Cryptology ePrint Archive: Report 2010/398

Distinguisher for Shabal's Permutation Function

Peter Novotney

Abstract: In this note we consider the Shabal permutation function $\mathcal{P}$ as a block cipher with input $A_p$,$B_p$ and key $C$,$M$ and describe a distinguisher with a data complexity of $2^{23}$ random inputs with a given difference. If the attacker can control one chosen bit of $B_p$, only $2^{21}$ inputs with a given difference are required on average. This distinguisher does not appear to lead directly to an attack on the full Shabal construction.

Category / Keywords: secret-key cryptography / hash functions

Date: received 14 Jul 2010, last revised 20 Jul 2010

Contact author: peternov at microsoft com

Available formats: PDF | BibTeX Citation

Note: Added missing Acknowledgments

Version: 20100720:231447 (All versions of this report)

Discussion forum: Show discussion | Start new discussion