Cryptanalysis of the Hash Functions MD4 and RIPEMD

  • Xiaoyun Wang
  • Xuejia Lai
  • Dengguo Feng
  • Hui Chen
  • Xiuyuan Yu
Conference paper

DOI: 10.1007/11426639_1

Part of the Lecture Notes in Computer Science book series (LNCS, volume 3494)
Cite this paper as:
Wang X., Lai X., Feng D., Chen H., Yu X. (2005) Cryptanalysis of the Hash Functions MD4 and RIPEMD. In: Cramer R. (eds) Advances in Cryptology – EUROCRYPT 2005. EUROCRYPT 2005. Lecture Notes in Computer Science, vol 3494. Springer, Berlin, Heidelberg

Abstract

MD4 is a hash function developed by Rivest in 1990. It serves as the basis for most of the dedicated hash functions such as MD5, SHAx, RIPEMD, and HAVAL. In 1996, Dobbertin showed how to find collisions of MD4 with complexity equivalent to 220 MD4 hash computations. In this paper, we present a new attack on MD4 which can find a collision with probability 2− 2 to 2− 6, and the complexity of finding a collision doesn’t exceed 28 MD4 hash operations. Built upon the collision search attack, we present a chosen-message pre-image attack on MD4 with complexity below 28. Furthermore, we show that for a weak message, we can find another message that produces the same hash value. The complexity is only a single MD4 computation, and a random message is a weak message with probability 2− 122.

The attack on MD4 can be directly applied to RIPEMD which has two parallel copies of MD4, and the complexity of finding a collision is about 218 RIPEMD hash operations.

Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Xiaoyun Wang
    • 1
  • Xuejia Lai
    • 2
  • Dengguo Feng
    • 3
  • Hui Chen
    • 1
  • Xiuyuan Yu
    • 4
  1. 1.Shandong UniversityJinanChina
  2. 2.Shanghai Jiaotong UniversityShanghaiChina
  3. 3.Chinese Academy of Science ChinaBeijingChina
  4. 4.Huangzhou Teacher CollegeHangzhouChina

Personalised recommendations