DOI QR코드

DOI QR Code

Improved Preimage Attacks on RIPEMD-160 and HAS-160

  • Shen, Yanzhao (School of Mathematics, Shandong University) ;
  • Wang, Gaoli (Shanghai Key Laboratory of Trustworthy Computing, School of Computer Science and Software Engineering, East China Normal University)
  • Received : 2017.08.30
  • Accepted : 2017.09.30
  • Published : 2018.02.28

Abstract

The hash function RIPEMD-160 is a worldwide ISO/IEC standard and the hash function HAS-160 is the Korean hash standard and is widely used in Korea. On the basis of differential meet-in-the-middle attack and biclique technique, a preimage attack on 34-step RIPEMD-160 with message padding and a pseudo-preimage attack on 71-step HAS-160 without message padding are proposed. The former is the first preimage attack from the first step, the latter increases the best pseudo-preimage attack from the first step by 5 steps. Furthermore, we locate the linear spaces in another message words and exchange the bicliques construction process and the mask vector search process. A preimage attack on 35-step RIPEMD-160 and a preimage attack on 71-step HAS-160 are presented. Both of the attacks are from the intermediate step and satisfy the message padding. They improve the best preimage attacks from the intermediate step on step-reduced RIPEMD-160 and HAS-160 by 4 and 3 steps respectively. As far as we know, they are the best preimage and pseudo-preimage attacks on step-reduced RIPEMD-160 and HAS-160 respectively in terms of number of steps.

Keywords

References

  1. Xiaoyun Wang and Hongbo Yu, "How to break MD5 and other hash functions," in Proc. of the 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 19-35, May 22-26, 2005.
  2. Eli Biham, Rafi Chen, Antoine Joux, Patrick Carribault, Christophe Lemuet and William Jalby, "Collisions of SHA-0 and reduced SHA-1," in Proc. of the 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 36-57, May 22-26, 2005.
  3. Xiaoyun Wang, Yiqun Lisa Yin and Hongbo Yu, "Finding collisions in the full SHA-1," in Proc. of the 25th Annual International Cryptology Conference, pp. 17-36, August 14-18, 2005.
  4. Kazumaro Aoki and Yu Sasaki, "Preimage attacks on one-block MD4, 63-step MD5 and more," in Proc. of the 15th International Workshop on Selected Areas in Cryptography, pp. 103-119, August 14-15, 2008.
  5. Deukjo Hong, Bonwook Koo and Yu Sasaki, "Improved preimage attack for 68-step HAS-160," in Proc. of the 12th International Conference on Information Security and Cryptology, pp. 332-348, December 2-4, 2009.
  6. Dmitry Khovratovich, Christian Rechberger and Alexandra Savelieva, "Bicliques for preimages: Attacks on Skein-512 and the SHA-2 family," in Proc. of the 19th International Workshop on Fast Software Encryption, pp. 244-263, March 19-21, 2012.
  7. Simon Knellwolf and Dmitry Khovratovich, "New preimage attacks against reduced SHA-1," in Proc. of the 32nd Annual Cryptology Conference, pp. 367-383, August 19-23, 2012.
  8. Chiaki Ohtahara, Yu Sasaki and Takeshi Shimoyama, "Preimage attacks on step-reduced RIPEMD-128 and RIPEMD-160," in Proc. of the 6th International Conference on Information Security and Cryptology, pp. 169-186, October 20-24, 2010.
  9. Yu Sasaki and Kazumaro Aoki, "A preimage attack for 52-step HAS-160," in Proc. of the 11th International Conference on Information Security and Cryptology, pp. 302-317, December 3-5, 2008.
  10. Yu Sasaki and Kazumaro Aoki, "Finding preimages in full MD5 faster than exhaustive search," in Proc. of the 28th Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 134-152, April 26-30, 2009.
  11. Jian Guo, San Ling, Christian Rechberger and Huaxiong Wang, "Advanced meet-in-the-middle preimage attacks: First results on full Tiger, and improved results on MD4 and SHA-2," in Proc. of the 16th International Conference on the Theory and Application of Cryptology and Information Security, pp. 56-75, December 5-9, 2010.
  12. Whitfield Diffie and Martin E. Hellman, "Exhaustive cryptanalysis of the NBS data encryption standard," Computer, vol. 10, no. 6, pp. 74-84, 1977. https://doi.org/10.1109/C-M.1977.217750
  13. Thomas Espitau, Pierre-Alain Fouque and Pierre Karpman, "Higher-order differential meet-in-the-middle preimage attacks on SHA-1 and BLAKE," in Proc. of the 35th Annual Cryptology Conference, pp. 683-701, August 16-20, 2015.
  14. Hans Dobbertin, Antoon Bosselaers and Bart Preneel, "RIPEMD-160: A strengthened version of RIPEMD," in Proc. of the 3rd International Workshop on Fast Software Encryption, pp. 71-82, February 21-23 1996.
  15. International Organization for Standardization, "Information technology - Security techniques - Hash-functions - Part 3: Dedicated hash functions (2004)," ISO/IEC 10118-3:2004, .
  16. Florian Mendel, Norbert Pramstaller, Christian Rechberger and Vincent Rijmen, "On the collision resistance of RIPEMD-160," in Proc. of the 9th International Conference on Information Security, pp. 101-116, August 30 - September 2, 2006.
  17. Florian Mendel, Tomislav Nad, Stefan Scherz and Martin Schlaffer, "Differential attacks on reduced RIPEMD-160," in Proc. of the 15th International Conference on Information Security, pp. 23-38, September 19-21, 2012.
  18. Florian Mendel, Thomas Peyrin, Martin Schlaffer, Lei Wang and Shuang Wu, "Improved cryptanalysis of reduced RIPEMD-160," in Proc. of the 19th International Conference on the Theory and Application of Cryptology and Information Security, pp. 484-503, December 1-5, 2013.
  19. Yu Sasaki and Lei Wang, "Distinguishers beyond three rounds of the RIPEMD-128/-160 compression functions," in Proc. of the 10th International Conference on Applied Cryptography and Network Security, pp. 275-292, June 26-29, 2012.
  20. Telecommunications Technology Association, "Hash Function Standard Part 2: Hash Function Algorithm Standard, HAS-160 (2000)," TTAS.KO-12.0011/R2..
  21. Aaram Yun, Soo Hak Sung, Sangwoo Park, Donghoon Chang, Seokhie Hong and Hong-Su Cho, "Finding collision on 45-step HAS-160," in Proc. of the 8th International Conference on Information Security and Cryptology, pp. 146-155, December 1-2, 2005.
  22. Xiaoyun Wang, Xuejia Lai, Dengguo Feng, Hui Chen and Xiuyuan Yu, "Cryptanalysis of the hash functions MD4 and RIPEMD," in Proc. of the 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 1-18, May 22-26, 2005.
  23. Hong-Su Cho, Sangwoo Park, Soo Hak Sung and Aaram Yun, "Collision search attack for 53-step HAS-160," in Proc. of the 9th International Conference on Information Security and Cryptology, pp. 286-295, November 30 - December 1, 2006.
  24. Florian Mendel and Vincent Rijmen, "Colliding message pair for 53-step HAS-160," in Proc. of the 10th International Conference on Information Security and Cryptology, pp. 324-334, November 29-30, 2007.
  25. Florian Mendel, Tomislav Nad and Martin Schlaffer, "Cryptanalysis of round-reduced HAS-160," in Proc. of the 14th International Conference on Information Security and Cryptology, pp. 33-47, November 30 - December 2, 2011.
  26. Aleksandar Kircanski, Riham AlTawy and Amr M. Youssef, "Heuristic for finding compatible differential paths with application to HAS-160," in Proc. of the 19th International Conference on the Theory and Application of Cryptology and Information Security, pp. 464-483, December 1-5, 2013.
  27. Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone, Handbook of Applied Cryptography, CRC Press, 1996.