Grøstl – a SHA-3 candidate
Grøstl news
New and updated Grøstl implementations
Thanks to the student projects by Johannes Feichtner, Severin Holzer-Graf, Thomas Krinninger, Martin Pernull, David Seywald, and Wolfgang Wieser many improvements to Grøstl on different platforms (ranging from 8-bit to 256-bit) have been made.
New implementations of tweaked Grøstl
A large number of Grøstl implementations have been submitted to eBASH for benchmarking. Here are some results. For more information, see this page.
Digest size | Processor | Mode | Speed |
---|---|---|---|
224/256 | NEW! Xeon (with AES-NI) | 64-bit | 11.3 cycles/byte |
NEW! Core i7 (with AES-NI) | 64-bit | 11.5 cycles/byte | |
Phenom II | 64-bit | 19.4 cycles/byte | |
Opteron | 64-bit | 19.8 cycles/byte | |
384/512 | NEW! Xeon (with AES-NI) | 64-bit | 16.0 cycles/byte |
NEW! Core i7 (with AES-NI) | 64-bit | 15.6 cycles/byte | |
Phenom II | 64-bit | 31.7 cycles/byte | |
Opteron | 64-bit | 33.6 cycles/byte |
Grøstl has been tweaked.
To increase the security margin, Grøstl has been tweaked. The changes are described in Round3Mods. The specification and the NIST submission package have been updated.
Grøstl is in the final!
The SHA-3 finalists have been chosen by NIST, and they are:
- Blake
- Grøstl
- JH
- Keccak
- Skein
Grøstl in action
A team at the University of Applied Sciences, Wiesbaden Rüsselsheim Geisenheim (Germany), developed FPGA implementations of Grøstl. This paper (ePrint 2009/206) describes the implementations. The team set up a website that allows visitors to upload files to be hashed using their FPGA Grøstl implementation. The website features a webcam showing the board at work.
Grøstl status
The deadline for changing/tweaking SHA-3 candidates was September 15, 2009. However, Grøstl remains the same, i.e., it is defined exactly as specified in the original submission document. We have prepared an addendum for the submission explaining the state of the art with respect to analysis of Grøstl, and we also mention a few interesting alternative descriptions of Grøstl.
Grøstl in the second round
We are very happy to see Grøstl selected for the second round of the SHA-3 competition, along with 13 other candidates. See the full list of algorithms that are still in the competition.
Improved figures for hardware ASIC implementations
Stefan Tillich developed high-speed Grøstl-256 ASIC implementations in 0.18µm technology of UMC. Here are the synthesis results.
Total area (mm²) | Total area (GE) | Throughput (Gbit/s) |
---|---|---|
547,227.47 | 58,403 | 6.290 |
538,462.41 | 57,467 | 6.141 |
523,472.74 | 55,867 | 5.690 |
471,626.06 | 50,334 | 2.725 |