# Cryptanalysis of MD2

@article{Knudsen2009CryptanalysisOM, title={Cryptanalysis of MD2}, author={Lars Ramkilde Knudsen and John Erik Mathiassen and Fr{\'e}d{\'e}ric Muller and S{\o}ren S. Thomsen}, journal={Journal of Cryptology}, year={2009}, volume={23}, pages={72-90} }

This paper considers the hash function MD2 which was developed by Ron Rivest in 1989. Despite its age, MD2 has withstood cryptanalytic attacks until recently. This paper contains the state-of-the-art cryptanalytic results on MD2, in particular collision and preimage attacks on the full hash function, the latter having complexity 273, which should be compared to a brute-force attack of complexity 2128.

## 16 Citations

### Towards Designing Greener Secured Hash Functions

- Computer Science2014 IEEE International Conference on Internet of Things(iThings), and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom)
- 2014

This work measures power consumption by a common anti-virus software to perform various functions, and shows how to reduce the energy consumption in MD2 by performing the block processing operations of MD2 in parallel.

### On Resilient Password-Based Key Derivation Functions

- Computer Science
- 2018

A definition of resilient PBKDFs is provided that combines the cryptographic requirement that low-entropy passwords can produce keys that can only be broken via brute force search with the systems requirement the components collectively permit an attacker to perform at best a linear speedup over the defender’s execution, no matter the attacker platform.

### The First 30 Years of Cryptographic Hash Functions and the NIST SHA-3 Competition

- Computer Science, MathematicsCT-RSA
- 2010

A brief overview of the state of hash functions 30 years after their introduction is presented and the progress of the SHA-3 competition is discussed, with as goal to select a new hash function family by 2012.

### On hash functions using checksums

- Computer Science, MathematicsInternational Journal of Information Security
- 2009

We analyse the security of iterated hash functions that compute an input dependent checksum which is processed as part of the hash computation. We show that a large class of such schemes, including…

### Advanced Meet-in-the-Middle Preimage Attacks: First Results on Full Tiger, and Improved Results on MD4 and SHA-2

- Mathematics, Computer ScienceASIACRYPT
- 2010

The results are the best known preimage attacks on Tiger, MD4, and reduced SHA-2, with the result on Tiger being the first cryptanalytic shortcut attack on the full hash function.

### Neutrality-Based Symmetric Cryptanalysis

- Computer Science, Mathematics
- 2010

This thesis concerns cryptanalysis of stream ciphers and hash functions, and introduces the concept of probabilistic neutrality for the arguments of a function, a generalization of the definition of neutrality.

### Towards Designing Energy-Efficient Secure Hashes

- Computer Science
- 2015

This Master's Thesis is brought to you for free and open access by the Student Scholarship at UNF Digital Commons. It has been accepted for inclusion in UNF Graduate Theses and Dissertations by an…

### Cryptography in Blockchain

- Computer Science, MathematicsICCSA
- 2019

This paper presents a review of the most popular blockchain platforms and the options they provide, and compares their cryptographic strength.

### Final Report on New Developments in Symmetric Key Cryptanalysis

- Computer Science
- 2012

Project co-funded by the European Commission within the 7th Framework Programme Dissemination Level PU Public X PP Restricted to other programme participants (including the Commission services) RE…

### A Study on Authentication Algorithm for NFC Security Channel

- Computer Science
- 2012

Proposed A-NFC scheme, adding the authentication of asymmetric cryptographic, is easy to apply for NFC and NFC-USIM chipsets, and it can adapt to the general NFC environment.

## References

SHOWING 1-10 OF 74 REFERENCES

### The MD2 Hash Function Is Not One-Way

- Computer Science, MathematicsASIACRYPT
- 2004

It is shown that MD2 does not reach the ideal security level of 2128, and the full MD2 hash can be attacked in preimage with complexity of 2104.

### Cryptanalysis of MD4

- Computer Science, MathematicsJournal of Cryptology
- 1998

The methods developed to attack RIPEMD can be modified and supplemented such that it is possible to break the full MD4, while previously only partial attacks were known.

### Cryptanalysis of reduced version of HAVAL

- Computer Science, Mathematics
- 2000

The first published cryptanalysis results of the HAVAL hash function are presented. A new approach is introduced which enables the computation of a collision for the 256 output bits of the last two…

### Differential Collisions in SHA-0

- Computer Science, MathematicsCRYPTO
- 1998

A theoretical attack on the compression function SHA-O with complexity 2 61 is obtained, which is thus better than the birthday paradox attack and is a strong evidence that the transition to version 1 indeed raised the level of security of SHA.

### Preimage and Collision Attacks on MD2

- Computer Science, MathematicsFSE
- 2005

This paper contains several attacks on the hash function MD2 which has a hash code size of 128 bits, which lead to the first known (pseudo) collisions for the full MD2 (including the checksum), but where the initial values differ.

### Collisions for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD

- Computer ScienceIACR Cryptol. ePrint Arch.
- 2004

In 1993 Bert den Boer and Antoon Bosselaers found pseudo-collision for MD5 which is made of the same message with two different sets of initial value.

### Design Principles for Iterated Hash Functions

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2004

In a formal model, modifications to the size of the internal state of an n-bit hash function to w > n bit quantifiably improve the security of iterated hash functions against generic attacks.

### On the Need for Multipermutations: Cryptanalysis of MD4 and SAFER

- Mathematics, Computer ScienceFSE
- 1994

It is argued that boxes which fail to be multipermutations can open the way to unsuspected attacks.

### Weaknesses in the HAS-V Compression Function

- Computer Science, MathematicsICISC
- 2007

This article points out several structural weaknesses in HAS-V which lead to pseudo-collision attacks on HAS-Vs with tailored output and shows that (second) preimages can be found for HAS-v with a complexity of about 2162 hash computations.

### Cryptanalysis of 3-Pass HAVAL

- Computer Science, MathematicsASIACRYPT
- 2003

This paper describes a practical attack that finds collisions for the 3-pass version of HAVAL, a cryptographic hash function proposed in 1992 that has a structure that is quite similar to other well-known hash functions such as MD4 and MD5.