Cryptology ePrint Archive: Report 2009/378

Detectable correlations in Edon-R

Peter Novotney and Niels Ferguson

Abstract: The Edon-R compression function has a large set of useful differentials that produce easily detectable output bit biases. We show how to construct such differentials, and use them to create a distinguisher for Edon-R-512 that requires around $2^{54}$ compression function evaluations (or $2^{28}$ evaluations after a pre-computation of $2^{66}$ evaluations). The differentials can also be used to attack a variety of MAC and KDF constructions when they use Edon-R-512.

Category / Keywords: secret-key cryptography / hash functions

Date: received 31 Jul 2009

Contact author: niels at microsoft com

Available format(s): PDF | BibTeX Citation

Version: 20090803:195140 (All versions of this report)

Short URL: ia.cr/2009/378

Discussion forum: Show discussion | Start new discussion