MD6 withdrawn from SHA-3 competition

Chen Ke-Fei Lin chen.ke.fei.lin at gmail.com
Mon Jul 6 22:07:34 EDT 2009


At 10:39 AM -0700 7/4/09, Hal Finney wrote:
>But how many other hash function candidates would also be excluded if
>such a stringent criterion were applied? Or turning it around, if NIST
>demanded a proof of immunity to differential attacks as Rivest proposed,
>how many candidates have offered such a proof, in variants fast enough
>to beat SHA-2?

Several hash candidates have proofs against differential attacks but only
four with such proofs are faster than SHA-2 (Edon-R, Shabal, Cheetah and
Keccak).
But according to http://eprint.iacr.org/2008/511.pdf
Keccak and Cheetah in 32-bit mode are not actually faster than SHA-2.

C.K.F. Lin

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list