Difference between revisions of "The SHA-3 Zoo"
(Updated table of tweaks) |
(Updated table of tweaks) |
||
| Line 9: | Line 9: | ||
[http://ehash.iaik.tugraz.at/index.php?title=Special:Recentchangeslinked&target=The_SHA-3_Zoo&days=7&limit=50&hideminor=1 Recent updates of the SHA-3 Zoo] | [http://ehash.iaik.tugraz.at/index.php?title=Special:Recentchangeslinked&target=The_SHA-3_Zoo&days=7&limit=50&hideminor=1 Recent updates of the SHA-3 Zoo] | ||
| − | [http://ehash.iaik.tugraz.at/uploads/ | + | [http://ehash.iaik.tugraz.at/uploads/c/ce/20090922-2230_SHA-3_round2_tweaks.pdf New: Round 2 tweaks for all candidates] |
Revision as of 22:40, 22 September 2009
The SHA-3 Zoo (work in progress) is a collection of cryptographic hash functions (in alphabetical order) submitted to the SHA-3 contest (see also here). It aims to provide an overview of design and cryptanalysis of all submissions. A list of all SHA-3 submitters is also available. For a software performance related overview, see eBASH. At a separate page, we also collect hardware implementation results of the candidates. Another categorization of the SHA-3 submissions can be found here.
The idea of the SHA-3 Zoo is to give a good overview of cryptanalytic results. We try to avoid additional judgement whether a submission is broken. The answer to this question is left to NIST. However, we categorize the cryptanalytic results by their impact from very theoretic to practical attacks. A detailed description is given in Cryptanalysis Categories.
At this time, 56 out of 64 submissions to the SHA-3 competition are publicly known and available. 51 submissions have advanced to Round 1 and 14 submissions have made it into Round 2.
The following table should give a first impression on the remaining SHA-3 candidates. It shows only the best known attack, more detailed results are collected at the individual hash function pages. A description of the main table is given here.
Recent updates of the SHA-3 Zoo
New: Round 2 tweaks for all candidates
| Hash Name | Principal Submitter | Best Attack on Main NIST Requirements | Best Attack on other Hash Requirements |
|---|---|---|---|
| BLAKE | Jean-Philippe Aumasson | ||
| Blue Midnight Wish | Svein Johan Knapskog | ||
| CubeHash | Daniel J. Bernstein | preimage | |
| ECHO | Henri Gilbert | ||
| Fugue | Charanjit S. Jutla | ||
| Grøstl | Lars R. Knudsen | ||
| Hamsi | Özgül Küçük | ||
| JH | Hongjun Wu | preimage | |
| Keccak | The Keccak Team | ||
| Luffa | Dai Watanabe | ||
| Shabal | Jean-François Misarsky | ||
| SHAvite-3 | Orr Dunkelman | ||
| SIMD | Gaëtan Leurent | ||
| Skein | Bruce Schneier |
The following hash functions have advanced to Round 1 but not to Round 2:
| Hash Name | Principal Submitter | Best Attack on Main NIST Requirements | Best Attack on other Hash Requirements |
|---|---|---|---|
| ARIRANG | Jongin Lim | ||
| AURORA | Masahiro Fujita | 2nd preimage | |
| Blender | Colin Bradbury | collision, preimage | near-collision |
| Cheetah | Dmitry Khovratovich | length-extension | |
| CHI | Phillip Hawkes | ||
| CRUNCH | Jacques Patarin | length-extension | |
| Dynamic SHA | Xu Zijie | collision | length-extension |
| Dynamic SHA2 | Xu Zijie | collision | length-extension |
| ECOH | Daniel R. L. Brown | 2nd preimage | |
| Edon-R | Danilo Gligoroski | preimage | |
| EnRUPT | Sean O'Neil | collision | |
| ESSENCE | Jason Worth Martin | collision | |
| FSB | Matthieu Finiasz | ||
| LANE | Sebastiaan Indesteege | ||
| Lesamnta | Hirotaka Yoshida | ||
| LUX | Ivica Nikolić | collision, 2nd preimage | DRBG,HMAC |
| MCSSHA-3 | Mikhail Maslennikov | 2nd preimage | |
| MD6 | Ronald L. Rivest | ||
| NaSHA | Smile Markovski | collision | |
| SANDstorm | Rich Schroeppel | ||
| Sarmal | Kerem Varıcı | preimage | |
| Sgàil | Peter Maxwell | collision | |
| Spectral Hash | Çetin Kaya Koç | collision | |
| SWIFFTX | Daniele Micciancio | ||
| TIB3 | Daniel Penazzi | collision | |
| Twister | Michael Gorski | preimage | |
| Vortex | Michael Kounavis | preimage |
The following hash functions have been submitted to the NIST competition but did not advance to Round 1, have been conceded broken or withdrawn by the designers:
| Hash Name | Principal Submitter | Status | Best Attack on Main NIST Requirements |
|---|---|---|---|
| Abacus | Neil Sholer | conceded broken | 2nd-preimage |
| Boole | Greg Rose | conceded broken | collision |
| DCH | David A. Wilson | conceded broken | collision |
| HASH 2X | Jason Lee | not in round 1 | 2nd-preimage |
| Khichidi-1 | M. Vidyasagar | conceded broken | collision |
| Maraca | Robert J. Jenkins | not in round 1 | preimage |
| MeshHash | Björn Fay | conceded broken | 2nd preimage |
| NKS2D | Geoffrey Park | not in round 1 | collision |
| Ponic | Peter Schmidt-Nielsen | not in round 1 | 2nd-preimage |
| SHAMATA | Orhun Kara | conceded broken | collision |
| StreamHash | Michal Trojnara | conceded broken | collision |
| Tangle | Rafael Alvarez | conceded broken | collision |
| WaMM | John Washburn | conceded broken | collision |
| Waterfall | Bob Hattersley | conceded broken | collision |
| ZK-Crypt | Carmi Gressel | not in round 1 |
Your analysis is not mentioned? Drop a line at sha3zoo@iaik.tugraz.at to let us know!
