Shabal

From The ECRYPT Hash Function Website
Revision as of 11:59, 15 February 2010 by Tnad (talk | contribs) (added footnote)

1 The algorithm

  • Author(s): Emmanuel Bresson, Anne Canteaut, Benoît Chevallier-Mames, Christophe Clavier, Thomas Fuhr, Aline Gouget, Thomas Icart, Jean-François Misarsky, Marìa Naya-Plasencia, Pascal Paillier, Thomas Pornin, Jean-René Reinhard, Céline Thuillet, Marion Videau
  • Website: http://www.shabal.com/
  • NIST submission package:


Emmanuel Bresson, Anne Canteaut, Benoît Chevallier-Mames, Christophe Clavier, Thomas Fuhr, Aline Gouget, Thomas Icart, Jean-François Misarsky, Marìa Naya-Plasencia, Pascal Paillier, Thomas Pornin, Jean-René Reinhard, Céline Thuillet, Marion Videau - Shabal, a Submission to NIST’s Cryptographic Hash Algorithm Competition

,2008
http://ehash.iaik.tugraz.at/uploads/6/6c/Shabal.pdf
Bibtex
Author : Emmanuel Bresson, Anne Canteaut, Benoît Chevallier-Mames, Christophe Clavier, Thomas Fuhr, Aline Gouget, Thomas Icart, Jean-François Misarsky, Marìa Naya-Plasencia, Pascal Paillier, Thomas Pornin, Jean-René Reinhard, Céline Thuillet, Marion Videau
Title : Shabal, a Submission to NIST’s Cryptographic Hash Algorithm Competition
In : -
Address :
Date : 2008

Emmanuel Bresson, Anne Canteaut, Benoît Chevallier-Mames, Christophe Clavier, Thomas Fuhr, Aline Gouget, Thomas Icart, Jean-François Misarsky, Marìa Naya-Plasencia, Pascal Paillier, Thomas Pornin, Jean-René Reinhard, Céline Thuillet, Marion Videau - Indifferentiability with Distinguishers: Why Shabal Does Not Require Ideal Ciphers

,2009
http://eprint.iacr.org/2009/199.pdf
Bibtex
Author : Emmanuel Bresson, Anne Canteaut, Benoît Chevallier-Mames, Christophe Clavier, Thomas Fuhr, Aline Gouget, Thomas Icart, Jean-François Misarsky, Marìa Naya-Plasencia, Pascal Paillier, Thomas Pornin, Jean-René Reinhard, Céline Thuillet, Marion Videau
Title : Indifferentiability with Distinguishers: Why Shabal Does Not Require Ideal Ciphers
In : -
Address :
Date : 2009


2 Cryptanalysis

We distinguish between two cases: results on the complete hash function, and results on underlying building blocks.

A description of the tables is given here.


2.1 Hash function

Here we list results on the actual hash function. The only allowed modification is to change the security parameter.

Recommended security parameters: (p,r)=(3,12)

Type of Analysis Hash Size (n) Parameters Compression Function Calls Memory Requirements Reference


2.2 Building blocks

Here we list results on underlying building blocks, and the hash function modified by other means than the security parameter.

Note that these results assume more direct control or access over some internal variables (aka. free-start, pseudo, compression function, block cipher, or permutation attacks).

Type of Analysis Hash Function Part Hash Size (n) Parameters/Variants Compression Function Calls Memory Requirements Reference
non-randomness(1) permutation all 212 Aumasson
non-randomness(1) permutation all 1 Knudsen,Matusiewicz,Thomsen
non-randomness(1) permutation all 2 Aumasson,Mashatan,Meier

(1)The Shabal team commented on these analyses and provide an update of their security proofs in this note.


Jean-Philippe Aumasson - On the pseudorandomness of Shabal's keyed permutation

,2009
http://131002.net/data/papers/Aum09.pdf
Bibtex
Author : Jean-Philippe Aumasson
Title : On the pseudorandomness of Shabal's keyed permutation
In : -
Address :
Date : 2009

Lars R. Knudsen, Krystian Matusiewicz, Søren S. Thomsen - Observations on the Shabal keyed permutation

,2009
http://www.mat.dtu.dk/people/S.Thomsen/shabal/shabal.pdf
Bibtex
Author : Lars R. Knudsen, Krystian Matusiewicz, Søren S. Thomsen
Title : Observations on the Shabal keyed permutation
In : -
Address :
Date : 2009

Jean-Philippe Aumasson, Atefeh Mashatan, Willi Meier - More on Shabal's permutation

,2009
http://131002.net/data/papers/AMM09.pdf
Bibtex
Author : Jean-Philippe Aumasson, Atefeh Mashatan, Willi Meier
Title : More on Shabal's permutation
In : -
Address :
Date : 2009