Difference between revisions of "Edon-R (SHA-3 submission)"

Revision as of 10:24, 27 March 2009

1 The algorithm

Author(s): Danilo Gligoroski, Rune Steinsmo Ødegård, Marija Mihova, Svein Johan Knapskog, Ljupco Kocarev, Aleš Drápal, Vlastimil Klima
Website: http://www.item.ntnu.no/people/personalpages/fac/danilog/edon-r
NIST submission package: EDON-R.zip

Danilo Gligoroski, Rune Steinsmo Ødegård, Marija Mihova, Svein Johan Knapskog, Ljupco Kocarev, Aleš Drápal, Vlastimil Klima - Cryptographic Hash Function EDON-R

,2008

http://people.item.ntnu.no/~danilog/Hash/Edon-R/Supporting_Documentation/EdonRDocumentation.pdf
Bibtex

Author : Danilo Gligoroski, Rune Steinsmo Ødegård, Marija Mihova, Svein Johan Knapskog, Ljupco Kocarev, Aleš Drápal, Vlastimil Klima
Title : Cryptographic Hash Function EDON-R
In : -
Address :
Date : 2008

2 Cryptanalysis

Type of Analysis	Hash Function Part	Hash Size (n)	Parameters/Variants	Compression Function Calls	Memory Requirements	Reference
preimage⁽¹⁾	hash			2^2n/3	2^2n/3	Khovratovich,Nikolić,Weinmann
multi-collision (2^K)	hash	256,512		K*2^n/2	2^n/2	Klima
multi-preimage	hash	256,512		?	?	Klima
collision	compression			-	-	Khovratovich,Nikolić,Weinmann
2nd preimage	compression			-	-	Khovratovich,Nikolić,Weinmann
preimage	compression			-	-	Khovratovich,Nikolić,Weinmann
key recovery	secret-prefix MAC			2^5n/8	-	Leurent

A description of this table is given here.

⁽¹⁾ Gligoroski,Ødegård dispute the validity of the model in which the attack of Khovratovich et. al is compared to generic attacks.

Dmitry Khovratovich, Ivica Nikolić, Ralf-Philipp Weinmann - Cryptanalysis of Edon-R

,2008

http://ehash.iaik.tugraz.at/uploads/7/74/Edon.pdf
Bibtex

Author : Dmitry Khovratovich, Ivica Nikolić, Ralf-Philipp Weinmann
Title : Cryptanalysis of Edon-R
In : -
Address :
Date : 2008

Vlastimil Klima - Multicollisions of EDON-R hash function and other observations

,2008

http://cryptography.hyperlink.cz/BMW/EDONR_analysis_vk.pdf
Bibtex

Author : Vlastimil Klima
Title : Multicollisions of EDON-R hash function and other observations
In : -
Address :
Date : 2008

Danilo Gligoroski, Rune Steinsmo Ødegård - On the Complexity of Khovratovich et. al's Preimage Attack on EDON-R

,2009

http://eprint.iacr.org/2009/120.pdf
Bibtex

Author : Danilo Gligoroski, Rune Steinsmo Ødegård
Title : On the Complexity of Khovratovich et. al's Preimage Attack on EDON-R
In : -
Address :
Date : 2009

Gaëtan Leurent - Key Recovery Attack against Secret-prefix Edon-R

,2009

http://eprint.iacr.org/2009/135.pdf
Bibtex

Author : Gaëtan Leurent
Title : Key Recovery Attack against Secret-prefix Edon-R
In : -
Address :
Date : 2009

@@ Line 34: / Line 34: @@
 |-
 | preimage || compression ||  ||  || - || - || [http://ehash.iaik.tugraz.at/uploads/7/74/Edon.pdf Khovratovich,Nikolić,Weinmann]
+|-
+| key recovery || secret-prefix MAC||  ||  || 2<sup>5n/8</sup> || - || [http://eprint.iacr.org/2009/135.pdf Leurent]
 |-
 |}
@@ Line 72: / Line 74: @@
    year      = {2009},
    abstract  = {Based on the analysis made by van Oorschot and Wiener for the complexity of parallel memoryless collision search [5], we show that the memoryless meet-in-the-middle attack which is one part of the whole preimage attack of Khovratovich et. al. [3] on EDON-R hash function has complexity bigger than $2^n$.},
+}
+</bibtex>
+<bibtex>
+@misc{cryptoeprint:2009:135,
+    author = {Gaëtan Leurent},
+    title = {Key Recovery Attack against Secret-prefix Edon-R},
+    howpublished = {Cryptology ePrint Archive, Report 2009/135},
+    year = {2009},
+    url = {http://eprint.iacr.org/2009/135.pdf},
+    abstract = {Edon-R is a SHA-3 candidate. In this paper we show that using Edon-R as a MAC with the secret prefix construction is unsafe. Our attack requires 2 queries, $2^{5n/8}$ computations, and negligible memory.},
 }
 </bibtex>

Difference between revisions of "Edon-R (SHA-3 submission)"

Revision as of 10:24, 27 March 2009

1 The algorithm

2 Cryptanalysis

Navigation menu

Views

Personal tools

Navigation

Search

Tools