Section: Application Domains

Hash Functions

Since the previous section just ended on this topic, we start with it for the major problems to address within the next years. A NIST competition on hash functions has been launched late 2007 and finished a few months ago. In the first step, cryptographers had to build and analyze their own candidate; in a second step, cryptanalysts were solicited, in order to analyze and break all the proposals. The conclusion has been announced with the winner Keccak, on October 2nd, 2012.

The symmetric people of the Cascade team have worked these years on the development of a new hash function called SIMD that has been selected for the second round of the NIST SHA-3 competition. SIMD hash function is quite similar to members of the MD/SHA family. It is based on a familiar Merkle-Damgard design, where the compression function is built from a Feistel-like cipher in Davies-Meyer mode. However there are some innovations in this design: the internal state is twice as big as the output size, we use a strong message expansion, and we use a modified feed-forward in the compression function. The main design criteria was to follow the MD/SHA designs principle which are quite well understood, and to add some elements to avoid all known attacks. SIMD is particularly efficient on platforms with vector instructions (SIMD) which are available on many processors. Such instructions have been proposed since 1997 and are now widely deployed. Moreover, it is also possible to use two cores on multicore processors to boost the performances with a factor 1.8 by splitting the message expansion function and the hashing process.

More recently, we essentially worked on the other candidates, with some analyses and attacks. Even if the winner has been selected, there is still a lot of work to do on hash functions, as there is on block-ciphers, even if AES was selected a long time ago.