Rochester Institute of Technology
Department of Computer Science
Master's Project
Statistical and Performance Analysis of SHA-3 Hash Candidates
Ashok Vepampedu Karunakaran
Committee
Chair: Prof. Stanislaw Radziszowski
Reader: Prof. Peter Bajorski
Observer: Prof. Christopher Homan
Abstract:
A hash function takes input data, called the message, and produces a condensed representation, called the message digest. Security flaws have been detected in some of the most commonly used hash functions like MD5 (Message Digest) and SHA-1 (Secure Hash Algorithm). Therefore, NIST started the design competition for a new hash standard to be called SHA-3. The SHA-3 competition is currently in its final round with five candidates remaining. The following is a gist of the tasks that were carried out for the project:
• Randomness - A good hash function should behave as close to a random function as possible. Statistical tests help in determining the randomness of a hash function and NIST recommends a series of tests in a statistical test suite for this purpose. This tool has been used to analyze the randomness of the final five hash functions.
• Performance - It is another one of those critical factors that determines a good hash function. Performance of the all the fourteen Round 2 candidates was measured using Java as the programming language on Sun platform machines for small sized messages. No such tests have been carried out with this combination.
• Security - Security is the most important criteria when it comes to hash functions. Grøstl is one of the final five candidates and its architecture, design and security features have been studied in detail. Some of the successful attacks on reduced versions have been explained. Also, the lesser known candidates, Fugue and ECHO, from Round 2 have been studied.
Links:
1) Proposal [pdf]
2) Report [pdf]
3) Source code [zip]
4) Presentation [ppt][pptx]
5) Resources
Info on SHA-3: http://ehash.iaik.tugraz.at/wiki/The_SHA-3_Zoo
NIST SHA-3 page: http://csrc.nist.gov/groups/ST/hash/sha-3/index.html
Statistical Test Suite: http://csrc.nist.gov/groups/ST/toolkit/rng/documentation_software.html
Sphlib Project: http://www.saphir2.com/sphlib/
Chair: Prof. Stanislaw Radziszowski
Reader: Prof. Peter Bajorski
Observer: Prof. Christopher Homan
Abstract:
A hash function takes input data, called the message, and produces a condensed representation, called the message digest. Security flaws have been detected in some of the most commonly used hash functions like MD5 (Message Digest) and SHA-1 (Secure Hash Algorithm). Therefore, NIST started the design competition for a new hash standard to be called SHA-3. The SHA-3 competition is currently in its final round with five candidates remaining. The following is a gist of the tasks that were carried out for the project:
• Randomness - A good hash function should behave as close to a random function as possible. Statistical tests help in determining the randomness of a hash function and NIST recommends a series of tests in a statistical test suite for this purpose. This tool has been used to analyze the randomness of the final five hash functions.
• Performance - It is another one of those critical factors that determines a good hash function. Performance of the all the fourteen Round 2 candidates was measured using Java as the programming language on Sun platform machines for small sized messages. No such tests have been carried out with this combination.
• Security - Security is the most important criteria when it comes to hash functions. Grøstl is one of the final five candidates and its architecture, design and security features have been studied in detail. Some of the successful attacks on reduced versions have been explained. Also, the lesser known candidates, Fugue and ECHO, from Round 2 have been studied.
Links:
1) Proposal [pdf]
2) Report [pdf]
3) Source code [zip]
4) Presentation [ppt][pptx]
5) Resources
Info on SHA-3: http://ehash.iaik.tugraz.at/wiki/The_SHA-3_Zoo
NIST SHA-3 page: http://csrc.nist.gov/groups/ST/hash/sha-3/index.html
Statistical Test Suite: http://csrc.nist.gov/groups/ST/toolkit/rng/documentation_software.html
Sphlib Project: http://www.saphir2.com/sphlib/
