Practical Pseudo-collisions for Hash Functions ARIRANG-224/384
نویسندگان
چکیده
In this paper we analyse the security of the SHA-3 candidate ARIRANG. We show that bitwise complementation of whole registers turns out to be very useful for constructing high-probability differential characteristics in the function. We use this approach to find nearcollisions with Hamming weight 32 for the full compression function as well as collisions for the compression function of ARIRANG reduced to 26 rounds, both with complexity close to 2 and memory requirements of only a few words. We use near collisions for the compression function to construct pseudo-collisions for the complete hash functions ARIRANG224 and ARIRANG-384 with complexity 2 and close to 2, respectively. We implemented the attacks and provide examples of appropriate pairs of H,M values. We also provide possible configurations which may give collisions for step-reduced and full ARIRANG.
منابع مشابه
Non-randomness in the Sarmal Compression Function
Sarmal is a hash function submitted to the NIST SHA-3 hash function competition. The design and structure of Sarmal is quite similar to that of ARIRANG, another SHA-3 candidate. We analyse the impact and applicability of recent attacks by Guo et al. on ARIRANG, with respect to Sarmal. Our results indicate that Sarmal is less vulnerable against this line of attack; in particular we were not able...
متن کاملAnalysis of SHA-512/224 and SHA-512/256
In 2012, NIST standardized SHA-512/224 and SHA-512/256, two truncated variants of SHA-512, in FIPS 180-4. These two hash functions are faster than SHA-224 and SHA-256 on 64-bit platforms, while maintaining the same hash size and claimed security level. So far, no third-party analysis of SHA-512/224 or SHA-512/256 has been published. In this work, we examine the collision resistance of step-redu...
متن کاملPractical (Second) Preimage Attacks on TCS_SHA-3
TCS SHA-3 is a family of four cryptographic hash functions that are covered by an US patent (US 2009/0262925). The digest sizes are 224, 256, 384 and 512 bits. The hash functions use bijective functions in place of the standard, compression functions. In this paper we describe first and second preimage attacks on the full hash functions. The second preimage attack requires negligible time and t...
متن کاملPreimage Attack on ARIRANG
The hash function ARIRANG is one of the 1st round SHA-3 candidates. In this paper, we present preimage attacks on ARIRANG with step-reduced compression functions. We consider two step-reduced variants of the compression function. First one uses the same feedforward1 as the original algorithm, and the other one has the feedforward1 working at the output of the half steps. Our attack finds a prei...
متن کاملPractical (Second) Preimage Attacks on the TCS_SHA-3 Family of Cryptographic Hash Functions
TCS_SHA-3 is a family of four cryptographic hash functions that are covered by a United States patent (US 2009/0262925). The digest sizes are 224, 256, 384 and 512 bits. The hash functions use bijective functions in place of the standard compression functions. In this paper we describe first and second preimage attacks on the full hash functions. The second preimage attack requires negligible t...
متن کامل