SHABAL is a cryptographic hash function submitted by the France funded research project Saphir to NIST’s international competition on SHA-3 hash functions. More specifically, the research partners of Saphir initiated the conception of Shabal and were later joined by partners of the soon-to-be research projectSaphir2 who actively contributed to the final design of Shabal algorithm.
SHABAL Algorithm Review
The authors of the algorithm: Emmanuel Bresson, Anne, Canteaut, First Chevalier-Mames, Christophe Claviere, Thomas Fuhr, Alina Gouget, Thomas Icart, Jean-Francois Pisarski, Maria Naya-Plasencia, Pascal Piler, Thomas Pornin, Jean-rené Reinhard, Celina, Tullet, Marion Videau.
The algorithm, according to the authors, is named after «Sebastian Chabal, a French rugby player known for his aggressive style of play as well as his beard and long hair, for which he was given the nickname "Caveman"».
Shabal is a family of functions which differ by
- their output size; this implementation defines Shabal for output;
- sizes 192, 224, 256, 384 and 512 bits.
The structure of the algorithm is a context for Shabal computations: it contains the intermediate values and some data from the last entered block. Once a Shabal computation has been performed, the context can be reused for another computation. Moreover, the contents of this structure are private. A running Shabal computation can be cloned by copying the context (e.g. with a simple
Shabal implies a very low pressure on the data cache. The state of Shabal fits in less than 300 bytes. Elementary operations are word-based primitives implemented natively by most CPU; none of them is likely to benefit from table-based code. This economy of L1 cache is one of the strong points of Shabal, performance-wise.
If Shabal must be implemented on a very small, 8-bit or 16-bit CPU, then carry propagation must be applied to all 32-bit additions. On such an architecture, 32-bit words are split into several chunks of length 8 or 16 bits; thus, a rotation by 16 bits, being a swap of the high and low halves, is a mere problem of data routing which can be solved with little to no runtime cost. Assuming the 16-bit rotation to be essentially free, we can see that all word rotations used in Shabal can be simplified to left or right rotations by 1 bit, which are often more efficient on small CPU than generic n-bit shifts or rotations.
Principle of work
According to the developers, SHABAL is one of the fastest candidates of the SHA-3 contest. It can accept input bit sequence of any length, but the cryptographic strength of messages with length more than 273 bits is not guaranteed.
SHABAL is called SHABAL-192, SHABAL-224, SHABAL-256, SHABAL-384, SHABAL-512 depending on the length of the resulting hash lh other respectively equal to 192, 224, 256, 384, 512 bits.
After the input of the algorithm comes bit sequence, it is divided into blocks of 512 bits, regardless of the variation used SHABAL (SHABAL-512, SHABAL-384, etc.). Note that the block size is a multiple of 32. The last block, if its bit length is not 512 bits, is assigned one bit unit and the required number of zeros to achieve the specified block size.
SHABAL is an iterative algorithm. The number of repetitions is equal to the number of blocks of the original bit sequence plus two iterations per blocks added to the beginning of the message, plus three final iterations.