Practical Pseudo-collisions for Hash Functions ARIRANG-224/384

  • Jian Guo
  • Krystian Matusiewicz
  • Lars R. Knudsen
  • San Ling
  • Huaxiong Wang
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5867)

Abstract

In this paper we analyse the security of the SHA-3 candidate ARIRANG. We show that bitwise complementation of whole registers turns out to be very useful for constructing high-probability differential characteristics in the function. We use this approach to find near-collisions with Hamming weight 32 for the full compression function as well as collisions for the compression function of ARIRANG reduced to 26 rounds, both with complexity close to 20 and memory requirements of only a few words. We use near collisions for the compression function to construct pseudo-collisions for the complete hash functions ARIRANG-224 and ARIRANG-384 with complexity 223 and close to 20, respectively. We implemented the attacks and provide examples of appropriate pairs of H,M values. We also provide possible configurations which may give collisions for step-reduced and full ARIRANG.

Keywords

practical pseudo-collision ARIRANG hash function 

References

  1. 1.
    Chang, D., Hong, S., Kang, C., Kang, J., Kim, J., Lee, C., Lee, J., Lee, J., Lee, S., Lee, Y., Lim, J., Sung, J.: ARIRANG: SHA-3 Proposal. NIST SHA-3 candidate, http://csrc.nist.gov/groups/ST/hash/sha-3/Round1/documents/ARIRANG.zip
  2. 2.
    Contini, S., Matusiewicz, K., Pieprzyk, J.: Extending FORK-256 attack to the full hash function. In: Qing, S., Imai, H., Wang, G. (eds.) ICICS 2007. LNCS, vol. 4861, pp. 296–305. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  3. 3.
    Hong, D., Kim, W.-H., Koo, B.: Preimage attack on arirang. Cryptology ePrint Archive, Report 2009/147 (2009), http://eprint.iacr.org/2009/147
  4. 4.
    Hong, D., Sung, J., Lee, S., Moon, D., Chee, S.: A new dedicated 256-bit hash function. In: Robshaw, M.J.B. (ed.) FSE 2006. LNCS, vol. 4047, pp. 195–209. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  5. 5.
    Indesteege, S., Mendel, F., Rechberger, C., Schläffer, M.: Practical Collisions for SHAMATA. In: Jacobson, M.J., Rijmen, V., Safavi-Naini, R. (eds.) SAC 2009. LNCS, vol. 5867, pp. 1–15. Springer, Heidelberg (2009)Google Scholar
  6. 6.
    Matusiewicz, K., Peyrin, T., Billet, O., Contini, S., Pieprzyk, J.: Cryptanalysis of FORK-256. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 19–38. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  7. 7.
    Mendel, F., Lano, J., Preneel, B.: Cryptanalysis of reduced variants of the FORK-256 hash function. In: Abe, M. (ed.) CT-RSA 2007. LNCS, vol. 4377, pp. 85–100. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  8. 8.
    Saarinen, M.-J.: A Meet-in-the-Middle collision attack against the new FORK-256. In: Srinathan, K., Rangan, C.P., Yung, M. (eds.) INDOCRYPT 2007. LNCS, vol. 4859, pp. 10–17. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  9. 9.
    Schneier, B., Kesley, J.: Unbalanced Feistel networks and block cipher design. In: Gollmann, D. (ed.) FSE 1996. LNCS, vol. 1039, pp. 121–144. Springer, Heidelberg (1996)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Jian Guo
    • 1
  • Krystian Matusiewicz
    • 2
  • Lars R. Knudsen
    • 2
  • San Ling
    • 1
  • Huaxiong Wang
    • 1
  1. 1.Division of Mathematical Sciences,School of Physical and Mathematical SciencesNanyang Technological UniversitySingapore
  2. 2.Department of MathematicsTechnical University of DenmarkDenmark

Personalised recommendations