Related-Key Rectangle Attack of the Full HAS-160 Encryption Mode

  • Orr Dunkelman
  • Ewan Fleischmann
  • Michael Gorski
  • Stefan Lucks
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5922)


In this paper we investigate the security of the encryption mode of the HAS-160 hash function. HAS-160 is a Korean hash standard which is widely used in Korean industry. The structure of HAS-160 is similar to SHA-1 besides some modifications. In this paper, we present the first cryptographic attack that breaks the encryption mode of the full 80-round HAS-160. SHACAL-1 and the encryption mode of HAS-160 are both blockciphers with key size 512 bits and plain-/ciphertext size of 160 bits.

We apply a key recovery attack that needs about 2155 chosen plaintexts and 2377.5 80-round HAS-160 encryptions. The attack does not aim for a collision, preimage or 2nd-preimage attack, but it shows that HAS-160 used as a block cipher can be differentiated from an ideal cipher faster than exhaustive search.


differential cryptanalysis related-key rectangle attack  HAS-160 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Telecommunications Technology Association. Hash Function Standard Part 2: Hash Function Algorithm Standard (HAS-160). TTAS.KO-12.0011/R1 (December 2000)Google Scholar
  2. 2.
    Biham, E.: New Types of Cryptanalytic Attacks Using Related Keys. J. Cryptology 7(4), 229–246 (1994)MATHCrossRefGoogle Scholar
  3. 3.
    Biham, E., Dunkelman, O., Keller, N.: The Rectangle Attack - Rectangling the Serpent. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 340–357. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  4. 4.
    Biham, E., Dunkelman, O., Keller, N.: Related-Key Boomerang and Rectangle Attacks. In: Cramer (ed.) [8], pp. 507–525Google Scholar
  5. 5.
    Biham, E., Shamir, A.: Differential Cryptanalysis of DES-like Cryptosystems. In: Menezes, A., Vanstone, S.A. (eds.) [16], pp. 2–21Google Scholar
  6. 6.
    Brassard, G. (ed.): CRYPTO 1989. LNCS, vol. 435. Springer, Heidelberg (1990)Google Scholar
  7. 7.
    Cho, H.-S., Park, S., Sung, S.H., Yun, A.: Collision Search Attack for 53-Step HAS-160. In: Rhee, M.S., Lee, B. (eds.) ICISC 2006. LNCS, vol. 4296, pp. 286–295. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  8. 8.
    Cramer, R. (ed.): EUROCRYPT 2005. LNCS, vol. 3494. Springer, Heidelberg (2005)MATHGoogle Scholar
  9. 9.
    Damgård, I.: A Design Principle for Hash Functions. In: Brassard, G. (ed.) [6], pp. 416–427Google Scholar
  10. 10.
    Hong, S., Kim, J., Kim, G., Sung, J., Lee, C., Lee, S.: Impossible Differential Attack on 30-Round SHACAL-2. In: Johansson, T., Maitra, S. (eds.) INDOCRYPT 2003. LNCS, vol. 2904, pp. 97–106. Springer, Heidelberg (2003)Google Scholar
  11. 11.
    Hong, S., Kim, J., Lee, S., Preneel, B.: Related-Key Rectangle Attacks on Reduced Versions of SHACAL-1 and AES-192. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 368–383. Springer, Heidelberg (2005)Google Scholar
  12. 12.
    Kelsey, J., Kohno, T., Schneier, B.: Amplified Boomerang Attacks Against Reduced-Round MARS and Serpent. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 75–93. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  13. 13.
    Kim, J., Kim, G., Hong, S., Lee, S., Hong, D.: The Related-Key Rectangle Attack - Application to SHACAL-1. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 123–136. Springer, Heidelberg (2004)Google Scholar
  14. 14.
    Lu, J., Kim, J., Keller, N., Dunkelman, O.: Related-Key Rectangle Attack on 42-Round SHACAL-2. In: Katsikas, S.K., López, J., Backes, M., Gritzalis, S., Preneel, B. (eds.) ISC 2006. LNCS, vol. 4176, pp. 85–100. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  15. 15.
    Mendel, F., Rijmen, V.: Colliding Message Pair for 53-Step HAS-160. In: Nam, K.-H., Rhee, G. (eds.) ICISC 2007. LNCS, vol. 4817, pp. 324–334. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  16. 16.
    Menezes, A., Vanstone, S.A. (eds.): CRYPTO 1990. LNCS, vol. 537. Springer, Heidelberg (1991)MATHGoogle Scholar
  17. 17.
    Merkle, R.C.: One Way Hash Functions and DES. In: Brassard (ed.) [6], pp. 428–446Google Scholar
  18. 18.
    National Institute of Standards and Technology. FIPS 180-1: Secure Hash Standard (April 1995),
  19. 19.
    Rivest, R.: The MD5 Message-Digest Algorithm. Request for Comments: 1321 (April 1992),
  20. 20.
    Rivest, R.L.: The MD4 Message Digest Algorithm. In: Menezes, A., Vanstone, S.A. (eds.) [16], pp. 303–311Google Scholar
  21. 21.
    Wagner, D.: The Boomerang Attack. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol. 1636, pp. 156–170. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  22. 22.
    Wang, X., Lai, X., Feng, D., Chen, H., Yu, X.: Cryptanalysis of the Hash Functions MD4 and RIPEMD. In: Cramer, R. (ed.) [8], pp. 1–18Google Scholar
  23. 23.
    Yun, A., Sung, S.H., Park, S., Chang, D., Hong, S., Cho, H.-S.: Finding Collision on 45-Step HAS-160. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 146–155. Springer, Heidelberg (2006)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Orr Dunkelman
    • 1
  • Ewan Fleischmann
    • 2
  • Michael Gorski
    • 2
  • Stefan Lucks
    • 2
  1. 1.Ecole Normale SuperieureFrance
  2. 2.Bauhaus-University WeimarGermany

Personalised recommendations