Difference between revisions of "Edon-R (SHA-3 submission)"
From The ECRYPT Hash Function Website
(→Cryptanalysis) |
m (→Cryptanalysis) |
||
| Line 24: | Line 24: | ||
howpublished = {Available online}, | howpublished = {Available online}, | ||
year = {2008}, | year = {2008}, | ||
| + | abstract = {We present various types of attacks on the hash family Edon-R. In a free start attack scenario, with the initial chaining value not xored, all three main attacks (collisions, second preimage, and preimage) can be launched on Edon-R with negligible effort. In these attacks we exploit the asymmetrical diffusion of the chaining values in the compression function. Also, by partially inverting the compression function and xoring one part of the chaining value, we launch a meet-in-the-middle attack on Edon-R-n to find real preimages. The attack requires $2^{2n/3}$ effort and the same amount of memory. The attacks are applicable to all digest sizes.}, | ||
} | } | ||
</bibtex> | </bibtex> | ||
| Line 35: | Line 36: | ||
howpublished = {Available online}, | howpublished = {Available online}, | ||
year = {2008}, | year = {2008}, | ||
| + | abstract = {The main principle how to make n-bit EDON-R hash functions [1] resistant to generic multicollisions and multipreimages attacks ([2], [3]) is the 2n-bit width of internal chaining value. We show how to degenerate 2n-bit chaining value to n-bit chaining value (for n = 256, 512) by keeping the half of chaining value constant from the beginning. It circumvents the main principle and make EDON-R hash functions (for n = 256, 512) vulnerable to generic multicollisions and multipreimages attacks ([2], [3]) with small additional work factor. We show several properties of EDON-R compression function, which could be interesting for the next study of collisions and preimages. The first cryptanalysis of EDON-R was made in [4]. We present an independent research, partially overlaping with [4]. We want to note that this is preliminary version, that we present here only sketches of the proofs and that not all of the accompanied problems are completely solved.}, | ||
} | } | ||
</bibtex> | </bibtex> | ||
Revision as of 16:55, 1 December 2008
1 The algorithm
- Author(s): Danilo Gligoroski, Rune Steinsmo Ødegård, Marija Mihova, Svein Johan Knapskog, Ljupco Kocarev, Aleš Drápal
- Website: http://www.item.ntnu.no/people/personalpages/fac/danilog/edon-r
- Specification:
Danilo Gligoroski, Rune Steinsmo Ødegård, Marija Mihova, Svein Johan Knapskog, Ljupco Kocarev, Aleš Drápal - Cryptographic Hash Function EDON-R
- ,2008
- http://people.item.ntnu.no/~danilog/Hash/Edon-R/Supporting_Documentation/EdonRDocumentation.pdf
BibtexAuthor : Danilo Gligoroski, Rune Steinsmo Ødegård, Marija Mihova, Svein Johan Knapskog, Ljupco Kocarev, Aleš Drápal
Title : Cryptographic Hash Function EDON-R
In : -
Address :
Date : 2008
2 Cryptanalysis
Dmitry Khovratovich, Ivica Nikolić, Ralf-Philipp Weinmann - Cryptanalysis of Edon-R
- ,2008
- http://ehash.iaik.tugraz.at/uploads/7/74/Edon.pdf
BibtexAuthor : Dmitry Khovratovich, Ivica Nikolić, Ralf-Philipp Weinmann
Title : Cryptanalysis of Edon-R
In : -
Address :
Date : 2008
Vlastimil Klima - Multicollisions of EDON-R hash function and other observations
