# RIPEMD with two-round compress function is not collision-free

@article{Dobbertin2007RIPEMDWT, title={RIPEMD with two-round compress function is not collision-free}, author={Hans Dobbertin}, journal={Journal of Cryptology}, year={2007}, volume={10}, pages={51-69} }

In 1990 Rivest introduced the cryptographic hash function MD4. [... ] Key Result Moreover, it turns out that the methods developed in this note can be applied to find collisions for the full MD4. Expand

## 63 Citations

### Collision Attack on the Full Extended MD4 and Pseudo-Preimage Attack on RIPEMD

- Computer Science, MathematicsJournal of Computer Science and Technology
- 2013

A collision attack on the full Extended MD4 and a pseudo-preimage attack onThe full RIPEMD respectively are proposed, which optimizes the complexity order for brute-force attack.

### Collisions and Semi-Free-Start Collisions for Round-Reduced RIPEMD-160

- Computer Science, MathematicsASIACRYPT
- 2017

An improved cryptanalysis of the double-branch hash function RIPEMD-160 standardized by ISO/IEC is proposed and a method to reduce the time complexity and memory complexity to pre-compute that equation is described.

### Differential Attacks on Reduced RIPEMD-160

- Computer Science, MathematicsISC
- 2012

This work provides the first security analysis of reduced RIPEMD-160 regarding its collision resistance with practical complexity and shows that the differential characteristics get very dense in RIPEMd-160 such that a full-round attack seems unlikely in the near future.

### Collision Attack Framework on RIPEMD-128

- Computer Science, Mathematics2020 2nd International Conference on Artificial Intelligence and Advanced Manufacture (AIAM)
- 2020

The collision attack framework for RIPEMD-128 is proposed in order to provide ideas for other hash functions and Cryptographic techniques including message modification is also introduced to reduce the complexity.

### Improved cryptanalysis on RIPEMD-128

- Computer Science, MathematicsIET Inf. Secur.
- 2015

The authors improve the probabilities of the differential characteristics so that they can give a collision attack on 40-step RIPEMD-128 hash function with a complexity of 235 computations and improve the distinguishing attack proposed by Landelle and Peyrin at EUROCRYPT 2013.

### Collision Attacks on the Reduced Dual-Stream Hash Function RIPEMD-128

- Computer Science, MathematicsFSE
- 2012

This work provides a new assessment of the security margin of RIPEMD-128 by showing attacks on up to 48 (out of 64) steps of the hash function, and presents a general strategy to analyze dual-stream hash functions and use an automatic search tool for the two main step of the attack.

### Improved Cryptanalysis of Reduced RIPEMD-160

- Computer Science, MathematicsASIACRYPT
- 2013

An improved cryptanalysis of the double-branch hash function standard RIPEMD-160 is proposed using a carefully designed non-linear path search tool and it is shown that some of these message words can lead to very good differential path candidates.

### 1 The Cryptographic Hash Function RIPEMD-160

- Computer Science, Mathematics

The goal of this article is to motivate the existence of RIPEMD160, to explain the main design features and to provide a concise description of the algorithm.

### How to Break MD5 and Other Hash Functions

- Computer Science, MathematicsEUROCRYPT
- 2005

A new powerful attack on MD5 is presented, which unlike most differential attacks, does not use the exclusive-or as a measure of difference, but instead uses modular integer subtraction as the measure.

### On the Collision Resistance of RIPEMD-160

- Computer Science, MathematicsISC
- 2006

This is the first article that investigates the impact of recent advances in cryptanalysis of hash functions on RIPEMD-160, and presents an analytical attack on a round-reduced variant of the RIPEMd-160 hash function.

## References

SHOWING 1-10 OF 10 REFERENCES

### Cryptanalysis of MD4

- Computer Science, MathematicsJournal of Cryptology
- 1998

The methods developed to attack RIPEMD can be modified and supplemented such that it is possible to break the full MD4, while previously only partial attacks were known.

### On the Need for Multipermutations: Cryptanalysis of MD4 and SAFER

- Mathematics, Computer ScienceFSE
- 1994

It is argued that boxes which fail to be multipermutations can open the way to unsuspected attacks.

### Integrity primitives for secure information systems : final report of RACE Integrity Primitives Evaluation RIPE-RACE 1040

- Computer Science
- 1995

The MDC-4, RIPEMD, RIPE-MAC, IBC-hash, SKID, RSA, COMSET, and RSA key generation guidelines for arithmetic computation are described.

### The MD4 message-digest algorithm, Request for Comments (RFC) 1320

- 1992

### message-digest algorithm, Request for Comments (RFC) 1321

- 1992

### An Attack on the Last Two Rounds of MD4

- Computer ScienceCRYPTO
- 1991

It is shown that if the three round MD4 algorithm is stripped of its first round, it is possible to find for a given (initial) input value two different messages hashing to the same output.

### On the need of multipermutations: Cryptanalysis of MD4 and SAFER, Fast Software Encryption (Proceedings of the 1994 Leuven Workshop on Cryptographic Algorithms)

- Lecture Notes in Computer Science
- 1995

### The MD4 message-digest algorithm, Request for Comments (RFC) 1320, Internet Activities Board

- The MD4 message-digest algorithm, Request for Comments (RFC) 1320, Internet Activities Board
- 1992

### On the need of multipermutations: Cryptanalysis of MD4 and SAFER, ast Software Encryption (Proceedings of the1994Leuven Workshop on Cryptographic Algorithms

- Lecture Notes in Computer Science,
- 1995

### the MD5 message-digest algorithm, Request for Comments (RFC) 1321, Internet Activities Board

- the MD5 message-digest algorithm, Request for Comments (RFC) 1321, Internet Activities Board
- 1992