Abstract
In this paper, we present preimage attacks on hash function ARIRANG, which is one of the first round candidates in the SHA-3 competition. Although ARIRANG was not chosen for the second round, the vulnerability as a hash function has not been discovered yet. ARIRANG has an unique design where the feed-forward operation is computed not only after the last step but also in a middle step. In fact, this design prevents previous preimage attacks from breaking full steps. In this paper, we apply a framework of meet-in-the-middle preimage attacks to ARIRANG. Specifically, we propose a new initial-structure technique optimized for ARIRANG that overcomes the use of the feed-forward to the middle. This enables us to find preimages of full steps ARIRANG-256 and ARIRANG-512 with 2254 and 2505 compression function operations and 26 and 216 amount of memory, respectively. These are the first results breaking the security of ARIRANG as a hash function.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Wang, X., Yu, H.: How to Break MD5 and other Hash Functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005)
Wang, X., Yin, Y.L., Yu, H.: Finding Collisions in the Full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)
U.S. Department of Commerce, National Institute of Standards and Technology: Federal Register, vol. 72(212) (November 2, 2007)
Chang, D., Hong, S., Kang, C., Kang, J., Kim, J., Lee, C., Lee, J., Lee, J., Lee, S., Lee, Y., Lim, J., Sung, J.: Arirang : Sha-3 proposal, http://cist.korea.ac.kr/~arirang/Arirang.pdf
Guo, J., Matusiewicz, K., Knudsen, L.R., Ling, S., Wang, H.: Practical Pseudo-Collisions for Hash Functions ARIRANG-224/384. In: Jacobson Jr., M.J., Rijmen, V., Safavi-Naini, R. (eds.) SAC 2009. LNCS, vol. 5867, pp. 141–156. Springer, Heidelberg (2009)
Hong, D., Kim, W.H., Koo, B.: Preimage attack on ARIRANG. Cryptology ePrint Archive, Report 2009/147 (2009)
Hong, D., Koo, B., Kim, W.-H., Kwon, D.: Preimage Attacks on Reduced Steps of ARIRANG and PKC98-Hash. In: Lee, D., Hong, S. (eds.) ICISC 2009. LNCS, vol. 5984, pp. 315–331. Springer, Heidelberg (2010)
Aoki, K., Sasaki, Y.: Preimage Attacks on One-Block MD4, 63-Step MD5 and More. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 103–119. Springer, Heidelberg (2009)
Sasaki, Y., Aoki, K.: Finding Preimages in Full MD5 Faster than Exhaustive Search. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 134–152. Springer, Heidelberg (2009)
Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of applied cryptography. CRC Press (1997)
Leurent, G.: MD4 is Not One-Way. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 412–428. Springer, Heidelberg (2008)
De Cannière, C., Rechberger, C.: Preimages for Reduced SHA-0 and SHA-1. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 179–202. Springer, Heidelberg (2008)
Guo, J., Ling, S., Rechberger, C., Wang, H.: Advanced Meet-in-the-Middle Preimage Attacks: First Results on Full Tiger, and Improved Results on MD4 and SHA-2. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 56–75. Springer, Heidelberg (2010)
Khovratovich, D., Nikolić, I., Weinmann, R.-P.: Meet-in-the-Middle Attacks on SHA-3 Candidates. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 228–245. Springer, Heidelberg (2009)
Aoki, K., Guo, J., Matusiewicz, K., Sasaki, Y., Wang, L.: Preimages for Step-Reduced SHA-2. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 578–597. Springer, Heidelberg (2009)
Sasaki, Y., Aoki, K.: Preimage Attacks on 3, 4, and 5-Pass HAVAL. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 253–271. Springer, Heidelberg (2008)
Aoki, K., Sasaki, Y.: Meet-in-the-Middle Preimage Attacks Against Reduced SHA-0 and SHA-1. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 70–89. Springer, Heidelberg (2009)
Sasaki, Y., Aoki, K.: Meet-in-the-Middle Preimage Attacks on Double-Branch Hash Functions: Application to RIPEMD and Others. In: Boyd, C., González Nieto, J. (eds.) ACISP 2009. LNCS, vol. 5594, pp. 214–231. Springer, Heidelberg (2009)
Ohtahara, C., Sasaki, Y., Shimoyama, T.: Preimage Attacks on Step-Reduced RIPEMD-128 and RIPEMD-160. In: Lai, X., Yung, M., Lin, D. (eds.) Inscrypt 2010. LNCS, vol. 6584, pp. 169–186. Springer, Heidelberg (2011)
Wang, L., Sasaki, Y., Komatsubara, W., Ohta, K., Sakiyama, K. (Second) Preimage Attacks on Step-Reduced Ripemd/Ripemd-128 with a New Local-Collision Approach. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 197–212. Springer, Heidelberg (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ohtahara, C., Okada, K., Sasaki, Y., Shimoyama, T. (2012). Preimage Attacks on Full-ARIRANG: Analysis of DM-Mode with Middle Feed-Forward. In: Jung, S., Yung, M. (eds) Information Security Applications. WISA 2011. Lecture Notes in Computer Science, vol 7115. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-27890-7_4
Download citation
DOI: https://doi.org/10.1007/978-3-642-27890-7_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-27889-1
Online ISBN: 978-3-642-27890-7
eBook Packages: Computer ScienceComputer Science (R0)