Difference between revisions of "CubeHash"

From The ECRYPT Hash Function Website
m (collision attacks on all digest sizes, not only 512)
m (Added latest attacks)
Line 51: Line 51:
 
| collision || hash || all || 5/64 || 2<sup>231</sup> || - || [http://thomas.peyrin.googlepages.com/BrierPeyrinCubehash.pdf Brier,Peyrin]
 
| collision || hash || all || 5/64 || 2<sup>231</sup> || - || [http://thomas.peyrin.googlepages.com/BrierPeyrinCubehash.pdf Brier,Peyrin]
 
|-                     
 
|-                     
 +
| collision || hash || all || 2/2 || 2<sup>196</sup> || - || [http://ehash.iaik.tugraz.at/uploads/3/3a/Peyrin_ch22_ch364.txt Brier,Khazaei,Meier,Peyrin]
 +
|-
 +
| collision || hash || all || 3/64 || example (2<sup>24</sup>) || - || [http://ehash.iaik.tugraz.at/uploads/3/3a/Peyrin_ch22_ch364.txt Brier,Khazaei,Meier,Peyrin]
 +
|-
 
|}                     
 
|}                     
  
Line 125: Line 129:
 
   year = {2009},
 
   year = {2009},
 
   abstract = {CubeHash is a family of hash functions submitted by Bern stein as a SHA-3 candidate. In this paper, we provide two different cryptanalysis approaches concerning its collision resistance. Thanks to the first approach, related to truncated differentials, we computed a collision for the CubeHash-1/36 hash function, i.e. when for each iteration 36 bytes of message are incorporated and one call to the permutation is applied. Then, the second approach, already used by Dai, much more efficient and simply based on a linearization of the scheme, allowed us to compute a collision for the CubeHash-2/4 hash function. Finally, a theoretical collision attack against CubeHash-2/3, CubeHash-4/4 and CubeHash-4/3 is described. This is currently the best known cryptanalysis result on this SHA-3 candidate.},
 
   abstract = {CubeHash is a family of hash functions submitted by Bern stein as a SHA-3 candidate. In this paper, we provide two different cryptanalysis approaches concerning its collision resistance. Thanks to the first approach, related to truncated differentials, we computed a collision for the CubeHash-1/36 hash function, i.e. when for each iteration 36 bytes of message are incorporated and one call to the permutation is applied. Then, the second approach, already used by Dai, much more efficient and simply based on a linearization of the scheme, allowed us to compute a collision for the CubeHash-2/4 hash function. Finally, a theoretical collision attack against CubeHash-2/3, CubeHash-4/4 and CubeHash-4/3 is described. This is currently the best known cryptanalysis result on this SHA-3 candidate.},
 +
}
 +
</bibtex>
 +
 +
<bibtex>
 +
@misc{cubehashBKMP09,
 +
  author    = {Eric Brier and Shahram Khazaei and Willi Meier and Thomas Peyrin},
 +
  title    = {Attack for CubeHash-2/2 and collision for CubeHash-3/64},
 +
  url = {http://ehash.iaik.tugraz.at/uploads/3/3a/Peyrin_ch22_ch364.txt},
 +
  howpublished = {NIST mailing list (local link)},
 +
  year = {2009},
 
}
 
}
 
</bibtex>
 
</bibtex>

Revision as of 09:07, 6 February 2009

1 The algorithm


Daniel J. Bernstein - CubeHash Specification (2.B.1)

,2008
http://cubehash.cr.yp.to/submission/spec.pdf
Bibtex
Author : Daniel J. Bernstein
Title : CubeHash Specification (2.B.1)
In : -
Address :
Date : 2008


2 Cryptanalysis

Type of Analysis Hash Function Part Hash Size (n) Parameters/Variants Compression Function Calls Memory Requirements Reference
preimage hash all 2513-4b ? Aumasson,Meier,Naya-Plasencia,Peyrin
multi-collision all 2513-4b ? Aumasson,Meier,Naya-Plasencia,Peyrin
observations all Aumasson,Meier,Naya-Plasencia,Peyrin
preimage hash 512 2511 2508 Khovratovich,Nikolić,Weinmann
preimage hash 512 r/4 2496 - Khovratovich,Nikolić,Weinmann
preimage hash 512 r/8 2480 - Khovratovich,Nikolić,Weinmann
collision hash 512 2/120 example - Aumasson
collision hash 512 1/45, 2/89 example - Dai
collision hash 512 2/4 example - Brier,Peyrin
collision hash all 2/3 246 - Brier,Peyrin
collision hash all 4/4 2189 - Brier,Peyrin
collision hash all 4/3 2207 - Brier,Peyrin
collision hash all 3/64 289 - Brier,Peyrin
collision hash all 5/64 2231 - Brier,Peyrin
collision hash all 2/2 2196 - Brier,Khazaei,Meier,Peyrin
collision hash all 3/64 example (224) - Brier,Khazaei,Meier,Peyrin

A description of this table is given here.


Jean-Philippe Aumasson, Willi Meier, María Naya-Plasencia, Thomas Peyrin - Inside the Hypercube

,2008
http://eprint.iacr.org/2008/486.pdf
Bibtex
Author : Jean-Philippe Aumasson, Willi Meier, María Naya-Plasencia, Thomas Peyrin
Title : Inside the Hypercube
In : -
Address :
Date : 2008

Dmitry Khovratovich, Ivica Nikolić, Ralf-Philipp Weinmann - Preimage attack on CubeHash512-r/4 and CubeHash512-r/8

,2008
http://ehash.iaik.tugraz.at/uploads/6/6c/Cubehash.pdf
Bibtex
Author : Dmitry Khovratovich, Ivica Nikolić, Ralf-Philipp Weinmann
Title : Preimage attack on CubeHash512-r/4 and CubeHash512-r/8
In : -
Address :
Date : 2008

Jean-Philippe Aumasson - Collision for CubeHash2/120-512

,2008
http://ehash.iaik.tugraz.at/uploads/a/a9/Cubehash.txt
Bibtex
Author : Jean-Philippe Aumasson
Title : Collision for CubeHash2/120-512
In : -
Address :
Date : 2008

Wei Dai - Collisions for CubeHash1/45 and CubeHash2/89

,2008
http://www.cryptopp.com/sha3/cubehash.pdf
Bibtex
Author : Wei Dai
Title : Collisions for CubeHash1/45 and CubeHash2/89
In : -
Address :
Date : 2008

Eric Brier, Thomas Peyrin - Cryptanalysis of CubeHash

,2009
http://thomas.peyrin.googlepages.com/BrierPeyrinCubehash.pdf
Bibtex
Author : Eric Brier, Thomas Peyrin
Title : Cryptanalysis of CubeHash
In : -
Address :
Date : 2009

Eric Brier, Shahram Khazaei, Willi Meier, Thomas Peyrin - Attack for CubeHash-2/2 and collision for CubeHash-3/64

,2009
http://ehash.iaik.tugraz.at/uploads/3/3a/Peyrin_ch22_ch364.txt
Bibtex
Author : Eric Brier, Shahram Khazaei, Willi Meier, Thomas Peyrin
Title : Attack for CubeHash-2/2 and collision for CubeHash-3/64
In : -
Address :
Date : 2009