FSE '99 Proceedings of the 6th International Workshop on Fast Software Encryption
Miss in the Middle Attacks on IDEA and Khufu
FSE '99 Proceedings of the 6th International Workshop on Fast Software Encryption
Efficient Algorithms for Computing Differential Properties of Addition
FSE '01 Revised Papers from the 8th International Workshop on Fast Software Encryption
Chosen-Prefix Collisions for MD5 and Colliding X.509 Certificates for Different Identities
EUROCRYPT '07 Proceedings of the 26th annual international conference on Advances in Cryptology
New Features of Latin Dances: Analysis of Salsa, ChaCha, and Rumba
Fast Software Encryption
The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Grøstl
Fast Software Encryption
Known-key distinguishers for some block ciphers
ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
Finding SHA-1 characteristics: general results and applications
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
New combined attacks on block ciphers
FSE'05 Proceedings of the 12th international conference on Fast Software Encryption
Related-Key impossible differential attacks on 8-round AES-192
CT-RSA'06 Proceedings of the 2006 The Cryptographers' Track at the RSA conference on Topics in Cryptology
Finding collisions in the full SHA-1
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
How to break MD5 and other hash functions
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Related-Key boomerang and rectangle attacks
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Rotational cryptanalysis of ARX
FSE'10 Proceedings of the 17th international conference on Fast software encryption
The differential analysis of S-functions
SAC'10 Proceedings of the 17th international conference on Selected areas in cryptography
Improved related-key boomerang attacks on round-reduced threefish-512
ISPEC'10 Proceedings of the 6th international conference on Information Security Practice and Experience
Boomerang attacks on hash function using auxiliary differentials
CT-RSA'12 Proceedings of the 12th conference on Topics in Cryptology
Distinguishers beyond three rounds of the RIPEMD-128/-160 compression functions
ACNS'12 Proceedings of the 10th international conference on Applied Cryptography and Network Security
Bicliques for preimages: attacks on skein-512 and the SHA-2 family
FSE'12 Proceedings of the 19th international conference on Fast Software Encryption
Analysis of differential attacks in ARX constructions
ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
Bicliques for permutations: collision and preimage attacks in stronger settings
ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
| Hi-index | 0.00 |
The hash function Skein is the submission of Ferguson et al. to the NIST Hash Competition, and is arguably a serious candidate for selection as SHA-3. This paper presents the first third-party analysis of Skein, with an extensive study of its main component: the block cipher Threefish. We notably investigate near collisions, distinguishers, impossible differentials, key recovery using related-key differential and boomerang attacks. In particular, we present near collisions on up to 17 rounds, an impossible differential on 21 rounds, a related-key boomerang distinguisher on 34 rounds, a known-related-key boomerang distinguisher on 35 rounds, and key recovery attacks on up to 32 rounds, out of 72 in total for Threefish-512. None of our attacks directly extends to the full Skein hash. However, the pseudorandomness of Threefish is required to validate the security proofs on Skein, and our results conclude that at least 36 rounds of Threefish seem required for optimal security guarantees.