FSBday

Implementing Wagner’s Generalized Birthday Attack against the SHA-3 Round-1 Candidate FSB
  • Daniel J. Bernstein
  • Tanja Lange
  • Ruben Niederhagen
  • Christiane Peters
  • Peter Schwabe
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5922)

Abstract

This paper applies generalized birthday attacks to the FSB compression function, and shows how to adapt the attacks so that they run in far less memory. In particular, this paper presents details of a parallel implementation attacking FSB48, a scaled-down version of FSB proposed by the FSB submitters. The implementation runs on a cluster of 8 PCs, each with only 8GB of RAM and 700GB of disk. This situation is very interesting for estimating the security of systems against distributed attacks using contributed off-the-shelf PCs.

Keywords

SHA-3 Birthday FSB – Wagner not much Memory 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    MPICH2: High-performance and widely portable MPI, http://www.mcs.anl.gov/research/projects/mpich2/ (accessed 08-18-2009)
  2. 2.
    Augot, D., Finiasz, M., Gaborit, P., Manuel, S., Sendrier, N.: SHA-3 Proposal: FSB (2009), http://www-rocq.inria.fr/secret/CBCrypto/index.php?pg=fsb
  3. 3.
    Augot, D., Finiasz, M., Sendrier, N.: A fast provably secure cryptographic hash function (2003), http://eprint.iacr.org/2003/230
  4. 4.
    Augot, D., Finiasz, M., Sendrier, N.: A family of fast syndrome based cryptographic hash functions. In: Dawson, E., Vaudenay, S. (eds.) Mycrypt 2005. LNCS, vol. 3715, pp. 64–83. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  5. 5.
    Barreto, P.S.L.M., Rijmen, V.: The WHIRLPOOL Hashing Function, http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html
  6. 6.
    Bernstein, D.J.: Better price-performance ratios for generalized birthday attacks. In: Workshop Record of SHARCS ’07: Special-purpose Hardware for Attacking Cryptographic Systems (2007), http://cr.yp.to/papers.html#genbday
  7. 7.
    Coron, J.-S., Joux, A.: Cryptanalysis of a provably secure cryptographic hash function (2004), http://eprint.iacr.org/2004/013
  8. 8.
    Knuth, D.E.: The Art of Computer Programming. vol. 2, Seminumerical Algorithms, 3rd edn. Addison-Wesley Publishing Co., Reading (1997)Google Scholar
  9. 9.
    Minder, L., Sinclair, A.: The extended k-tree algorithm. In: Mathieu, C. (ed.) SODA, pp. 586–595. SIAM, Philadelphia (2009)Google Scholar
  10. 10.
    Naehrig, M., Peters, C., Schwabe, P.: SHA-2 will soon retire (to appear), http://cryptojedi.org/users/peter/index.shtml#retire
  11. 11.
    Wagner, D.: A generalized birthday problem (extended abstract). In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 288–304. Springer, Heidelberg (2002), See also newer version [12], http://www.cs.berkeley.edu/~daw/papers/genbday.html CrossRefGoogle Scholar
  12. 12.
    Wagner, D.: A generalized birthday problem (extended abstract) (long version), See also older version [11] (2002), http://www.cs.berkeley.edu/~daw/papers/genbday.html

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Daniel J. Bernstein
    • 1
  • Tanja Lange
    • 2
  • Ruben Niederhagen
    • 3
  • Christiane Peters
    • 2
  • Peter Schwabe
    • 2
  1. 1.Department of Computer ScienceUniversity of Illinois at ChicagoChicagoUSA
  2. 2.Department of Mathematics and Computer ScienceTechnische Universiteit EindhovenEindhovenNetherlands
  3. 3.Lehrstuhl für BetriebssystemeRWTH Aachen UniversityAachenGermany

Personalised recommendations