Cryptanalysis of Round-Reduced HAS-160

HAS-160 is an iterated cryptographic hash function that is standardized by the Korean government and widely used in Korea. In this paper, we present a semi-free-start collision for 65 (out of 80) steps of HAS-160 with practical complexity. The basic attack strategy is to construct a long differential characteristic by connecting two short ones by a complex third characteristic. The short characteristics are constructed using techniques from coding theory. To connect them, we are using an automatic search algorithm for the connecting characteristic utilizing the nonlinearity of the step function.

[1]  Antoine Joux,et al.  Differential Collisions in SHA-0 , 1998, CRYPTO.

[2]  Tomislav Nad The CodingTool Library , 2009 .

[3]  Florian Mendel,et al.  Finding SHA-2 Characteristics: Searching through a Minefield of Contradictions , 2011, ASIACRYPT.

[4]  Magnus Daum,et al.  Cryptanalysis of Hash functions of the MD4-family , 2005 .

[5]  Sangwoo Park,et al.  Collision Search Attack for 53-Step HAS-160 , 2006, ICISC.

[6]  Xiaoyun Wang,et al.  How to Break MD5 and Other Hash Functions , 2005, EUROCRYPT.

[7]  Vincent Rijmen,et al.  Update on SHA-1 , 2005, CT-RSA.

[8]  Florian Mendel,et al.  A Distinguisher for the Compression Function of SIMD-512 , 2009, INDOCRYPT.

[9]  Yu Sasaki,et al.  A Preimage Attack for 52-Step HAS-160 , 2009, ICISC.

[10]  Vincent Rijmen,et al.  Exploiting Coding Theory for Collision Attacks on SHA-1 , 2005, IMACC.

[11]  Seokhie Hong,et al.  Finding Collision on 45-Step HAS-160 , 2005, ICISC.

[12]  Hui Chen,et al.  Cryptanalysis of the Hash Functions MD4 and RIPEMD , 2005, EUROCRYPT.

[13]  Joos Vandewalle,et al.  Differential cryptanalysis of hash functions based on block ciphers , 1993, CCS '93.

[14]  Xiaoyun Wang,et al.  Finding Collisions in the Full SHA-1 , 2005, CRYPTO.

[15]  Bart Preneel,et al.  Practical Collisions for EnRUPT , 2009, FSE.

[16]  Vincent Rijmen,et al.  Colliding Message Pair for 53-Step HAS-160 , 2007, ICISC.

[17]  Vincent Rijmen,et al.  Improved Characteristics for Differential Cryptanalysis of Hash Functions Based on Block Ciphers , 1994, FSE.

[18]  Keting Jia,et al.  Near-Collision Attack on the Step-Reduced Compression Function of Skein-256 , 2011, IACR Cryptol. ePrint Arch..

[19]  Yu Sasaki,et al.  Improved Preimage Attack for 68-Step HAS-160 , 2009, ICISC.

[20]  Christophe De Cannière,et al.  Finding SHA-1 Characteristics: General Results and Applications , 2006, ASIACRYPT.

[21]  Anne Canteaut,et al.  A New Algorithm for Finding Minimum-Weight Words in a Linear Code: Application to McEliece’s Cryptosystem and to Narrow-Sense BCH Codes of Length , 1998 .