Alan Kaminsky Department of Computer Science Rochester Institute of Technology 4486 + 2220 = 6706
Home Page

GPU Parallel Statistical and Cube Test Analysis
of the SHA-3 Finalist Candidate Hash Functions

Prof. Alan Kaminsky
Rochester Institute of Technology -- Department of Computer Science

This page is under construction.

What's New
Paper
Source Code
Analysis Results

What's New

16-Feb-2012
Gave a presentation on this work at the 15th SIAM Conference on Parallel Processing for Scientific Computing (PP12).

28-Sep-2011
The Journal of Cryptographic Engineering declined to publish the paper.

14-Jul-2011
Posted the source code and analysis results.

13-Jul-2011
Posted the paper as submitted to the Journal of Cryptographic Engineering.

Paper

Alan Kaminsky. GPU parallel statistical and cube test analysis of the SHA-3 finalist candidate hash functions. July 13, 2011.

Abstract. The 256-bit versions of the SHA-3 finalist candidate hash functions -- BLAKE, Grøstl, JH, Keccak, and Skein -- were subjected to statistical tests to attempt to disprove the hypothesis that the output bits are uniformly distributed, independent, binary random variables. The hash functions were also subjected to cube tests to attempt to disprove the hypothesis that the superpoly bits are uniformly distributed, independent, binary random variables. The hash functions and test programs were implemented to run in parallel on a 448-core GPU supercomputer; the cube tests in particular require massive amounts of computation and are ideally suited for parallel implementation. Nonrandom behavior was observed at the 0.01 significance level in the BLAKE, JH, Keccak, and Skein hash functions. Nonrandom behavior was not observed at the 0.01 significance level in the Grøstl hash function.

Paper: jce2011.pdf (1,717,919 bytes)

SIAM PP12 Conference presentation: sha3pp12.pdf (1,288,487 bytes)

Source Code

Program source code archive: sha3test01.tgz (54,510 bytes)

Compiling the programs:

  1. Install the NVIDIA CUDA tools.
  2. Install the NVIDIA CUDA software development kit (optional).
  3. Download and unpack the program source code archive.
  4. make

Running the programs:

  1. A CUDA device of compute capability 2.0 or higher is required.

  2. Each program's command line arguments are documented in the comments at the top of the source file.

  3. CUDA device 0 is used by default. To use another CUDA device, set the CUDA_DEVICE environment variable to the desired CUDA device number; for example:
    Bash: export CUDA_DEVICE=1
    Csh: setenv CUDA_DEVICE 1

Analysis Results

The following commands were run on a system with an NVIDIA Tesla C2050 card to produce the results in the journal paper.

BLAKE 

$ ./BlakeEvalFunction func_1.dat 142857 2000 10240 > func_1.nohup.out
$ ./StatTest func_1.dat -report bit,pair > func_1.txt

Function sample inputs: func_1.nohup.out (199,291 bytes)
Function samples: func_1.dat (655,360,090 bytes)
Function sample analysis results: func_1.txt (1,569,213 bytes) 

$ ./BlakeEvalSuperpoly superp_1.dat 999999 1 20 15 34 5 10240 > superp_1.nohup.out
$ ./StatTest superp_1.dat -report bit,pair > superp_1.txt

Superpoly sample inputs: superp_1.nohup.out (431,980 bytes)
Superpoly samples: superp_1.dat (655,360,105 bytes)
Superpoly sample analysis results: superp_1.txt (1,569,215 bytes)

Grøstl 

$ ./GroestlEvalFunction func_1.dat 142857 2000 10240 > func_1.nohup.out
$ ./StatTest func_1.dat -report bit,pair > func_1.txt

Function sample inputs: func_1.nohup.out (199,294 bytes)
Function samples: func_1.dat (655,360,092 bytes)
Function sample analysis results: func_1.txt (1,569,213 bytes) 

$ ./GroestlEvalSuperpoly superp_1.dat 999999 1 20 15 34 5 10240 > superp_1.nohup.out
$ ./StatTest superp_1.dat -report bit,pair > superp_1.txt

Superpoly sample inputs: superp_1.nohup.out (435,752 bytes)
Superpoly samples: superp_1.dat (655,360,107 bytes)
Superpoly sample analysis results: superp_1.txt (1,569,215 bytes)

JH 

$ ./JHEvalFunction func_1.dat 142857 2000 10240 > func_1.nohup.out
$ ./StatTest func_1.dat -report bit,pair > func_1.txt

Function sample inputs: func_1.nohup.out (199,372 bytes)
Function samples: func_1.dat (655,360,087 bytes)
Function sample analysis results: func_1.txt (1,569,213 bytes) 

$ ./JHEvalSuperpoly superp_1.dat 999999 1 20 15 34 5 10240 > superp_1.nohup.out
$ ./StatTest superp_1.dat -report bit,pair > superp_1.txt

Superpoly sample inputs: superp_1.nohup.out (432,372 bytes)
Superpoly samples: superp_1.dat (655,360,102 bytes)
Superpoly sample analysis results: superp_1.txt (1,569,215 bytes)

Keccak 

$ ./KeccakEvalFunction func_1.dat 142857 2000 10240 > func_1.nohup.out
$ ./StatTest func_1.dat -report bit,pair > func_1.txt

Function sample inputs: func_1.nohup.out (199,304 bytes)
Function samples: func_1.dat (655,360,091 bytes)
Function sample analysis results: func_1.txt (1,569,221 bytes) 

$ ./KeccakEvalSuperpoly superp_1.dat 999999 1 20 15 34 5 10240 > superp_1.nohup.out
$ ./StatTest superp_1.dat -report bit,pair > superp_1.txt

Superpoly sample inputs: superp_1.nohup.out (432,836 bytes)
Superpoly samples: superp_1.dat (655,360,106 bytes)
Superpoly sample analysis results: superp_1.txt (1,569,223 bytes)

Skein 

$ ./SkeinEvalFunction func_1.dat 142857 2000 10240 > func_1.nohup.out
$ ./StatTest func_1.dat -report bit,pair > func_1.txt

Function sample inputs: func_1.nohup.out (199,272 bytes)
Function samples: func_1.dat (655,360,090 bytes)
Function sample analysis results: func_1.txt (1,569,213 bytes) 

$ ./SkeinEvalSuperpoly superp_1.dat 999999 1 20 15 34 5 10240 > superp_1.nohup.out
$ ./StatTest superp_1.dat -report bit,pair > superp_1.txt

Superpoly sample inputs: superp_1.nohup.out (432,579 bytes)
Superpoly samples: superp_1.dat (655,360,105 bytes)
Superpoly sample analysis results: superp_1.txt (1,569,215 bytes)

Alan Kaminsky Department of Computer Science Rochester Institute of Technology 4486 + 2220 = 6706
Home Page
Copyright © 2012 Alan Kaminsky. All rights reserved. Last updated 13-Feb-2012. Please send comments to ark­@­cs.rit.edu.