Information Security and Cryptology - ICISC 2005

Volume 3935 of the series Lecture Notes in Computer Science pp 129-145

Improved Collision Attack on MD4 with Probability Almost 1

  • Yusuke NaitoAffiliated withThe University of Electro-Communications
  • , Yu SasakiAffiliated withThe University of Electro-Communications
  • , Noboru KunihiroAffiliated withThe University of Electro-Communications
  • , Kazuo OhtaAffiliated withThe University of Electro-Communications

* Final gross prices may vary according to local VAT.

Get Access


In EUROCRYPT2005, a collision attack on MD4 was proposed by Wang, Lai, Chen, and Yu. They claimed that collision messages were found with probability 2− 6 to 2− 2, and the complexity was less than 28 MD4 hash operations. However, there were some tyops and oversights in their paper. In this paper, first, we reevaluate the exact success probability. Second, we point out the typos and oversights in the paper of Wang et al, and we show how to improve them. Third, we propose a new message modification method for the third round of MD4. From the first result, we reevaluate that the method of Wang et al. can find collision messages with success probability 2− 5.61. From the second result, we can find collision messages with success probability 2− 2. Also by combining the second result and the third result, our improved method is able to find collision messages with probability almost 1. This complexity is less than 3 repetitions of MD4 hash operations. Our improved method is about 85 times as fast as the method of Wang et al.