Boomerang Distinguishers for Full HAS-160 Compression Function
This paper studies a boomerang-attack-based distinguisher against full steps of the compression function of HAS-160, which is the hash function standard in Korea. The attack produces a second-order collision for the full steps of the compression function with a complexity of 276.06, which is faster than the currently best-known generic attack with a complexity of 280. Previously Dunkelman et al. in 2009 applied a boomerang-based key-recovery attack on the internal block cipher of HAS-160. Because the goal of their attack is different from ours, the attack on the compression function has been reconstructed and optimized from scratch. As a result of the exhaustive search of the message difference, we found that the same message difference as theirs is the best choice for the first subcipher. We then propose some improvement to construct a differential characteristic from the message difference, which the probability of the characteristic increases from 2− 47 to 2− 44. Thus our new characteristic also improves their key-recovery attack on the internal block cipher of HAS-160.
KeywordsHAS-160 hash function 4-sum second-order collision boomerang attack
- 1.Telecommunications Technology Association.: Hash Function Standard Part 2: Hash Function Algorithm Standard, HAS-160 (2000)Google Scholar
- 9.Aumasson, J.-P., Çalık, Ç., Meier, W., Özen, O., Phan, R.C.-W., Varıcı, K.: Improved Cryptanalysis of Skein. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 542–559. Springer, Heidelberg (2009); Extended version is available at Cryptology ePrint Archive: Report 2009/438CrossRefGoogle Scholar
- 11.Lamberger, M., Mendel, F.: Higher-order differential attack on reduced SHA-256. Cryptology ePrint Archive, Report 2011/037 (2011), http://eprint.iacr.org/2011/037
- 13.Sasaki, Y., Wang, L.: 2-dimension sums: Distinguishers beyond three rounds of RIPEMD-128 and RIPEMD-160. Cryptology ePrint Archive, Report 2012/049 (2012), http://eprint.iacr.org/2012/049
- 18.Mendel, F., Peyrin, T., Rechberger, C., Schläffer, M.: Improved Cryptanalysis of the Reduced Grøstl Compression Function, ECHO Permutation and AES Block Cipher. In: Jacobson Jr., M.J., Rijmen, V., Safavi-Naini, R. (eds.) SAC 2009. LNCS, vol. 5867, pp. 16–35. Springer, Heidelberg (2009)CrossRefGoogle Scholar