Paper 2010/381
Security Reductions of the Second Round SHA-3 Candidates
Elena Andreeva, Bart Mennink, and Bart Preneel
Abstract
In 2007, the US National Institute for Standards and Technology announced a call for the design of a new cryptographic hash algorithm in response to vulnerabilities identified in existing hash functions, such as MD5 and SHA-1. NIST received many submissions, 51 of which got accepted to the first round. At present, 14 candidates are left in the second round. An important criterion in the selection process is the SHA-3 hash function security and more concretely, the possible security reductions of the hash function to the security of its underlying building blocks. While some of the candidates are supported with firm security reductions, for most of the schemes these results are still incomplete. In this paper, we compare the state of the art provable security reductions of the second round candidates. We discuss all SHA-3 candidates at a high functional level, and analyze and summarize the security reduction results. Surprisingly, we derive some security bounds from the literature, which the hash function designers seem to be unaware of. Additionally, we generalize the well-known proof of collision resistance preservation, such that all SHA-3 candidates with a suffix-free padding are covered.
Metadata
- Available format(s)
-
PDF
- Category
- Secret-key cryptography
- Publication info
- Published elsewhere. Presented at ISC 2010, this is the full version
- Keywords
- hash functionssecurity
- Contact author(s)
- bart mennink @ esat kuleuven be
- History
- 2011-08-26: last of 6 revisions
- 2010-07-07: received
- See all versions
- Short URL
- https://ia.cr/2010/381
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2010/381,
author = {Elena Andreeva and Bart Mennink and Bart Preneel},
title = {Security Reductions of the Second Round {SHA}-3 Candidates},
howpublished = {Cryptology {ePrint} Archive, Paper 2010/381},
year = {2010},
url = {https://eprint.iacr.org/2010/381}
}
