Difference between revisions of "Dynamic SHA"

From The ECRYPT Hash Function Website
(Dynamic SHA: length extension attack)
m ("224/256" chaned to "224,256" etc.)
 
(8 intermediate revisions by 4 users not shown)
Line 20: Line 20:
  
 
== Cryptanalysis ==
 
== Cryptanalysis ==
 +
 +
{| border="1" cellpadding="4" cellspacing="0" class="wikitable" style="text-align:center"                 
 +
|- style="background:#efefef;"                 
 +
| Type of Analysis || Hash Function Part || Hash Size (n) || Parameters/Variants || Compression Function Calls || Memory Requirements ||  Reference
 +
|-
 +
| length-extension || hash || all ||  || - || - || [http://ehash.iaik.tugraz.at/uploads/e/e7/Dynamic-sha_length-extension.txt Klima]
 +
|-
 +
| style="background:red" | collision|| hash || 256||  || 2<sup>23</sup> || - || [http://homes.esat.kuleuven.be/~sindeste/dsha.html Indesteege]
 +
|-                 
 +
| style="background:red" | collision|| hash || 512||  || 2<sup>24</sup> || - || [http://homes.esat.kuleuven.be/~sindeste/dsha.html Indesteege]
 +
|-   
 +
| style="background:orange" | 2nd preimage || hash || 224,256 ||  || 2<sup>216</sup> || - || [http://eprint.iacr.org/2009/184.pdf Aumasson,Dunkelman,Indesteege,Preneel]
 +
|- 
 +
| style="background:orange" | 2nd preimage || hash || 384,512 ||  || 2<sup>256</sup> || - || [http://eprint.iacr.org/2009/184.pdf Aumasson,Dunkelman,Indesteege,Preneel]
 +
|- 
 +
| style="background:orange" | preimage || hash || 224,256 ||  || 2<sup>225</sup> || - || [http://eprint.iacr.org/2009/184.pdf Aumasson,Dunkelman,Indesteege,Preneel]
 +
|- 
 +
| style="background:orange" | preimage || hash || 224,256 ||  || 2<sup>262</sup> || - || [http://eprint.iacr.org/2009/184.pdf Aumasson,Dunkelman,Indesteege,Preneel]
 +
|-                     
 +
|}                   
 +
 +
A description of this table is given [http://ehash.iaik.tugraz.at/wiki/Cryptanalysis_Categories#Individual_Hash_Function_Tables here].
 +
  
 
<bibtex>
 
<bibtex>
Line 28: Line 51:
 
   howpublished = {OFFICIAL COMMENT (local link)},
 
   howpublished = {OFFICIAL COMMENT (local link)},
 
   year = {2008},
 
   year = {2008},
 +
}
 +
</bibtex>
 +
 +
<bibtex>
 +
@misc{DynamicSHAI09a,
 +
  author    = {Sebastiaan Indesteege},
 +
  title    = {Practical Collisions for Dynamic SHA},
 +
  url = {http://homes.esat.kuleuven.be/~sindeste/dsha.html},
 +
  howpublished = {Available online},
 +
  year = {2009},
 +
}
 +
</bibtex>
 +
 +
<bibtex>
 +
@misc{DynamicSHA2ADIP09,
 +
    author = {Jean-Philippe Aumasson and Orr Dunkelman and Sebastiaan Indesteege and Bart Preneel},
 +
    title = {Cryptanalysis of Dynamic SHA(2)},
 +
    howpublished = {Cryptology ePrint Archive, Report 2009/184},
 +
    year = {2009},
 +
    url = {http://eprint.iacr.org/2009/184.pdf},
 +
    note = {\url{http://eprint.iacr.org/}},
 +
    abstract = {In this paper, we analyze the hash functions Dynamic SHA
 +
and Dynamic SHA2, which have been selected as first round candidates
 +
in the NIST Hash Competition. These two hash functions rely heavily
 +
on data-dependent rotations, similar to the ones used in certain block ci-
 +
phers, e.g., RC5. Our analysis suggests that in the case of hash functions,
 +
where the attacker has more control over the rotations, this approach is
 +
less favorable, as we present practical, or close to practical, collision at-
 +
tacks on both Dynamic SHA and Dynamic SHA2. Moreover, we present
 +
a preimage attack on Dynamic SHA that is faster than exhaustive search.},
 +
}
 +
</bibtex>
 +
 +
 +
=== Archive ===
 +
 +
<bibtex>
 +
@misc{DynamicSHAI09,
 +
  author    = {Sebastiaan Indesteege},
 +
  title    = {Cryptanalysis of Dynamic SHA},
 +
  url = {http://ehash.iaik.tugraz.at/uploads/c/c2/Dsha.pdf},
 +
  howpublished = {FSE 2009 rump session, slides available online (local link)},
 +
  year = {2009},
 
}
 
}
 
</bibtex>
 
</bibtex>

Latest revision as of 13:57, 4 June 2009

1 The algorithm


Zijie Xu - Dynamic SHA

,2008
http://ehash.iaik.tugraz.at/uploads/e/e2/DyamicSHA.pdf
Bibtex
Author : Zijie Xu
Title : Dynamic SHA
In : -
Address :
Date : 2008


2 Cryptanalysis

Type of Analysis Hash Function Part Hash Size (n) Parameters/Variants Compression Function Calls Memory Requirements Reference
length-extension hash all - - Klima
collision hash 256 223 - Indesteege
collision hash 512 224 - Indesteege
2nd preimage hash 224,256 2216 - Aumasson,Dunkelman,Indesteege,Preneel
2nd preimage hash 384,512 2256 - Aumasson,Dunkelman,Indesteege,Preneel
preimage hash 224,256 2225 - Aumasson,Dunkelman,Indesteege,Preneel
preimage hash 224,256 2262 - Aumasson,Dunkelman,Indesteege,Preneel

A description of this table is given here.


Vlastimil Klima - Dynamic SHA is vulnerable to generic attacks

,2008
http://ehash.iaik.tugraz.at/uploads/e/e7/Dynamic-sha_length-extension.txt
Bibtex
Author : Vlastimil Klima
Title : Dynamic SHA is vulnerable to generic attacks
In : -
Address :
Date : 2008

Sebastiaan Indesteege - Practical Collisions for Dynamic SHA

,2009
http://homes.esat.kuleuven.be/~sindeste/dsha.html
Bibtex
Author : Sebastiaan Indesteege
Title : Practical Collisions for Dynamic SHA
In : -
Address :
Date : 2009

Jean-Philippe Aumasson, Orr Dunkelman, Sebastiaan Indesteege, Bart Preneel - Cryptanalysis of Dynamic SHA(2)

,2009
http://eprint.iacr.org/2009/184.pdf
Bibtex
Author : Jean-Philippe Aumasson, Orr Dunkelman, Sebastiaan Indesteege, Bart Preneel
Title : Cryptanalysis of Dynamic SHA(2)
In : -
Address :
Date : 2009


2.1 Archive

Sebastiaan Indesteege - Cryptanalysis of Dynamic SHA

,2009
http://ehash.iaik.tugraz.at/uploads/c/c2/Dsha.pdf
Bibtex
Author : Sebastiaan Indesteege
Title : Cryptanalysis of Dynamic SHA
In : -
Address :
Date : 2009
Retrieved from "https://ehash.iaik.tugraz.at/index.php?title=Dynamic_SHA&oldid=3125"