Skein (hash function)
Encyclopedia
Skein is a cryptographic hash function
and one out of five finalists in the NIST hash function competition
to design what will become the SHA-3 standard, the intended successor of SHA-1 and SHA-2
. According to Stefan Lucks
, the name Skein refers to how the Skein function intertwines the input, similar to a coil of yarn, which is called a skein.
Skein was created by Niels Ferguson
, Stefan Lucks
, Bruce Schneier
, Doug Whiting, Mihir Bellare
, Tadayoshi Kohno, Jon Callas
and Jesse Walker. Skein is based on the Threefish
tweakable block cipher
. Skein supports internal state sizes of 256, 512 and 1024 bits, and arbitrary output sizes. The authors claim 6.1 cycles per byte
for any output size on an Intel Core 2
Duo in 64-bit mode.
Skein's nonlinearity
comes entirely from the combination of addition operations and exclusive-ORs; it does not use S-boxes. The function is optimized for 64-bit processors, and the Skein paper defines optional features such as randomized hashing
, parallelizable tree hashing
, a stream cipher
, personalization, and a key derivation function
.
with the rebound attack was published. The attack finds rotational collisions for 53 of 72 rounds in Skein-256, and 57 of 72 rounds in Skein-512. It also affects the Threefish
cipher. This is a follow-up to the earlier attack published in February, which breaks 39 and 42 rounds respectively.
The Skein team tweaked the key schedule
constant for round 3 of the NIST hash function competition, to make this attack less effective, even though they believe the hash would be secure even without these tweaks.
Cryptographic hash function
A cryptographic hash function is a deterministic procedure that takes an arbitrary block of data and returns a fixed-size bit string, the hash value, such that an accidental or intentional change to the data will change the hash value...
and one out of five finalists in the NIST hash function competition
NIST hash function competition
The NIST hash function competition is an open competition held by the US National Institute of Standards and Technology for a new SHA-3 function to replace the older SHA-1 and SHA-2, which was formally announced in the Federal Register on November 2, 2007...
to design what will become the SHA-3 standard, the intended successor of SHA-1 and SHA-2
SHA-2
In cryptography, SHA-2 is a set of cryptographic hash functions designed by the National Security Agency and published in 2001 by the NIST as a U.S. Federal Information Processing Standard. SHA stands for Secure Hash Algorithm. SHA-2 includes a significant number of changes from its predecessor,...
. According to Stefan Lucks
Stefan Lucks
Stefan Lucks is a researcher in the fields of communications security and cryptography. Lucks is known for his attack on Triple DES, and for extending Lars Knudsen's Square attack to Twofish, a cipher outside the Square family, thus generalising the attack into integral cryptanalysis...
, the name Skein refers to how the Skein function intertwines the input, similar to a coil of yarn, which is called a skein.
Skein was created by Niels Ferguson
Niels Ferguson
Niels T. Ferguson is a Dutch cryptographer and consultant who currently works for Microsoft. He has worked with others, including Bruce Schneier, designing cryptographic algorithms, testing algorithms and protocols, and writing papers and books...
, Stefan Lucks
Stefan Lucks
Stefan Lucks is a researcher in the fields of communications security and cryptography. Lucks is known for his attack on Triple DES, and for extending Lars Knudsen's Square attack to Twofish, a cipher outside the Square family, thus generalising the attack into integral cryptanalysis...
, Bruce Schneier
Bruce Schneier
Bruce Schneier is an American cryptographer, computer security specialist, and writer. He is the author of several books on general security topics, computer security and cryptography, and is the founder and chief technology officer of BT Managed Security Solutions, formerly Counterpane Internet...
, Doug Whiting, Mihir Bellare
Mihir Bellare
Mihir Bellare is a cryptographer and professor at the University of California, San Diego. He has published several seminal papers in the field of cryptography , many coauthored with Phillip Rogaway. Bellare has published a number of papers in the field of Format-Preserving Encryption...
, Tadayoshi Kohno, Jon Callas
Jon Callas
Jon Callas is an American computer security expert and Chief Technical Officer of Entrust. Callas has a long history of work in the computer security field, and is a frequent speaker at industry conferences. Additionally, Callas is a contributor to multiple IETF RFCs...
and Jesse Walker. Skein is based on the Threefish
Threefish
Threefish is a tweakable block cipher designed as part of the Skein hash function, an entry in the NIST hash function competition. Threefish uses no S-boxes or other table lookups in order to avoid cache timing attacks; its nonlinearity comes from alternating additions with exclusive ORs...
tweakable block cipher
Block cipher
In cryptography, a block cipher is a symmetric key cipher operating on fixed-length groups of bits, called blocks, with an unvarying transformation. A block cipher encryption algorithm might take a 128-bit block of plaintext as input, and output a corresponding 128-bit block of ciphertext...
. Skein supports internal state sizes of 256, 512 and 1024 bits, and arbitrary output sizes. The authors claim 6.1 cycles per byte
Cycles per byte
Cycles per byte is a unit of measurement which indicates the number of clock cycles a microprocessor will perform per byte of data processed in an algorithm. It is commonly used as a partial indicator of real-world performance in cryptographic functions....
for any output size on an Intel Core 2
Intel Core 2
Core 2 is a brand encompassing a range of Intel's consumer 64-bit x86-64 single-, dual-, and quad-core microprocessors based on the Core microarchitecture. The single- and dual-core models are single-die, whereas the quad-core models comprise two dies, each containing two cores, packaged in a...
Duo in 64-bit mode.
Skein's nonlinearity
Nonlinearity
In mathematics, a nonlinear system is one that does not satisfy the superposition principle, or one whose output is not directly proportional to its input; a linear system fulfills these conditions. In other words, a nonlinear system is any problem where the variable to be solved for cannot be...
comes entirely from the combination of addition operations and exclusive-ORs; it does not use S-boxes. The function is optimized for 64-bit processors, and the Skein paper defines optional features such as randomized hashing
Hash function
A hash function is any algorithm or subroutine that maps large data sets to smaller data sets, called keys. For example, a single integer can serve as an index to an array...
, parallelizable tree hashing
Hash tree
In cryptography and computer science Hash trees or Merkle trees are a type of data structure which contains a tree of summary information about a larger piece of data – for instance a file – used to verify its contents. Hash trees are a combination of hash lists and hash chaining, which in turn are...
, a stream cipher
Stream cipher
In cryptography, a stream cipher is a symmetric key cipher where plaintext digits are combined with a pseudorandom cipher digit stream . In a stream cipher the plaintext digits are encrypted one at a time, and the transformation of successive digits varies during the encryption...
, personalization, and a key derivation function
Key derivation function
In cryptography, a key derivation function derives one or more secret keys from a secret value such as a master key or other known information such as a password or passphrase using a pseudo-random function...
.
Cryptanalysis
In October 2010, an attack that combines rotational cryptanalysisRotational cryptanalysis
In cryptography, rotational cryptanalysis is a generic cryptanalytic attack against algorithms that rely on three operations: modular addition, rotation and XOR — ARX for short...
with the rebound attack was published. The attack finds rotational collisions for 53 of 72 rounds in Skein-256, and 57 of 72 rounds in Skein-512. It also affects the Threefish
Threefish
Threefish is a tweakable block cipher designed as part of the Skein hash function, an entry in the NIST hash function competition. Threefish uses no S-boxes or other table lookups in order to avoid cache timing attacks; its nonlinearity comes from alternating additions with exclusive ORs...
cipher. This is a follow-up to the earlier attack published in February, which breaks 39 and 42 rounds respectively.
The Skein team tweaked the key schedule
Key schedule
[[Image:DES-key-schedule.png|thumbnail|220px|The key schedule of DES [[Image:DES-key-schedule.png|thumbnail|220px|The key schedule of DES [[Image:DES-key-schedule.png|thumbnail|220px|The key schedule of DES ("[[Image:DES-key-schedule.png|thumbnail|220px|The key schedule of DES ("...
constant for round 3 of the NIST hash function competition, to make this attack less effective, even though they believe the hash would be secure even without these tweaks.
External links
Implementations
- SPARKSkein - an implementation of Skein in SPARK, with proofs of type-safety
- BotanBotan (programming library)Botan is a BSD-licensed cryptographic library written in C++.It provides a wide variety of cryptographic algorithms, formats, and protocols. It is used in the Monotone distributed revision control program....
contains a C++ implementation of Skein-512 - nskein - A .NET implementation of Skein with support for all block sizes
- Skein module for Python
- Digest::Skein, an implementation in C and Perl
- A C# implementation of Skein and Threefish (based on version 1.3)
- Java, Scala, and Javascript implementations of Skein 512-512 (based on version 1.3)
- A Java implementation of Skein (based on version 1.1)
- An implementation of Skein in Ada
- Skein hash function for Erlang, via NIFs
- Skein 512-512 implemented in Bash
- Skein implemented in Haskell
- A VHDL source codes developed in the Cryptographic Engineering Research Group (CERG) at George Mason University