Skein (hash function)
|Designers||Bruce Schneier, Niels Ferguson|
|Rounds||72 (256 & 512 block size), 80 (1024 block size)|
|Speed||6.1 cpb on Core 2.|
Skein is a cryptographic hash function and one of five finalists in the NIST hash function competition. Entered as a candidate to become the SHA-3 standard, the successor of SHA-1 and SHA-2, it ultimately lost to NIST hash candidate Keccak.
Skein supports internal state sizes of 256, 512 and 1024 bits, and arbitrary output sizes.
The core of Threefish is based on a MIX function that transforms 2 64-bit words using a single addition, rotation by a constant and XOR. The UBI chaining mode combines an input chaining value with an arbitrary length input string and produces a fixed size output.
Threefish's nonlinearity comes entirely from the combination of addition operations and exclusive-ORs; it does not use S-boxes. The function is optimized for 64-bit processors, and the Skein paper defines optional features such as randomized hashing, parallelizable tree hashing, a stream cipher, personalization, and a key derivation function.
In October 2010, an attack that combines rotational cryptanalysis with the rebound attack was published. The attack finds rotational collisions for 53 of 72 rounds in Threefish-256, and 57 of 72 rounds in Threefish-512. It also affects the Skein hash function. This is a follow-up to the earlier attack published in February, which breaks 39 and 42 rounds respectively.
The Skein team tweaked the key schedule constant for round 3 of the NIST hash function competition, to make this attack less effective, even though they believe the hash would be secure even without these tweaks.
- Ferguson et al. (2010-10-01). "The Skein Hash Function Family" (PDF).
- "NIST Selects Winner of Secure Hash Algorithm (SHA-3) Competition". NIST. Retrieved 2012-10-02.
|last1=in Authors list (help)
- "Now From Bruce Schneier, the Skein Hash Function". Slashdot. Retrieved 2008-10-31.
|last1=in Authors list (help)
- Paper describing the hash function, Version 1.3 (2010-10-01)
- Dmitry Khovratovich, Ivica Nikolic, Christian Rechberger (2010-10-20). "Rotational Rebound Attacks on Reduced Skein".
- Dmitry Khovratovich and Ivica Nikolić (2010). "Rotational Cryptanalysis of ARX" (PDF). University of Luxembourg.
- SPARKSkein - an implementation of Skein in SPARK, with proofs of type-safety
- Botan contains a C++ implementation of Skein-512
- nskein - A .NET implementation of Skein with support for all block sizes
- Skein module for Python
- Digest::Skein, an implementation in C and Perl
- A C# implementation of Skein and Threefish (based on version 1.3)
- A Java implementation of Skein (based on version 1.1)
- An implementation of Skein in Ada
- Skein hash function for Erlang, via NIFs
- Skein 512-512 implemented in Bash
- Skein implemented in Haskell
- VHDL source code developed by the Cryptographic Engineering Research Group (CERG) at George Mason University
- Skein implemented in Ruby
- An efficient implementation of Skein-256 for 8-bit Atmel AVR microcontrollers, meeting the performance estimates outlined in the official specification