From 19516a8da835836fc99ed988cd02c8439a797a97 Mon Sep 17 00:00:00 2001
From: zooko <>
Date: Wed, 7 Oct 2009 17:49:00 +0000
Subject: [PATCH] move EnRUPT to the Back Shelf

[Imported from Trac: page Bibliography, version 41]
---
 Bibliography.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/Bibliography.md b/Bibliography.md
index 2e88ed7..653b4ad 100644
--- a/Bibliography.md
+++ b/Bibliography.md
@@ -11,8 +11,6 @@ Here are some papers that are potentially of interest.
 
 [ChaChaCha20](http://cr.yp.to/chacha.html) even better stream cipher; It might be slightly safer than Salsa20 and it is certainly slightly faster on some platforms, but slightly slower on others.  However, the author of Salsa20 and ChaChaCha20, Daniel J. Bernstein, seems to have settled on using Salsa20 (or a tweak of it named XSalsa20), so probably that is the one to use.
 
-[EnRUPT](http://enrupt.com) a very simple, fast, and flexible primitive which could be used as stream cipher, secure hash function, or MAC (the first two are primitives that we currently need, and the third one -- MAC -- is a primitive that we may want in the future) and which relies for its security on a large number of rounds.  The question of how many rounds to use is decided by semi-automated cryptanalysis.  (Note: the SHA-3 candidate version of EnRUPT in stream hashing mode was insecure.  The current block cipher mode is insecure.  There is a minor change (use a few more rounds) which is thought to fix the stream hashing mode.  The author is apparently working on a fix for the block cipher mode.)
-
 [Cryptanalysis of the Tiger Hash Function](https://online.tu-graz.ac.at/tug_online/voe_main2.getvolltext?pDocumentNr=81263) by Mendel and RIjmen
 
 [defectoscopy.com](http://defectoscopy.com/results.html) a table of semi-automated cryptanalysis results from the inventors of EnRUPT.  This technique has not been peer-reviewed by other cryptographers.  I (Zooko) can't judge how valid it is.  Note that Tiger is one of only two hash functions that are predicted to be secure by this analysis -- the other is Whirlpool.  MD-4/5, SHA-0/1/2, and GOST are predicted to be insecure.  AES-128 is predicted to be insecure.  Salsa20 is predicted to be secure.
@@ -71,3 +69,6 @@ These are some references which are less interesting or relevant than the ones a
 [Endomorphisms for faster elliptic curve cryptography on general curves](http://eprint.iacr.org/2008/194) techniques to compute elliptic curve cryptography significantly faster in software.
 
 [Some thoughts on Collision Attacks in the Hash Functions MD5, SHA-0 and SHA-1](http://eprint.iacr.org/2005/391) general musings about design of secure hash functions
+
+[EnRUPT](http://enrupt.com) a very simple, fast, and flexible primitive which could be used as stream cipher, secure hash function, or MAC (the first two are primitives that we currently need, and the third one -- MAC -- is a primitive that we may want in the future) and which relies for its security on a large number of rounds.  The question of how many rounds to use is decided by semi-automated cryptanalysis.  (Note: the SHA-3 candidate version of EnRUPT in stream hashing mode was insecure.  The current block cipher mode is insecure.  There is a minor change (use a few more rounds) which is thought to fix the stream hashing mode.  The author is apparently working on a fix for the block cipher mode.)
+