Difference between revisions of "HAS-160"
From The ECRYPT Hash Function Website
(→Specification) |
m (elated-Key Rectangle Attack of the Full 80-Round HAS-160 Encryption Mode) |
||
| (3 intermediate revisions by the same user not shown) | |||
| Line 4: | Line 4: | ||
* max. message length: < 2<sup>64</sup> bits | * max. message length: < 2<sup>64</sup> bits | ||
* compression function: 512-bit message block, 160-bit chaining variable | * compression function: 512-bit message block, 160-bit chaining variable | ||
| − | * Specification: | + | * Specification: http://www.randombit.net/text/has160.html |
== Cryptanalysis == | == Cryptanalysis == | ||
| Line 10: | Line 10: | ||
=== Best Known Results === | === Best Known Results === | ||
| + | |||
| + | The best known attack on HAS-160 is the collision attack of Mendel and Rijmen for 59 (out of 80) steps with a complexity of 2<sup>55</sup>. The best collision example for 53 steps of HAS-160 was also presented by Mendel and Rijmen. | ||
---- | ---- | ||
| Line 19: | Line 21: | ||
=== Collision Attacks === | === Collision Attacks === | ||
| + | |||
| + | <bibtex> | ||
| + | @inproceedings{iciscMendelR07, | ||
| + | author = {Florian Mendel and Vincent Rijmen}, | ||
| + | title = {Colliding Message Pair for 53-Step HAS-160}, | ||
| + | booktitle = {ICISC}, | ||
| + | year = {2007}, | ||
| + | pages = {324-334}, | ||
| + | url = {http://dx.doi.org/10.1007/978-3-540-76788-6_26}, | ||
| + | editor = {Kil-Hyun Nam and Gwangsoo Rhee}, | ||
| + | publisher = {Springer}, | ||
| + | series = {LNCS}, | ||
| + | volume = {4817}, | ||
| + | isbn = {978-3-540-76787-9}, | ||
| + | abstract = {HAS-160 is an iterated cryptographic hash function that is widely used in Korea. In this article, we present a collision attack on the hash function HAS-160 reduced to 53-steps. The attack has a complexity of about 2^{35} hash computations. It is based on the work of Cho et al. presented at ICISC 2006. We improve the attack complexity of Cho et al. by a factor of about 2^{20} using a slightly different strategy for message modification in the first 20 steps of the hash function and present the first actual colliding message pair for 53-step HAS-160. Furthermore, we show how the attack can be extended to 59-step HAS-160 by using a characteristic spanning over two message blocks.}, | ||
| + | } | ||
| + | </bibtex> | ||
| + | |||
| + | <bibtex> | ||
| + | @inproceedings{iciscChoPSY06, | ||
| + | author = {Hong-Su Cho and Sangwoo Park and Soo Hak Sung and Aaram Yun}, | ||
| + | title = {Collision Search Attack for 53-Step HAS-160}, | ||
| + | booktitle = {ICISC}, | ||
| + | year = {2006}, | ||
| + | pages = {286-295}, | ||
| + | url = {http://dx.doi.org/10.1007/11927587_24}, | ||
| + | editor = {Min Surp Rhee and Byoungcheon Lee}, | ||
| + | publisher = {Springer}, | ||
| + | series = {LNCS}, | ||
| + | volume = {4296}, | ||
| + | isbn = {3-540-49112-0}, | ||
| + | abstract = {HAS-160 is a cryptographic hash function which is designed and used widely in Korea. In ICISC 2005, Yun et al. presented a collision search attack for the first 45 steps of HAS-160. In this paper, we extend the result to the first 53 steps of HAS-160. The time complexity of the attack is about 2^{55}.}, | ||
| + | } | ||
| + | </bibtex> | ||
| + | |||
| + | <bibtex> | ||
| + | @inproceedings{iciscYunSPCHC05, | ||
| + | author = {Aaram Yun and Soo Hak Sung and Sangwoo Park and Donghoon Chang and Seokhie Hong and Hong-Su Cho}, | ||
| + | title = {Finding Collision on 45-Step HAS-160}, | ||
| + | booktitle = {ICISC}, | ||
| + | year = {2005}, | ||
| + | pages = {146-155}, | ||
| + | url = {http://dx.doi.org/10.1007/11734727_13}, | ||
| + | editor = {Dongho Won and Seungjoo Kim}, | ||
| + | publisher = {Springer}, | ||
| + | series = {LNCS}, | ||
| + | volume = {3935}, | ||
| + | isbn = {3-540-33354-1}, | ||
| + | abstract = {HAS-160 is a cryptographic hash function designed and used widely in Korea. While similar in structure to SHA-1, up to now there was no published attack or security analysis of the algorithm. Applying techniques introduced by Wang et al., we have found collision in the first 45 steps of HAS-160, with complexity 2^{12}.}, | ||
| + | } | ||
| + | </bibtex> | ||
---- | ---- | ||
| Line 32: | Line 85: | ||
=== Others === | === Others === | ||
| + | |||
| + | <bibtex> | ||
| + | @misc{cryptoeprint:2009:335, | ||
| + | author = {Ewan Fleischmann and Michael Gorski and Stefan Lucks}, | ||
| + | title = {Related-Key Rectangle Attack of the Full 80-Round HAS-160 Encryption Mode}, | ||
| + | howpublished = {Cryptology ePrint Archive, Report 2009/335}, | ||
| + | year = {2009}, | ||
| + | note = {\url{http://eprint.iacr.org/}}, | ||
| + | url = {http://eprint.iacr.org/2009/335.pdf}, | ||
| + | abstract = { In this paper we investigate the security of the encryption mode of the HAS-160 hash function. HAS-160 is a Korean hash standard which is widely used in Korea's industry. The structure of HAS-160 is similar to SHA-1 but includes some improvements. The encryption mode of HAS-160 is defined similarly as the encryption mode of SHA-1 that is called SHACAL-1. In 2006, Dunkelman et. al. successfully broke the full 80-round SHACAL-1. In this paper, we present the first cryptographic attack that breaks the encryption mode of the full 80-round HAS-160. SHACAL-1 and the encryption mode of HAS-160 are both blockciphers with key size 512 bits and plain-/ciphertext size of 160 bits. | ||
| + | |||
| + | We will apply a key recovery attack that needs about 2^{155} chosen plaintexts and 2^{375.98} 80-round HAS-160 encryptions. The attack does not aim for a collision, preimage or 2nd-preimage attack, but it shows that HAS-160 used as a block cipher can be differentiated from an ideal cipher faster than exhaustive search.}, | ||
| + | } | ||
| + | </bibtex> | ||
Latest revision as of 13:29, 9 July 2009
Contents
1 Specification
- digest size: 160 bits
- max. message length: < 264 bits
- compression function: 512-bit message block, 160-bit chaining variable
- Specification: http://www.randombit.net/text/has160.html
2 Cryptanalysis
2.1 Best Known Results
The best known attack on HAS-160 is the collision attack of Mendel and Rijmen for 59 (out of 80) steps with a complexity of 255. The best collision example for 53 steps of HAS-160 was also presented by Mendel and Rijmen.
2.2 Generic Attacks
2.3 Collision Attacks
Florian Mendel, Vincent Rijmen - Colliding Message Pair for 53-Step HAS-160
- ICISC 4817:324-334,2007
- http://dx.doi.org/10.1007/978-3-540-76788-6_26
BibtexAuthor : Florian Mendel, Vincent Rijmen
Title : Colliding Message Pair for 53-Step HAS-160
In : ICISC -
Address :
Date : 2007
Hong-Su Cho, Sangwoo Park, Soo Hak Sung, Aaram Yun - Collision Search Attack for 53-Step HAS-160
- ICISC 4296:286-295,2006
- http://dx.doi.org/10.1007/11927587_24
BibtexAuthor : Hong-Su Cho, Sangwoo Park, Soo Hak Sung, Aaram Yun
Title : Collision Search Attack for 53-Step HAS-160
In : ICISC -
Address :
Date : 2006
Aaram Yun, Soo Hak Sung, Sangwoo Park, Donghoon Chang, Seokhie Hong, Hong-Su Cho - Finding Collision on 45-Step HAS-160
- ICISC 3935:146-155,2005
- http://dx.doi.org/10.1007/11734727_13
BibtexAuthor : Aaram Yun, Soo Hak Sung, Sangwoo Park, Donghoon Chang, Seokhie Hong, Hong-Su Cho
Title : Finding Collision on 45-Step HAS-160
In : ICISC -
Address :
Date : 2005
2.4 Second Preimage Attacks
2.5 Preimage Attacks
2.6 Others
Ewan Fleischmann, Michael Gorski, Stefan Lucks - Related-Key Rectangle Attack of the Full 80-Round HAS-160 Encryption Mode
