Detectable correlations in Edon-R
نویسندگان
چکیده
The Edon-R compression function has a large set of useful differentials that produce easily detectable output bit biases. We show how to construct such differentials, and use them to create a distinguisher for Edon-R-512 that requires around 2 compression function evaluations (or 2 evaluations after a pre-computation of 2 evaluations). The differentials can also be used to attack a variety of MAC and KDF constructions when they use Edon-R-512.
منابع مشابه
On the Randomness and Regularity of Reduced Edon-R Compression Function
EDON-R is one of the candidate hash functions for the ongoing NIST competition for the next cryptographic hash standard called SHA-3. Its construction is based on algebraic properties of non-commutative and non-associative quasigroups of orders 2 and 2. In this paper we are giving some of our results in investigation of the randomness and regularity of reduced EDON-R compression functions over ...
متن کاملPractical Key Recovery Attack against Secret-prefix Edon-R
Edon-R is one of the fastest SHA-3 candidate. In this paper we study the security of Edon-R, and we show that using Edon-R as a MAC with the secret prefix construction is unsafe. We present a practical attack in the case of Edon-R256, which requires 32 queries, 2 computations, negligible memory, and a precomputation of 2. This does not directly contradict the security claims of Edon-R or the NI...
متن کاملPractical Key Recovery Attack against Secret-IV Edon-
The SHA-3 competition has been organized by NIST to select a new hashing standard. Edon-R was one of the fastest candidates in the first round of the competition. In this paper we study the security of Edon-R, and we show that using Edon-R as a MAC with the secretIV or secret-prefix construction is unsafe. We present a practical attack in the case of Edon-R256, which requires 32 queries, 2 comp...
متن کاملEdon-R, An Infinite Family of Cryptographic Hash Functions
We propose a new infinite family of cryptographic hash functions, Edon–R, based on a recently defined candidate one-way function. Edon–R is a class of hash functions with variable output lengths. It is de fined using quasigroups and quasigroup string trans formations.
متن کاملTwo infinite classes of cryptographic hash functions
We offer two new definitions of two infinite classes of strongly collision free hash functions that we gave a name “Edon”–C and “Edon”– R. Beside the fact that “Edon” are infinite classes of hash functions, “Edon” hash functions have other “good” properties such as possibility to have variable length of output, and also their strongly collision free property can be mathematically and experiment...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2009 شماره
صفحات -
تاریخ انتشار 2009