Improved Preimage Attack for 68-Step HAS-160
In this paper, we improve previous preimage attacks on hash function HAS-160, which is standardized in Korea. We show that the last 68 steps out of 80 steps of HAS-160 can be attacked, while a previous attack works for only intermediate 52 steps. We also show that the first 67 steps of HAS-160 can be attacked. These attacks are based on the meet-in-the-middle attack, which is also used in the previous attack. Recently, various techniques of preimage attacks have been proposed on other hash functions. We show that these techniques can also be applied to HAS-160 and the number of attacked steps can be improved. For the attack on 68 steps, we first generate pseudo-preimages with a complexity of 2150.7, and then convert them to a preimage with a complexity of 2156.3. This attack uses a memory of 212 ×7 words. To the best of our knowledge, attacking 68 steps is the best of all attacks on HAS-160 hash function.
KeywordsHAS-160 hash function preimage meet-in-the-middle
Unable to display preview. Download preview PDF.
- 1.U.S. Department of Commerce, National Institute of Standards and Technology: Federal Register/Notices Vol. 72(212), November 2 (2007), http://csrc.nist.gov/groups/ST/hash/documents/FR_Notice_Nov07.pdf
- 2.Telecommunications Technology Association.: Hash Function Standard Part 2: Hash Function Algorithm Standard, HAS-160 (2000)Google Scholar
- 3.U.S. Department of Commerce, National Institute of Standards and Technology: Secure Hash Standard (SHS) (Federal Information Processing Standards Publication 180-3) (2008), http://csrc.nist.gov/publications/fips/fips180-3/fips180-3_final.pdf
- 14.Chang, D., Hong, S., Kang, C., Kang, J., Kim, J., Lee, C., Lee, J., Lee, J., Lee, S., Lee, Y., Lim, J., Sung, J.: ARIRANG. Available at NIST home page, http://csrc.nist.gov/groups/ST/hash/sha-3/Round1/submissions_rnd1.html
- 15.Hong, D., Kim, W.H., Koo, B.: Preimage attack on ARIRANG. Cryptology ePrint Archive, Report 2009/147 (2009), http://eprint.iacr.org/2009/147
- 16.Hong, D., Kim, W.H., Koo, B., Kwon, D.: Preimage attacks on reduced steps of ARIRANG and PKC 1998-Hash. Number 8A-2 in USB memory distributed at ICISC 2009 (2009)Google Scholar
- 21.Cannière, C.D., Rechberger, C.: Preimages for reduced SHA-0 and SHA-1. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 179–202. Springer, Heidelberg (2008)Google Scholar
- 22.Kelsey, J., Schneier, B.: Second preimages on n-bit hash functions for much less than 2n work. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 474–490. Springer, Heidelberg (2005)Google Scholar
- 23.Dean, R.D.: Formal aspects of mobile code security. Ph.D Dissertation, Princeton University (January 1999)Google Scholar