[cryptography] New analysis results for Skein

Steven Bellovin smb at cs.columbia.edu
Fri Dec 10 09:41:45 EST 2010


I've been asked if I actually read that report.  The answer, of course, is yes -- and you should, too.


On Dec 10, 2010, at 7:02 40AM, Steven Bellovin wrote:

> 
> On Dec 9, 2010, at 10:45 54PM, Peter Gutmann wrote:
> 
>> * Skein is soft and succumbs to brute force 
>> * Skein has been successfully linearized 
>> * Skein has clear output patterns 
>> * Skein is easily distinguishable from a random oracle
>> 
>> http://eprint.iacr.org/2010/623
>> 
> Despite that, it was selected as one of the five finalists; the other four are BLAKE, JH, Keccak, and Grøstl.  Security was the main concern; algorithms were ruled out if they hadn't received enough analysis.  Algorithms with round structures were favored, because the number of rounds could be increased.  Performance across a very wide range of platforms was also important.  NIST has promised a detailed report in the near future.  (This is taken from an email sent yesterday by Bill BUrr; I found an unofficial copy at http://www.reddit.com/r/crypto/comments/ej7m2/sha3_finalists ; the official archive requires a password.)
> 
> 
> 		--Steve Bellovin, http://www.cs.columbia.edu/~smb
> 
> 
> 
> 
> 
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography
> 


		--Steve Bellovin, http://www.cs.columbia.edu/~smb








More information about the cryptography mailing list