The security of the block cipher used in the compression function of ARIRANG, which was one of the SHA-3 candidates, was revaluated. Based on a linear transformation of the master key and the all-one differential of the round function, a full 40-round related-key rectangle attack of the ARIRANG encryption mode was presented, which was the first cryptanalytic result of the ARIRANG encryption mode. The result shows that the ARIRANG encryption mode as a block cipher is not immune to the related-key rectangle attack.
