Cryptology ePrint Archive: Report 2010/381

Security Reductions of the Second Round SHA-3 Candidates

Elena Andreeva and Bart Mennink and Bart Preneel

Abstract: In 2007, the US National Institute for Standards and Technology announced a call for the design of a new cryptographic hash algorithm in response to vulnerabilities identified in existing hash functions, such as MD5 and SHA-1. NIST received many submissions, 51 of which got accepted to the first round. At present, 14 candidates are left in the second round. An important criterion in the selection process is the SHA-3 hash function security and more concretely, the possible security reductions of the hash function to the security of its underlying building blocks. While some of the candidates are supported with firm security reductions, for most of the schemes these results are still incomplete. In this paper, we compare the state of the art provable security reductions of the second round candidates. We discuss all SHA-3 candidates at a high functional level, and analyze and summarize the security reduction results. Surprisingly, we derive some security bounds from the literature, which the hash function designers seem to be unaware of. Additionally, we generalize the well-known proof of collision resistance preservation, such that all SHA-3 candidates with a suffix-free padding are covered.

Category / Keywords: secret-key cryptography / hash functions, security

Publication Info: Presented at ISC 2010, this is the full version

Date: received 5 Jul 2010, last revised 26 Aug 2011

Contact author: bart mennink at esat kuleuven be

Available format(s): PDF | BibTeX Citation

Version: 20110826:123912 (All versions of this report)

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]