On security arguments of the second round SHA-3 candidates |
| |
Authors: | Elena Andreeva Andrey Bogdanov Bart Mennink Bart Preneel Christian Rechberger |
| |
Affiliation: | 1. Department of Electrical Engineering, ESAT/COSIC and IBBT, Katholieke Universiteit Leuven, Leuven, Belgium 2. Institut for Matematik, Danmarks Tekniske Universitet, Copenhagen, Denmark
|
| |
Abstract: | In 2007, the US National Institute for Standards and Technology (NIST) announced a call for the design of a new cryptographic
hash algorithm in response to vulnerabilities like differential attacks identified in existing hash functions, such as MD5
and SHA-1. NIST received many submissions, 51 of which got accepted to the first round. 14 candidates were left in the second
round, out of which five candidates have been recently chosen for the final round. An important criterion in the selection
process is the SHA-3 hash function security. We identify two important classes of security arguments for the new designs:
(1) the possible reductions of the hash function security to the security of its underlying building blocks and (2) arguments
against differential attack on building blocks. In this paper, we compare the state of the art provable security reductions
for the second round candidates and review arguments and bounds against classes of differential attacks. We discuss all the
SHA-3 candidates at a high functional level, analyze, and summarize the security reduction results and bounds against differential
attacks. Additionally, we generalize the well-known proof of collision resistance preservation, such that all SHA-3 candidates
with a suffix-free padding are covered. |
| |
Keywords: | |
本文献已被 SpringerLink 等数据库收录! |
|