ | url = {http://www.131002.net/data/papers/ADMRT09.pdf}, | ||
+ | abstract = {Vortex is a hash function that was first presented at ISC’2008, then submitted to the NIST SHA-3 competition after some modifications. This paper describes several attacks on both versions of Vortex, including collisions, second preimages, preimages, and distinguishers. Our attacks exploit flaws both in the high-level design and in the lower-level algorithms.}, | ||
+ | } | ||
+ | </bibtex> | ||
---- | ---- | ||
− | |||
---- | ---- | ||
=== Preimage Attacks === | === Preimage Attacks === | ||
+ | |||
Line 34: | Line 65: | ||
=== Others === | === Others === | ||
+ | A distinguisher is described in | ||
+ | <bibtex> | ||
+ | @inproceedings{ADMRT09, | ||
+ | author = {Jean-Philippe Aumasson and Orr Dunkelman and Florian Mendel and Christian Rechberger and Søren S. Thomsen}, | ||
+ | title = {Cryptanalysis of Vortex}, | ||
+ | booktitle = {AFRICACRYPT}, | ||
+ | year = {2009}, | ||
+ | publisher = {Springer}, | ||
+ | editor = {Bart Preneel}, | ||
+ | series = {LNCS}, | ||
+ | pages = {14-28}, | ||
+ | volume = {5580}, | ||
+ | url = {http://www.131002.net/data/papers/ADMRT09.pdf}, | ||
+ | abstract = {Vortex is a hash function that was first presented at ISC’2008, then submitted to the NIST SHA-3 competition after some modifications. This paper describes several attacks on both versions of Vortex, including collisions, second preimages, preimages, and distinguishers. Our attacks exploit flaws both in the high-level design and in the lower-level algorithms.}, | ||
+ | } | ||
+ | </bibtex> |
Latest revision as of 14:50, 30 July 2009
Contents
1 Specification
- digest size: 256 bits
- max. message length: < 264 bits
- compression function: 512-bit message block, 256-bit chaining variable
- Specification:
Shay Gueron, Michael E. Kounavis - Vortex: A New Family of One-Way Hash Functions Based on AES Rounds and Carry-Less Multiplication
- ISC 5222:331-340,2008
- http://dx.doi.org/10.1007/978-3-540-85886-7_23
BibtexAuthor : Shay Gueron, Michael E. Kounavis
Title : Vortex: A New Family of One-Way Hash Functions Based on AES Rounds and Carry-Less Multiplication
In : ISC -
Address :
Date : 2008
2 Cryptanalysis
2.1 Best Known Results
Collision attacks and distinguishing attacks were found.
2.2 Generic Attacks
2.3 Collision Attacks
A collision attack is described in
Jean-Philippe Aumasson, Orr Dunkelman, Florian Mendel, Christian Rechberger, Søren S. Thomsen - Cryptanalysis of Vortex
- AFRICACRYPT 5580:14-28,2009
- http://www.131002.net/data/papers/ADMRT09.pdf
BibtexAuthor : Jean-Philippe Aumasson, Orr Dunkelman, Florian Mendel, Christian Rechberger, Søren S. Thomsen
Title : Cryptanalysis of Vortex
In : AFRICACRYPT -
Address :
Date : 2009
2.4 Preimage Attacks
2.5 Others
A distinguisher is described in
Jean-Philippe Aumasson, Orr Dunkelman, Florian Mendel, Christian Rechberger, Søren S. Thomsen - Cryptanalysis of Vortex