Update on Finalist Grøstl
نویسنده
چکیده
Dear all, as announced in December the Grøstl hash function has been tweaked for the final round. The round3mods, updated specification, implementation and cryptanalysis are available at www.groestl.info. For the final round we have * significantly increased the size of the round constants to make the internal differential attack and its extensions impossible * and use different rotation constants in Q to make P and Q more different which further increases the security margin by one round. Note that the link on the NIST Round3 website still points to the Round2 submission package. Dear all, please find a 2-page summary+appendix entitled "Update on Finalist Grøstl" in the attachment.
منابع مشابه
Improved Rebound Attack on the Finalist Grøstl
Grøstl is one of the five finalist hash functions of the SHA-3 competition. For entering this final phase, the designers have tweaked the submitted versions. This tweak renders inapplicable the best known distinguishers on the compression function presented by Peyrin [18] that exploited the internal permutation properties. Since the beginning of the final round, very few analysis have been publ...
متن کاملByte Slicing Grøstl - Optimized Intel AES-NI and 8-bit Implementations of the SHA-3 Finalist Grøstl
Grøstl is an AES-based hash function and one of the 5 finalists of the SHA-3 competition. In this work we present high-speed implementations of Grøstl for small 8-bit CPUs and large 64-bit CPUs with the recently introduced AES instructions set. Since Grøstl does not use the same MDS mixing layer as the AES, a direct application of the AES instructions seems difficult. In contrast to previous fi...
متن کاملGPU Parallel Statistical and Cube Test Analysis of the SHA-3 Finalist Candidate Hash Functions
The 256-bit versions of the SHA-3 finalist candidate hash functions—BLAKE, Grøstl, JH, Keccak, and Skein—were subjected to statistical tests to attempt to disprove the hypothesis that the output bits are uniformly distributed, independent, binary random variables. The hash functions were also subjected to cube tests to attempt to disprove the hypothesis that the superpoly bits are uniformly dis...
متن کامل(Chosen-multi-target) preimage attacks on reduced Grøstl-0
The cryptographic hash function Grøstl is a finalist in the NIST’s SHA-3 hash function competition and it is a tweaked variant of its predecessor called Grøstl-0, a second round SHA-3 candidate. In this article, we consider 256-bit Grøstl-0 and its 512-bit compression function. We show that internal differential trails built between the two almost similar looking permutations of the compression...
متن کاملEfficient Vector Implementations of AES-Based Designs: A Case Study and New Implemenations for Grøstl
In this paper we evaluate and improve different vector implementation techniques of AES-based designs. We analyze how well the T-table, bitsliced and bytesliced implementation techniques apply to the SHA-3 finalist Grøstl. We present a number of new Grøstl implementations which improve upon many previous results. For example, our fastest ARM NEON implementation of Grøstl is 40% faster than the ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2011