5 results sorted by ID
Possible spell-corrected query: fs
Improved Generalized Birthday Attack
Paul Kirchner
Let r, B and w be positive integers. Let C be a linear code of length
Bw and subspace of Fr . The k-regular-decoding problem is to find
2
a nonzero codeword consisting of w length-B blocks with Hamming
weight k. This problem was mainly studied after 2002. Not being
able to solve this problem is critical for cryptography as it gives a
fast attack against FSB, SWIFFT and learning parity with noise. In
this paper, the classical methods are used in the same algorithm and
improved.
Faster 2-regular information-set decoding
Daniel J. Bernstein, Tanja Lange, Christiane Peters, Peter Schwabe
Secret-key cryptography
Fix positive integers B and w. Let C be a linear code over F_2 of length Bw. The 2-regular-decoding problem is to find a nonzero codeword consisting of w length-B blocks, each of which has Hamming weight 0 or 2. This problem appears in attacks on the FSB (fast syndrome-based) hash function and related proposals. This problem differs from the usual information-set-decoding problems in that (1) the target codeword is required to have a very regular structure and (2) the target weight can...
Really fast syndrome-based hashing
Daniel J. Bernstein, Tanja Lange, Christiane Peters, Peter Schwabe
Secret-key cryptography
The FSB (fast syndrome-based) hash function
was submitted to the SHA-3 competition
by Augot, Finiasz, Gaborit, Manuel, and Sendrier in 2008,
after preliminary designs proposed in 2003, 2005, and 2007.
Many FSB parameter choices
were broken by Coron and Joux in 2004, Saarinen in 2007, and Fouque and Leurent
in 2008,
but the basic FSB idea appears to be secure,
and the FSB submission remains unbroken.
On the other hand,
the FSB submission is also quite slow,
and was not selected for the second...
Implementing Wagner's generalized birthday attack against the SHA-3 round-1 candidate FSB
Daniel J. Bernstein, Tanja Lange, Ruben Niederhagen, Christiane Peters, Peter Schwabe
Implementation
This paper applies generalized birthday attacks to the FSB
compression function, and shows how to adapt the attacks so that they
run in far less memory. In particular, this paper presents details of a
parallel implementation attacking FSB48 , a scaled-down version of FSB
proposed by the FSB submitters. The implementation runs on a cluster of
8 PCs, each with only 8GB of RAM and 700GB of disk. This situation is
very interesting for estimating the security of systems against...
Linearization Attacks Against Syndrome Based Hashes
Markku-Juhani O. Saarinen
Secret-key cryptography
In MyCrypt 2005, Augot, Finiasz, and Sendrier proposed FSB, a family of cryptographic hash functions. The security claim of the FSB hashes is based on a coding theory problem with hard average-case complexity. In the ECRYPT 2007 Hash Function Workshop, new versions with essentially the same compression function but radically different security parameters and an additional final transformation were presented. We show that hardness of average-case complexity of the underlying problem is...
Let r, B and w be positive integers. Let C be a linear code of length Bw and subspace of Fr . The k-regular-decoding problem is to find 2 a nonzero codeword consisting of w length-B blocks with Hamming weight k. This problem was mainly studied after 2002. Not being able to solve this problem is critical for cryptography as it gives a fast attack against FSB, SWIFFT and learning parity with noise. In this paper, the classical methods are used in the same algorithm and improved.
Fix positive integers B and w. Let C be a linear code over F_2 of length Bw. The 2-regular-decoding problem is to find a nonzero codeword consisting of w length-B blocks, each of which has Hamming weight 0 or 2. This problem appears in attacks on the FSB (fast syndrome-based) hash function and related proposals. This problem differs from the usual information-set-decoding problems in that (1) the target codeword is required to have a very regular structure and (2) the target weight can...
The FSB (fast syndrome-based) hash function was submitted to the SHA-3 competition by Augot, Finiasz, Gaborit, Manuel, and Sendrier in 2008, after preliminary designs proposed in 2003, 2005, and 2007. Many FSB parameter choices were broken by Coron and Joux in 2004, Saarinen in 2007, and Fouque and Leurent in 2008, but the basic FSB idea appears to be secure, and the FSB submission remains unbroken. On the other hand, the FSB submission is also quite slow, and was not selected for the second...
This paper applies generalized birthday attacks to the FSB compression function, and shows how to adapt the attacks so that they run in far less memory. In particular, this paper presents details of a parallel implementation attacking FSB48 , a scaled-down version of FSB proposed by the FSB submitters. The implementation runs on a cluster of 8 PCs, each with only 8GB of RAM and 700GB of disk. This situation is very interesting for estimating the security of systems against...
In MyCrypt 2005, Augot, Finiasz, and Sendrier proposed FSB, a family of cryptographic hash functions. The security claim of the FSB hashes is based on a coding theory problem with hard average-case complexity. In the ECRYPT 2007 Hash Function Workshop, new versions with essentially the same compression function but radically different security parameters and an additional final transformation were presented. We show that hardness of average-case complexity of the underlying problem is...
