[131340] in cryptography@c2.net mail archive
Re: The MD6 hash function (rough notes)
daemon@ATHENA.MIT.EDU (Dustin D. Trammell)
Fri Aug 22 15:29:56 2008
From: "Dustin D. Trammell" <dtrammell@bpointsys.com>
To: "\"Hal Finney\"" <hal@finney.org>
Cc: cryptography@metzdowd.com
In-Reply-To: <20080821172617.C90E814F6E1@finney.org>
Date: Fri, 22 Aug 2008 10:16:59 -0500
--=-7plBHuulRS7c2d7YPcOQ
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
On Thu, 2008-08-21 at 10:26 -0700, "Hal Finney" wrote:
> Ron Rivest presented his (along with a dozen other people's) new hash,
> MD6, yesterday at Crypto.
---8<---(snip)---8<---
> He also presented a number of cryptanalytic results. There is provable
> security against differential cryptanalysis, by virtue of the large numbe=
r
> of rounds; also security against side channels. A SAT solver and another
> technique could only do something with about 11 rounds, versus the 100+
> rounds in the function. The tree structure is also shown to preserve
> strong properties of the compression function.
>=20
> Overall it seemed very impressive. The distinctive features are the tree
> structure, very wide input blocks, and the enormous number of rounds.
> The cryptanalysis results were favorable. However Adi Shamir stood up
> and expressed concern that his new Cube attack might apply. Rivest seemed
> confident that the degree of MD6 would be several thousand, which should
> be safe from Shamir's attack, but time will tell.
I came across this paper today while searching for more information:
http://groups.csail.mit.edu/cis/theses/crutchfield-masters-thesis.pdf
It's titled 'Security Proofs for the MD6 Hash Function Mode of
Operation' by Christopher Yale Crutchfield (certified by Ronald L.
Rivest). I thought it might be of interest to the followers of this
thread.
--=20
Dustin D. Trammell
Security Researcher
BreakingPoint Systems, Inc.
--=-7plBHuulRS7c2d7YPcOQ
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQBIrthlXqktT9dTuAARAtbXAJ0dUUzSSmF/DxMyT4KA4JG01Bo/rQCaAxow
Wi3dge3SHkpQV5IQ7Gg3FcY=
=tGBB
-----END PGP SIGNATURE-----
--=-7plBHuulRS7c2d7YPcOQ--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
