Welcome to the resource topic for 2009/135

Title:
Practical Key Recovery Attack against Secret-prefix Edon-R

Authors: Gaëtan Leurent

Edon-R is one of the fastest SHA-3 candidate. In this paper we study the security of Edon-R, and we show that using Edon-R as a MAC with the secret prefix construction is unsafe. We present a practical attack in the case of Edon-R256, which requires 32 queries, 2^30 computations, negligible memory, and a precomputation of 2^50 . This does not directly contradict the security claims of Edon-R or the NIST requirements for SHA-3, but we believe it shows a strong weakness in the design.

ePrint: https://eprint.iacr.org/2009/135

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .