Difference between revisions of "Vortex (SHA-3 submission)"

From The ECRYPT Hash Function Website
m (updated Bibtex entry)
 
(11 intermediate revisions by 4 users not shown)
Line 2: Line 2:
  
 
* Author(s): Michael Kounavis, Shay Gueron
 
* Author(s): Michael Kounavis, Shay Gueron
<!--
+
* Website: [http://math.haifa.ac.il/~vortex http://math.haifa.ac.il/~vortex]
* Website:
+
* NIST submission package: [http://csrc.nist.gov/groups/ST/hash/sha-3/Round1/documents/Vortex.zip Vortex.zip]
-->
+
 
* Specification: [http://eprint.iacr.org/2008/464 http://eprint.iacr.org/2008/464]
 
  
 
<bibtex>
 
<bibtex>
Line 16: Line 15:
 
}
 
}
 
</bibtex>
 
</bibtex>
 +
  
 
== Cryptanalysis ==
 
== Cryptanalysis ==
 +
 +
{| border="1" cellpadding="4" cellspacing="0" class="wikitable" style="text-align:center"                 
 +
|- style="background:#efefef;"                 
 +
|  Type of Analysis || Hash Function Part || Hash Size (n) || Parameters/Variants || Compression Function Calls || Memory Requirements ||  Reference                   
 +
|-                             
 +
|  | correlation analysis || hash || all ||  || - || - || [http://ehash.iaik.tugraz.at/uploads/6/6d/Vortex_correlation.txt Ferguson]
 +
|-
 +
|  style="background:yellow"| preimage || hash || 256 ||  || 2<sup>195</sup> || 2<sup>64</sup> || [http://www.131002.net/data/papers/ADMRT09.pdf Aumasson,Dunkelman,Mendel,Rechberger,Thomsen]
 +
|-
 +
|  style="background:yellow"| preimage || hash || 512 ||  || 2<sup>387</sup> || 2<sup>128</sup> || [http://www.131002.net/data/papers/ADMRT09.pdf Aumasson,Dunkelman,Mendel,Rechberger,Thomsen]
 +
|-
 +
|  style="background:greenyellow"| collision || hash || 256 ||  || 2<sup>124.5</sup> || 2<sup>124.5</sup> || [http://www.131002.net/data/papers/ADMRT09.pdf Aumasson,Dunkelman,Mendel,Rechberger,Thomsen]
 +
|- 
 +
|  style="background:greenyellow"| collision || hash || 512 ||  || 2<sup>251.7</sup> || 2<sup>251.7</sup> || [http://www.131002.net/data/papers/ADMRT09.pdf Aumasson,Dunkelman,Mendel,Rechberger,Thomsen]
 +
|- 
 +
|  | distinguisher || hash || 256 ||  || 2<sup>97</sup> || - || [http://www.131002.net/data/papers/ADMRT09.pdf Aumasson,Dunkelman,Mendel,Rechberger,Thomsen]
 +
|-     
 +
|  | 2nd preimage || hash || 256 || weak messages || 2<sup>129</sup> || - || [http://www.131002.net/data/papers/ADMRT09.pdf Aumasson,Dunkelman,Mendel,Rechberger,Thomsen]
 +
|- 
 +
|  | 2nd preimage || hash || 256 || weak messages || 2<sup>33</sup> || 2<sup>135</sup> || [http://www.131002.net/data/papers/ADMRT09.pdf Aumasson,Dunkelman,Mendel,Rechberger,Thomsen]
 +
|-       
 +
|}                   
 +
 +
A description of this table is given [http://ehash.iaik.tugraz.at/wiki/Cryptanalysis_Categories#Individual_Hash_Function_Tables here].
 +
  
 
<bibtex>
 
<bibtex>
@misc{vortex08,
+
@misc{VortexF08,
 +
  author    = {Niels Ferguson},
 +
  title    = {Simple correlation on some of the output bits of Vortex},
 +
  url = {http://ehash.iaik.tugraz.at/uploads/6/6d/Vortex_correlation.txt},
 +
  howpublished = {OFFICIAL COMMENT (local link)},
 +
  year = {2008},
 +
}
 +
</bibtex>
 +
 
 +
<bibtex>
 +
@inproceedings{ADMRT09,
 +
  author    = {Jean-Philippe Aumasson and Orr Dunkelman and Florian Mendel and Christian Rechberger and Søren S. Thomsen},
 +
  title    = {Cryptanalysis of Vortex},
 +
  booktitle = {AFRICACRYPT},
 +
  year      = {2009},
 +
  publisher = {Springer},
 +
  editor = {Bart Preneel},
 +
  series    = {LNCS},
 +
  pages    = {14-28},
 +
  volume    = {5580},
 +
  url = {http://www.131002.net/data/papers/ADMRT09.pdf},
 +
  abstract = {Vortex is a hash function that was first presented at ISC’2008, then submitted to the NIST SHA-3 competition after some modifications. This paper describes several attacks on both versions of Vortex, including collisions, second preimages, preimages, and distinguishers. Our attacks exploit flaws both in the high-level design and in the lower-level algorithms.},
 +
}
 +
</bibtex>
 +
 
 +
 
 +
===Archive===
 +
 
 +
<bibtex>
 +
@misc{vortexK+08,
 
   author    = {Lars R. Knudsen and Florian Mendel and Christian Rechberger and Søren S. Thomsen},
 
   author    = {Lars R. Knudsen and Florian Mendel and Christian Rechberger and Søren S. Thomsen},
 
   title    = {Collision and Preimage Attacks on Vortex as submitted to the SHA-3 competition},
 
   title    = {Collision and Preimage Attacks on Vortex as submitted to the SHA-3 competition},
Line 26: Line 80:
 
   howpublished = {Available online},
 
   howpublished = {Available online},
 
   year      = {2008},
 
   year      = {2008},
 +
}
 +
</bibtex>
 +
 +
<bibtex>
 +
@misc{vortexAD08,
 +
  author    = {Jean-Philippe Aumasson and Orr Dunkelman},
 +
  title    = {A note on Vortex' security},
 +
  url        = {http://www.131002.net/data/papers/AD08.pdf},
 +
  howpublished = {Available online},
 +
  year      = {2008},
 +
  abstract = {Vortex is a hash function based on the AES that was presented at
 +
ISC’2008, and submitted to the NIST SHA-3 competition after some modifications
 +
that aim to strengthen it. This note first shows that the original Vortex is not
 +
collision-resistant, by describing an attack running in about 2^{58} compressions, in-
 +
stead of $2^{128}$ ideally. In the new version submitted to NIST, we present several prop-
 +
erties that seem to render it unsuitable for the new hash standard. In particular,
 +
both versions of Vortex have the undesirable property of impossible images, which
 +
gives distinguishers for a HMAC based on Vortex and slightly speeds up preimage
 +
search.},
 
}
 
}
 
</bibtex>
 
</bibtex>

Latest revision as of 10:10, 22 July 2009

1 The algorithm


Michael Kounavis, Shay Gueron - Vortex: A New Family of One Way Hash Functions based on Rijndael Rounds and Carry-less Multiplication

,2008
http://eprint.iacr.org/2008/464.pdf
Bibtex
Author : Michael Kounavis, Shay Gueron
Title : Vortex: A New Family of One Way Hash Functions based on Rijndael Rounds and Carry-less Multiplication
In : -
Address :
Date : 2008


2 Cryptanalysis

Type of Analysis Hash Function Part Hash Size (n) Parameters/Variants Compression Function Calls Memory Requirements Reference
correlation analysis hash all - - Ferguson
preimage hash 256 2195 264 Aumasson,Dunkelman,Mendel,Rechberger,Thomsen
preimage hash 512 2387 2128 Aumasson,Dunkelman,Mendel,Rechberger,Thomsen
collision hash 256 2124.5 2124.5 Aumasson,Dunkelman,Mendel,Rechberger,Thomsen
collision hash 512 2251.7 2251.7 Aumasson,Dunkelman,Mendel,Rechberger,Thomsen
distinguisher hash 256 297 - Aumasson,Dunkelman,Mendel,Rechberger,Thomsen
2nd preimage hash 256 weak messages 2129 - Aumasson,Dunkelman,Mendel,Rechberger,Thomsen
2nd preimage hash 256 weak messages 233 2135 Aumasson,Dunkelman,Mendel,Rechberger,Thomsen

A description of this table is given here.


Niels Ferguson - Simple correlation on some of the output bits of Vortex

,2008
http://ehash.iaik.tugraz.at/uploads/6/6d/Vortex_correlation.txt
Bibtex
Author : Niels Ferguson
Title : Simple correlation on some of the output bits of Vortex
In : -
Address :
Date : 2008

Jean-Philippe Aumasson, Orr Dunkelman, Florian Mendel, Christian Rechberger, Søren S. Thomsen - Cryptanalysis of Vortex

AFRICACRYPT 5580:14-28,2009
http://www.131002.net/data/papers/ADMRT09.pdf
Bibtex
Author : Jean-Philippe Aumasson, Orr Dunkelman, Florian Mendel, Christian Rechberger, Søren S. Thomsen
Title : Cryptanalysis of Vortex
In : AFRICACRYPT -
Address :
Date : 2009


2.1 Archive

Lars R. Knudsen, Florian Mendel, Christian Rechberger, Søren S. Thomsen - Collision and Preimage Attacks on Vortex as submitted to the SHA-3 competition

,2008
http://ehash.iaik.tugraz.at/uploads/5/5c/Vortex_Collisions_and_Preimages_note.txt
Bibtex
Author : Lars R. Knudsen, Florian Mendel, Christian Rechberger, Søren S. Thomsen
Title : Collision and Preimage Attacks on Vortex as submitted to the SHA-3 competition
In : -
Address :
Date : 2008

Jean-Philippe Aumasson, Orr Dunkelman - A note on Vortex' security

,2008
http://www.131002.net/data/papers/AD08.pdf
Bibtex
Author : Jean-Philippe Aumasson, Orr Dunkelman
Title : A note on Vortex' security
In : -
Address :
Date : 2008