Cryptology ePrint Archive: Report 2009/135
Practical Key Recovery Attack against Secret-preﬁx Edon-R
Abstract: Edon-R is one of the fastest SHA-3 candidate. In this paper we
study the security of Edon-R, and we show that using Edon-R as a
MAC with the secret prefix construction is unsafe. We present a
practical attack in the case of Edon-R256, which requires 32
queries, 2^30 computations, negligible memory, and a
precomputation of 2^50 . This does not directly contradict the
security claims of Edon-R or the NIST requirements for SHA-3, but
we believe it shows a strong weakness in the design.
Category / Keywords: secret-key cryptography / hash functions, SHA-3, Edon-R, MAC, secret preﬁx, key recovery.
Date: received 23 Mar 2009, last revised 3 Jun 2009
Contact author: gaetan leurent at ens fr
Available format(s): PDF | BibTeX Citation
Note: Improved attack with practical complexity.
Version: 20090603:123728 (All versions of this report)
Short URL: ia.cr/2009/135
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]