|
|
CubeHash submission to the SHA-3 competition
First submission
In October 2008, I proposed
CubeHash80+8/1+80–224,
CubeHash80+8/1+80–256,
CubeHash80+8/1+80–384, and
CubeHash80+8/1+80–512
as SHA-3 candidates.
My submission to NIST included
along with software and test vectors.
Second submission
In July 2009,
responding to NIST clarifications of speed criteria and security criteria,
I proposed a different selection of CubeHash parameters for SHA-3:
- CubeHash160+16/32+160–224 for SHA-3–224,
- CubeHash160+16/32+160–256 for SHA-3–256,
- CubeHash160+16/32+160–384 for SHA-3–384-normal,
- CubeHash160+16/32+160–512 for SHA-3–512-normal,
- CubeHash160+16/1+160–384 for SHA-3–384-formal, and
- CubeHash160+16/1+160–512 for SHA-3–512-formal.
CubeHash16/32 is approximately 16 times faster than CubeHash8/1.
I submitted a document
to NIST describing this change in detail.
In September 2009,
I sent NIST an updated
Third submission
In November 2010,
responding to concerns regarding the short-message performance of CubeHash
(particularly for packet authentication),
I proposed a different selection of CubeHash parameters for SHA-3:
- CubeHash128, defined as CubeHash16+16/32+32–128, for AHS128;
- CubeHash160, defined as CubeHash16+16/32+32–160, for AHS160;
- CubeHash224, defined as CubeHash16+16/32+32–224, for AHS224;
- CubeHash256, defined as CubeHash16+16/32+32–256, for AHS256;
- CubeHash384, defined as CubeHash16+16/32+32–384, for AHS384;
- CubeHash512, defined as CubeHash16+16/32+32–512, for AHS512;
- CubeHash512x, defined as CubeHash16+16/1+32–512, for AHS512x; and
- CubeMAC128, defined as CubeHash16+16/32+32–128
where a 512-bit secret key is prepended to the input, for AMAC128.
I submitted a document
to NIST describing this change in detail.
Version
This is version 2010.12.03 of the submission.html web page.
|