# A Heuristic for Finding Compatible Differential Paths with Application to HAS-160

@article{Kircanski2013AHF, title={A Heuristic for Finding Compatible Differential Paths with Application to HAS-160}, author={Aleksandar Kircanski and Riham Altawy and Amr M. Youssef}, journal={IACR Cryptol. ePrint Arch.}, year={2013}, volume={2013}, pages={359} }

The question of compatibility of differential paths plays a central role in second order collision attacks on hash functions. In this context, attacks typically proceed by starting from the middle and constructing the middle-steps quartet in which the two paths are enforced on the respective faces of the quartet structure. Finding paths that can fit in such a quartet structure has been a major challenge and the currently known compatible paths extend over a suboptimal number of steps for hash…

## 5 Citations

Cryptanalysis of Symmetric Cryptographic Primitives

- Computer Science, Mathematics
- 2013

A new heuristic for finding compatible differential paths is developed and applied to the the Korean hash function standard HAS-160, which leads to a practical second order collision attack over all of theHas-160 function steps, which is the first practical-complexity distinguisher on this function.

Improved Preimage Attacks against Reduced HAS-160

- Mathematics, Computer ScienceISPEC
- 2014

This paper proposes improved preimage attacks against step-reduced HAS-160 using the differential meet-in-the-middle technique and initial structure and finds a pseudo-preimage of 70 steps ofHas-160 with a complexity of 2155.71 and can be converted to a preimage attack with a complex of 2158.86.

Improved Preimage Attacks on RIPEMD-160 and HAS-160

- Computer Science, MathematicsKSII Trans. Internet Inf. Syst.
- 2018

On the basis of differential meet-in-the-middle attack and biclique technique, a preimage attack on 34-step RIPEMD-160 with message padding and a pseudo-pre image attack on 71-step HAS-160 without message padding are proposed, which improve the best preimage attacks from the intermediate step on step-reduced RIPEMd-160 and Has-160 by 4 and 3 steps respectively.

(Pseudo-) Preimage Attacks on Step-Reduced HAS-160 and RIPEMD-160

- Computer Science, MathematicsISC
- 2014

By careful analysis of the two hash functions, this paper proposes a pseudo-preimage attack on 71-step HAS-160 (no padding) with complexity 2158.13 and a pre image attack on 34-step RIPEMD- 160 (with padding), which are the best pseudo- preimage and preimage attacks on step-reduced HAS- 160 and RIPEMd-160 respectively in terms of the step number.

Cryptanalysis of Some AES-based Cryptographic Primitives

- Computer Science, Mathematics
- 2016

This thesis analyzes the security of two cryptographic hash functions and one block cipher used in the new Russian Federation cryptographic hashing and encryption suite GOST and investigates the one wayness of Streebog and the preimage resistance of the AES-based Maelstrom-0 hash function.

## References

SHOWING 1-10 OF 42 REFERENCES

Searching for Differential Paths in MD4

- Computer ScienceFSE
- 2006

An algorithm is presented that allows to find paths in an automated way for hash functions and there are paths that have fewer conditions in the second round than the path of Wang et al. for MD4.

Finding Collisions for a 45-Step Simplified HAS-V

- Computer ScienceWISA
- 2009

This paper describes the method of De Canniere and Rechberger to construct generalized characteristics for SHA-1 in more detail and is further generalized and applied to a simplified variant of the HAS-V hash function.

Automatic Search of Differential Path in MD4

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2007

This paper obtains new differential paths for MD4, which improve upon previously known MD4 differential paths, and could be used to find new differentialpaths, and to build new attacks against MD4.

Colliding Message Pair for 53-Step HAS-160

- Computer Science, MathematicsICISC
- 2007

This article improves the attack complexity of Cho et al. by a factor of about 220 using a slightly different strategy for message modification in the first 20 steps of the hash function and presents the first actual colliding message pair for 53-step HAS-160.

Second-Order Differential Collisions for Reduced SHA-256

- Computer Science, MathematicsASIACRYPT
- 2011

In this work, we introduce a new non-random property for hash/compression functions using the theory of higher order differentials. Based on this, we show a second-order differential collision for…

Finding SHA-2 Characteristics: Searching through a Minefield of Contradictions

- Computer Science, MathematicsASIACRYPT
- 2011

This paper presents the first automated tool for finding complex differential characteristics in SHA-2 and shows that the techniques on SHA-1 cannot directly be applied toSHA-2, and shows how to overcome difficulties by including the search for conforming message pairs in thesearch for differential characteristics.

Finding Collisions for Round-Reduced SM3

- Computer Science, MathematicsCT-RSA
- 2013

This work provides the first security analysis of reduced SM3 regarding its collision resistance and extends the methods used in the recent collision attacks on SHA-2 and shows how the techniques can be effectively applied to SM3.

How to Break MD5 and Other Hash Functions

- Computer Science, MathematicsEUROCRYPT
- 2005

A new powerful attack on MD5 is presented, which unlike most differential attacks, does not use the exclusive-or as a measure of difference, but instead uses modular integer subtraction as the measure.

Boomerang Distinguishers for Full HAS-160 Compression Function

- Computer Science, MathematicsIWSEC
- 2012

A boomerang-attack-based distinguisher against full steps of the compression function of HAS-160, which is the hash function standard in Korea, finds that the same message difference as theirs is the best choice for the first subcipher and proposes some improvement to construct a differential characteristic from the message difference.

Boomerang Attacks on Hash Function Using Auxiliary Differentials

- Computer Science, MathematicsCT-RSA
- 2012

A new way to combine message modifications, or auxiliary differentials, with the boomerang attack is presented, and it is shown that under some conditions, it can combine three independent paths instead of two for the classical boomerangs attack.