Difference between revisions of "Groestl"

From The ECRYPT Hash Function Website
m
(cryptanalysis of Grøstl added)
Line 24: Line 24:
 
|-                     
 
|-                     
 
| observation || block cipher || all ||  ||  ||  || [http://www.larc.usp.br/~pbarreto/Grizzly.pdf Barreto]
 
| observation || block cipher || all ||  ||  ||  || [http://www.larc.usp.br/~pbarreto/Grizzly.pdf Barreto]
 +
|-                   
 +
| semi-free-start collision || compression || 256 || 6/10 rounds || 2<sup>120</sup> || 2<sup>64</sup> || [http://online.tu-graz.ac.at/tug_online/voe_main2.getVollText?pDocumentNr=99359 Mendel,Rechberger,Schläffer,Thomsen]
 
|-                     
 
|-                     
 
|}                     
 
|}                     
Line 39: Line 41:
 
   abstract  = {An alternative view of the Groestl SHA-3 submission is presented. It does not lead to an effective attack nor reveals a weakness in the design, but illustrates the importance of the double-width pipe in this construction.},
 
   abstract  = {An alternative view of the Groestl SHA-3 submission is presented. It does not lead to an effective attack nor reveals a weakness in the design, but illustrates the importance of the double-width pipe in this construction.},
 
}
 
}
 +
</bibtex>
 +
 +
<bibtex>
 +
@misc{fseMRST09,
 +
  author    = {Florian Mendel and Christian Rechberger and Martin Schläffer and Søren S. Thomsen},
 +
  title    = {The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Grøstl},
 +
  url = {http://online.tu-graz.ac.at/tug_online/voe_main2.getVollText?pDocumentNr=99359},
 +
  howpublished = {In Proceedings of FSE, Springer, To appear},
 +
  year = {2009},
 +
  abstract = {In this work, we propose the rebound attack, a new tool for the cryptanalysis of
 +
hash functions. The idea of the rebound attack is to use the available degrees
 +
of freedom in a collision attack to efficiently bypass the low probability parts
 +
of a differential trail. The rebound attack consists of an inbound phase with a
 +
match-in-the-middle part to exploit the available degrees of freedom, and a
 +
subsequent probabilistic outbound phase. Especially on AES based hash
 +
functions, the rebound attack leads to new attacks for a surprisingly high
 +
number of rounds.
 +
We use the rebound attack to construct collisions for 4.5 rounds of the 512-bit
 +
hash function Whirlpool with a complexity of $2^{120}$ compression function
 +
evaluations and negligible memory requirements. The attack can be extended to
 +
a near-collision on 7.5 rounds of the compression function of Whirlpool and 8.5
 +
rounds of the similar hash function Maelstrom. Additionally, we apply the
 +
rebound attack to the SHA-3 submission Grøstl, which leads to an attack on
 +
6 rounds of the Grøstl-256 compression function with a complexity of $2^{120}$
 +
and memory requirements of about $2^{64}$.}
 
</bibtex>
 
</bibtex>

Revision as of 10:17, 8 April 2009

1 The algorithm

  • Author(s): Praveen Gauravaram, Lars R. Knudsen, Krystian Matusiewicz, Florian Mendel, Christian Rechberger, Martin Schläffer, Søren S. Thomsen
  • Website: http://www.groestl.info
  • NIST submission package: Grostl.zip


Praveen Gauravaram, Lars R. Knudsen, Krystian Matusiewicz, Florian Mendel, Christian Rechberger, Martin Schläffer, Søren S. Thomsen - Grøstl -- a SHA-3 candidate

,2008
http://www.groestl.info/Groestl.pdf
Bibtex
Author : Praveen Gauravaram, Lars R. Knudsen, Krystian Matusiewicz, Florian Mendel, Christian Rechberger, Martin Schläffer, Søren S. Thomsen
Title : Grøstl -- a SHA-3 candidate
In : -
Address :
Date : 2008


2 Cryptanalysis

Type of Analysis Hash Function Part Hash Size (n) Parameters/Variants Compression Function Calls Memory Requirements Reference
observation block cipher all Barreto
semi-free-start collision compression 256 6/10 rounds 2120 264 Mendel,Rechberger,Schläffer,Thomsen

A description of this table is given here.


Paulo S. L. M. Barreto - An observation on Grøstl

,2008
http://www.larc.usp.br/~pbarreto/Grizzly.pdf
Bibtex
Author : Paulo S. L. M. Barreto
Title : An observation on Grøstl
In : -
Address :
Date : 2008

Florian Mendel, Christian Rechberger, Martin Schläffer, Søren S. Thomsen - The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Grøstl

,2009
http://online.tu-graz.ac.at/tug_online/voe_main2.getVollText?pDocumentNr=99359
Bibtex
Author : Florian Mendel, Christian Rechberger, Martin Schläffer, Søren S. Thomsen
Title : The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Grøstl
In : -
Address :
Date : 2009