Grøstl – a SHA-3 candidate Page 1 Grøstl – a SHA-3 candidate ∗ http://www.groestl.info
Praveen Gauravaram1, Lars R. Knudsen1, Krystian Matusiewicz1, Florian Mendel2, Christian …

We exhibit a hash-based storage auditing scheme which is provably secure in the random-
oracle model (ROM), but easily broken when one instead uses typical indifferentiable hash …

We show that the second iterate H^ 2 (M)= H (H (M)) of a random oracle H cannot achieve
strong security in the sense of indifferentiability from a random oracle. We do so by proving …

The concept of indifferentiability of systems, a generalized form of indistinguishability, was
proposed in 2004 to provide a simplified and generalized explanation of impossibility results …

Known-key distinguishers for block ciphers were proposed by Knudsen and Rijmen at
ASIACRYPT 2007 and have been a major research topic in cryptanalysis since then. A …

A major general paradigm in cryptography is the following argument: Whatever an adversary
could do in the real world, it could just as well do in the ideal world. The standard …

The construction XORP (bitwise-xor of outputs of two independent n-bit random
permutations) has gained broad attention over the last two decades due to its high security …

Abstract In 2007, the US National Institute for Standards and Technology announced a call
for the design of a new cryptographic hash algorithm in response to vulnerabilities identified …

Cryptographic hash functions provide a basic data authentication mechanism and are used
pervasively as building blocks to realize many cryptographic functionalities, including block …

BLAKE2 is a hash function introduced at ACNS 2013, which has been adopted in many
constructions and applications. It is a successor to the SHA-3 finalist BLAKE, which received …