Skein (hash function)
|
|
| General | |
|---|---|
| Designers | Bruce Schneier, Niels Ferguson |
| Derived from | Threefish |
| Certification | SHA-3 finalist |
| Detail | |
| Digest sizes | arbitrary |
| Rounds | 72 (256 & 512 block size), 80 (1024 block size) |
| Speed | 6.1 cpb on Core 2.[1] |
Skein is a cryptographic hash function and one out of five finalists in the NIST hash function competition to design what will become the SHA-3 standard, the intended successor of SHA-1 and SHA-2. According to Stefan Lucks, the name Skein refers to how the Skein function intertwines the input, similar to a coil of yarn, which is called a skein.
Skein was created by Bruce Schneier, Stefan Lucks, Niels Ferguson, Doug Whiting, Mihir Bellare, Tadayoshi Kohno, Jon Callas and Jesse Walker. Skein is based on the Threefish tweakable block cipher. Skein supports internal state sizes of 256, 512 and 1024 bits, and arbitrary output sizes.[2] The authors claim 6.1 cycles per byte for any output size on an Intel Core 2 Duo in 64-bit mode.[3]
-
Skein Mix Function
Skein's nonlinearity comes entirely from the combination of addition operations and exclusive-ORs; it does not use S-boxes. The function is optimized for 64-bit processors, and the Skein paper defines optional features such as randomized hashing, parallelizable tree hashing, a stream cipher, personalization, and a key derivation function.
Contents |
[edit] Cryptanalysis
In October 2010, an attack that combines rotational cryptanalysis with the rebound attack was published. The attack finds rotational collisions for 53 of 72 rounds in Skein-256, and 57 of 72 rounds in Skein-512. It also affects the Threefish cipher.[4] This is a follow-up to the earlier attack published in February, which breaks 39 and 42 rounds respectively.[5]
The Skein team tweaked the key schedule constant for round 3 of the NIST hash function competition, to make this attack less effective, even though they believe the hash would be secure even without these tweaks.[1]
[edit] References
- ^ a b Ferguson et al. (2010-10-01). The Skein Hash Function Family. http://www.skein-hash.info/sites/default/files/skein1.3.pdf.
- ^ "Now From Bruce Schneier, the Skein Hash Function". Slashdot. http://it.slashdot.org/article.pl?sid=08/10/31/1426215. Retrieved 2008-10-31.
- ^ Paper describing the hash function, Version 1.3 (2010-10-01)
- ^ Dmitry Khovratovich, Ivica Nikolic, Christian Rechberger (2010-10-20). Rotational Rebound Attacks on Reduced Skein. http://eprint.iacr.org/2010/538.
- ^ Dmitry Khovratovich and Ivica Nikolić (2010). Rotational Cryptanalysis of ARX. University of Luxembourg. http://www.skein-hash.info/sites/default/files/axr.pdf.
[edit] External links
[edit] Implementations
- SPARKSkein - an implementation of Skein in SPARK, with proofs of type-safety
- Botan contains a C++ implementation of Skein-512
- nskein - A .NET implementation of Skein with support for all block sizes
- Skein module for Python
- Digest::Skein, an implementation in C and Perl
- A C# implementation of Skein and Threefish (based on version 1.3)
- Java, Scala, and Javascript implementations of Skein 512-512 (based on version 1.3)
- A Java implementation of Skein (based on version 1.1)
- An implementation of Skein in Ada
- Skein hash function for Erlang, via NIFs
- Skein 512-512 implemented in Bash
- Skein implemented in Haskell
- A VHDL source codes developed in the Cryptographic Engineering Research Group (CERG) at George Mason University
|
|||||||||||||||||||||||||||||||||||||||||
