Paper 2009/292

Implementing Wagner's generalized birthday attack against the SHA-3 round-1 candidate FSB

Daniel J. Bernstein, Tanja Lange, Ruben Niederhagen, Christiane Peters, and Peter Schwabe

Abstract

This paper applies generalized birthday attacks to the FSB compression function, and shows how to adapt the attacks so that they run in far less memory. In particular, this paper presents details of a parallel implementation attacking FSB48 , a scaled-down version of FSB proposed by the FSB submitters. The implementation runs on a cluster of 8 PCs, each with only 8GB of RAM and 700GB of disk. This situation is very interesting for estimating the security of systems against distributed attacks using contributed off-the-shelf PCs.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published elsewhere. Unknown where it was published
Keywords
SHA-3BirthdayFSB -- Wagnernot much Memory
Contact author(s)
tanja @ hyperelliptic org
History
2011-09-27: last of 8 revisions
2009-06-17: received
See all versions
Short URL
https://ia.cr/2009/292
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2009/292,
      author = {Daniel J.  Bernstein and Tanja Lange and Ruben Niederhagen and Christiane Peters and Peter Schwabe},
      title = {Implementing Wagner's generalized birthday attack against the SHA-3 round-1 candidate FSB},
      howpublished = {Cryptology ePrint Archive, Paper 2009/292},
      year = {2009},
      note = {\url{https://eprint.iacr.org/2009/292}},
      url = {https://eprint.iacr.org/2009/292}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.