Difference between revisions of "The SHA-3 Zoo"

From The ECRYPT Hash Function Website
(Blender, MeshHash, NaSha labelled "broken")
(new tables with categories of cryptanalysis added)
Line 1: Line 1:
 
The SHA-3 Zoo (work in progress) is a collection of cryptographic hash functions (in alphabetical order) submitted to the [http://www.nist.gov/hash-competition SHA-3 contest] (see also [http://en.wikipedia.org/wiki/SHA-3 here]). It aims to provide an overview of design and cryptanalysis of all submissions. A list of all [[SHA-3 submitters]] is also available. For a software performance related overview, see [http://bench.cr.yp.to/ebash.html eBASH]. At a separate page, we also collect [[SHA-3_Hardware_Implementations | hardware implementation results]] of the candidates. Another categorization of the SHA-3 submissions can be found [http://www.uni-weimar.de/cms/fileadmin/medien/medsicherheit/Research/SHA3/Classification_of_the_SHA-3_Candidates.pdf here].
 
The SHA-3 Zoo (work in progress) is a collection of cryptographic hash functions (in alphabetical order) submitted to the [http://www.nist.gov/hash-competition SHA-3 contest] (see also [http://en.wikipedia.org/wiki/SHA-3 here]). It aims to provide an overview of design and cryptanalysis of all submissions. A list of all [[SHA-3 submitters]] is also available. For a software performance related overview, see [http://bench.cr.yp.to/ebash.html eBASH]. At a separate page, we also collect [[SHA-3_Hardware_Implementations | hardware implementation results]] of the candidates. Another categorization of the SHA-3 submissions can be found [http://www.uni-weimar.de/cms/fileadmin/medien/medsicherheit/Research/SHA3/Classification_of_the_SHA-3_Candidates.pdf here].
 
<br><br>
 
<br><br>
At this time, 55 out of 64 submissions to the SHA-3 competition are publicly known and available. [http://csrc.nist.gov/groups/ST/hash/sha-3/Round1/submissions_rnd1.html 51] submissions have advanced to the first round (so far, 17 of 51 first round candidates have been broken).
+
The idea of the SHA-3 Zoo is to give a good overview of cryptanalytic results. We try to avoid additional judgement whether a submission is broken. The answer to this question is left to NIST. However, we categorize the cryptanalytic results by their impact from very theoretic to practical attacks. A detailed description is given in [[Cryptanalysis Categories]].
  
 +
At this time, 55 out of 64 submissions to the SHA-3 competition are publicly known and available. 51 submissions have advanced to the first round.
 +
So far, 3 out of 51 first round candidates have been officially conceded broken or withdrawn by the designers.
  
[http://ehash.iaik.tugraz.at/index.php?title=Special:Recentchangeslinked&target=The_SHA-3_Zoo&days=7&limit=50&hideminor=1  Recent updates of the SHA-3 Zoo]
+
The following table should give a first impression on the remaining SHA-3 candidates. It shows only the best known attack, more detailed results are collected at the individual hash function pages.
  
{| border="1" cellpadding="4" cellspacing="0" align="center" class="wikitable"
+
[http://ehash.iaik.tugraz.at/index.php?title=Special:Recentchangeslinked&target=The_SHA-3_Zoo&days=7&limit=50&hideminor=1 Recent updates of the SHA-3 Zoo]
 +
 
 +
{| border="1" cellpadding="4" cellspacing="0" align="center" class="wikitable" style="text-align:center"
 
|- style="background:#efefef;"
 
|- style="background:#efefef;"
! width="150"| Hash Function Name     !! width="150"| Status    !! width="150"| [[External Cryptanalysis Categories| External Cryptanalysis]]
+
! width="120"| Hash Name !! width="160" | Principal Submitter !! width="120"| Best Attack on Main NIST Requirements !! width="120"| Best Attack on other Hash Requirements
 
|-
 
|-
| [[Abacus]]                           || 1st round || broken
+
| [[Abacus]]       || Neil Sholer || style="background:orange" | 2nd-preimage ||
 
|-
 
|-
| [[ARIRANG]]                         || 1st round || none
+
| [[ARIRANG]]     || Jongin Lim || ||
 +
|-                                                                                                           
 +
| [[AURORA]]      || Masahiro Fujita (Sony) || ||
 
|-
 
|-
| [[AURORA]]                           || 1st round || none
+
| [[BLAKE]]       || Jean-Philippe Aumasson || ||
 
|-
 
|-
| [[BLAKE]]                           || 1st round || none
+
| [[Blender]]     || Dr. Colin Bradbury || style="background:orange" | preimage ||
 +
|-                                                                                                           
 +
| [[Blue Midnight Wish]] || Svein Johan Knapskog || ||
 
|-
 
|-
| [[Blender]]                         || 1st round || broken
+
| [[Cheetah]]     || Dmitry Khovratovich || || length-extension
 
|-
 
|-
| [[Blue Midnight Wish]]               || 1st round || yes
+
| [[CHI]]         || Phillip Hawkes || ||
 +
|-                                                                                                           
 +
| [[CRUNCH]]      || Jacques Patarin || ||
 
|-
 
|-
| [[Boole]]                           || 1st round || broken
+
| [[CubeHash]]     || D. J. Bernstein || style="background:greenyellow" | preimage ||
 
|-
 
|-
| [[Cheetah]]                         || 1st round || broken
+
| [[DCH]]         || David A. Wilson || style="background:red" | collision ||
 +
|-                                                                                                           
 +
| [[Dynamic SHA]]  || Xu Zijie || || length-extension
 
|-
 
|-
| [[CHI]]                             || 1st round || none
+
| [[Dynamic SHA2]] || Xu Zijie || || length-extension
 
|-
 
|-
| [[CRUNCH]]                           || 1st round || none
+
| [[ECHO]]         || Henri Gilbert || ||
 +
|-                                                                                                           
 +
| [[ECOH]]        || Daniel R. L. Brown || ||
 
|-
 
|-
| [[CubeHash]]                         || 1st round || yes
+
| [[Edon-R (SHA-3 submission)|Edon-R]] || Danilo Gligoroski || style="background:yellow" | preimage ||
 
|-
 
|-
| [[DCH]]                             || 1st round || broken
+
| [[EnRUPT]]       || Sean O’Neil || style="background:red" | collision ||
 +
|-                                                                                                           
 +
| [[ESSENCE]]      || Jason Worth Martin || ||
 
|-
 
|-
| [[Dynamic SHA]]                     || 1st round || broken
+
| [[FSB (SHA-3 submission) | FSB]] || Matthieu Finiasz || ||
 
|-
 
|-
| [[Dynamic SHA2]]                     || 1st round || broken
+
| [[Fugue]]       || Charanjit S. Jutla || ||
 +
|-                                                                                                           
 +
| [[Groestl|Grøstl]] || Lars Ramkilde Knudsen || ||
 
|-
 
|-
| [[ECHO]]                             || 1st round || none
+
| [[Hamsi]]       || Ozgul Kucuk || ||
 
|-
 
|-
| [[ECOH]]                             || 1st round || none
+
| [[JH]]           || Hongjun Wu || style="background:greenyellow" | preimage ||
 +
|-                                                                                                           
 +
| [[Keccak]]      || Joan Daemen || ||
 
|-
 
|-
| [[Edon-R (SHA-3 submission)|Edon-R]] || 1st round || yes
+
| [[Khichidi-1]]   || M Vidyasagar || style="background:red" | collision ||
 
|-
 
|-
| [[EnRUPT]]                           || 1st round || broken
+
| [[LANE]]         || Sebastiann Indesteege || ||
 +
|-                       
 +
| [[Lesamnta]]    || Hirotaka Yoshida || ||
 
|-
 
|-
| [[ESSENCE]]                         || 1st round || none
+
| [[Luffa]]       || Dai Watanabe || ||
 
|-
 
|-
| [[FSB (SHA-3 submission) | FSB]]    || 1st round || none
+
| [[LUX]]          || Ivica Nikolic || ||
 +
|-                                                                                                           
 +
| [[MCSSHA-3]]    || Mikhail Maslennikov || style="background:yellow" | collision ||
 
|-
 
|-
| [[Fugue]]                           || 1st round || none
+
| [[MD6]]         || Ronald L. Rivest || ||
 
|-
 
|-
| [[Groestl|Grøstl]]                   || 1st round || yes
+
| [[MeshHash]]    || Björn Fay || style="background:yellow" | 2nd preimage ||
 +
|-                                                                                                           
 +
| [[NaSHA]]       || Smile Markovski || style="background:yellow" | collision ||
 
|-
 
|-
| [[Hamsi]]                           || 1st round || none
+
| [[SANDstorm]]   || Rich Schroeppel || ||
 
|-
 
|-
| [[HASH 2X]]                         || submitted || broken
+
| [[Sarmal]]       || Kerem VARICI ||  style="background:yellow" | preimage ||
 +
|-                                                                                                           
 +
| [[Sgàil]]        || Peter Maxwell|| style="background:red" | collision ||
 
|-
 
|-
| [[JH]]                               || 1st round || yes
+
| [[Shabal]]       || Jean-Francois Misarsky || ||
 
|-
 
|-
| [[Keccak]]                           || 1st round || none
+
| [[SHAMATA]]     || Orhun Kara || ||
 +
|-                       
 +
| [[SHAvite-3]]    || Orr Dunkelman || ||
 
|-
 
|-
| [[Khichidi-1]]                       || 1st round || broken
+
| [[SIMD]]         || Gaetan Leurent || ||
 
|-
 
|-
| [[LANE]]                             || 1st round || none
+
| [[Skein]]       || Bruce Schneier || ||
 +
|-                                                                                                           
 +
| [[Spectral Hash]] || Cetin Kaya Koc || ||
 
|-
 
|-
| [[Lesamnta]]                         || 1st round || none
+
| [[StreamHash]]   || Michal Trojnara || style="background:red" | collision ||
 
|-
 
|-
| [[Luffa]]                           || 1st round || none
+
| [[SWIFFTX]]     || Daniele Micciancio || ||
 +
|-                                                                                                           
 +
| [[Tangle]]      || Rafael Alvarez || style="background:red" | collision ||
 
|-
 
|-
| [[LUX]]                             || 1st round || yes
+
| [[TIB3]]         || Daniel Penazzi || ||
 
|-
 
|-
| [[Maraca]]                           || submitted || broken
+
| [[Twister]]     || Michael Gorski || style="background:yellow" | 2nd preimage ||
|-
+
|-                                                                                                            
| [[MCSSHA-3]]                        || 1st round || broken
+
| [[Vortex (SHA-3 submission)|Vortex]] || Michael Kounavis || style="background:yellow" | preimage ||
|-
+
|}
| [[MD6]]                              || 1st round || yes
+
 
|-
+
 
| [[MeshHash]]                         || 1st round || broken
+
The following hash functions have been submitted to the NIST competition but did not advance to the first round or have been conceded broken by the designers:
|-
+
 
| [[NaSHA]]                            || 1st round || broken
+
{| border="1" cellpadding="4" cellspacing="0" align="center" class="wikitable" style="text-align:center"
|-
+
|- style="background:#efefef;"
| [[NKS2D]]                            || submitted || broken
+
! width="120"| Hash Name !! width="160" | Principal Submitter !! width="120" | Status !! width="120" | Best Attack on Main NIST Requirements
|-
 
| [[Ponic]]                            || submitted || broken
 
|-
 
| [[SANDstorm]]                        || 1st round || none
 
|-
 
| [[Sarmal]]                          || 1st round || yes
 
|-
 
| [[Sgàil]]                            || 1st round || broken
 
|-
 
| [[Shabal]]                          || 1st round || none
 
|-
 
| [[SHAMATA]]                          || 1st round || yes
 
|-
 
| [[SHAvite-3]]                        || 1st round || none
 
|-
 
| [[SIMD]]                            || 1st round || none
 
|-
 
| [[Skein]]                            || 1st round || none
 
|-
 
| [[Spectral Hash]]                    || 1st round || yes
 
|-
 
| [[StreamHash]]                      || 1st round || broken
 
 
|-
 
|-
| [[SWIFFTX]]                         || 1st round || none
+
| [[Boole]]       || Greg Rose || conceded broken || style="background:red" | collision
 
|-
 
|-
| [[Tangle]]                           || 1st round || broken
+
| [[HASH 2X]]     || || not in round 1 || style="background:red" | 2nd-preimage
 
|-
 
|-
| [[TIB3]]                             || 1st round || none
+
| [[Maraca]]     || || not in round 1 ||
 
|-
 
|-
| [[Twister]]                         || 1st round || yes
+
| [[NKS2D]]       || || not in round 1 || style="background:red" | collision
 
|-
 
|-
| [[Vortex (SHA-3 submission)|Vortex]] || 1st round || yes
+
| [[Ponic]]       || || not in round 1 || style="background:yellow" | 2nd-preimage
 
|-
 
|-
| [[WaMM]]                             || 1st round || broken
+
| [[WaMM]]       || John Washburn || conceded broken || style="background:red" | collision
 
|-
 
|-
| [[Waterfall]]                       || 1st round || broken
+
| [[Waterfall]]   || Bob Hattersley || conceded broken || style="background:orange" | collision
 
|}
 
|}
  
  
 
Your analysis is not mentioned? Drop a line at sha3zoo@iaik.tugraz.at to let us know!
 
Your analysis is not mentioned? Drop a line at sha3zoo@iaik.tugraz.at to let us know!

Revision as of 20:30, 29 December 2008

The SHA-3 Zoo (work in progress) is a collection of cryptographic hash functions (in alphabetical order) submitted to the SHA-3 contest (see also here). It aims to provide an overview of design and cryptanalysis of all submissions. A list of all SHA-3 submitters is also available. For a software performance related overview, see eBASH. At a separate page, we also collect hardware implementation results of the candidates. Another categorization of the SHA-3 submissions can be found here.

The idea of the SHA-3 Zoo is to give a good overview of cryptanalytic results. We try to avoid additional judgement whether a submission is broken. The answer to this question is left to NIST. However, we categorize the cryptanalytic results by their impact from very theoretic to practical attacks. A detailed description is given in Cryptanalysis Categories.

At this time, 55 out of 64 submissions to the SHA-3 competition are publicly known and available. 51 submissions have advanced to the first round. So far, 3 out of 51 first round candidates have been officially conceded broken or withdrawn by the designers.

The following table should give a first impression on the remaining SHA-3 candidates. It shows only the best known attack, more detailed results are collected at the individual hash function pages.

Recent updates of the SHA-3 Zoo

Hash Name Principal Submitter Best Attack on Main NIST Requirements Best Attack on other Hash Requirements
Abacus Neil Sholer 2nd-preimage
ARIRANG Jongin Lim
AURORA Masahiro Fujita (Sony)
BLAKE Jean-Philippe Aumasson
Blender Dr. Colin Bradbury preimage
Blue Midnight Wish Svein Johan Knapskog
Cheetah Dmitry Khovratovich length-extension
CHI Phillip Hawkes
CRUNCH Jacques Patarin
CubeHash D. J. Bernstein preimage
DCH David A. Wilson collision
Dynamic SHA Xu Zijie length-extension
Dynamic SHA2 Xu Zijie length-extension
ECHO Henri Gilbert
ECOH Daniel R. L. Brown
Edon-R Danilo Gligoroski preimage
EnRUPT Sean O’Neil collision
ESSENCE Jason Worth Martin
FSB Matthieu Finiasz
Fugue Charanjit S. Jutla
Grøstl Lars Ramkilde Knudsen
Hamsi Ozgul Kucuk
JH Hongjun Wu preimage
Keccak Joan Daemen
Khichidi-1 M Vidyasagar collision
LANE Sebastiann Indesteege
Lesamnta Hirotaka Yoshida
Luffa Dai Watanabe
LUX Ivica Nikolic
MCSSHA-3 Mikhail Maslennikov collision
MD6 Ronald L. Rivest
MeshHash Björn Fay 2nd preimage
NaSHA Smile Markovski collision
SANDstorm Rich Schroeppel
Sarmal Kerem VARICI preimage
Sgàil Peter Maxwell collision
Shabal Jean-Francois Misarsky
SHAMATA Orhun Kara
SHAvite-3 Orr Dunkelman
SIMD Gaetan Leurent
Skein Bruce Schneier
Spectral Hash Cetin Kaya Koc
StreamHash Michal Trojnara collision
SWIFFTX Daniele Micciancio
Tangle Rafael Alvarez collision
TIB3 Daniel Penazzi
Twister Michael Gorski 2nd preimage
Vortex Michael Kounavis preimage


The following hash functions have been submitted to the NIST competition but did not advance to the first round or have been conceded broken by the designers:

Hash Name Principal Submitter Status Best Attack on Main NIST Requirements
Boole Greg Rose conceded broken collision
HASH 2X not in round 1 2nd-preimage
Maraca not in round 1
NKS2D not in round 1 collision
Ponic not in round 1 2nd-preimage
WaMM John Washburn conceded broken collision
Waterfall Bob Hattersley conceded broken collision


Your analysis is not mentioned? Drop a line at sha3zoo@iaik.tugraz.at to let us know!