Academic
Publications
Grøstl – a SHA3 candidate

Grøstl – a SHA3 candidate,Lars R. Knudsen,Krystian Matusiewicz,Florian Mendel,Christian Rechberger,Martin Schlaffer,Søren S. Thomsen

Cumulative Annual
    • ...Among them, several hash proposals like Grøstl [14] or ECHO [2] use parts of the standardized block cipher AES [9, 30] as internal primitives or mimick the structure of this cipher...
    • ...We give in this section a generic description of an AES-like permutation and we then provide the parameters in this generic model for AES, Grøstl and ECHO .W e refer to the corresponding specifications [2, 9, 14, 30] for a detailed description of these schemes...
    • ...Grøstl [14] is a double-pipe hash function whose compression function is built upon two AES-like permutations P and Q (that only differ by the constants used during the AddConstant layer)...

    Henri Gilbertet al. Super-Sbox Cryptanalysis: Improved Attacks for AES-Like Permutations

    • ...14 candidates among 51 have been selected for the second round and many of them (like ECHO [3], Grøstl [14] or SHAvite-3 [5]) are actually using some parts of the standardized block cipher...
    • ...Our contributions. In this paper, we improve the best known cryptanalysis results [1, 18, 27, 26, 15] on two second round SHA-3 candidates: the hash functions ECHO [3] and Grøstl [14]...
    • ...Structural distinguishers (independent of the number of rounds) were already described in the original submission document [14]...
    • ...We give in this section the description of Grøstl and refer to the submission document [14] for more details...

    Thomas Peyrin. Improved Differential Attacks for ECHO and Grøstl

    • ...In this paper we analyze the hash function Grøstl [4], which is one of the remaining 2nd-round candidates of the NIST SHA-3 competition...
    • ...With � denoting the output size of the compression function, even collision attacks in 2 �/ 3 time or 2 �/ 4 permutation queries, memoryless preimage attacks in time 2 �/ 2 , and very efficient distinguishers (only two calls) are known [4]...
    • ...The hash function Grøstl was designed by Gauravaram et al. as a candidate for the SHA-3 competition [4]...
    • ...For details on the round transformations we refer to the Grøstl specification [4]...

    Florian Mendelet al. Rebound Attacks on the Reduced Grøstl Hash Function

    • ...In this work we analyze the indifferentiability of the Grøstl SHA-3 candidate [15]...
    • ...Both approaches turn out futile for the Grøstl hash function: fixed points for the compression function can be found easily (as already observed in [15]), and also the final output transformation is clearly differentiable 90 E. Andreeva, B. Mennink, and B. Preneel...

    Elenes Andreevaet al. On the Indifferentiability of the Grostl Hash Function

    • ...3.6. The Grøstl hash function [29] is a chop-MD construction, with a final transformation before chopping, and with a suffix-free padding rule...

    Elena Andreevaet al. Security Reductions of the Second Round SHA3 Candidates

Sort by: