Practical Key Recovery Attack against Secret-prefix Edon-R
نویسنده
چکیده
Edon-R is one of the fastest SHA-3 candidate. In this paper we study the security of Edon-R, and we show that using Edon-R as a MAC with the secret prefix construction is unsafe. We present a practical attack in the case of Edon-R256, which requires 32 queries, 2 computations, negligible memory, and a precomputation of 2. This does not directly contradict the security claims of Edon-R or the NIST requirements for SHA-3, but we believe it shows a strong weakness in the design.
منابع مشابه
Practical Key Recovery Attack against Secret-IV Edon-
The SHA-3 competition has been organized by NIST to select a new hashing standard. Edon-R was one of the fastest candidates in the first round of the competition. In this paper we study the security of Edon-R, and we show that using Edon-R as a MAC with the secretIV or secret-prefix construction is unsafe. We present a practical attack in the case of Edon-R256, which requires 32 queries, 2 comp...
متن کاملAttack on the Edon-K Key Encapsulation Mechanism
The key encapsulation mechanism EDON-K was proposed in response to the call for post-quantum cryptography standardization issued by the National Institute of Standards and Technologies (NIST). This scheme is inspired by the McEliece scheme but uses another family of codes defined over F2128 instead of F2 and is not based on the Hamming metric. It allows significantly shorter public keys than th...
متن کاملA Practical Attack on the Fixed RC4 in the WEP Mode
In this paper we revisit a known but ignored weakness of the RC4 keystream generator, where secret state info leaks to the generated keystream, and show that this leakage, also known as Jenkins’ correlation or the RC4 glimpse, can be used to attack RC4 in several modes. Our main result is a practical key recovery attack on RC4 when an IV modifier is concatenated to the beginning of a secret roo...
متن کاملA Practical Man-In-The-Middle Attack on Signal-Based Key Generation Protocols
Generating secret keys using physical properties of the wireless channel has recently become a popular research area. The main security assumption of these protocols is that a sufficiently distant adversary is unable to guess a generated secret due to the unpredictable behavior of multipath signal propagation. In this paper, we introduce a practical and efficient man-in-the-middle attack agains...
متن کاملPractical Password Recovery on an MD5 Challenge and Response
This paper shows an attack against APOP protocol which is a challenge-and-response protocol. We utilize the Wang’s attack to make collisions in MD5, and apply it to APOP protocol. We confirmed that the first 3 octets of secret key can be recovered by several hundred queries under the man-in-the-middle environment.
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2009 شماره
صفحات -
تاریخ انتشار 2009