Difference between revisions of "HAS-160"
From The ECRYPT Hash Function Website
(→Best Known Results) |
m (elated-Key Rectangle Attack of the Full 80-Round HAS-160 Encryption Mode) |
||
| (One intermediate revision by the same user not shown) | |||
| Line 4: | Line 4: | ||
* max. message length: < 2<sup>64</sup> bits | * max. message length: < 2<sup>64</sup> bits | ||
* compression function: 512-bit message block, 160-bit chaining variable | * compression function: 512-bit message block, 160-bit chaining variable | ||
| − | * Specification: | + | * Specification: http://www.randombit.net/text/has160.html |
== Cryptanalysis == | == Cryptanalysis == | ||
| Line 85: | Line 85: | ||
=== Others === | === Others === | ||
| + | |||
| + | <bibtex> | ||
| + | @misc{cryptoeprint:2009:335, | ||
| + | author = {Ewan Fleischmann and Michael Gorski and Stefan Lucks}, | ||
| + | title = {Related-Key Rectangle Attack of the Full 80-Round HAS-160 Encryption Mode}, | ||
| + | howpublished = {Cryptology ePrint Archive, Report 2009/335}, | ||
| + | year = {2009}, | ||
| + | note = {\url{http://eprint.iacr.org/}}, | ||
| + | url = {http://eprint.iacr.org/2009/335.pdf}, | ||
| + | abstract = { In this paper we investigate the security of the encryption mode of the HAS-160 hash function. HAS-160 is a Korean hash standard which is widely used in Korea's industry. The structure of HAS-160 is similar to SHA-1 but includes some improvements. The encryption mode of HAS-160 is defined similarly as the encryption mode of SHA-1 that is called SHACAL-1. In 2006, Dunkelman et. al. successfully broke the full 80-round SHACAL-1. In this paper, we present the first cryptographic attack that breaks the encryption mode of the full 80-round HAS-160. SHACAL-1 and the encryption mode of HAS-160 are both blockciphers with key size 512 bits and plain-/ciphertext size of 160 bits. | ||
| + | |||
| + | We will apply a key recovery attack that needs about 2^{155} chosen plaintexts and 2^{375.98} 80-round HAS-160 encryptions. The attack does not aim for a collision, preimage or 2nd-preimage attack, but it shows that HAS-160 used as a block cipher can be differentiated from an ideal cipher faster than exhaustive search.}, | ||
| + | } | ||
| + | </bibtex> | ||
Latest revision as of 13:29, 9 July 2009
Contents
1 Specification
- digest size: 160 bits
- max. message length: < 264 bits
- compression function: 512-bit message block, 160-bit chaining variable
- Specification: http://www.randombit.net/text/has160.html
2 Cryptanalysis
2.1 Best Known Results
The best known attack on HAS-160 is the collision attack of Mendel and Rijmen for 59 (out of 80) steps with a complexity of 255. The best collision example for 53 steps of HAS-160 was also presented by Mendel and Rijmen.
2.2 Generic Attacks
2.3 Collision Attacks
Florian Mendel, Vincent Rijmen - Colliding Message Pair for 53-Step HAS-160
- ICISC 4817:324-334,2007
- http://dx.doi.org/10.1007/978-3-540-76788-6_26
BibtexAuthor : Florian Mendel, Vincent Rijmen
Title : Colliding Message Pair for 53-Step HAS-160
In : ICISC -
Address :
Date : 2007
Hong-Su Cho, Sangwoo Park, Soo Hak Sung, Aaram Yun - Collision Search Attack for 53-Step HAS-160
- ICISC 4296:286-295,2006
- http://dx.doi.org/10.1007/11927587_24
BibtexAuthor : Hong-Su Cho, Sangwoo Park, Soo Hak Sung, Aaram Yun
Title : Collision Search Attack for 53-Step HAS-160
In : ICISC -
Address :
Date : 2006
Aaram Yun, Soo Hak Sung, Sangwoo Park, Donghoon Chang, Seokhie Hong, Hong-Su Cho - Finding Collision on 45-Step HAS-160
- ICISC 3935:146-155,2005
- http://dx.doi.org/10.1007/11734727_13
BibtexAuthor : Aaram Yun, Soo Hak Sung, Sangwoo Park, Donghoon Chang, Seokhie Hong, Hong-Su Cho
Title : Finding Collision on 45-Step HAS-160
In : ICISC -
Address :
Date : 2005
2.4 Second Preimage Attacks
2.5 Preimage Attacks
2.6 Others
Ewan Fleischmann, Michael Gorski, Stefan Lucks - Related-Key Rectangle Attack of the Full 80-Round HAS-160 Encryption Mode
