Cryptanalysis of the 10-Round Hash and Full Compression Function of SHAvite-3-512
نویسندگان
چکیده
In this paper, we analyze the SHAvite-3-512 hash function, as proposed and tweaked for round 2 of the SHA-3 competition. We present cryptanalytic results on 10 out of 14 rounds of the hash function SHAvite-3-512, and on the full 14 round compression function of SHAvite-3-512. We show a second preimage attack on the hash function reduced to 10 rounds with a complexity of 2 compression function evaluations and 2 memory. For the full 14-round compression function, we give a chosen counter, chosen salt preimage attack with 2 compression function evaluations and 2 memory (or complexity 2 without memory), and a collision attack with 2 compression function evaluations and 2 memory.
منابع مشابه
The SHAvite-3 Hash Function
In this document we present SHAvite-3, a secure and efficient hash function based on the HAIFA construction and the AES building blocks. SHAvite-3 uses a well understood set of primitives such as a Feistel block cipher which iterates a round function based on the AES round function. SHAvite-3’s compression functions are secure against cryptanalysis, while the selected mode of iteration offers m...
متن کاملThe SHAvite-3 Hash Function Tweaked Version
In this document we present SHAvite-3, a secure and efficient hash function based on the HAIFA construction and the AES building blocks. SHAvite-3 uses a well understood set of primitives such as a Feistel block cipher which iterates a round function based on the AES round function. SHAvite-3’s compression functions are secure against cryptanalysis, while the selected mode of iteration offers m...
متن کاملAttacks on Hash Functions based on Generalized Feistel Application to Reduced-Round Lesamnta and SHAvite-3
In this paper we study the strength of two hash functions which are based on Generalized Feistels. We describe a new kind of attack based on a cancellation property in the round function. This new technique allows to efficiently use the degrees of freedom available to attack a hash function. Using the cancellation property, we can avoid the non-linear parts of the round function, at the expense...
متن کاملAttacks on Hash Functions Based on Generalized Feistel: Application to Reduced-Round Lesamnta and SHAvite-3512
In this paper we study the strength of two hash functions which are based on Generalized Feistels. Our proposed attacks themselves are mostly independent of the round function in use, and can be applied to similar hash functions which share the same structure but have different round functions. We start with a 22-round generic attack on the structure of Lesamnta , and adapt it to the actual rou...
متن کاملCryptanalysis of Reduced-Round Whirlwind (Full Version)
The Whirlwind hash function, which outputs a 512-bit digest, was designed by Barreto et al. and published by Design, Codes and Cryptography in 2010. In this paper, we provide a thorough cryptanalysis on Whirlwind. Firstly, we focus on security properties at the hash function level by presenting (second) preimage, collision and distinguishing attacks on reduced-round Whirlwind. In order to launc...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2010