Søren Steffen Thomsen

DTU Mathematics Technical University of Denmark (DTU) Matematiktorvet 303S DK-2800 Kgs. Lyngby Denmark Room: 152 Phone: +45 4525 5472 Email: crypto at znoren dk

About me

I am an assistant professor in cryptology at Technical University of Denmark (DTU). My research fields are primarily symmetric-key cryptography and post-quantum cryptography. I am part of the crypto group at DTU Mathematics. My PGP public key is here.

My PhD thesis entitled "Cryptographic Hash Functions" can be found here.

Publications

• J. Borghoff, L. R. Knudsen, G. Leander, and S. S. Thomsen. Slender-Set Differential Cryptanalysis. Journal of Cryptology, Online First. (Extended version of the FSE 2011 paper below). [link]
• J. Borghoff, L. R. Knudsen, G. Leander, and S. S. Thomsen. Cryptanalysis of PRESENT-Like Ciphers with Secret S-Boxes. In A. Joux, editor, Fast Software Encryption 2011, Proceedings, volume 6733 of Lecture Notes in Computer Science, pages 270-289. Springer, 2011. [link]
• G. Leurent and S. S. Thomsen. Practical Near-Collisions on the Compression Function of BMW. In A. Joux, editor, Fast Software Encryption 2011, Proceedings, volume 6733 of Lecture Notes in Computer Science, pages 238-251. Springer, 2011. [link]
• J. Guo and S. S. Thomsen. Deterministic Differential Properties of the Compression Function of BMW. In A. Biryukov, G. Gong, and D. R. Stinson, editors, Selected Areas in Cryptography 2010, Proceedings, volume 6544 of Lecture Notes in Computer Science, pages 338-350. Springer, 2011. [link]
• N. Bagheri, P. Gauravaram, M. Naderi, and S. S. Thomsen. On the Collision and Preimage Resistance of Certain Two-Call Hash Functions. In S.-H. Heng, R. N. Wright, and B.-M. Goi, editors, Cryptology and Network Security (CANS) 2010, Proceedings, volume 6467 of Lecture Notes in Computer Science, pages 96-105. Springer, 2010. [link]
• N. Mouha, G. Sekar, J.-P. Aumasson, T. Peyrin, S. S. Thomsen, M. S. Turan, and B. Preneel. Cryptanalysis of the ESSENCE Family of Hash Functions. In F. Bao, M. Yung, D. Lin, and J. Jing, editors, Information Security and Cryptology (INSCRYPT) 2009, Proceedings, volume 6151 of Lecture Notes in Computer Science, pages 15-34. Springer, 2011. [link]
• S. S. Thomsen. Pseudo-cryptanalysis of the Original Blue Midnight Wish. In S. Hong and T. Iwata, editors, Fast Software Encryption 2010, Proceedings, volume 6147 of Lecture Notes in Computer Science, pages 304-317. Springer, 2010. [link]
• F. Mendel, C. Rechberger, M. Schläffer, and S. S. Thomsen. Rebound Attacks on the Reduced Grøstl Hash Function. In J. Pieprzyk, editor, Topics in Cryptology - CT-RSA 2010, Proceedings, volume 5985 of Lecture Notes in Computer Science, pages 350-365. Springer, 2010. [link]
• P. Gauravaram, J. Kelsey, L. R. Knudsen, and S. S. Thomsen. On hash functions using checksums. International Journal of Information Security, 9(2):137-151, April 2010. [link]
• N. Bagheri, L. R. Knudsen, M. Naderi, and S. S. Thomsen. Hash Functions and Information Theoretic Security (Letter). IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, E92-A(12):3401-3403, 2009. [link]
• L. R. Knudsen, J.-E. Mathiassen, F. Muller, and S. S. Thomsen. Cryptanalysis of MD2. Journal of Cryptology, 23(1):72-90, January 2010. [link]
• J.-P. Aumasson, O. Dunkelman, F. Mendel, C. Rechberger, and S. S. Thomsen. Cryptanalysis of Vortex. In B. Preneel, editor, Progress in Cryptology – AFRICACRYPT 2009, Proceedings, volume 5580 of Lecture Notes in Computer Science, pages 14-28. Springer, 2009. [link]
• L. R. Knudsen, F. Mendel, C. Rechberger, and S. S. Thomsen. Cryptanalysis of MDC-2. In A. Joux, editor, Advances in Cryptology – EUROCRYPT 2009, Proceedings, volume 5479 of Lecture Notes in Computer Science, pages 106-120. Springer, 2009. [link]
• F. Mendel, C. Rechberger, M. Schläffer, and S. S. Thomsen. The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Grøstl. In O. Dunkelman, editor, Fast Software Encryption 2009, Proceedings, volume 5665 of Lecture Notes in Computer Science, pages 260-276. Springer, 2009. [link]
• I. B. Damgård, L. R. Knudsen, and S. S. Thomsen. Dakota – Hashing from a Combination of Modular Arithmetic and Symmetric Cryptography. In S. M. Bellovin, R. Gennaro, A. D. Keromytis, and M. Yung, editors, Applied Cryptography and Network Security 2008, Proceedings, volume 5037 of Lecture Notes in Computer Science, pages 144-155. Springer, 2008. [link]
• L. R. Knudsen, C. Rechberger, and S. S. Thomsen. The Grindahl Hash Functions. In A. Biryukov, editor, Fast Software Encryption 2007, Proceedings, volume 4593 of Lecture Notes in Computer Science, pages 39-57. Springer, 2007. [link]
• L. R. Knudsen and S. S. Thomsen. Proposals for Iterated Hash Functions. In M. Malek, E. Fernández-Medina, and J. Hernando, editors, SECRYPT 2006, Proceedings, pages 246-253. INSTICC Press, 2006. Also appears in J. Filipe and M. S. Obaidat, editors, E-Business and Telecommunication Networks. Third International Conference, ICETE 2006, Setúbal, Portugal, August 7-10, 2006. Selected Papers, volume 9 of Communications in Computer and Information Science, pages 107-118. Springer, 2008. [link]

The SHA-3 competition

The SHA-3 competition is a hash function competition organised by the U.S. standardisation institute NIST. I am part of the design team behind the candidate Grøstl.

• Website of our SHA-3 candidate Grøstl: http://www.groestl.info.
• The finalists of the SHA-3 competition have been chosen. They are:
  • Grøstl!
  • BLAKE
  • JH
  • Keccak
  • Skein
  Grøstl was tweaked for the final. The current version can be found on the Grøstl website.
• Official competition website.
• The SHA-3 Zoo.
• Cryptanalysis in which I was involved:
  • Jean-Philippe Aumasson, Orr Dunkelman, Florian Mendel, Christian Rechberger, and Søren S. Thomsen. Cryptanalysis of Vortex.
  • Florian Mendel, Christian Rechberger, Martin Schläffer, and Søren S. Thomsen. The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Grøstl.
  • Søren S. Thomsen. Second preimage attack on MeshHash.
  • Florian Mendel and Søren S. Thomsen. An Observation on JH-512.
  • Søren S. Thomsen. Untangled.
  • Nicky Mouha, Søren S. Thomsen, and Meltem Sönmez Turan. Observations of non-randomness in the ESSENCE compression function.
  • Lars R. Knudsen, Krystian Matusiewicz, and Søren S. Thomsen. Observations on the Shabal keyed permutation.
  • Søren S. Thomsen. Pseudo-cryptanalysis of the Original Blue Midnight Wish.
  • Jian Guo and Søren S. Thomsen. Deterministic Differential Properties of the BMW Compression Function.
  • Gaëtan Leurent and Søren S. Thomsen. Practical Partial-Collisions on the Compression Function of BMW.

Master's thesis offspring

• My master's thesis: Cryptographic Hash Functions (November 2005).
• My implementation of Wang's collision attack on MD5 is available here.
• A similar implementation of Wang's attack on SHA-0 is available here.

Other resources

• What "hash" really means.
• Menezes et al., Handbook of Applied Cryptography, CRC Press.
• The Hash Function Zoo. Contains a list of hash functions and published attacks.
• eBASH: hash function benchmarks on a large number of machines.
• An extensive (but incomplete) bibliography on hash functions.
• Website of the IACR, and a simple IACR/Springer lecture notes search tool.

xkcd.com

	Last update 15 November, 2011.