In October 2012 NIST announced that the SHA-3 hash standard will be based on Keccak. Besides hashing, Keccak can be used in many other modes, including ones operating on a secret value. Many applications of such modes require protection against sidechannel attacks, preferably at low cost. In this paper, we present threshold implementations (TI) of Keccak with three and four shares that build fu...

In this note we discuss some observation of the SHA-3 candidate SHAMATA [1]. We observe that its internal block cipher is very weak, which could possibly lead to an attack on the hash function.

Abstract. Grøstl is one of the five finalists in the third round of SHA-3 competition hosted by NIST. In this paper, we use many techniques to improve the pseudo preimage attack on Grøstl hash function, such as subspace preimage attack and guess-and-determine technique. We present improved pseudo preimage attacks on 5-round Grøstl-256 and 8-round Grøstl-512 respectively. The complexity of the a...

In this paper we introduce new concepts that help read and understand low-weight differential trails in Keccak. We then propose efficient techniques to exhaustively generate all 3-round trails in its largest permutation below a given weight. This allows us to prove that any 6round differential trail in Keccak-f [1600] has weight at least 74. In the worst-case diffusion scenario where the mixing...

Edon-R is one of the fastest SHA-3 candidate. In this paper we study the security of Edon-R, and we show that using Edon-R as a MAC with the secret prefix construction is unsafe. We present a practical attack in the case of Edon-R256, which requires 32 queries, 2 computations, negligible memory, and a precomputation of 2. This does not directly contradict the security claims of Edon-R or the NI...

We present new techniques to efficiently scan the space of high-probability differential trails in bit-oriented ciphers. Differential trails consist in sequences of state patterns that we represent as ordered lists of basic components in order to arrange them in a tree. The task of generating trails with probability above some threshold starts with the traversal of the tree. Our choice of basic...

Hash functions are one of the most important cryptographic primitives. Some of the currently employed hash functions like SHA-1 or MD5 are considered broken today. Therefore, in 2007 the US National Institute of Standards and Technology announced a competition for a new family of hash functions. Keccak is one of the five final candidates to be chosen as SHA-3 hash function standard. In this pap...

background and aim: sinusoidal harmonic acceleration (sha) test is one of the most effective and best-tolerated methods to assess vestibular system function, especially horizontal semicircular canal in children. a prerequisite for using this test in children, is the availability of normative data. despite of the numerous studies related to the sha in adults, few researches have been documented ...

Since Wang’s attacks on the standard hash functions MD5 and SHA-1, design and analysis of hash functions have been studied a lot. NIST selected Keccak as a new hash function standard SHA-3 in 2012 and announced that Keccak was chosen because its design is different from MD5 and SHA-1/2 so that it could be secure against the attacks to them and Keccak’s hardware efficiency is quite better than o...