Abstract
In this paper, we improve previous preimage attacks on hash function HAS-160, which is standardized in Korea. We show that the last 68 steps out of 80 steps of HAS-160 can be attacked, while a previous attack works for only intermediate 52 steps. We also show that the first 67 steps of HAS-160 can be attacked. These attacks are based on the meet-in-the-middle attack, which is also used in the previous attack. Recently, various techniques of preimage attacks have been proposed on other hash functions. We show that these techniques can also be applied to HAS-160 and the number of attacked steps can be improved. For the attack on 68 steps, we first generate pseudo-preimages with a complexity of 2150.7, and then convert them to a preimage with a complexity of 2156.3. This attack uses a memory of 212 ×7 words. To the best of our knowledge, attacking 68 steps is the best of all attacks on HAS-160 hash function.
Our attack target is the last 68 steps, but not the first 68 steps. Hence some may say 68-step HAS-160 is not broken yet. However, based on the discussion at the conference and the description in previous work, we determined to use this title.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
U.S. Department of Commerce, National Institute of Standards and Technology: Federal Register/Notices Vol. 72(212), November 2 (2007), http://csrc.nist.gov/groups/ST/hash/documents/FR_Notice_Nov07.pdf
Telecommunications Technology Association.: Hash Function Standard Part 2: Hash Function Algorithm Standard, HAS-160 (2000)
U.S. Department of Commerce, National Institute of Standards and Technology: Secure Hash Standard (SHS) (Federal Information Processing Standards Publication 180-3) (2008), http://csrc.nist.gov/publications/fips/fips180-3/fips180-3_final.pdf
Sasaki, Y., Aoki, K.: A preimage attack for 52-steps HAS-160. In: Lee, P.J., Cheon, J.H. (eds.) ICISC 2008. LNCS, vol. 5461, pp. 302–317. Springer, Heidelberg (2009)
Aoki, K., Sasaki, Y.: Meet-in-the-middle preimage attacks against reduced SHA-0 and SHA-1. In: Halevi, S. (ed.) Advances in Cryptology - CRYPTO 2009. LNCS, vol. 5677, pp. 70–89. Springer, Heidelberg (2009)
Yun, A., Sung, S.H., Park, S., Chang, D., Hong, S., Cho, H.S.: Finding collision on 45-step HAS-160. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 146–155. Springer, Heidelberg (2006)
Cho, H.-S., Park, S., Sung, S.H., Yun, A.: Collision search attack for 53-step HAS-160. In: Rhee, M.S., Lee, B. (eds.) ICISC 2006. LNCS, vol. 4296, pp. 286–295. Springer, Heidelberg (2006)
Mendel, F., Rijmen, V.: Colliding message pair for 53-step HAS-160. In: Nam, K.-H., Rhee, G. (eds.) ICISC 2007. LNCS, vol. 4817, pp. 324–334. Springer, Heidelberg (2007)
Saarinen, M.J.O.: A meet-in-the-middle collision attack against the new FORK-256. In: Srinathan, K., Rangan, C.P., Yung, M. (eds.) INDOCRYPT 2007, vol. 4859, pp. 10–17. Springer, Heidelberg (2007)
Leurent, G.: MD4 is not one-way. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 412–428. Springer, Heidelberg (2008)
Aoki, K., Sasaki, Y.: Preimage attacks on one-block MD4, 63-step MD5 and more. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 103–119. Springer, Heidelberg (2009)
Aumasson, J.P., Meier, W., Mendel, F.: Preimage attacks on 3-pass HAVAL and step-reduced MD5. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 120–135. Springer, Heidelberg (2009)
Sasaki, Y., Aoki, K.: Preimage attacks on 3, 4, and 5-pass HAVAL. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 253–271. Springer, Heidelberg (2008)
Chang, D., Hong, S., Kang, C., Kang, J., Kim, J., Lee, C., Lee, J., Lee, J., Lee, S., Lee, Y., Lim, J., Sung, J.: ARIRANG. Available at NIST home page, http://csrc.nist.gov/groups/ST/hash/sha-3/Round1/submissions_rnd1.html
Hong, D., Kim, W.H., Koo, B.: Preimage attack on ARIRANG. Cryptology ePrint Archive, Report 2009/147 (2009), http://eprint.iacr.org/2009/147
Hong, D., Kim, W.H., Koo, B., Kwon, D.: Preimage attacks on reduced steps of ARIRANG and PKC 1998-Hash. Number 8A-2 in USB memory distributed at ICISC 2009 (2009)
Sasaki, Y., Aoki, K.: Finding preimages in full MD5 faster than exhaustive search. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 134–152. Springer, Heidelberg (2010)
Nan Kyoung Park, J.H.H., Lee, P.J.: HAS-V: A new hash function with variable output length. In: Stinson, D.R., Tavares, S. (eds.) SAC 2000. LNCS, vol. 2012, pp. 202–216. Springer, Heidelberg (2001)
Mendel, F., Rijmen, V.: Weaknesses in the HAS-V compression function. In: Nam, K.-H., Rhee, G. (eds.) ICISC 2007. LNCS, vol. 4817, pp. 335–345. Springer, Heidelberg (2007)
Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of applied cryptography. CRC Press, Boca Raton (1997)
Cannière, C.D., Rechberger, C.: Preimages for reduced SHA-0 and SHA-1. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 179–202. Springer, Heidelberg (2008)
Kelsey, J., Schneier, B.: Second preimages on n-bit hash functions for much less than 2n work. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 474–490. Springer, Heidelberg (2005)
Dean, R.D.: Formal aspects of mobile code security. Ph.D Dissertation, Princeton University (January 1999)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hong, D., Koo, B., Sasaki, Y. (2010). Improved Preimage Attack for 68-Step HAS-160. In: Lee, D., Hong, S. (eds) Information, Security and Cryptology – ICISC 2009. ICISC 2009. Lecture Notes in Computer Science, vol 5984. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14423-3_22
Download citation
DOI: https://doi.org/10.1007/978-3-642-14423-3_22
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-14422-6
Online ISBN: 978-3-642-14423-3
eBook Packages: Computer ScienceComputer Science (R0)