On security arguments of the second round SHA-3 candidates

Elena Andreeva, Andrey Bogdanov, Bart Mennink, Bart Preneel, Christian Rechberger

    Research output: Contribution to journalJournal articleResearchpeer-review

    Abstract

    In 2007, the US National Institute for Standards and Technology (NIST) announced a call for the design of a new cryptographic hash algorithm in response to vulnerabilities like differential attacks identified in existing hash functions, such as MD5 and SHA-1. NIST received many submissions, 51 of which got accepted to the first round. 14 candidates were left in the second round, out of which five candidates have been recently chosen for the final round.
    An important criterion in the selection process is the SHA-3 hash function security. We identify two important classes of security arguments for the new designs: (1) the possible reductions of the hash function security to the security of its underlying building blocks and (2) arguments against differential
    attack on building blocks. In this paper, we compare the state of the art provable security reductions for the second round candidates and review arguments and bounds against classes of differential attacks.We discuss all the SHA-3 candidates at a high functional level, analyze, and summarize the security reduction results and bounds against differential attacks. Additionally, we generalize the well-known proof of collision resistance preservation, such that all SHA-3 candidates with a suffix-free padding are covered.
    Original languageEnglish
    JournalInternational Journal of Information Security
    Volume11
    Issue number2
    Pages (from-to)103–120
    ISSN1615-5262
    DOIs
    Publication statusPublished - 2012

    Keywords

    • SHA-3 competition
    • Hash functions
    • Classification
    • Security reductions
    • Differential attacks

    Cite this

    Andreeva, E., Bogdanov, A., Mennink, B., Preneel, B., & Rechberger, C. (2012). On security arguments of the second round SHA-3 candidates. International Journal of Information Security, 11(2), 103–120. https://doi.org/10.1007/s10207-012-0156-7
    Andreeva, Elena ; Bogdanov, Andrey ; Mennink, Bart ; Preneel, Bart ; Rechberger, Christian. / On security arguments of the second round SHA-3 candidates. In: International Journal of Information Security. 2012 ; Vol. 11, No. 2. pp. 103–120.
    @article{5829acd476a840779b4ba4136c7a348b,
    title = "On security arguments of the second round SHA-3 candidates",
    abstract = "In 2007, the US National Institute for Standards and Technology (NIST) announced a call for the design of a new cryptographic hash algorithm in response to vulnerabilities like differential attacks identified in existing hash functions, such as MD5 and SHA-1. NIST received many submissions, 51 of which got accepted to the first round. 14 candidates were left in the second round, out of which five candidates have been recently chosen for the final round.An important criterion in the selection process is the SHA-3 hash function security. We identify two important classes of security arguments for the new designs: (1) the possible reductions of the hash function security to the security of its underlying building blocks and (2) arguments against differentialattack on building blocks. In this paper, we compare the state of the art provable security reductions for the second round candidates and review arguments and bounds against classes of differential attacks.We discuss all the SHA-3 candidates at a high functional level, analyze, and summarize the security reduction results and bounds against differential attacks. Additionally, we generalize the well-known proof of collision resistance preservation, such that all SHA-3 candidates with a suffix-free padding are covered.",
    keywords = "SHA-3 competition, Hash functions, Classification, Security reductions, Differential attacks",
    author = "Elena Andreeva and Andrey Bogdanov and Bart Mennink and Bart Preneel and Christian Rechberger",
    year = "2012",
    doi = "10.1007/s10207-012-0156-7",
    language = "English",
    volume = "11",
    pages = "103–120",
    journal = "International Journal of Information Security",
    issn = "1615-5262",
    publisher = "Springer",
    number = "2",

    }

    Andreeva, E, Bogdanov, A, Mennink, B, Preneel, B & Rechberger, C 2012, 'On security arguments of the second round SHA-3 candidates', International Journal of Information Security, vol. 11, no. 2, pp. 103–120. https://doi.org/10.1007/s10207-012-0156-7

    On security arguments of the second round SHA-3 candidates. / Andreeva, Elena; Bogdanov, Andrey; Mennink, Bart; Preneel, Bart; Rechberger, Christian.

    In: International Journal of Information Security, Vol. 11, No. 2, 2012, p. 103–120.

    Research output: Contribution to journalJournal articleResearchpeer-review

    TY - JOUR

    T1 - On security arguments of the second round SHA-3 candidates

    AU - Andreeva, Elena

    AU - Bogdanov, Andrey

    AU - Mennink, Bart

    AU - Preneel, Bart

    AU - Rechberger, Christian

    PY - 2012

    Y1 - 2012

    N2 - In 2007, the US National Institute for Standards and Technology (NIST) announced a call for the design of a new cryptographic hash algorithm in response to vulnerabilities like differential attacks identified in existing hash functions, such as MD5 and SHA-1. NIST received many submissions, 51 of which got accepted to the first round. 14 candidates were left in the second round, out of which five candidates have been recently chosen for the final round.An important criterion in the selection process is the SHA-3 hash function security. We identify two important classes of security arguments for the new designs: (1) the possible reductions of the hash function security to the security of its underlying building blocks and (2) arguments against differentialattack on building blocks. In this paper, we compare the state of the art provable security reductions for the second round candidates and review arguments and bounds against classes of differential attacks.We discuss all the SHA-3 candidates at a high functional level, analyze, and summarize the security reduction results and bounds against differential attacks. Additionally, we generalize the well-known proof of collision resistance preservation, such that all SHA-3 candidates with a suffix-free padding are covered.

    AB - In 2007, the US National Institute for Standards and Technology (NIST) announced a call for the design of a new cryptographic hash algorithm in response to vulnerabilities like differential attacks identified in existing hash functions, such as MD5 and SHA-1. NIST received many submissions, 51 of which got accepted to the first round. 14 candidates were left in the second round, out of which five candidates have been recently chosen for the final round.An important criterion in the selection process is the SHA-3 hash function security. We identify two important classes of security arguments for the new designs: (1) the possible reductions of the hash function security to the security of its underlying building blocks and (2) arguments against differentialattack on building blocks. In this paper, we compare the state of the art provable security reductions for the second round candidates and review arguments and bounds against classes of differential attacks.We discuss all the SHA-3 candidates at a high functional level, analyze, and summarize the security reduction results and bounds against differential attacks. Additionally, we generalize the well-known proof of collision resistance preservation, such that all SHA-3 candidates with a suffix-free padding are covered.

    KW - SHA-3 competition

    KW - Hash functions

    KW - Classification

    KW - Security reductions

    KW - Differential attacks

    U2 - 10.1007/s10207-012-0156-7

    DO - 10.1007/s10207-012-0156-7

    M3 - Journal article

    VL - 11

    SP - 103

    EP - 120

    JO - International Journal of Information Security

    JF - International Journal of Information Security

    SN - 1615-5262

    IS - 2

    ER -