CryptoDB
Distinguisher for Shabal's Permutation Function
Authors: | |
---|---|
Download: | |
Abstract: | In this note we consider the Shabal permutation function $\mathcal{P}$ as a block cipher with input $A_p$,$B_p$ and key $C$,$M$ and describe a distinguisher with a data complexity of $2^{23}$ random inputs with a given difference. If the attacker can control one chosen bit of $B_p$, only $2^{21}$ inputs with a given difference are required on average. This distinguisher does not appear to lead directly to an attack on the full Shabal construction. |
BibTeX
@misc{eprint-2010-23299, title={Distinguisher for Shabal's Permutation Function}, booktitle={IACR Eprint archive}, keywords={secret-key cryptography / hash functions}, url={http://eprint.iacr.org/2010/398}, note={ peternov@microsoft.com 14810 received 14 Jul 2010, last revised 20 Jul 2010}, author={Peter Novotney}, year=2010 }