Difference between revisions of "Vortex (SHA-3 submission)"
From The ECRYPT Hash Function Website
Crechberger (talk | contribs) |
m (updated Bibtex entry) |
||
(11 intermediate revisions by 4 users not shown) | |||
Line 2: | Line 2: | ||
* Author(s): Michael Kounavis, Shay Gueron | * Author(s): Michael Kounavis, Shay Gueron | ||
− | + | * Website: [http://math.haifa.ac.il/~vortex http://math.haifa.ac.il/~vortex] | |
− | * Website | + | * NIST submission package: [http://csrc.nist.gov/groups/ST/hash/sha-3/Round1/documents/Vortex.zip Vortex.zip] |
− | + | ||
− | |||
<bibtex> | <bibtex> | ||
Line 16: | Line 15: | ||
} | } | ||
</bibtex> | </bibtex> | ||
+ | |||
== Cryptanalysis == | == Cryptanalysis == | ||
+ | |||
+ | {| border="1" cellpadding="4" cellspacing="0" class="wikitable" style="text-align:center" | ||
+ | |- style="background:#efefef;" | ||
+ | | Type of Analysis || Hash Function Part || Hash Size (n) || Parameters/Variants || Compression Function Calls || Memory Requirements || Reference | ||
+ | |- | ||
+ | | | correlation analysis || hash || all || || - || - || [http://ehash.iaik.tugraz.at/uploads/6/6d/Vortex_correlation.txt Ferguson] | ||
+ | |- | ||
+ | | style="background:yellow"| preimage || hash || 256 || || 2<sup>195</sup> || 2<sup>64</sup> || [http://www.131002.net/data/papers/ADMRT09.pdf Aumasson,Dunkelman,Mendel,Rechberger,Thomsen] | ||
+ | |- | ||
+ | | style="background:yellow"| preimage || hash || 512 || || 2<sup>387</sup> || 2<sup>128</sup> || [http://www.131002.net/data/papers/ADMRT09.pdf Aumasson,Dunkelman,Mendel,Rechberger,Thomsen] | ||
+ | |- | ||
+ | | style="background:greenyellow"| collision || hash || 256 || || 2<sup>124.5</sup> || 2<sup>124.5</sup> || [http://www.131002.net/data/papers/ADMRT09.pdf Aumasson,Dunkelman,Mendel,Rechberger,Thomsen] | ||
+ | |- | ||
+ | | style="background:greenyellow"| collision || hash || 512 || || 2<sup>251.7</sup> || 2<sup>251.7</sup> || [http://www.131002.net/data/papers/ADMRT09.pdf Aumasson,Dunkelman,Mendel,Rechberger,Thomsen] | ||
+ | |- | ||
+ | | | distinguisher || hash || 256 || || 2<sup>97</sup> || - || [http://www.131002.net/data/papers/ADMRT09.pdf Aumasson,Dunkelman,Mendel,Rechberger,Thomsen] | ||
+ | |- | ||
+ | | | 2nd preimage || hash || 256 || weak messages || 2<sup>129</sup> || - || [http://www.131002.net/data/papers/ADMRT09.pdf Aumasson,Dunkelman,Mendel,Rechberger,Thomsen] | ||
+ | |- | ||
+ | | | 2nd preimage || hash || 256 || weak messages || 2<sup>33</sup> || 2<sup>135</sup> || [http://www.131002.net/data/papers/ADMRT09.pdf Aumasson,Dunkelman,Mendel,Rechberger,Thomsen] | ||
+ | |- | ||
+ | |} | ||
+ | |||
+ | A description of this table is given [http://ehash.iaik.tugraz.at/wiki/Cryptanalysis_Categories#Individual_Hash_Function_Tables here]. | ||
+ | |||
<bibtex> | <bibtex> | ||
− | @misc{ | + | @misc{VortexF08, |
+ | author = {Niels Ferguson}, | ||
+ | title = {Simple correlation on some of the output bits of Vortex}, | ||
+ | url = {http://ehash.iaik.tugraz.at/uploads/6/6d/Vortex_correlation.txt}, | ||
+ | howpublished = {OFFICIAL COMMENT (local link)}, | ||
+ | year = {2008}, | ||
+ | } | ||
+ | </bibtex> | ||
+ | |||
+ | <bibtex> | ||
+ | @inproceedings{ADMRT09, | ||
+ | author = {Jean-Philippe Aumasson and Orr Dunkelman and Florian Mendel and Christian Rechberger and Søren S. Thomsen}, | ||
+ | title = {Cryptanalysis of Vortex}, | ||
+ | booktitle = {AFRICACRYPT}, | ||
+ | year = {2009}, | ||
+ | publisher = {Springer}, | ||
+ | editor = {Bart Preneel}, | ||
+ | series = {LNCS}, | ||
+ | pages = {14-28}, | ||
+ | volume = {5580}, | ||
+ | url = {http://www.131002.net/data/papers/ADMRT09.pdf}, | ||
+ | abstract = {Vortex is a hash function that was first presented at ISC’2008, then submitted to the NIST SHA-3 competition after some modifications. This paper describes several attacks on both versions of Vortex, including collisions, second preimages, preimages, and distinguishers. Our attacks exploit flaws both in the high-level design and in the lower-level algorithms.}, | ||
+ | } | ||
+ | </bibtex> | ||
+ | |||
+ | |||
+ | ===Archive=== | ||
+ | |||
+ | <bibtex> | ||
+ | @misc{vortexK+08, | ||
author = {Lars R. Knudsen and Florian Mendel and Christian Rechberger and Søren S. Thomsen}, | author = {Lars R. Knudsen and Florian Mendel and Christian Rechberger and Søren S. Thomsen}, | ||
title = {Collision and Preimage Attacks on Vortex as submitted to the SHA-3 competition}, | title = {Collision and Preimage Attacks on Vortex as submitted to the SHA-3 competition}, | ||
Line 26: | Line 80: | ||
howpublished = {Available online}, | howpublished = {Available online}, | ||
year = {2008}, | year = {2008}, | ||
+ | } | ||
+ | </bibtex> | ||
+ | |||
+ | <bibtex> | ||
+ | @misc{vortexAD08, | ||
+ | author = {Jean-Philippe Aumasson and Orr Dunkelman}, | ||
+ | title = {A note on Vortex' security}, | ||
+ | url = {http://www.131002.net/data/papers/AD08.pdf}, | ||
+ | howpublished = {Available online}, | ||
+ | year = {2008}, | ||
+ | abstract = {Vortex is a hash function based on the AES that was presented at | ||
+ | ISC’2008, and submitted to the NIST SHA-3 competition after some modifications | ||
+ | that aim to strengthen it. This note first shows that the original Vortex is not | ||
+ | collision-resistant, by describing an attack running in about 2^{58} compressions, in- | ||
+ | stead of $2^{128}$ ideally. In the new version submitted to NIST, we present several prop- | ||
+ | erties that seem to render it unsuitable for the new hash standard. In particular, | ||
+ | both versions of Vortex have the undesirable property of impossible images, which | ||
+ | gives distinguishers for a HMAC based on Vortex and slightly speeds up preimage | ||
+ | search.}, | ||
} | } | ||
</bibtex> | </bibtex> |
Latest revision as of 10:10, 22 July 2009
1 The algorithm
- Author(s): Michael Kounavis, Shay Gueron
- Website: http://math.haifa.ac.il/~vortex
- NIST submission package: Vortex.zip
Michael Kounavis, Shay Gueron - Vortex: A New Family of One Way Hash Functions based on Rijndael Rounds and Carry-less Multiplication
- ,2008
- http://eprint.iacr.org/2008/464.pdf
BibtexAuthor : Michael Kounavis, Shay Gueron
Title : Vortex: A New Family of One Way Hash Functions based on Rijndael Rounds and Carry-less Multiplication
In : -
Address :
Date : 2008
2 Cryptanalysis
Type of Analysis | Hash Function Part | Hash Size (n) | Parameters/Variants | Compression Function Calls | Memory Requirements | Reference |
correlation analysis | hash | all | - | - | Ferguson | |
preimage | hash | 256 | 2195 | 264 | Aumasson,Dunkelman,Mendel,Rechberger,Thomsen | |
preimage | hash | 512 | 2387 | 2128 | Aumasson,Dunkelman,Mendel,Rechberger,Thomsen | |
collision | hash | 256 | 2124.5 | 2124.5 | Aumasson,Dunkelman,Mendel,Rechberger,Thomsen | |
collision | hash | 512 | 2251.7 | 2251.7 | Aumasson,Dunkelman,Mendel,Rechberger,Thomsen | |
distinguisher | hash | 256 | 297 | - | Aumasson,Dunkelman,Mendel,Rechberger,Thomsen | |
2nd preimage | hash | 256 | weak messages | 2129 | - | Aumasson,Dunkelman,Mendel,Rechberger,Thomsen |
2nd preimage | hash | 256 | weak messages | 233 | 2135 | Aumasson,Dunkelman,Mendel,Rechberger,Thomsen |
A description of this table is given here.
Niels Ferguson - Simple correlation on some of the output bits of Vortex
- ,2008
- http://ehash.iaik.tugraz.at/uploads/6/6d/Vortex_correlation.txt
BibtexAuthor : Niels Ferguson
Title : Simple correlation on some of the output bits of Vortex
In : -
Address :
Date : 2008
Jean-Philippe Aumasson, Orr Dunkelman, Florian Mendel, Christian Rechberger, Søren S. Thomsen - Cryptanalysis of Vortex
- AFRICACRYPT 5580:14-28,2009
- http://www.131002.net/data/papers/ADMRT09.pdf
BibtexAuthor : Jean-Philippe Aumasson, Orr Dunkelman, Florian Mendel, Christian Rechberger, Søren S. Thomsen
Title : Cryptanalysis of Vortex
In : AFRICACRYPT -
Address :
Date : 2009
2.1 Archive
Lars R. Knudsen, Florian Mendel, Christian Rechberger, Søren S. Thomsen - Collision and Preimage Attacks on Vortex as submitted to the SHA-3 competition
- ,2008
- http://ehash.iaik.tugraz.at/uploads/5/5c/Vortex_Collisions_and_Preimages_note.txt
BibtexAuthor : Lars R. Knudsen, Florian Mendel, Christian Rechberger, Søren S. Thomsen
Title : Collision and Preimage Attacks on Vortex as submitted to the SHA-3 competition
In : -
Address :
Date : 2008
Jean-Philippe Aumasson, Orr Dunkelman - A note on Vortex' security