On security arguments of the second round SHA-3 candidates

Elena Andreeva, Andrey Bogdanov, Bart Mennink, Bart Preneel, Christian Rechberger

    Research output: Contribution to journalJournal articleResearchpeer-review


    In 2007, the US National Institute for Standards and Technology (NIST) announced a call for the design of a new cryptographic hash algorithm in response to vulnerabilities like differential attacks identified in existing hash functions, such as MD5 and SHA-1. NIST received many submissions, 51 of which got accepted to the first round. 14 candidates were left in the second round, out of which five candidates have been recently chosen for the final round.
    An important criterion in the selection process is the SHA-3 hash function security. We identify two important classes of security arguments for the new designs: (1) the possible reductions of the hash function security to the security of its underlying building blocks and (2) arguments against differential
    attack on building blocks. In this paper, we compare the state of the art provable security reductions for the second round candidates and review arguments and bounds against classes of differential attacks.We discuss all the SHA-3 candidates at a high functional level, analyze, and summarize the security reduction results and bounds against differential attacks. Additionally, we generalize the well-known proof of collision resistance preservation, such that all SHA-3 candidates with a suffix-free padding are covered.
    Original languageEnglish
    JournalInternational Journal of Information Security
    Issue number2
    Pages (from-to)103–120
    Publication statusPublished - 2012


    • SHA-3 competition
    • Hash functions
    • Classification
    • Security reductions
    • Differential attacks


    Dive into the research topics of 'On security arguments of the second round SHA-3 candidates'. Together they form a unique fingerprint.

    Cite this