Paper 2010/398

Distinguisher for Shabal's Permutation Function

Peter Novotney

Abstract

In this note we consider the Shabal permutation function $\mathcal{P}$ as a block cipher with input $A_p$,$B_p$ and key $C$,$M$ and describe a distinguisher with a data complexity of $2^{23}$ random inputs with a given difference. If the attacker can control one chosen bit of $B_p$, only $2^{21}$ inputs with a given difference are required on average. This distinguisher does not appear to lead directly to an attack on the full Shabal construction.

Note: Added missing Acknowledgments

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
hash functions
Contact author(s)
peternov @ microsoft com
History
2010-07-20: revised
2010-07-15: received
See all versions
Short URL
https://ia.cr/2010/398
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2010/398,
      author = {Peter Novotney},
      title = {Distinguisher for Shabal's Permutation Function},
      howpublished = {Cryptology {ePrint} Archive, Paper 2010/398},
      year = {2010},
      url = {https://eprint.iacr.org/2010/398}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.