Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
CTRSA
2010
Springer
2010
Springer
Practical Key Recovery Attack against Secret-IV Edon-
Abstract. The SHA-3 competition has been organized by NIST to select a new hashing standard. Edon-R was one of the fastest candidates in the first round of the competition. In this paper we study the security of Edon-R, and we show that using Edon-R as a MAC with the secretIV or secret-prefix construction is unsafe. We present a practical attack in the case of Edon-R256, which requires 32 queries, 230 computations, negligible memory, and a precomputation of 252 . The main part of our attack can also be adapted to the tweaked Edon-R in the same settings: it does not yield a key-recovery attack, but it allows a selective forgery attack. This does not directly contradict the security claims of Edon-R or the NIST requirements for SHA-3, since the recommended mode to build a MAC is HMAC. However, we believe that it shows a major weakness in the design. Key words: Hash functions, SHA-3, Edon-R, MAC, secret IV, secret prefix, key recovery.
Real-time Traffic| Added | 18 May 2010 |
| Updated | 18 May 2010 |
| Type | Conference |
| Year | 2010 |
| Where | CTRSA |
| Authors | Gaëtan Leurent |
Comments (0)
Researcher Info
|
