Cryptanalysis of Dynamic SHA(2).
Citations
42 citations
Cites background from "Cryptanalysis of Dynamic SHA(2)."
...The rotation counts are fixed rather than dependent on the data, to prevent attackers from controlling the operations in order to use “weak rotations,” for example, by forcing all the counts to be zero; history has shown that data-dependent rotations are generally a bad idea [11, 106]....
[...]
...for(i=0; i< 8;++i) v[i] = h[i]; v[ 8] = s[0] ^ 0x243f6a88; v[ 9] = s[1] ^ 0x85a308d3; v[10] = s[2] ^ 0x13198a2e; v[11] = s[3] ^ 0x03707344; v[12] = t[0] ^ 0xa4093822; v[13] = t[0] ^ 0x299f31d0; v[14] = t[1] ^ 0x082efa98; v[15] = t[1] ^ 0xec4e6c89;...
[...]
.../* diagonal step for G4 and G5 */ buf2a = _mm_set_epi64( ( __m64 )m[sig[r][10]], ( __m64 )m[sig[r][ 8]] ); buf1a = _mm_set_epi64( ( __m64 )u[sig[r][11]], ( __m64 )u[sig[r][ 9]] ); buf1a = _mm_xor_si128( buf1a, buf2a ); row1a = _mm_add_epi64( _mm_add_epi64( row1a, buf1a ), row2a ); row4a = _mm_xor_si128( row4a, row1a ); row4a = _mm_xor_si128( _mm_srli_epi64( row4a, 32 ), _mm_slli_epi64( row4a, 32 ) ); row3a = _mm_add_epi64( row3a, row4a ); row2a = _mm_xor_si128( row2a, row3a ); row2a = _mm_xor_si128( _mm_srli_epi64( row2a, 25 ), _mm_slli_epi64( row2a, 39 ) ); buf2a = _mm_set_epi64( ( __m64 )m[sig[r][11]], ( __m64 )m[sig[r][ 9]] );...
[...]
15 citations
10 citations
10 citations
9 citations
References
1,583 citations
894 citations
381 citations
286 citations
225 citations