Paper 2009/335

Related-Key Rectangle Attack of the Full 80-Round HAS-160 Encryption Mode

Ewan Fleischmann, Michael Gorski, and Stefan Lucks

Abstract

In this paper we investigate the security of the encryption mode of the HAS-160 hash function. HAS-160 is a Korean hash standard which is widely used in Korea's industry. The structure of HAS-160 is similar to SHA-1 but includes some improvements. The encryption mode of HAS-160 is defined similarly as the encryption mode of SHA-1 that is called SHACAL-1. In 2006, Dunkelman et. al. successfully broke the full 80-round SHACAL-1. In this paper, we present the first cryptographic attack that breaks the encryption mode of the full 80-round HAS-160. SHACAL-1 and the encryption mode of HAS-160 are both blockciphers with key size 512 bits and plain-/ciphertext size of 160 bits. We will apply a key recovery attack that needs about 2^{155} chosen plaintexts and 2^{375.98} 80-round HAS-160 encryptions. The attack does not aim for a collision, preimage or 2nd-preimage attack, but it shows that HAS-160 used as a block cipher can be differentiated from an ideal cipher faster than exhaustive search.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. INDOCRYPT 2009
Keywords
differential cryptanalysisrelated-key rectangle attackHAS-160
Contact author(s)
michael Gorski @ uni-weimar de
History
2009-12-26: revised
2009-07-09: received
See all versions
Short URL
https://ia.cr/2009/335
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2009/335,
      author = {Ewan Fleischmann and Michael Gorski and Stefan Lucks},
      title = {Related-Key Rectangle Attack of the Full 80-Round {HAS}-160 Encryption Mode},
      howpublished = {Cryptology {ePrint} Archive, Paper 2009/335},
      year = {2009},
      url = {https://eprint.iacr.org/2009/335}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.