Dear all,
We mentioned the existence of an attack on the Edon-K KEM on January 5th.
A detailed description of our attack is now available on arxiv:
https://arxiv.org/abs/1802.06157.
We also implemented the attack. Our script reads the public key and
ciphertext from the KAT file and successfully recovers the secret within
a minute.
You will find the Sage script attached. It is designed to work on the
reference version (named "edonk128ref"). It reads its input from the
file "PQCkemKAT.rst" (placed in the same directory) and successfully
recovers the shared secret for all examples. Just run "sage
edonk-attack.sage" to try it on the first example of the KAT file.
We would like to thank Danilo Gligoroski who answered all our questions
about his scheme.
Best regards,
Matthieu Lequesne and Jean-Pierre Tillich