• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.2
• /
• pp.727-746
• /
• 2018

The hash function RIPEMD-160 is a worldwide ISO/IEC standard and the hash function HAS-160 is the Korean hash standard and is widely used in Korea. On the basis of differential meet-in-the-middle attack and biclique technique, a preimage attack on 34-step RIPEMD-160 with message padding and a pseudo-preimage attack on 71-step HAS-160 without message padding are proposed. The former is the first preimage attack from the first step, the latter increases the best pseudo-preimage attack from the first step by 5 steps. Furthermore, we locate the linear spaces in another message words and exchange the bicliques construction process and the mask vector search process. A preimage attack on 35-step RIPEMD-160 and a preimage attack on 71-step HAS-160 are presented. Both of the attacks are from the intermediate step and satisfy the message padding. They improve the best preimage attacks from the intermediate step on step-reduced RIPEMD-160 and HAS-160 by 4 and 3 steps respectively. As far as we know, they are the best preimage and pseudo-preimage attacks on step-reduced RIPEMD-160 and HAS-160 respectively in terms of number of steps.

• Journal of Information Processing Systems
• /
• v.12 no.2
• /
• pp.310-321
• /
• 2016

TCS_SHA-3 is a family of four cryptographic hash functions that are covered by a United States patent (US 2009/0262925). The digest sizes are 224, 256, 384 and 512 bits. The hash functions use bijective functions in place of the standard compression functions. In this paper we describe first and second preimage attacks on the full hash functions. The second preimage attack requires negligible time and the first preimage attack requires $O(2^{36})$ time. In addition to these attacks, we also present a negligible time second preimage attack on a strengthened variant of the TCS_SHA-3. All the attacks have negligible memory requirements. To the best of our knowledge, there is no prior cryptanalysis of any member of the TCS_SHA-3 family in the literature.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.2
• /
• pp.315-318
• /
• 2016

In this paper, we present a new preimage attack on MJH, a double-block-length block cipher-based hash function. Currently, the best attack requires $O(2^{3n/2})$ queries for the 2n-bit MJH hash function based on an n-bit block cipher, while our attack requires $O(n2^n)$ queries and the same amount of memory, significantly improving the query complexity compared to the existing attack.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.2
• /
• pp.3-14
• /
• 2010

In this paper, we present the preimage attacks on step-reduced ARIRANG, HAS-160, and PKC98-Hash. We applied Aoki and Sasaki's chunk serach method which they have used in the attack on SHA-0 and SHA-1. Our attacks find the preimages of 35-step ARIRANG, 65-step HAS-160, and 80-step PKC98-Hash. Our results are the best preimage attacks for ARIRANG and HAS-160, and the first preimage attack for PKC98-Hash faster than exhaustive search.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.5
• /
• pp.143-149
• /
• 2009

The hash function ARIRANG is one of the 1st round SHA-3 candidates. In this paper, we present preimage attacks on ARIRANG with step-reduced compression functions. Our attack finds a preimage of the 33-step OFF(Original FeedForward1) variants of ARIRANG, and a preimage of the 31-step MFF(Middle FeedForward1) variants of ARIRANG. Its time complexity is about $2^{241}$ for ARIRANG-256 and $2^{481}$ for ARIRANG-512, respectively.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.4
• /
• pp.47-52
• /
• 2007

In this paper, we proposed a constrution that creates Dynamic Pipe Hash Function with a pipe hash function. To increase security lever, dynamic hash function take and additional compression function. Proposed hash function based on the piped hash function. Our proposed Dynamic Pipe Hash Function is as secure against multicollision attack as an ideal hash function. And it have advantage for a number of reasons because of variable digest size. For example, in digital signature protocol, If a user requires increased security by selecting a large key size, useing a dynamic hash function in a protocol make implementation much easier when it is mandated that the size of the digest by increased.