 | |
| General | |
|---|---|
| Designers | Bruce Schneier,Niels Ferguson, et al. |
| Derived from | Threefish |
| Certification | SHA-3 finalist |
| Detail | |
| Digest sizes | arbitrary |
| Structure | Unique Block Iteration |
| Rounds | 72 (256 & 512 block size), 80 (1024 block size) |
| Speed | 6.1cpb onCore 2.[1] |
Skein is acryptographic hash function and one of five finalists in theNIST hash function competition. Entered as a candidate to become theSHA-3 standard, the successor ofSHA-1 andSHA-2, it ultimately lost to NIST hash candidateKeccak.[2]
The name Skein refers to how the Skein function intertwines the input, similar to askein of yarn.[1]
Skein was created byBruce Schneier,Niels Ferguson,Stefan Lucks, Doug Whiting,Mihir Bellare, Tadayoshi Kohno,Jon Callas and Jesse Walker.
Skein is based on theThreefishtweakableblock cipher compressed usingUnique Block Iteration (UBI) chaining mode, a variant of theMatyas–Meyer–Oseas hash mode,[3] while leveraging an optional low-overhead argument-system for flexibility.
Skein's algorithm and areference implementation was given topublic domain.[4]
Skein supports internal state sizes of 256, 512 and 1024 bits, and arbitrary output sizes.[5]
The authors claim 6.1cycles per byte for any output size on anIntel Core 2 Duo in 64-bit mode.[6]
The core of Threefish is based on a MIX function that transforms 2 64-bit words using a single addition, rotation by a constant and XOR. The UBI chaining mode combines an input chaining value with an arbitrary length input string and produces a fixed size output.
Threefish'snonlinearity comes entirely from the combination of addition operations andexclusive-ORs; it does not useS-boxes. The function is optimized for 64-bit processors, and the Skein paper defines optional features such as randomizedhashing,parallelizabletree hashing, astream cipher, personalization, and akey derivation function.
In October 2010, an attack that combinesrotational cryptanalysis with therebound attack was published. The attack finds rotational collisions for 53 of 72 rounds in Threefish-256, and 57 of 72 rounds in Threefish-512. It also affects the Skein hash function.[7] This is a follow-up to the earlier attack published in February, which breaks 39 and 42 rounds respectively.[8]
The Skein team tweaked thekey schedule constant for round 3 of the NIST hash function competition, to make this attack less effective, even though they believe the hash would still be secure without these tweaks.[1]
Hash values of empty string.
Skein-256-256("")c8877087da56e072870daa843f176e9453115929094c3a40c463a196c29bf7baSkein-512-256("")39ccc4554a8b31853b9de7a1fe638a24cce6b35a55f2431009e18780335d2621Skein-512-512("")bc5b4c50925519c290cc634277ae3d6257212395cba733bbad37a4af0fa06af41fca7903d06564fea7a2d3730dbdb80c1f85562dfcc070334ea4d1d9e72cba7a
Even a small change in the message will (with overwhelming probability) result in a mostly different hash, due to theavalanche effect. For example, adding a period to the end of the sentence:
Skein-512-256("The quick brown fox jumps over the lazy dog")b3250457e05d3060b1a4bbc1428bc75a3f525ca389aeab96cfa34638d96e492aSkein-512-256("The quick brown fox jumps over the lazy dog.")41e829d7fca71c7d7154ed8fc8a069f274dd664ae0ed29d365d919f4e575eebbSkein-512-512("The quick brown fox jumps over the lazy dog")94c2ae036dba8783d0b3f7d6cc111ff810702f5c77707999be7e1c9486ff238a7044de734293147359b4ac7e1d09cd247c351d69826b78dcddd951f0ef912713Skein-512-512("The quick brown fox jumps over the lazy dog.")658223cb3d69b5e76e3588ca63feffba0dc2ead38a95d0650564f2a39da8e83fbb42c9d6ad9e03fbfde8a25a880357d457dbd6f74cbcb5e728979577dbce5436
