We have implemented the core functionality with finalization but without padding stage of Blue Midnight Wish on Xilinx Virtex-5 FPGA. It requires 51 slices for BMW-256 and 105 slices for BMW-512. Both BMW versions require two blocks of memory: one memory block to store the intermediate values and hash constants and the other memory block to store the instruction controls. The proposed implementation achieves a throughput of 68.71 Mpbs for BMW-256 and 112.18 Mpbs for BMW-512.
|Attacker||Hash size||Type of attack||Compression function||Whole function|
|Attacked variables (rounds)||Complexity||Attacked variables (rounds)||Complexity|
|Aumasson||All||pseudo-distinguisher||1 out of 16||219||0 out of 32||N/A|
|Nikolic et.al.||512||pseudo-distinguisher (modified function)||1 out of 16||2278.2||0 out of 32||N/A|
|Guo & Thomsen||All||pseudo-distinguisher||1 out of 16||21||0 out of 32||N/A|
|Leurent||256||pseudo-collision||3 out of 16||232||0 out of 32||N/A|
|Leurent & Thomsen||256||pseudo-collision||3 full, 7 partial out of 16||232||0 out of 32||N/A|
|Leurent & Thomsen||512||pseudo-collision||3 full, 7 partial out of 16||264||0 out of 32||N/A|
Blue Midnight Wish is not just the fastest hash function among Second Round SHA-3 candidates, but from independent cryptanalysis it is the only hash function that has only pseudo attacks.
For the taxonomy of the attacks on hash function please see Ch. 2.5 of Bart Preneel's PhD thesis. There, all attacks that are trying to find H1 != H2, M1 != M2 such that there are certain relations for c(H1, M1) and c(H2, M2) have a prefix PSEUDO.
**DOWNLOAD** a PDF document explaining the framework in more details.
(some old news on this page)
Q2S are very proud to announce that our proposition: The Blue Midnight Wish cryptographic hash function has been chosen as one of the 14 functions which has entered the second round of the SHA-3 hash competition.
The version of Blue Midnight Wish cryptographic hash function submitted to the second round has been significantly strengthened against free-start near-collision attacks and pseudo-attacks by a couple of minor tweaks of the original construction.
You can take the whole ZIPed submission package (~11MB) of the tweaked version **HERE**.
Or you can browse the submission package **HERE**.
The tweaked version of Blue Midnight Wish continues to be in the line of the NIST expectations announced in the Federal Register Notice published on November 2, 2007: â€śNIST expects SHAâ€“3 to have a security strength that is at least as good as the hash algorithms currently specified in FIPS 180â€“2, and that this security strength will be achieved with significantly improved efficiency.â€ť
Namely, supposing that the meaning of the phrase â€śsignificantly improved efficiencyâ€ť means at least 2 times faster than SHA-2 hash function, the performance of latest 32-bit and 64-bit optimized C versions are given below. The code prepared for eBASH can be downloaded from here.
In the forthcoming period, we hope that SSE and assembler versions will increase the speed of the function in the range of 20% - 40%.
Papers that can help cryptographers that analyze Blue Midnight Wish:
Members of the Blue Midnight Wish team are: