Provable Security Analysis of SHA-3 Candidates

Hash functions are fundamental cryptographic primitives that compress messages of arbitrary length into message digests of a fixed length. They are used as the building block in many important security applications such as digital signatures, message authentication codes, password protection, etc. The three main security properties of hash functions are collision, second preimage and preimage resistance. In 2005, significant breakthrough was made in the cryptanalysis of hash functions. Namely, attacks on SHA-1 and MD5 raised concerns about the security of the widely used hash function standards. In a response to this hash function crisis, the US National Institute for Standards and Technology (NIST) announced a call for the design of a new cryptographic hash algorithm in 2007. NIST received 64 submissions. At this moment, 5 candidates are in the final round of competition: BLAKE, Grøstl, JH, Keccak and Skein. An important criteria for the evaluation of hash functions is their security. A common technique to assess the security of hash functions is via reductionist proofs of security. Within this provable framework, Andreeva et al. provided a summary of all known security reduction results in the ideal model for the 14 second round SHA-3 candidates. Furthermore, they identified several open problems. In this thesis, we investigate the existing proof techniques for the second preimage analysis and resolve remaining open problems regarding the second preimage resistance of Grøstl and Skein. More precisely, these two hash functions are proved optimally second preimage resistant in the ideal model within the concrete security provable framework. Finally, we provide an overview of the current security reduction and performance results on the five finalists.