The starting point for Fugue is the hash function Grindahl, but it extends that design to protect against the kind of attacks that were developed for Grindahl, as well as earlier hash functions like SHA-1. A key enhancement is the design of a much stronger round function which replaces the AES round function of Grindahl, using better codes (over longer words) than the AES 4 X 4 MDS matrix. Also, Fugue makes judicious use of this new round function on a much larger internal state.
The design of Fugue is proof-oriented: the various components are designed in such a way as to allow proofs of security, and yet be efficient to implement. As a result, we can prove that current attack methods cannot find collisions in Fugue any faster than the trivial birthday attack. Although the proof is computer assisted, the assistance is limited to computing ranks of various matrices.Category / Keywords: Date: received 3 Jun 2014 Contact author: csjutla at us ibm com Available format(s): PDF | BibTeX Citation Version: 20140606:050957 (All versions of this report) Short URL: ia.cr/2014/423 Discussion forum: Show discussion | Start new discussion