Preimage Attacks on Full-ARIRANG: Analysis of DM-Mode with Middle Feed-Forward
In this paper, we present preimage attacks on hash function ARIRANG, which is one of the first round candidates in the SHA-3 competition. Although ARIRANG was not chosen for the second round, the vulnerability as a hash function has not been discovered yet. ARIRANG has an unique design where the feed-forward operation is computed not only after the last step but also in a middle step. In fact, this design prevents previous preimage attacks from breaking full steps. In this paper, we apply a framework of meet-in-the-middle preimage attacks to ARIRANG. Specifically, we propose a new initial-structure technique optimized for ARIRANG that overcomes the use of the feed-forward to the middle. This enables us to find preimages of full steps ARIRANG-256 and ARIRANG-512 with 2254 and 2505 compression function operations and 26 and 216 amount of memory, respectively. These are the first results breaking the security of ARIRANG as a hash function.
KeywordsARIRANG SHA-3 hash function middle feed-forward preimage
Unable to display preview. Download preview PDF.
- 3.U.S. Department of Commerce, National Institute of Standards and Technology: Federal Register, vol. 72(212) (November 2, 2007)Google Scholar
- 4.Chang, D., Hong, S., Kang, C., Kang, J., Kim, J., Lee, C., Lee, J., Lee, J., Lee, S., Lee, Y., Lim, J., Sung, J.: Arirang : Sha-3 proposal, http://cist.korea.ac.kr/~arirang/Arirang.pdf
- 6.Hong, D., Kim, W.H., Koo, B.: Preimage attack on ARIRANG. Cryptology ePrint Archive, Report 2009/147 (2009)Google Scholar
- 10.Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of applied cryptography. CRC Press (1997)Google Scholar