Related-key rectangle attack of the full HAS-160 encryption mode

Orr Dunkelman, Ewan Fleischmann, Michael Gorski, Stefan Lucks

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

In this paper we investigate the security of the encryption mode of the HAS-160 hash function. HAS-160 is a Korean hash standard which is widely used in Korean industry. The structure of HAS-160 is similar to SHA-1 besides some modifications. In this paper, we present the first cryptographic attack that breaks the encryption mode of the full 80-round HAS-160. SHACAL-1 and the encryption mode of HAS-160 are both blockciphers with key size 512 bits and plain-/ciphertext size of 160 bits. We apply a key recovery attack that needs about 2155 chosen plaintexts and 2377.5 80-round HAS-160 encryptions. The attack does not aim for a collision, preimage or 2nd-preimage attack, but it shows that HAS-160 used as a block cipher can be differentiated from an ideal cipher faster than exhaustive search.

Original languageEnglish
Title of host publicationProgress in Cryptology - INDOCRYPT 2009 - 10th International Conference on Cryptology in India, Proceedings
Pages157-168
Number of pages12
DOIs
StatePublished - 2009
Externally publishedYes
Event10th International Conference on Cryptology in India, INDOCRYPT 2009 - New Delhi, India
Duration: 13 Dec 200916 Dec 2009

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume5922 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference10th International Conference on Cryptology in India, INDOCRYPT 2009
Country/TerritoryIndia
CityNew Delhi
Period13/12/0916/12/09

Keywords

  • Differential cryptanalysis
  • HAS-160
  • Related-key rectangle attack

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science (all)

Fingerprint

Dive into the research topics of 'Related-key rectangle attack of the full HAS-160 encryption mode'. Together they form a unique fingerprint.

Cite this