CubeHash

CubeHash^[1] is a cryptographic hash function submitted to the NIST hash function competition by Daniel J. Bernstein. CubeHash has a 128 byte state, uses wide pipe construction, and is ARX based. Message blocks are XORed into the initial bits of a 128-byte state, which then goes through an r-round bijective transformation between blocks. The initial NIST proposal ("Cubehash8/1") required about 200 cycles per byte.^[2] After clarifications from NIST, the author changed the proposal to Cubehash16/32, which "is approximately 16 times faster than CubeHash8/1, easily catching up to both SHA-256 and SHA-512 on the reference platform" while still maintaining a "comfortable security margin".^[3]

CubeHash advanced to the second round of the competition, but was not chosen as one of the 5 finalists. Bernstein has since tuned the parameters further and his main recommendation is CubeHash512, defined as CubeHash16+16/32+32–512.^[4]

^ Daniel J. Bernstein (2009-09-14). "CubeHash specification (2.B.1)" (PDF).
^ Daniel J. Bernstein (2008-10-28). "CubeHash efficiency estimates (2.B.2)" (PDF).
^ Daniel J. Bernstein (2009-07-15). "CubeHash parameter tweak: 16 times faster" (PDF).
^ Daniel J. Bernstein. "Introduction to CubeHash".

[bernstein_spec-1] Daniel J. Bernstein (2009-09-14). "CubeHash specification (2.B.1)" (PDF).

[bernstein_estimates-2] Daniel J. Bernstein (2008-10-28). "CubeHash efficiency estimates (2.B.2)" (PDF).

[bernstein_tweak-3] Daniel J. Bernstein (2009-07-15). "CubeHash parameter tweak: 16 times faster" (PDF).

[cubedef-4] Daniel J. Bernstein. "Introduction to CubeHash".

[1]

[2]

[3]

[4]