Norwegian University of Science and Technology


A small FPGA implementation for Blue Midnight Wish

We have implemented the core functionality with finalization but without padding stage of Blue Midnight Wish on Xilinx Virtex-5 FPGA. It requires 51 slices for BMW-256 and 105 slices for BMW-512. Both BMW versions require two blocks of memory: one memory block to store the intermediate values and hash constants and the other memory block to store the instruction controls. The proposed implementation achieves a throughput of 68.71 Mpbs for BMW-256 and 112.18 Mpbs for BMW-512.

**Take the report about the implementation.**

Take the complete implementation packages from here: **BMW256** and **BMW512**

A framework for Measuring and Evaluating the Progress of the Cryptanalysis of the Hash Function Blue Midnight Wish

Attacker Hash size Type of attack Compression function Whole function
Attacked variables (rounds) Complexity Attacked variables (rounds) Complexity
Aumasson All pseudo-distinguisher 1 out of 16 219 0 out of 32 N/A
Nikolic et.al. 512 pseudo-distinguisher (modified function) 1 out of 16 2278.2 0 out of 32 N/A
Guo & Thomsen All pseudo-distinguisher 1 out of 16 21 0 out of 32 N/A
Leurent 256 pseudo-collision 3 out of 16 232 0 out of 32 N/A
Leurent & Thomsen 256 pseudo-collision 3 full, 7 partial out of 16 232 0 out of 32 N/A
Leurent & Thomsen 512 pseudo-collision 3 full, 7 partial out of 16 264 0 out of 32 N/A

Blue Midnight Wish is not just the fastest hash function among Second Round SHA-3 candidates, but from independent cryptanalysis it is the only hash function that has only pseudo attacks.

For the taxonomy of the attacks on hash function please see Ch. 2.5 of Bart Preneel's PhD thesis. There, all attacks that are trying to find H1 != H2, M1 != M2 such that there are certain relations for c(H1, M1) and c(H2, M2) have a prefix PSEUDO.

**DOWNLOAD** a PDF document explaining the framework in more details.

(some old news on this page)

Blue Midnight Wish cryptographic hash function entering the Second Round of SHA-3 hash competition

Q2S are very proud to announce that our proposition: The Blue Midnight Wish cryptographic hash function has been chosen as one of the 14 functions which has entered the second round of the SHA-3 hash competition.

The version of Blue Midnight Wish cryptographic hash function submitted to the second round has been significantly strengthened against free-start near-collision attacks and pseudo-attacks by a couple of minor tweaks of the original construction.

You can take the whole ZIPed submission package (~11MB) of the tweaked version **HERE**.

Or you can browse the submission package **HERE**.

Our tweaks are summarized in the file Round2Mods.pdf, and the updated documentation is given in the file BlueMidnightWishDocumentation.pdf

The tweaked version of Blue Midnight Wish continues to be in the line of the NIST expectations announced in the Federal Register Notice published on November 2, 2007: “NIST expects SHA–3 to have a security strength that is at least as good as the hash algorithms currently specified in FIPS 180–2, and that this security strength will be achieved with significantly improved efficiency.”

Namely, supposing that the meaning of the phrase “significantly improved efficiency” means at least 2 times faster than SHA-2 hash function, the performance of latest 32-bit and 64-bit optimized C versions are given below. The code prepared for eBASH can be downloaded from here.

In the forthcoming period, we hope that SSE and assembler versions will increase the speed of the function in the range of 20% - 40%.

performancedecember2009referenceplatform.jpg

Papers that can help cryptographers that analyze Blue Midnight Wish:

  1. Danilo Gligoroski, Vlastimil Klima: On the Computational Asymmetry of the S-boxes Present in Blue Midnight Wish Cryptographic Hash Function, ICT Innovations 2009, Sept. 28 - 30, Ohrid, R. Macedonia
  2. Vlastimil Klima and Petr Susil: A Note on Linear Approximations of BLUE MIDNIGHT WISH Cryptographic Hash Function, Cryptology ePrint Archive: Report 2009/453, Sept. 15, 2009
  3. Vlastimil Klima, Danilo Gligoroski, On Blue Midnight Wish Decomposition, SantaCrypt 2009, Dec. 3-4, 2009, Prague, Czech Republic, Proceedings of SantaCrypt 2009, pp. 41-51.
  4. S{\o}ren S. Thomsen, Pseudo-cryptanalysis of the Original Blue Midnight Wish, Cryptology ePrint Archive: Report 2009/478, Sept. 28, 2009

Members of the Blue Midnight Wish team are:

  • Svein Johan Knapskog - team coordinator
  • Danilo Gligoroski - designer
  • Vlastimil Klima - designer
  • Mohamed El-Hadedy - hardware implementation (FPGA and ASIC)
  • Jørn Amundsen - Big-endian and endian-neutral implementation, suggestions for improvements
  • Stig Frode Mjølsnes - contributions for an 8-bit implementation
  • Rune Erlend Jensen - specializing in x86 and x64 optimizations and keeping the function on the top of the supercop charts
  • Daniel Otte - specializing in optimizations for embedded 8-bit, 16-bit, 32-bit processors, keeping the function on the top of the comparative charts



2010/11/15 13:02, danilog
NTNU, NO-7491 Trondheim. Telephone: +47 73 59 50 00. Contact us
Editorial responsibility: Director of Information Christian Fossen