Cryptology ePrint Archive: Report 2016/098

Haraka v2 - Efficient Short-Input Hashing for Post-Quantum Applications

Stefan Kölbl and Martin M. Lauridsen and Florian Mendel and Christian Rechberger

Abstract: Recently, many efficient cryptographic hash function design strategies have been explored, not least because of the SHA-3 competition. These designs are, almost exclusively, geared towards high performance on long inputs. However, various applications exist where the performance on short (fixed length) inputs matters more. Such hash functions are the bottleneck in hash-based signature schemes like SPHINCS or XMSS, which is currently under standardization. Secure functions specifically designed for such applications are scarce. We attend to this gap by proposing two short-input hash functions (or rather simply compression functions). By utilizing AES instructions on modern CPUs, our proposals are the fastest on such platforms, reaching throughputs below one cycle per hashed byte even for short inputs, while still having a very low latency of less than 60 cycles.

Under the hood, this results comes with several innovations. First, we study whether the number of rounds for our hash functions can be reduced, if only second-preimage resistance (and not collision resistance) is required. The conclusion is: only a little. Second, since their inception, AES-like designs allow for supportive security arguments by means of counting and bounding the number of active S-boxes. However, this ignores powerful attack vectors using truncated differentials, including the powerful rebound attacks. We develop a general tool-based method to include arguments against attack vectors using truncated differentials.

Category / Keywords: secret-key cryptography / Cryptographic hash functions, second-preimage resistance, AES-NI, hash-based signatures, post-quantum

Date: received 4 Feb 2016, last revised 24 Oct 2016

Contact author: stek at dtu dk

Available format(s): PDF | BibTeX Citation

Note: Updated performance numbers.

Version: 20161024:110803 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]