Hash functions and ciphers

General attacks

Why haven't cube attacks broken anything?

[collisioncost] (PDF) 12pp. D. J. Bernstein. Cost analysis of hash collisions: Will quantum computers make SHARCS obsolete? Document ID: 971550562a76ba87a7b2da14f71ca923. URL: https://cr.yp.to/papers.html#collisioncost. Date: 2009.08.23. Supersedes: (PDF) 2009.05.17.

Other people's designs

[quantumsha3] (PDF) 7pp. D. J. Bernstein. Quantum attacks against Blue Midnight Wish, ECHO, Fugue, Grøstl, Hamsi, JH, Keccak, Shabal, SHAvite-3, SIMD, and Skein. Document ID: 0152ab005327cb177476138d8ca74674. URL: https://cr.yp.to/papers.html#quantumsha3. Date: 2010.11.12.

[interop] (PDF) 5pp. D. J. Bernstein. SHA-3 interoperability. Document ID: 087f299fbb2b92a1644d80537663c096. URL: https://cr.yp.to/papers.html#interop. Date: 2010.09.15.

[bestat] (PDF) 5pp. D. J. Bernstein. Visualizing area-time tradeoffs for SHA-3. Document ID: 1acfb913bd21cdf616afd004e254a55c. URL: https://cr.yp.to/papers.html#bestat. Date: 2010.09.06.

Notes on the ECRYPT Stream Cipher project (eSTREAM)

AES speed

Cipher DAGs

[antiquad] (PDF, Springer version) 19pp. Bo-Yin Yang, Owen Chia-Hsin Chen, D. J. Bernstein, Jiun-Ming Chen. Analysis of QUAD. Document ID: f27bcd3b87de3de70ff10d45c37ca939. URL: https://cr.yp.to/papers.html#antiquad. Date: 2007.08.17. Supersedes: (PDF) 2007.03.03.

The NearSHA software

My current designs

CubeHash: a simple hash function

The Rumba20 compression function

Snuffle 2005: the Salsa20 encryption function

The Salsa20 core

The ChaCha family of stream ciphers

My older designs

These aren't as fast as Salsa20 and ChaCha for the same conjectured security level.

The Salsa10 hash function

[surf] (PDF) (PS) (DVI) D. J. Bernstein. SURF: Simple Unpredictable Random Function. URL: https://cr.yp.to/papers.html#surf.