Open AccessJournal Article
Cryptanalysis of the hash functions MD4 and RIPEMD
Reads0
Chats0
TLDR
In this article, a chosen-message pre-image attack on MD4 with complexity below 2 8 was presented, and for a weak message, the complexity is only a single MD4 computation, and a random message is a strong message with probability 2 -122.Abstract:
MD4 is a hash function developed by Rivest in 1990. It serves as the basis for most of the dedicated hash functions such as MD5, SHAx, RIPEMD, and HAVAL. In 1996, Dobbertin showed how to find collisions of MD4 with complexity equivalent to 2 20 MD4 hash computations. In this paper, we present a new attack on MD4 which can find a collision with probability 2 -2 to 2 -6 , and the complexity of finding a collision doesn't exceed 2 8 MD4 hash operations. Built upon the collision search attack, we present a chosen-message pre-image attack on MD4 with complexity below 2 8 . Furthermore, we show that for a weak message, we can find another message that produces the same hash value. The complexity is only a single MD4 computation, and a random message is a weak message with probability 2 -122 . The attack on MD4 can be directly applied to RIPEMD which has two parallel copies of MD4, and the complexity of finding a collision is about 2 18 RIPEMD hash operations.read more
Citations
More filters
Posted Content
A Framework for Iterative Hash Functions — HAIFA ?
Eli Biham,Orr Dunkelman +1 more
TL;DR: The HAsh Iterative FrAmework (HAIFA) as mentioned in this paper is a generalization of the Merkle-Damgard construction that allows for an online computation of the hash function in one pass with a fixed amount of memory independently of the size of the message.
Journal ArticleDOI
A Simple Secure Hash Function Scheme Using Multiple Chaotic Maps
TL;DR: A novel hash function scheme which uses multiple chaotic maps to generate efficient variable-sized hash functions and holds comparable capabilities when compared with some recent chaos-based hash algorithms is presented.
Journal Article
Generalizing the Herding Attack to Concatenated Hashing Schemes
Orr Dunkelman,Bart Preneel +1 more
TL;DR: This paper shows that even when the compression function of h(·) can be written as two (or more) data paths, where one data path is not affected by the second (while the second may depend on the first), then the generalized herding attack can be applied.
Posted Content
Improved Collision Attack on MD4.
TL;DR: In this paper, an improved version of the collision attack was proposed, which was able to find collisions with probability almost 1, and the average complexity to find a collision was upper bounded by three times of MD4 hash operations.