MD6

Lua error in Module:Infobox at line 166: malformed pattern (missing ']'). The MD6 Message-Digest Algorithm is a cryptographic hash function. It uses a Merkle tree-like structure to allow for immense parallel computation of hashes for very long inputs. Authors claim a performance of 28 cycles per byte for MD6-256 on an Intel Core 2 Duo and provable resistance against differential cryptanalysis.^[2] The source code of the reference implementation was released under MIT license.^[3]

Speeds in excess of 1 GB/s have been reported to be possible for long messages on 16-core CPU architecture.^[1]

The design of Merkle tree is based on the claims from Intel describing the future of hardware processors with tens and thousands of cores instead of the conventional uni-core systems. With this in mind, Merkle tree hash structures exploit full potential of such hardware while being appropriate for current uni/dual core architectures.

In December 2008, Douglas Held of Fortify Software discovered a buffer overflow in the original MD6 hash algorithm's reference implementation. This error was later made public by Ron Rivest on 19 February 2009, with a release of a corrected reference implementation in advance of the Fortify Report.^[4]

MD6 was submitted to the NIST SHA-3 competition. However, on July 1, 2009, Rivest posted a comment at NIST that MD6 is not yet ready to be a candidate for SHA-3 because of speed issues, a "gap in the proof that the submitted version of MD6 is resistant to differential attacks", and an inability to supply such a proof for a faster reduced-round version,^[5] although Rivest also stated at the MD6 website that it is not withdrawn formally.^[6] MD6 did not advance to the second round of the SHA-3 competition. In September 2011, a paper presenting an improved proof that MD6 and faster reduced-round versions are resistant to differential attacks^[7] was posted to the MD6 website.^[8]

The algorithm's first known production use was in the Conficker.B worm in December 2008;^[9] the worm's authors subsequently updated Conficker with the corrected implementation once the buffer overflow vulnerability became known.^[9]

References

Cite error: Invalid <references> tag; parameter "group" is allowed only.

Use <references />, or <references group="..." />

External links

MD6 website
- MD6 reference paper

This cryptography-related article is a stub. You can help Wikipedia by expanding it.

↑ ^1.0 ^1.1 Ronald L. Rivest et Al., The MD6 Hash Function, Crypto 2008
↑ Lua error in package.lua at line 80: module 'strict' not found. (Microsoft PowerPoint file)
↑ readme.txt
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ ^9.0 ^9.1 Lua error in package.lua at line 80: module 'strict' not found.

[MD6Report-1] 1.0 ^1.1 Ronald L. Rivest et Al., The MD6 Hash Function, Crypto 2008

[2] Lua error in package.lua at line 80: module 'strict' not found. (Microsoft PowerPoint file)

[3] readme.txt

[4] Lua error in package.lua at line 80: module 'strict' not found.

[5] Lua error in package.lua at line 80: module 'strict' not found.

[6] Lua error in package.lua at line 80: module 'strict' not found.

[7] Lua error in package.lua at line 80: module 'strict' not found.

[8] Lua error in package.lua at line 80: module 'strict' not found.

[mtc.sri.com-9] 9.0 ^9.1 Lua error in package.lua at line 80: module 'strict' not found.

[2]

[3]

[1]

[4]

[5]

[6]

[7]

[8]

[9]

MD6

See also

References

External links

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools