Difference between revisions of "Hamsi"
m |
Mschlaeffer (talk | contribs) m (Cryptanalysis updated) |
||
| Line 57: | Line 57: | ||
|- style="background:#efefef;" | |- style="background:#efefef;" | ||
| Type of Analysis || Hash Function Part || Hash Size (n) || Parameters/Variants || Compression Function Calls || Memory Requirements || Reference | | Type of Analysis || Hash Function Part || Hash Size (n) || Parameters/Variants || Compression Function Calls || Memory Requirements || Reference | ||
| + | |- | ||
| + | | semi-free-start near-collisions || compression function || 256 || 2 rounds || example || - || [http://csrc.nist.gov/groups/ST/hash/sha-3/Round2/Aug2010/documents/papers/TURAN_Paper_Erdener.pdf Turan,Uyan] | ||
|- | |- | ||
| observations || hash function || all || || || || [http://people.item.ntnu.no/~danilog/Hash/Non-random-behaviour-narrow-pipe-designs-03.pdf Gligoroski] | | observations || hash function || all || || || || [http://people.item.ntnu.no/~danilog/Hash/Non-random-behaviour-narrow-pipe-designs-03.pdf Gligoroski] | ||
| Line 80: | Line 82: | ||
|} | |} | ||
| + | |||
| + | <bibtex> | ||
| + | @misc{blakeTU10, | ||
| + | author = {Meltem Sönmez Turan, Erdener Uyan}, | ||
| + | title = {Practical Near-Collisions for Reduced Round Blake, Fugue, Hamsi and JH}, | ||
| + | howpublished = {Second SHA-3 Candidate Conference}, | ||
| + | year = {2010}, | ||
| + | url = {http://csrc.nist.gov/groups/ST/hash/sha-3/Round2/Aug2010/documents/papers/TURAN_Paper_Erdener.pdf}, | ||
| + | abstract = {A hash function is near-collision resistant, if it is hard to find two messages with hash values that differ in only a small number of bits. In this study, we use hill climbing methods to evaluate the near-collision resistance of some of the round SHA-3 candidates. We practically obtained (i) 184/256-bit near-collision for the 2-round compression function of Blake-32; (ii) 192/256-bit near-collision for the 2-round compression function of Hamsi-256; (iii) 820/1024-bit near-collisions for 10-round compression function of JH. We also observed practical collisions and near-collisions for reduced versions of F-256 function used in Fugue.} | ||
| + | } | ||
| + | </bibtex> | ||
<bibtex> | <bibtex> | ||
Revision as of 19:03, 6 December 2010
1 The algorithm
- Author(s): Özgül Kücük
- Website: http://homes.esat.kuleuven.be/~okucuk/hamsi/
- NIST submission package:
- round 1/2: Hamsi_Round2.zip (old versions: Hamsi.zip, HamsiUpdate.zip)
Özgül Küçük - The Hash Function Hamsi
- ,2009
- http://www.cosic.esat.kuleuven.be/publications/article-1203.pdf
BibtexAuthor : Özgül Küçük
Title : The Hash Function Hamsi
In : -
Address :
Date : 2009
Özgül Küçük - The Hash Function Hamsi
- ,2008
- http://ehash.iaik.tugraz.at/uploads/9/95/Hamsi.pdf
BibtexAuthor : Özgül Küçük
Title : The Hash Function Hamsi
In : -
Address :
Date : 2008
2 Cryptanalysis
We distinguish between two cases: results on the complete hash function, and results on underlying building blocks.
A description of the tables is given here.
Recommended security parameters: (3,6) P,Pf rounds (n=224,256); (6,12) P,Pf rounds (n=384,512).
2.1 Hash function
Here we list results on the actual hash function. The only allowed modification is to change the security parameter.
| Type of Analysis | Hash Function Part | Hash Size (n) | Parameters/Variants | Compression Function Calls | Memory Requirements | Reference |
| 2nd-preimage | hash function | 256 | (3,6) | 2251.3 | ? | Fuhr |
2.2 Building blocks
Here we list results on underlying building blocks, and the hash function modified by other means than the security parameter.
Note that these results assume more direct control or access over some internal variables (aka. free-start, pseudo, compression function, block cipher, or permutation attacks).
| Type of Analysis | Hash Function Part | Hash Size (n) | Parameters/Variants | Compression Function Calls | Memory Requirements | Reference |
| semi-free-start near-collisions | compression function | 256 | 2 rounds | example | - | Turan,Uyan |
| observations | hash function | all | Gligoroski | |||
| non-randomness | compression function | 224, 256 | 5 rounds | Aumasson | ||
| near-collision | compression function | 224, 256 | 3 rounds | 221 | Nikolic | |
| distinguisher | compression function | 224, 256 | 6 rounds | 227 | Aumasson,Meier | |
| distinguisher | compression function | 384, 512 | 12 rounds | 2729 | Aumasson,Meier | |
| near-collision | compression function | 224, 256 | 3 rounds | 25 | Wang,Wang,Jia,Wang | |
| near-collision | compression function | 224, 256 | 4 rounds | 232 | Wang,Wang,Jia,Wang | |
| near-collision | compression function | 224, 256 | 5 rounds | 2125 | Wang,Wang,Jia,Wang | |
| message-recovery | compression function | 224, 256 | 3 rounds | 210.48 | Calik,Turan | |
| pseudo-2nd-preimage | hash function | 256 | (3,6) rounds | 2254.25 | Calik,Turan |
Meltem Sönmez Turan, Erdener Uyan - Practical Near-Collisions for Reduced Round Blake, Fugue, Hamsi and JH
- ,2010
- http://csrc.nist.gov/groups/ST/hash/sha-3/Round2/Aug2010/documents/papers/TURAN_Paper_Erdener.pdf
BibtexAuthor : Meltem Sönmez Turan, Erdener Uyan
Title : Practical Near-Collisions for Reduced Round Blake, Fugue, Hamsi and JH
In : -
Address :
Date : 2010
Thomas Fuhr - Finding Second Preimages of Short Messages for Hamsi-256
- ,2010
- http://dx.doi.org/10.1007/978-3-642-17373-8_2
BibtexAuthor : Thomas Fuhr
Title : Finding Second Preimages of Short Messages for Hamsi-256
In : -
Address :
Date : 2010
Danilo Gligoroski - Narrow-pipe SHA-3 candidates differ significantly from ideal random functions defined over big domains
- ,2010
- http://people.item.ntnu.no/~danilog/Hash/Non-random-behaviour-narrow-pipe-designs-03.pdf
BibtexAuthor : Danilo Gligoroski
Title : Narrow-pipe SHA-3 candidates differ significantly from ideal random functions defined over big domains
In : -
Address :
Date : 2010
Jean-Philippe Aumasson - On the pseudorandomness of Hamsi
- ,2009
- http://ehash.iaik.tugraz.at/uploads/d/db/Hamsi_nonrandomness.txt
BibtexAuthor : Jean-Philippe Aumasson
Title : On the pseudorandomness of Hamsi
In : -
Address :
Date : 2009
Ivica Nikolic - Near Collisions for the Compression Function of Hamsi-256
- ,2009
- http://rump2009.cr.yp.to/936779b3afb9b48a404b487d6865091d.pdf
BibtexAuthor : Ivica Nikolic
Title : Near Collisions for the Compression Function of Hamsi-256
In : -
Address :
Date : 2009
Jean-Philippe Aumasson, Willi Meier - Zero-sum distinguishers for reduced Keccak-f and for the core functions of Luffa and Hamsi
- ,2009
- http://www.131002.net/data/papers/AM09.pdf
BibtexAuthor : Jean-Philippe Aumasson, Willi Meier
Title : Zero-sum distinguishers for reduced Keccak-f and for the core functions of Luffa and Hamsi
In : -
Address :
Date : 2009
Meiqin Wang, Xiaoyun Wang, Keting Jia, Wei Wang - New Pseudo-Near-Collision Attack on Reduced-Round of Hamsi-256
- ,2009
- http://eprint.iacr.org/2009/484.pdf
BibtexAuthor : Meiqin Wang, Xiaoyun Wang, Keting Jia, Wei Wang
Title : New Pseudo-Near-Collision Attack on Reduced-Round of Hamsi-256
In : -
Address :
Date : 2009
Cagdas Calik, Meltem Sonmez Turan - Message Recovery and Pseudo-Preimage Attacks on the Compression Function of Hamsi-256
