Preimage attacks on Full-ARIRANG: analysis of DM-Mode with middle feed-forward

Authors:
Chiaki Ohtahara;Keita Okada;Yu Sasaki;Takeshi Shimoyama
Affiliations:
Chuo-University, Japan;Chuo-University, Japan;NTT Information Sharing Platform Laboratories, NTT Corporation, Musashino-shi, Tokyo, Japan;Fujitsu Laboratories LTD, Japan
Venue:
WISA'11 Proceedings of the 12th international conference on Information Security Applications
Year:
2011

Citing 16
Cited 1

Handbook of Applied Cryptography

Handbook of Applied Cryptography
MD4 is Not One-Way

Fast Software Encryption
Preimages for Reduced SHA-0 and SHA-1

CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
Preimage Attacks on 3, 4, and 5-Pass HAVAL

ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Finding Preimages in Full MD5 Faster Than Exhaustive Search

EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
Meet-in-the-Middle Preimage Attacks on Double-Branch Hash Functions: Application to RIPEMD and Others

ACISP '09 Proceedings of the 14th Australasian Conference on Information Security and Privacy
Meet-in-the-Middle Attacks on SHA-3 Candidates

Fast Software Encryption
Meet-in-the-Middle Preimage Attacks Against Reduced SHA-0 and SHA-1

CRYPTO '09 Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology
Preimage Attacks on One-Block MD4, 63-Step MD5 and More

Selected Areas in Cryptography
Practical Pseudo-collisions for Hash Functions ARIRANG-224/384

Selected Areas in Cryptography
Preimages for Step-Reduced SHA-2

ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Preimage attacks on reduced steps of ARIRANG and PKC98-hash

ICISC'09 Proceedings of the 12th international conference on Information security and cryptology
(Second) preimage attacks on step-reduced RIPEMD/RIPEMD-128 with a new local-collision approach

CT-RSA'11 Proceedings of the 11th international conference on Topics in cryptology: CT-RSA 2011
Preimage attacks on step-reduced RIPEMD-128 and RIPEMD-160

Inscrypt'10 Proceedings of the 6th international conference on Information security and cryptology
Finding collisions in the full SHA-1

CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
How to break MD5 and other hash functions

EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques

Distinguishers beyond three rounds of the RIPEMD-128/-160 compression functions

ACNS'12 Proceedings of the 10th international conference on Applied Cryptography and Network Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper, we present preimage attacks on hash function ARIRANG, which is one of the first round candidates in the SHA-3 competition. Although ARIRANG was not chosen for the second round, the vulnerability as a hash function has not been discovered yet. ARIRANG has an unique design where the feed-forward operation is computed not only after the last step but also in a middle step. In fact, this design prevents previous preimage attacks from breaking full steps. In this paper, we apply a framework of meet-in-the-middle preimage attacks to ARIRANG. Specifically, we propose a new initial-structure technique optimized for ARIRANG that overcomes the use of the feed-forward to the middle. This enables us to find preimages of full steps ARIRANG-256 and ARIRANG-512 with 2254 and 2505 compression function operations and 26 and 216 amount of memory, respectively. These are the first results breaking the security of ARIRANG as a hash function.