Hashing messages with lengths between 32 and 128 bytes is one of the most important practical issue (was Re: the skein hash function)

Paul paulcrossberg at 123mail.org
Fri Jul 30 06:51:19 EDT 2010


Bill Stewart wrote:
Sent: Thursday, October 30, 2008 7:30 AM
To: Cryptography List
Subject: Re: the skein hash function

<Snip>
> So if Skein becomes popular, ASIC accelerator hardware
> may be practical for higher-speed applications.


I see another strong point for Skein:

Deterministically generated and cryptographically strong random numbers
are used in tens of NIST Approved Algorithms. They are constructed by
using an approved hash algorithm, and there, hashing is performed over
relatively short messages from 32 to 128 bytes.
Some examples where approved hash algorithms are used (directly or
indirectly):
1. Approved algorithms for digital signatures.
2. FIPS 196, Entity Authentication Using Public Key Cryptography.
3. Special Publication 800-108. Recommendation for Key Derivation Using
Pseudorandom Functions
4. SP 800-57, Part 3 Recommendation for Key Management - Part 3:
Application-Specific Key Management Guidance (especially recommendations
for selected set of applications: PKI, IPsec, TLS, S/MIME, Kerberos,
OTAR, DNSSEC and Encrypted File Systems)

Additionally millions of secure web servers are constantly producing
cryptographically strong random numbers that are generated by Fortuna or
similar algorithms where hashing is also performed over short messages
of 32 to 128 bytes.

While the performance of future SHA-3 over long messages is very
important, the performance of SHA-3 for hashing messages with lengths
between 32 and 128 bytes is even more important from practical point of
view.

Analyzing eBASH measurements for hashing messages of just 64 bytes gives
us totally different picture of the usefulness of proposed SHA-3
candidates, than the picture that we have for hashing long messages.

Take for example the measurements of the cobra system (measurements from
supercop-20100726) in 64-bit mode, AND FOR 64-byte messages (actually
measurements are very similar on all 64-bit machines).
The ranking of 14 SHA-3 candidates is:

1.  17.44       skein512
2.  18.94       bmw512
3.  21.38       bmw256
4.  23.81       blake32
5.  24.75       blake64
6.  28.31       simd256
7.  30.38       keccakc512
8.  30.56       keccak
9.  31.88       luffa256
10. 35.25       jh384
11. 35.62       jh256
12. 35.62       jh224
13. 35.62       jh512
14. 38.25       shabal512
15. 42.38       hamsi
16. 43.69       luffa384
17. 48.75       shavite3256
18. 56.25       simd512
19. 57.38       groestl256
20. 66.00       luffa512
21. 87.56       cubehash1632
22. 88.69       echo256
23. 93.56       shavite3512
24. 100.69      groestl512
25. 106.69      fugue256
26. 111.38      echo512



Regards,
-- 
  Paul
  paulcrossberg at 123mail.org

-- 
http://www.fastmail.fm - Access all of your messages and folders
                          wherever you are

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list