Panama (cryptography)

Last updated
Panama (cipher)
General
Designers Joan Daemen,
Craig Clapp
First publishedDecember 1998 [1]
Derived fromStepRightUp
Successors MUGI, RadioGatún, SHA-3
Cipher detail
Key sizes 256 bits

Panama is a cryptographic primitive which can be used both as a hash function and a stream cipher, but its hash function mode of operation has been broken and is not suitable for cryptographic use. Based on StepRightUp, it was designed by Joan Daemen and Craig Clapp and presented in the paper Fast Hashing and Stream Encryption with PANAMA on the Fast Software Encryption (FSE) conference 1998. The cipher has influenced several other designs, for example MUGI and SHA-3. [2] [3]

Contents

The primitive can be used both as a hash function and a stream cipher. The stream cipher uses a 256-bit key and the performance of the cipher is very good reaching 2 cycles per byte.

Hash function

Panama (hash)
Cipher detail
Digest sizes 256 bits
Security claims2128 (collision resistance)
Block sizes 256 bits
State size8736 bits
Best public cryptanalysis
Panama hash collisions can be generated in 26 time. [4]

As a hash function, collisions have been shown by Vincent Rijmen et al. in the paper Producing Collisions for PANAMA presented at FSE 2001. The attack shows a computational complexity of 282 and with negligible memory requirements. [5]

At FSE 2007, Joan Daemen and Gilles Van Assche presented a practical attack on the Panama hash function that generates a collision in 26 evaluations of the state updating function. [4]

Guido Bertoni, Joan Daemen, Michaël Peeters, and Gilles Van Assche, at NIST's 2006 Second Cryptographic Hash Workshop, unveiled a Panama variant called RadioGatún. The hash function workings of RadioGatún does not have the known weaknesses that Panama's hash function has. In turn, RadioGatún inspired the new cryptographic standard SHA-3. [2]

See also

Related Research Articles

In cryptography, SHA-1 is a hash function which takes an input and produces a 160-bit (20-byte) hash value known as a message digest – typically rendered as 40 hexadecimal digits. It was designed by the United States National Security Agency, and is a U.S. Federal Information Processing Standard. The algorithm has been cryptographically broken but is still widely used.

Articles related to cryptography include:

<span class="mw-page-title-main">Vincent Rijmen</span> Belgian cryptographer (born 1970)

Vincent Rijmen is a Belgian cryptographer and one of the two designers of the Rijndael, the Advanced Encryption Standard. Rijmen is also the co-designer of the WHIRLPOOL cryptographic hash function, and the block ciphers Anubis, KHAZAD, Square, NOEKEON and SHARK.

<span class="mw-page-title-main">Cryptographic hash function</span> Hash function that is suitable for use in cryptography

A cryptographic hash function (CHF) is a hash algorithm that has special properties desirable for a cryptographic application:

In cryptography, confusion and diffusion are two properties of a secure cipher identified by Claude Shannon in his 1945 classified report A Mathematical Theory of Cryptography. These properties, when present, work together to thwart the application of statistics, and other methods of cryptanalysis.

Joan Daemen is a Belgian cryptographer who is currently professor of digital security at Radboud University. He co-designed with Vincent Rijmen the Rijndael cipher, which was selected as the Advanced Encryption Standard (AES) in 2001. More recently, he co-designed the Keccak cryptographic hash, which was selected as the new SHA-3 hash by NIST in October 2012. He has also designed or co-designed the MMB, Square, SHARK, NOEKEON, 3-Way, and BaseKing block ciphers. In 2017 he won the Levchin Prize for Real World Cryptography "for the development of AES and SHA3". He describes his development of encryption algorithms as creating the bricks which are needed to build the secure foundations online.

In cryptography, Square is a block cipher invented by Joan Daemen and Vincent Rijmen. The design, published in 1997, is a forerunner to Rijndael, which has been adopted as the Advanced Encryption Standard. Square was introduced together with a new form of cryptanalysis discovered by Lars Knudsen, called the "Square attack".

In cryptography, SHARK is a block cipher identified as one of the predecessors of Rijndael.

NOEKEON is a family of two block ciphers designed by Joan Daemen, Michaël Peeters, Gilles Van Assche and Vincent Rijmen and submitted to the NESSIE project in September 2000. The two ciphers are "direct mode" NOEKEON, to be used for maximum efficiency where related-key attacks are not possible, and "indirect mode" NOEKEON where they are.

In cryptography, BaseKing is a block cipher designed in 1994 by Joan Daemen. It is very closely related to 3-Way, as the two are variants of the same general cipher technique.

<span class="mw-page-title-main">RadioGatún</span> Cryptographic hash primitive

RadioGatún is a cryptographic hash primitive created by Guido Bertoni, Joan Daemen, Michaël Peeters, and Gilles Van Assche. It was first publicly presented at the NIST Second Cryptographic Hash Workshop, held in Santa Barbara, California, on August 24–25, 2006, as part of the NIST hash function competition. The same team that developed RadioGatún went on to make considerable revisions to this cryptographic primitive, leading to the Keccak SHA-3 algorithm.

The NIST hash function competition was an open competition held by the US National Institute of Standards and Technology (NIST) to develop a new hash function called SHA-3 to complement the older SHA-1 and SHA-2. The competition was formally announced in the Federal Register on November 2, 2007. "NIST is initiating an effort to develop one or more additional hash algorithms through a public competition, similar to the development process for the Advanced Encryption Standard (AES)." The competition ended on October 2, 2012, when NIST announced that Keccak would be the new SHA-3 hash algorithm.

SHA-3 is the latest member of the Secure Hash Algorithm family of standards, released by NIST on August 5, 2015. Although part of the same series of standards, SHA-3 is internally different from the MD5-like structure of SHA-1 and SHA-2.

The following tables compare general and technical information for a number of cryptographic hash functions. See the individual functions' articles for further information. This article is not all-inclusive or necessarily up-to-date. An overview of hash function security/cryptanalysis can be found at hash function security summary.

Spectral Hash is a cryptographic hash function submitted to the NIST hash function competition by Gokay Saldamlı, Cevahir Demirkıran, Megan Maguire, Carl Minden, Jacob Topper, Alex Troesch, Cody Walker, Çetin Kaya Koç. It uses a Merkle–Damgård construction and employs several mathematical structures including finite fields and discrete Fourier transforms. The authors claim 512-bit hashes at 51.2 gigabits per second on a 100-MHz Virtex-4 FPGA.

The following outline is provided as an overview of and topical guide to cryptography:

This article summarizes publicly known attacks against cryptographic hash functions. Note that not all entries may be up to date. For a summary of other hash function parameters, see comparison of cryptographic hash functions.

In the software development process, a reference implementation is a program that implements all requirements from a corresponding specification. The reference implementation often accompanies a technical standard, and demonstrates what should be considered the "correct" behavior of any other implementation of it.

<span class="mw-page-title-main">Sponge function</span> Theory of cryptography

In cryptography, a sponge function or sponge construction is any of a class of algorithms with finite internal state that take an input bit stream of any length and produce an output bit stream of any desired length. Sponge functions have both theoretical and practical uses. They can be used to model or implement many cryptographic primitives, including cryptographic hashes, message authentication codes, mask generation functions, stream ciphers, pseudo-random number generators, and authenticated encryption.

Gilles Van Assche is a Belgian cryptographer who co-designed the Keccak cryptographic hash, which was selected as the new SHA-3 hash by NIST in October 2012. The SHA-3 standard was released by NIST on August 5, 2015.

References

  1. Daemen, Joan; Clapp, Craig. "The Panama Cryptographic Function". Dr. Dobb's.
  2. 1 2 http://csrc.nist.gov/groups/ST/hash/sha-3/documents/Keccak-slides-at-NIST.pdf On slide 5, it states the "starting point: fixing Panama"
  3. Bertoni, Guido; Daemen, Joan; Peeters, Michaël; Van Assche, Gilles (2009). "The Road from Panama to Keccak via RadioGatún". Drops-Idn/V2/Document/10.4230/Dagsemproc.09031.17. Dagstuhl Seminar Proceedings (DagSemProc). 9031: 1–9. doi: 10.4230/DagSemProc.09031.17 . Retrieved 2009-10-20.
  4. 1 2 Joan Daemen; Gilles Van Assche (2007-04-04). Producing Collisions for Panama, Instantaneously. FSE 2007.
  5. Vincent Rijmen; Bart Van Rompay; Bart Preneel; Joos Vandewalle (2001). Producing Collisions for PANAMA. FSE 2001.