Abstract
In 1992, the cryptographic hash function RIPEMD, a European proposal, was introduced as an improved variant of the MD4 hash function. RIPEMD involves two parallel lines of modified versions of the MD4 compression function. Three years later, an attack against a reduced version of RIPEMD in which the first or the last round of the RIPEMD compression function is omitted was described by Hans Dobbertin, who also published in 1998 a cryptanalysis of MD4. In this paper, we present a method for finding collisions in each of the parallel lines of RIPEMD. The collision search procedure requires only a few seconds computing time. We show that although the modifications of the MD4 compression function Used in RIPEMD introduce additional constraints in the cryptanalysis as Compared with Dobbertin’s attack of MD4, these modifications do not result in an increase of the collision search computation time. It is still an open question whether collisions can be found for the full RIPEMD function.
Chapter PDF
References
F. Chabaud and A. Joux. Differential Collisions in SHA-0. extended abstract. In CRYPTO’98, LNCS 1462, pp 56–71, 1998.
B. den Boer and A. Bosselaers. An attack on the last two rounds of MD4. In Advances in Cryptology-Crypto’91 pages 194–203 LCNS 576 Springer-Verlag 1992.
H. Dobbertin. Cryptanalysis of MD4. In Journal of Cryptology vol. 11 n. 4 Autumn 1998.
H. Dobbertin. Cryptanalysis of MD5 Compress. Presented at the rump session of Eurocrypt’ 96, May 14, 1996.
H. Dobbertin. Ripemd with two round compress function is not collision-free. In Journal of Cryptology vol. 10 n. 1, winter 1997.
H. Dobbertin, A. Bosselaers and B. Preneel. RIPEMD-160: a strenghened version of RIPEMD. April 1996. ftp://ftp.esat.kuleuven.ac.be/pub/COSIC/bossselae/ripemd .
National Institute of Standards and Technology (NIST) FIPS Publication 180-1: secure Hash Standard. April 1994.
RIPE. Integrity Primitives for Secure Information Systems. Final Report of RACE Integrity Primitives Evaluation (RIPE-RACE 1040). In LNCS 1007 Springer-Verlag 1995.
R.L. Rivest. The MD4 message digest algorithm. In Advances in Cryptology-Crypto’90 pages 303–311 Springer-Verlag 1991.
R.L. Rivest. RFC1321: The MD5 message digest algorithm. M.I.T. Laboratory for Computer Science and RSA Data Security, Inc., April 1992.
S. Vaudenay. On the need for multipermutations: Cryptanalysis of MD4 and SAFER. In FSE, LCNS 1008, pages 286–297 Springer-Verlag 1995.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Debaert, C., Gilbert, H. (2002). The RIPEMDL and RIPEMDR Improved Variants of MD4 Are Not Collision Free. In: Matsui, M. (eds) Fast Software Encryption. FSE 2001. Lecture Notes in Computer Science, vol 2355. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45473-X_5
Download citation
DOI: https://doi.org/10.1007/3-540-45473-X_5
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-43869-4
Online ISBN: 978-3-540-45473-1
eBook Packages: Springer Book Archive