MD6
| General | |
|---|---|
| Designers | Ron Rivest, Benjamin Agre, Dan Bailey, Sarah Cheng, Christopher Crutchfield, Yevgeniy Dodis, Kermin Fleming, Asif Khan, Jayant Krishnamurthy, Yuncheng Lin, Leo Reyzin, Emily Shen, Jim Sukha, Eran Tromer, Yiqun Lisa Yin |
| First published | 2008 |
| Series | MD2, MD4, MD5, MD6 |
| Detail | |
| Digest sizes | Variable, 0<d≤512 |
| Structure | Merkle tree |
| Rounds | Variable. Default, Unkeyed=40+[d/4], Keyed=max(80,40+(d/4)) [1] |
MD6 (Message-Digest algorithm 6) is a cryptographic hash function. It uses a Merkle tree-like structure to allow for immense parallel computation of hashes for very long inputs. Authors claim a performance of 28 cycles per byte for MD6-256 on an Intel Core 2 Duo and provable resistance against differential cryptanalysis.[2]
Speeds in excess of 1 GB/s have been reported to be possible for long messages on 16-core CPU architecture.[1]
The design of Merkle tree is based on the claims from Intel describing the future of hardware processors with tens and thousands of cores instead of the conventional uni-core systems. With this in mind, Merkle tree hash structures exploit full potential of such hardware while being appropriate for current uni/dual core architectures.
MD6 was submitted to the NIST SHA-3 competition. However, on July 1, 2009, Rivest posted a comment at NIST that MD6 is not yet ready to be a candidate for SHA-3 because of speed issues and an inability to supply a proof of security for a faster reduced-round version, though Rivest also stated at MD6 web site that it is not withdrawn formally.[3] MD6 did not advance to the second round of the SHA-3 competition.
In December 2008, a researcher at Fortify Software discovered a buffer overflow in the original MD6 hash algorithm's reference implementation. This error was later made public by professor Ron Rivest on 19 February 2009, with a release of a corrected reference implementation in advance of the Fortify Report.[4]
The algorithm's first known production use was in the Conficker.B worm in December 2008;[5] the worm's authors subsequently updated Conficker with the corrected implementation once the buffer overflow vulnerability became known.[5]
See also
References
- http://people.csail.mit.edu/rivest/md6_report.pdf – MD6 reference paper
- ^ a b Ronald L. Rivest et Al., The MD6 Hash Function, Crypto 2008
- ^ Ronald L. Rivest, The MD6 hash function A proposal to NIST for SHA-3
- ^ Schneier, Bruce (July 1, 2009). "MD6 Withdrawn from SHA-3 Competition". Retrieved July 9, 2009.
- ^ http://blog.fortify.com/repo/Fortify-SHA-3-Report.pdf
- ^ a b http://mtc.sri.com/Conficker/addendumC/
External links
| |||||||||||||||||||||||||||||
 | This cryptography-related article is a stub. You can help Wikipedia by expanding it. |