International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Distinguisher for Shabal's Permutation Function

Authors:
Peter Novotney
Download:
URL: http://eprint.iacr.org/2010/398
Search ePrint
Search Google
Abstract: In this note we consider the Shabal permutation function $\mathcal{P}$ as a block cipher with input $A_p$,$B_p$ and key $C$,$M$ and describe a distinguisher with a data complexity of $2^{23}$ random inputs with a given difference. If the attacker can control one chosen bit of $B_p$, only $2^{21}$ inputs with a given difference are required on average. This distinguisher does not appear to lead directly to an attack on the full Shabal construction.
BibTeX
@misc{eprint-2010-23299,
  title={Distinguisher for Shabal's Permutation Function},
  booktitle={IACR Eprint archive},
  keywords={secret-key cryptography / hash functions},
  url={http://eprint.iacr.org/2010/398},
  note={ peternov@microsoft.com 14810 received 14 Jul 2010, last revised 20 Jul 2010},
  author={Peter Novotney},
  year=2010
}