Difference between revisions of "Vortex (SHA-3 submission)"

Latest revision as of 10:10, 22 July 2009

1 The algorithm

Author(s): Michael Kounavis, Shay Gueron
Website: http://math.haifa.ac.il/~vortex
NIST submission package: Vortex.zip

Michael Kounavis, Shay Gueron - Vortex: A New Family of One Way Hash Functions based on Rijndael Rounds and Carry-less Multiplication

,2008

http://eprint.iacr.org/2008/464.pdf
Bibtex

Author : Michael Kounavis, Shay Gueron
Title : Vortex: A New Family of One Way Hash Functions based on Rijndael Rounds and Carry-less Multiplication
In : -
Address :
Date : 2008

2 Cryptanalysis

Type of Analysis	Hash Function Part	Hash Size (n)	Parameters/Variants	Compression Function Calls	Memory Requirements	Reference
correlation analysis	hash	all		-	-	Ferguson
preimage	hash	256		2¹⁹⁵	2⁶⁴	Aumasson,Dunkelman,Mendel,Rechberger,Thomsen
preimage	hash	512		2³⁸⁷	2¹²⁸	Aumasson,Dunkelman,Mendel,Rechberger,Thomsen
collision	hash	256		2^124.5	2^124.5	Aumasson,Dunkelman,Mendel,Rechberger,Thomsen
collision	hash	512		2^251.7	2^251.7	Aumasson,Dunkelman,Mendel,Rechberger,Thomsen
distinguisher	hash	256		2⁹⁷	-	Aumasson,Dunkelman,Mendel,Rechberger,Thomsen
2nd preimage	hash	256	weak messages	2¹²⁹	-	Aumasson,Dunkelman,Mendel,Rechberger,Thomsen
2nd preimage	hash	256	weak messages	2³³	2¹³⁵	Aumasson,Dunkelman,Mendel,Rechberger,Thomsen

A description of this table is given here.

Niels Ferguson - Simple correlation on some of the output bits of Vortex

,2008

http://ehash.iaik.tugraz.at/uploads/6/6d/Vortex_correlation.txt
Bibtex

Author : Niels Ferguson
Title : Simple correlation on some of the output bits of Vortex
In : -
Address :
Date : 2008

Jean-Philippe Aumasson, Orr Dunkelman, Florian Mendel, Christian Rechberger, Søren S. Thomsen - Cryptanalysis of Vortex

AFRICACRYPT 5580:14-28,2009

http://www.131002.net/data/papers/ADMRT09.pdf
Bibtex

Author : Jean-Philippe Aumasson, Orr Dunkelman, Florian Mendel, Christian Rechberger, Søren S. Thomsen
Title : Cryptanalysis of Vortex
In : AFRICACRYPT -
Address :
Date : 2009

2.1 Archive

Lars R. Knudsen, Florian Mendel, Christian Rechberger, Søren S. Thomsen - Collision and Preimage Attacks on Vortex as submitted to the SHA-3 competition

,2008

http://ehash.iaik.tugraz.at/uploads/5/5c/Vortex_Collisions_and_Preimages_note.txt
Bibtex

Author : Lars R. Knudsen, Florian Mendel, Christian Rechberger, Søren S. Thomsen
Title : Collision and Preimage Attacks on Vortex as submitted to the SHA-3 competition
In : -
Address :
Date : 2008

Jean-Philippe Aumasson, Orr Dunkelman - A note on Vortex' security

,2008

http://www.131002.net/data/papers/AD08.pdf
Bibtex

Author : Jean-Philippe Aumasson, Orr Dunkelman
Title : A note on Vortex' security
In : -
Address :
Date : 2008

@@ Line 2: / Line 2: @@
 * Author(s): Michael Kounavis, Shay Gueron
-<!--
+* Website: [http://math.haifa.ac.il/~vortex http://math.haifa.ac.il/~vortex]
-* Website:
+* NIST submission package: [http://csrc.nist.gov/groups/ST/hash/sha-3/Round1/documents/Vortex.zip Vortex.zip]
--->
-* Specification: [http://eprint.iacr.org/2008/464 http://eprint.iacr.org/2008/464]
 <bibtex>
@@ Line 16: / Line 15: @@
 }
 </bibtex>
 == Cryptanalysis ==
+{| border="1" cellpadding="4" cellspacing="0" class="wikitable" style="text-align:center"
+|- style="background:#efefef;"
+|  Type of Analysis || Hash Function Part || Hash Size (n) || Parameters/Variants || Compression Function Calls || Memory Requirements ||   Reference
+|-
+|   | correlation analysis || hash || all ||  || - || - || [http://ehash.iaik.tugraz.at/uploads/6/6d/Vortex_correlation.txt Ferguson]
+|-
+|   style="background:yellow"| preimage || hash || 256 ||  || 2<sup>195</sup> || 2<sup>64</sup> || [http://www.131002.net/data/papers/ADMRT09.pdf Aumasson,Dunkelman,Mendel,Rechberger,Thomsen]
+|-
+|   style="background:yellow"| preimage || hash || 512 ||  || 2<sup>387</sup> || 2<sup>128</sup> || [http://www.131002.net/data/papers/ADMRT09.pdf Aumasson,Dunkelman,Mendel,Rechberger,Thomsen]
+|-
+|   style="background:greenyellow"| collision || hash || 256 ||  || 2<sup>124.5</sup> || 2<sup>124.5</sup> || [http://www.131002.net/data/papers/ADMRT09.pdf Aumasson,Dunkelman,Mendel,Rechberger,Thomsen]
+|-
+|   style="background:greenyellow"| collision || hash || 512 ||  || 2<sup>251.7</sup> || 2<sup>251.7</sup> || [http://www.131002.net/data/papers/ADMRT09.pdf Aumasson,Dunkelman,Mendel,Rechberger,Thomsen]
+|-
+|   | distinguisher || hash || 256 ||  || 2<sup>97</sup> || - || [http://www.131002.net/data/papers/ADMRT09.pdf Aumasson,Dunkelman,Mendel,Rechberger,Thomsen]
+|-
+|   | 2nd preimage || hash || 256 || weak messages || 2<sup>129</sup> || - || [http://www.131002.net/data/papers/ADMRT09.pdf Aumasson,Dunkelman,Mendel,Rechberger,Thomsen]
+|-
+|   | 2nd preimage || hash || 256 || weak messages || 2<sup>33</sup> || 2<sup>135</sup> || [http://www.131002.net/data/papers/ADMRT09.pdf Aumasson,Dunkelman,Mendel,Rechberger,Thomsen]
+|-
+|}
+A description of this table is given [http://ehash.iaik.tugraz.at/wiki/Cryptanalysis_Categories#Individual_Hash_Function_Tables here].
 <bibtex>
-@misc{vortex08,
+@misc{VortexF08,
-   author    = {Anonymous},
+   author    = {Niels Ferguson},
+  title     = {Simple correlation on some of the output bits of Vortex},
+  url = {http://ehash.iaik.tugraz.at/uploads/6/6d/Vortex_correlation.txt},
+  howpublished = {OFFICIAL COMMENT (local link)},
+  year = {2008},
+}
+</bibtex>
+<bibtex>
+@inproceedings{ADMRT09,
+  author    = {Jean-Philippe Aumasson and Orr Dunkelman and Florian Mendel and Christian Rechberger and Søren S. Thomsen},
+  title     = {Cryptanalysis of Vortex},
+  booktitle = {AFRICACRYPT},
+  year      = {2009},
+  publisher = {Springer},
+  editor = {Bart Preneel},
+  series    = {LNCS},
+  pages     = {14-28},
+  volume    = {5580},
+  url = {http://www.131002.net/data/papers/ADMRT09.pdf},
+  abstract = {Vortex is a hash function that was first presented at ISC’2008, then submitted to the NIST SHA-3 competition after some modifications. This paper describes several attacks on both versions of Vortex, including collisions, second preimages, preimages, and distinguishers. Our attacks exploit flaws both in the high-level design and in the lower-level algorithms.},
+}
+</bibtex>
+===Archive===
+<bibtex>
+@misc{vortexK+08,
+  author    = {Lars R. Knudsen and Florian Mendel and Christian Rechberger and Søren S. Thomsen},
    title     = {Collision and Preimage Attacks on Vortex as submitted to the SHA-3 competition},
    url        = {http://ehash.iaik.tugraz.at/uploads/5/5c/Vortex_Collisions_and_Preimages_note.txt},
    howpublished = {Available online},
    year      = {2008},
+}
+</bibtex>
+<bibtex>
+@misc{vortexAD08,
+  author    = {Jean-Philippe Aumasson and Orr Dunkelman},
+  title     = {A note on Vortex' security},
+  url        = {http://www.131002.net/data/papers/AD08.pdf},
+  howpublished = {Available online},
+  year      = {2008},
+  abstract = {Vortex is a hash function based on the AES that was presented at
+ISC’2008, and submitted to the NIST SHA-3 competition after some modiﬁcations
+that aim to strengthen it. This note ﬁrst shows that the original Vortex is not
+collision-resistant, by describing an attack running in about 2^{58} compressions, in-
+stead of $2^{128}$ ideally. In the new version submitted to NIST, we present several prop-
+erties that seem to render it unsuitable for the new hash standard. In particular,
+both versions of Vortex have the undesirable property of impossible images, which
+gives distinguishers for a HMAC based on Vortex and slightly speeds up preimage
+search.},
 }
 </bibtex>

Difference between revisions of "Vortex (SHA-3 submission)"

Latest revision as of 10:10, 22 July 2009

1 The algorithm

2 Cryptanalysis

2.1 Archive

Navigation menu

Views

Personal tools

Navigation

Search

Tools