MD6 withdrawn from SHA-3 competition

Chen Ke-Fei Lin at
Mon Jul 6 22:07:34 EDT 2009

At 10:39 AM -0700 7/4/09, Hal Finney wrote:
>But how many other hash function candidates would also be excluded if
>such a stringent criterion were applied? Or turning it around, if NIST
>demanded a proof of immunity to differential attacks as Rivest proposed,
>how many candidates have offered such a proof, in variants fast enough
>to beat SHA-2?

Several hash candidates have proofs against differential attacks but only
four with such proofs are faster than SHA-2 (Edon-R, Shabal, Cheetah and
But according to
Keccak and Cheetah in 32-bit mode are not actually faster than SHA-2.

C.K.F. Lin

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list