Paper 2009/378

Detectable correlations in Edon-R

Peter Novotney and Niels Ferguson

Abstract

The Edon-R compression function has a large set of useful differentials that produce easily detectable output bit biases. We show how to construct such differentials, and use them to create a distinguisher for Edon-R-512 that requires around $2^{54}$ compression function evaluations (or $2^{28}$ evaluations after a pre-computation of $2^{66}$ evaluations). The differentials can also be used to attack a variety of MAC and KDF constructions when they use Edon-R-512.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
hash functions
Contact author(s)
niels @ microsoft com
History
2009-08-03: received
Short URL
https://ia.cr/2009/378
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2009/378,
      author = {Peter Novotney and Niels Ferguson},
      title = {Detectable correlations in Edon-R},
      howpublished = {Cryptology ePrint Archive, Paper 2009/378},
      year = {2009},
      note = {\url{https://eprint.iacr.org/2009/378}},
      url = {https://eprint.iacr.org/2009/378}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.