RIPEMD with two-round compress function is not collision-free

@article{Dobbertin2007RIPEMDWT,
  title={RIPEMD with two-round compress function is not collision-free},
  author={Hans Dobbertin},
  journal={Journal of Cryptology},
  year={2007},
  volume={10},
  pages={51-69}
}
  • H. Dobbertin
  • Published 1 December 1997
  • Computer Science, Mathematics
  • Journal of Cryptology
In 1990 Rivest introduced the cryptographic hash function MD4. [] Key Result Moreover, it turns out that the methods developed in this note can be applied to find collisions for the full MD4.

Collision Attack on the Full Extended MD4 and Pseudo-Preimage Attack on RIPEMD

  • G. Wang
  • Computer Science, Mathematics
    Journal of Computer Science and Technology
  • 2013
TLDR
A collision attack on the full Extended MD4 and a pseudo-preimage attack onThe full RIPEMD respectively are proposed, which optimizes the complexity order for brute-force attack.

Collisions and Semi-Free-Start Collisions for Round-Reduced RIPEMD-160

TLDR
An improved cryptanalysis of the double-branch hash function RIPEMD-160 standardized by ISO/IEC is proposed and a method to reduce the time complexity and memory complexity to pre-compute that equation is described.

Differential Attacks on Reduced RIPEMD-160

TLDR
This work provides the first security analysis of reduced RIPEMD-160 regarding its collision resistance with practical complexity and shows that the differential characteristics get very dense in RIPEMd-160 such that a full-round attack seems unlikely in the near future.

Collision Attack Framework on RIPEMD-128

  • Jingyu LiGuang ZengYang Yang
  • Computer Science, Mathematics
    2020 2nd International Conference on Artificial Intelligence and Advanced Manufacture (AIAM)
  • 2020
TLDR
The collision attack framework for RIPEMD-128 is proposed in order to provide ideas for other hash functions and Cryptographic techniques including message modification is also introduced to reduce the complexity.

Improved cryptanalysis on RIPEMD-128

TLDR
The authors improve the probabilities of the differential characteristics so that they can give a collision attack on 40-step RIPEMD-128 hash function with a complexity of 235 computations and improve the distinguishing attack proposed by Landelle and Peyrin at EUROCRYPT 2013.

Collision Attacks on the Reduced Dual-Stream Hash Function RIPEMD-128

TLDR
This work provides a new assessment of the security margin of RIPEMD-128 by showing attacks on up to 48 (out of 64) steps of the hash function, and presents a general strategy to analyze dual-stream hash functions and use an automatic search tool for the two main step of the attack.

Improved Cryptanalysis of Reduced RIPEMD-160

TLDR
An improved cryptanalysis of the double-branch hash function standard RIPEMD-160 is proposed using a carefully designed non-linear path search tool and it is shown that some of these message words can lead to very good differential path candidates.

1 The Cryptographic Hash Function RIPEMD-160

TLDR
The goal of this article is to motivate the existence of RIPEMD160, to explain the main design features and to provide a concise description of the algorithm.

How to Break MD5 and Other Hash Functions

TLDR
A new powerful attack on MD5 is presented, which unlike most differential attacks, does not use the exclusive-or as a measure of difference, but instead uses modular integer subtraction as the measure.

On the Collision Resistance of RIPEMD-160

TLDR
This is the first article that investigates the impact of recent advances in cryptanalysis of hash functions on RIPEMD-160, and presents an analytical attack on a round-reduced variant of the RIPEMd-160 hash function.
...

References

SHOWING 1-10 OF 10 REFERENCES

Cryptanalysis of MD4

  • H. Dobbertin
  • Computer Science, Mathematics
    Journal of Cryptology
  • 1998
TLDR
The methods developed to attack RIPEMD can be modified and supplemented such that it is possible to break the full MD4, while previously only partial attacks were known.

On the Need for Multipermutations: Cryptanalysis of MD4 and SAFER

TLDR
It is argued that boxes which fail to be multipermutations can open the way to unsuspected attacks.

Integrity primitives for secure information systems : final report of RACE Integrity Primitives Evaluation RIPE-RACE 1040

TLDR
The MDC-4, RIPEMD, RIPE-MAC, IBC-hash, SKID, RSA, COMSET, and RSA key generation guidelines for arithmetic computation are described.

The MD4 message-digest algorithm, Request for Comments (RFC) 1320

  • 1992

message-digest algorithm, Request for Comments (RFC) 1321

  • 1992

An Attack on the Last Two Rounds of MD4

TLDR
It is shown that if the three round MD4 algorithm is stripped of its first round, it is possible to find for a given (initial) input value two different messages hashing to the same output.

On the need of multipermutations: Cryptanalysis of MD4 and SAFER, Fast Software Encryption (Proceedings of the 1994 Leuven Workshop on Cryptographic Algorithms)

  • Lecture Notes in Computer Science
  • 1995

The MD4 message-digest algorithm, Request for Comments (RFC) 1320, Internet Activities Board

  • The MD4 message-digest algorithm, Request for Comments (RFC) 1320, Internet Activities Board
  • 1992

On the need of multipermutations: Cryptanalysis of MD4 and SAFER, ast Software Encryption (Proceedings of the1994Leuven Workshop on Cryptographic Algorithms

  • Lecture Notes in Computer Science,
  • 1995

the MD5 message-digest algorithm, Request for Comments (RFC) 1321, Internet Activities Board

  • the MD5 message-digest algorithm, Request for Comments (RFC) 1321, Internet Activities Board
  • 1992