Abstract
In this paper, we analyze the SHAvite-3-512 hash function, as proposed and tweaked for round 2 of the SHA-3 competition. We present cryptanalytic results on 10 out of 14 rounds of the hash function SHAvite-3-512, and on the full 14 round compression function of SHAvite-3-512. We show a second preimage attack on the hash function reduced to 10 rounds with a complexity of 2497 compression function evaluations and 216 memory. For the full 14-round compression function, we give a chosen counter, chosen salt preimage attack with 2384 compression function evaluations and 2128 memory (or complexity 2448 without memory), and a collision attack with 2192 compression function evaluations and 2128 memory.
This work was supported by the European Commission through the ICT programme under contract ICT-2007-216676 ECRYPT II and by the IAP Programme P6/26 BCRYPT of the Belgian State (Belgian Science Policy). Parts of this work were carried out during the tenure of an ERCIM ”Alain Bensoussan” Fellowship Programme and while authors were participating the ECRYPT2 workshop “Hash3: Proofs, Analysis and Implementation” in November 2009. The first author is supported by the Danish Council for Independent Research (FTP and FNU) grant 274-09-0096.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Andreeva, E., Bouillaguet, C., Fouque, P.A., Hoch, J.J., Kelsey, J., Shamir, A., Zimmer, S.: Second preimage attacks on dithered hash functions. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 270–288. Springer, Heidelberg (2008)
Biham, E., Dunkelman, O.: A Framework for Iterative Hash Functions - HAIFA. Cryptology ePrint Archive, Report 2007/278 (2007), http://eprint.iacr.org/2007/278 (Accessed on 10/1/2010)
Biham, E., Dunkelman, O.: The SHAvite-3 Hash Function. Submission to NIST (2008), http://ehash.iaik.tugraz.at/uploads/f/f5/Shavite.pdf (Accessed on 10/1/2010)
Biham, E., Dunkelman, O.: The SHAvite-3 Hash Function. Second round SHA-3 candidate (2009), http://ehash.iaik.tugraz.at/wiki/SHAvite-3 (Accessed on 10/1/2010)
Bouillaguet, C., Dunkelman, O., Leurent, G., Fouque, P.A.: Attacks on Hash Functions based on Generalized Feistel - Application to Reduced-Round Lesamnta and SHAvite-3-512. Cryptology ePrint Archive, Report 2009/634 (2009), http://eprint.iacr.org/2009/634 (Accessed on 10/1/2010)
De Cannière, C., Rechberger, C.: Finding SHA-1 Characteristics: General Results and Applications. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 1–20. Springer, Heidelberg (2006), http://dx.doi.org/10.1007/11935230_1
De Cannière, C., Rechberger, C.: Preimages for Reduced SHA-0 and SHA-1. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 179–202. Springer, Heidelberg (2008)
Dean, R.D.: Formal Aspects of Mobile Code Security. Ph.D. thesis, Princeton University (1999)
Gauravaram, P., Knudsen, L.R.: On Randomizing Hash Functions to Strengthen the Security of Digital Signatures. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 88–105. Springer, Heidelberg (2009)
Halevi, S., Krawczyk, H.: Strengthening Digital Signatures Via Randomized Hashing. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 41–59. Springer, Heidelberg (2006)
Kelsey, J., Schneier, B.: Second Preimages on n-bit Hash Functions for Much Less than 2n Work. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 474–490. Springer, Heidelberg (2005)
Leurent, G.: MD4 is Not One-Way. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 412–428. Springer, Heidelberg (2008)
Mendel, F., Rijmen, V.: Weaknesses in the HAS-V Compression Function. In: Nam, K.-H., Rhee, G. (eds.) ICISC 2007. LNCS, vol. 4817, pp. 335–345. Springer, Heidelberg (2007)
NIST: FIPS PUB 180-2-Secure Hash Standard (August 2002), http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf (Accessed on 10/1/2010)
NIST: Announcing Request for Candidate Algorithm Nominations for a New Cryptographic Hash Algorithm (SHA-3) Family. Docket No: 070911510-7512-01 (November 2007)
NIST: Second Round Candidates. Official notification from NIST (2009), http://csrc.nist.gov/groups/ST/hash/sha-3/Round2/submissions_rnd2.html (Accessed on 8/1/2010)
van Oorschot, P.C., Wiener, M.J.: Parallel Collision Search with Cryptanalytic Applications. J. Cryptology 12(1), 1–28 (1999)
Peyrin, T.: Chosen-salt, chosen-counter, pseudo-collision on SHAvite-3 compression function (2009), http://ehash.iaik.tugraz.at/uploads/e/ea/Peyrin-SHAvite-3.txt (Accessed on 10/1/2010)
Reyhanitabar, M.R., Susilo, W., Mu, Y.: Enhanced Security Notions for Dedicated-Key Hash Functions: Definitions and Relationships. In: Hong, S., Iwata, T. (eds.) FSE 2010, LNCS. Springer, Heidelberg (to appear, 2010)
Wang, X., Yin, Y.L., Yu, H.: Finding Collisions in the Full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005), http://dx.doi.org/10.1007/11535218_2
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Gauravaram, P. et al. (2010). Cryptanalysis of the 10-Round Hash and Full Compression Function of SHAvite-3-512. In: Bernstein, D.J., Lange, T. (eds) Progress in Cryptology – AFRICACRYPT 2010. AFRICACRYPT 2010. Lecture Notes in Computer Science, vol 6055. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-12678-9_25
Download citation
DOI: https://doi.org/10.1007/978-3-642-12678-9_25
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-12677-2
Online ISBN: 978-3-642-12678-9
eBook Packages: Computer ScienceComputer Science (R0)