Open AccessJournal Article
Grøstl – a SHA-3 candidate
Praveen Gauravaram,Lars R. Knudsen,Krystian Matusiewicz,Florian Mendel,Christian Rechberger,Martin Schläffer,Søren S. Thomsen +6 more
Reads0
Chats0
TLDR
Grostl is a SHA-3 candidate proposal, an iterated hash function with a compression function built from two fixed, large, distinct permutations, which has the effect that all known, generic attacks on the hash function are made much more difficult.Abstract:
Grostl is a SHA-3 candidate proposal. Grostl is an iterated hash function with a compression function built from two fixed, large, distinct permutations. The design of Grostl
is transparent and based on principles very different from those used in the SHA-family. The two permutations are constructed using the wide trail design strategy, which makes it possible to give strong statements about the resistance of Grostl against large classes of cryptanalytic attacks. Moreover, if these permutations are assumed to be ideal, there is a proof for the security of the hash function. Grostl is a byte-oriented SP-network which borrows components from the AES. The S-box used is identical to the one used in the block cipher AES and the diffusion layers are constructed in a similar manner to those of the AES. As a consequence there is a very strong confusion and diffusion in Grostl. Grostl is a so-called wide-pipe construction where the size of the internal state is significantly larger than the size of the output. This has the effect that all known, generic attacks on the hash function are made much more difficult. Grostl has good performance on a wide range of platforms and counter-measures against side-channel attacks are well-understood from similar work on the AES.read more
Citations
More filters
Book ChapterDOI
The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Grøstl
TL;DR: The rebound attack consists of an inbound phase with a match-in-the-middle part to exploit the available degrees of freedom in a collision attack to efficiently bypass the low probability parts of a differential trail.
BookDOI
Advances in Cryptology – CRYPTO 2013
Ran Canetti,Juan A. Garay +1 more
TL;DR: A substantial enhancement of the “ring-switching” procedure of Gentry et al. (SCN 2012) is extended, which is a natural method for homomorphically evaluating a broad class of structured linear transformations, including one that lets us evaluate the decryption function efficiently.
Posted Content
Higher-order differential properties of Keccak and Luffa.
TL;DR: It is shown that similar techniques can be used to find all-zero higher-order differentials in the Luffa v2 compression function, but the additional blank round destroys this property in the hash function.
Book ChapterDOI
Fair and comprehensive methodology for comparing hardware performance of fourteen round two SHA-3 candidates using FPGAs
TL;DR: The most important aspects of the methodology include the definition of clear performance metrics, the development of a uniform and practical interface, generation of multiple sets of results for several representative FPGA families from two major vendors, and the application of a simple procedure to convert multiple set of results into a single ranking.
ReportDOI
Status Report on the Second Round of the SHA-3 Cryptographic Hash Algorithm Competition
Meltem Sönmez Turan,Ray A. Perlner,Lawrence E. Bassham,William E. Burr,Dong H. Chang,Shu-jen H. Chang,Morris J. Dworkin,John Kelsey,Souradyuti Paul,René Peralta +9 more
TL;DR: This report summarizes the evaluation and selection of the five SHA-3 finalists – BLAKE, Grostl, JH, Keccak and Skein.
References
More filters
BookDOI
The Design of Rijndael
Joan Daemen,Vincent Rijmen +1 more
TL;DR: This volume is the authoritative guide to the Rijndael algorithm and AES and professionals, researchers, and students active or interested in data encryption will find it a valuable source of information and reference.
Book ChapterDOI
Keying Hash Functions for Message Authentication
TL;DR: Two new, simple, and practical constructions of message authentication schemes based on a cryptographic hash function, NMAC and HMAC, are proven to be secure as long as the underlying hash function has some reasonable cryptographic strengths.
Book ChapterDOI
Finding collisions in the full SHA-1
TL;DR: This is the first attack on the full 80-step SHA-1 with complexity less than the 280 theoretical bound, and it is shown that collisions ofSHA-1 can be found with complexityLess than 269 hash operations.
Book
Power Analysis Attacks: Revealing the Secrets of Smart Cards (Advances in Information Security)
TL;DR: In this paper, the authors present a comprehensive treatment of power analysis attacks and countermeasures, based on the principle that the only way to defend against such attacks is to understand them.