Results 1 
2 of
2
Really fast syndromebased hashing
 URL: http://eprint.iacr.org/2011/074. Citations in this document
, 2011
"... Abstract. The FSB (fast syndromebased) hash function was submitted to the SHA3 competition by Augot, Finiasz, Gaborit, Manuel, and Sendrier in 2008, after preliminary designs proposed in 2003, 2005, and 2007. Many FSB parameter choices were broken by Coron and Joux in 2004, Saarinen in 2007, and F ..."
Abstract

Cited by 5 (1 self)
 Add to MetaCart
Abstract. The FSB (fast syndromebased) hash function was submitted to the SHA3 competition by Augot, Finiasz, Gaborit, Manuel, and Sendrier in 2008, after preliminary designs proposed in 2003, 2005, and 2007. Many FSB parameter choices were broken by Coron and Joux in 2004, Saarinen in 2007, and Fouque and Leurent in 2008, but the basic FSB idea appears to be secure, and the FSB submission remains unbroken. On the other hand, the FSB submission is also quite slow, and was not selected for the second round of the competition. This paper introduces RFSB, an enhancement to FSB. In particular, this paper introduces the RFSB509 compression function, RFSB with a particular set of parameters. RFSB509, like the FSB256 compression function, is designed to be used inside a 256bit collisionresistant hash function: all known attack strategies cost more than 2 128 to find collisions in RFSB509. However, RFSB509 is an order of magnitude faster than FSB256. On a single core of a Core 2 Quad Q9550 CPU, RFSB509 runs at 10.67 cycles/byte: faster than SHA256, faster than 7 of the 14 secondround SHA3 candidates, and faster than 3 of the 5 SHA3 finalists. Key words: compression functions, collision resistance, linearization, generalized birthday attacks, informationset decoding, tight reduction to L1 cache. 1
Improved Generalized Birthday Attack
, 2011
"... Let r, B and w be positive integers. Let C be a linear code of length Bw and subspace of Fr 2. The kregulardecoding problem is to find a nonzero codeword consisting of w lengthB blocks with Hamming weight k. This problem was mainly studied after 2002. Not being able to solve this problem is criti ..."
Abstract
 Add to MetaCart
Let r, B and w be positive integers. Let C be a linear code of length Bw and subspace of Fr 2. The kregulardecoding problem is to find a nonzero codeword consisting of w lengthB blocks with Hamming weight k. This problem was mainly studied after 2002. Not being able to solve this problem is critical for cryptography as it gives a fast attack against FSB, SWIFFT and learning parity with noise. In this paper, the classical methods are used in the same algorithm and improved.