Cryptanalysis of the 10-round hash and full compression function of SHAvite-3-512

Authors:
Praveen Gauravaram;Gaëtan Leurent;Florian Mendel;María Naya-Plasencia;Thomas Peyrin;Christian Rechberger;Martin Schläffer
Affiliations:
Department of Mathematics, DTU, Denmark;ENS, France;IAIK, TU, Graz, Austria;FHNW Windisch, Switzerland;Ingenico, France;ESAT/COSIC, K.U.Leuven and IBBT, Belgium;IAIK, TU, Graz, Austria
Venue:
AFRICACRYPT'10 Proceedings of the Third international conference on Cryptology in Africa
Year:
2010

Citing 11
Cited 4

Formal aspects of mobile code security

Formal aspects of mobile code security
MD4 is Not One-Way

Fast Software Encryption
Preimages for Reduced SHA-0 and SHA-1

CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
On Randomizing Hash Functions to Strengthen the Security of Digital Signatures

EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
Weaknesses in the HAS-V compression function

ICISC'07 Proceedings of the 10th international conference on Information security and cryptology
Second preimage attacks on dithered hash functions

EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Enhanced security notions for dedicated-key hash functions: definitions and relationships

FSE'10 Proceedings of the 17th international conference on Fast software encryption
Finding SHA-1 characteristics: general results and applications

ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
Finding collisions in the full SHA-1

CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Second preimages on n-bit hash functions for much less than 2n work

EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Strengthening digital signatures via randomized hashing

CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology

Attacks on hash functions based on generalized Feistel: application to reduced-round Lesamnta and SHAvite-3512

SAC'10 Proceedings of the 17th international conference on Selected areas in cryptography
Analysis of reduced-SHAvite-3-256 v2

FSE'11 Proceedings of the 18th international conference on Fast software encryption
Known-key distinguishers on 11-round Feistel and collision attacks on its hashing modes

FSE'11 Proceedings of the 18th international conference on Fast software encryption
Preimage attacks on Feistel-SP functions: impact of omitting the last network twist

ACNS'13 Proceedings of the 11th international conference on Applied Cryptography and Network Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper, we analyze the SHAvite-3-512 hash function, as proposed and tweaked for round 2 of the SHA-3 competition. We present cryptanalytic results on 10 out of 14 rounds of the hash function SHAvite-3-512, and on the full 14 round compression function of SHAvite-3-512. We show a second preimage attack on the hash function reduced to 10 rounds with a complexity of 2497 compression function evaluations and 216 memory. For the full 14-round compression function, we give a chosen counter, chosen salt preimage attack with 2384 compression function evaluations and 2128 memory (or complexity 2448 without memory), and a collision attack with 2192 compression function evaluations and 2128 memory.