Difference between revisions of "HAS-160"

From The ECRYPT Hash Function Website
(Specification)
m (elated-Key Rectangle Attack of the Full 80-Round HAS-160 Encryption Mode)
 
(3 intermediate revisions by the same user not shown)
Line 4: Line 4:
 
* max. message length: < 2<sup>64</sup> bits
 
* max. message length: < 2<sup>64</sup> bits
 
* compression function: 512-bit message block, 160-bit chaining variable
 
* compression function: 512-bit message block, 160-bit chaining variable
* Specification:
+
* Specification: http://www.randombit.net/text/has160.html
  
 
== Cryptanalysis ==
 
== Cryptanalysis ==
Line 10: Line 10:
  
 
=== Best Known Results ===
 
=== Best Known Results ===
 +
 +
The best known attack on HAS-160 is the collision attack of Mendel and Rijmen for 59 (out of 80) steps with a complexity of 2<sup>55</sup>. The best collision example for 53 steps of HAS-160 was also presented by Mendel and Rijmen.
  
 
----
 
----
Line 19: Line 21:
  
 
=== Collision Attacks ===
 
=== Collision Attacks ===
 +
 +
<bibtex>
 +
@inproceedings{iciscMendelR07,
 +
  author    = {Florian Mendel and Vincent Rijmen},
 +
  title    = {Colliding Message Pair for 53-Step HAS-160},
 +
  booktitle = {ICISC},
 +
  year      = {2007},
 +
  pages    = {324-334},
 +
  url        = {http://dx.doi.org/10.1007/978-3-540-76788-6_26},
 +
  editor    = {Kil-Hyun Nam and Gwangsoo Rhee},
 +
  publisher = {Springer},
 +
  series    = {LNCS},
 +
  volume    = {4817},
 +
  isbn      = {978-3-540-76787-9},
 +
  abstract  = {HAS-160 is an iterated cryptographic hash function that is widely used in Korea. In this article, we present a collision attack on the hash function HAS-160 reduced to 53-steps. The attack has a complexity of about 2^{35} hash computations. It is based on the work of Cho et al. presented at ICISC 2006. We improve the attack complexity of Cho et al. by a factor of about 2^{20} using a slightly different strategy for message modification in the first 20 steps of the hash function and present the first actual colliding message pair for 53-step HAS-160. Furthermore, we show how the attack can be extended to 59-step HAS-160 by using a characteristic spanning over two message blocks.},
 +
}
 +
</bibtex>
 +
 +
<bibtex>
 +
@inproceedings{iciscChoPSY06,
 +
  author    = {Hong-Su Cho and Sangwoo Park and Soo Hak Sung and Aaram Yun},
 +
  title    = {Collision Search Attack for 53-Step HAS-160},
 +
  booktitle = {ICISC},
 +
  year      = {2006},
 +
  pages    = {286-295},
 +
  url        = {http://dx.doi.org/10.1007/11927587_24},
 +
  editor    = {Min Surp Rhee and Byoungcheon Lee},
 +
  publisher = {Springer},
 +
  series    = {LNCS},
 +
  volume    = {4296},
 +
  isbn      = {3-540-49112-0},
 +
  abstract  = {HAS-160 is a cryptographic hash function which is designed and used widely in Korea. In ICISC 2005, Yun et al. presented a collision search attack for the first 45 steps of HAS-160. In this paper, we extend the result to the first 53 steps of HAS-160. The time complexity of the attack is about 2^{55}.},
 +
}
 +
</bibtex>
 +
 +
<bibtex>
 +
@inproceedings{iciscYunSPCHC05,
 +
  author    = {Aaram Yun and Soo Hak Sung and Sangwoo Park and Donghoon Chang and Seokhie Hong and Hong-Su Cho},
 +
  title    = {Finding Collision on 45-Step HAS-160},
 +
  booktitle = {ICISC},
 +
  year      = {2005},
 +
  pages    = {146-155},
 +
  url        = {http://dx.doi.org/10.1007/11734727_13},
 +
  editor    = {Dongho Won and Seungjoo Kim},
 +
  publisher = {Springer},
 +
  series    = {LNCS},
 +
  volume    = {3935},
 +
  isbn      = {3-540-33354-1},
 +
  abstract  = {HAS-160 is a cryptographic hash function designed and used widely in Korea. While similar in structure to SHA-1, up to now there was no published attack or security analysis of the algorithm. Applying techniques introduced by Wang et al., we have found collision in the first 45 steps of HAS-160, with complexity 2^{12}.},
 +
}
 +
</bibtex>
  
 
----
 
----
Line 32: Line 85:
  
 
=== Others ===
 
=== Others ===
 +
 +
<bibtex>
 +
@misc{cryptoeprint:2009:335,
 +
    author = {Ewan Fleischmann and Michael Gorski and Stefan Lucks},
 +
    title = {Related-Key Rectangle Attack of the Full 80-Round HAS-160 Encryption Mode},
 +
    howpublished = {Cryptology ePrint Archive, Report 2009/335},
 +
    year = {2009},
 +
    note = {\url{http://eprint.iacr.org/}},
 +
    url = {http://eprint.iacr.org/2009/335.pdf},
 +
    abstract = { In this paper we investigate the security of the encryption mode of the HAS-160 hash function. HAS-160 is a Korean hash standard which is widely used in Korea's industry. The structure of HAS-160 is similar to SHA-1 but includes some improvements. The encryption mode of HAS-160 is defined similarly as the encryption mode of SHA-1 that is called SHACAL-1. In 2006, Dunkelman et. al. successfully broke the full 80-round SHACAL-1. In this paper, we present the first cryptographic attack that breaks the encryption mode of the full 80-round HAS-160. SHACAL-1 and the encryption mode of HAS-160 are both blockciphers with key size 512 bits and plain-/ciphertext size of 160 bits.
 +
 +
We will apply a key recovery attack that needs about 2^{155} chosen plaintexts and 2^{375.98} 80-round HAS-160 encryptions. The attack does not aim for a collision, preimage or 2nd-preimage attack, but it shows that HAS-160 used as a block cipher can be differentiated from an ideal cipher faster than exhaustive search.},
 +
}
 +
</bibtex>

Latest revision as of 13:29, 9 July 2009

1 Specification

2 Cryptanalysis

2.1 Best Known Results

The best known attack on HAS-160 is the collision attack of Mendel and Rijmen for 59 (out of 80) steps with a complexity of 255. The best collision example for 53 steps of HAS-160 was also presented by Mendel and Rijmen.


2.2 Generic Attacks


2.3 Collision Attacks

Florian Mendel, Vincent Rijmen - Colliding Message Pair for 53-Step HAS-160

ICISC 4817:324-334,2007
http://dx.doi.org/10.1007/978-3-540-76788-6_26
Bibtex
Author : Florian Mendel, Vincent Rijmen
Title : Colliding Message Pair for 53-Step HAS-160
In : ICISC -
Address :
Date : 2007

Hong-Su Cho, Sangwoo Park, Soo Hak Sung, Aaram Yun - Collision Search Attack for 53-Step HAS-160

ICISC 4296:286-295,2006
http://dx.doi.org/10.1007/11927587_24
Bibtex
Author : Hong-Su Cho, Sangwoo Park, Soo Hak Sung, Aaram Yun
Title : Collision Search Attack for 53-Step HAS-160
In : ICISC -
Address :
Date : 2006

Aaram Yun, Soo Hak Sung, Sangwoo Park, Donghoon Chang, Seokhie Hong, Hong-Su Cho - Finding Collision on 45-Step HAS-160

ICISC 3935:146-155,2005
http://dx.doi.org/10.1007/11734727_13
Bibtex
Author : Aaram Yun, Soo Hak Sung, Sangwoo Park, Donghoon Chang, Seokhie Hong, Hong-Su Cho
Title : Finding Collision on 45-Step HAS-160
In : ICISC -
Address :
Date : 2005

2.4 Second Preimage Attacks


2.5 Preimage Attacks


2.6 Others

Ewan Fleischmann, Michael Gorski, Stefan Lucks - Related-Key Rectangle Attack of the Full 80-Round HAS-160 Encryption Mode

,2009
http://eprint.iacr.org/2009/335.pdf
Bibtex
Author : Ewan Fleischmann, Michael Gorski, Stefan Lucks
Title : Related-Key Rectangle Attack of the Full 80-Round HAS-160 Encryption Mode
In : -
Address :
Date : 2009