Abstract
Extended MD4 is a hash function proposed by Rivest in 1990 with a 256-bit hash value. The compression function consists of two different and independent parallel lines called Left Line and Right Line, and each line has 48 steps. The initial values of Left Line and Right Line are denoted by IV 0 and IV 1 respectively. Dobbertin proposed a collision attack for the compression function of Extended MD4 with a complexity of about 240 under the condition that the value for IV 0 = IV 1 is prescribed. In this paper, we gave a collision attack on the full Extended MD4 with a complexity of about 237. Firstly, we propose a collision differential path for both lines by choosing a proper message difference, and deduce a set of sufficient conditions that ensure the differential path hold. Then by using some precise message modification techniques to improve the success probability of the attack, we find two-block collisions of Extended MD4 with less than 237 computations. This work provides a new reference to the collision analysis of other hash functions such as RIPEMD-160 etc. which consist of two lines.
This work is supported by ”Chen Guang” project (supported by Shanghai Municipal Education Commission and Shanghai Education Development Foundation), the National Natural Science Foundation of China (No. 61103238), the Fundamental Research Funds for the Central Universities, and the open research fund of State Key Laboratory of Information Security.
Chapter PDF
Similar content being viewed by others
References
Biham, B., Shamir, A.: Differential cryptanalysis of DES-like cryptosystems. Journal of Cryptology 4(1), 3–72 (1991)
Biham, E., Chen, R.: Near-Collisions of SHA-0. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 290–305. Springer, Heidelberg (2004)
Biham, E., Chen, R., Joux, A., Carribault, P., Lemuet, C., Jalby, W.: Collisions of SHA-0 and Reduced SHA-1. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 36–57. Springer, Heidelberg (2005)
Chabaud, F., Joux, A.: Differential Collisions in SHA-0. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 56–71. Springer, Heidelberg (1998)
De Cannière, C., Rechberger, C.: Finding SHA-1 Characteristics: General Results and Applications. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 1–20. Springer, Heidelberg (2006)
De Cannière, C., Mendel, F., Rechberger, C.: Collisions for 70-Step SHA-1: On the Full Cost of Collision Search. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 56–73. Springer, Heidelberg (2007)
den Boer, B., Bosselaers, A.: Collisions for the Compression Function of MD-5. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 293–304. Springer, Heidelberg (1994)
Dobbertin, H.: Cryptanalysis of MD4. In: Gollmann, D. (ed.) FSE 1996. LNCS, vol. 1039, pp. 53–69. Springer, Heidelberg (1996)
Dobbertin, H.: Cryptanalysis of MD5 Compress. In: The Rump Session of EUROCRYPT 1996 (1996)
Dobbertin, H., Bosselaers, A., Preneel, B.: RIPEMD-160: A Strengthened Version of RIPEMD. In: Gollmann, D. (ed.) FSE 1996. LNCS, vol. 1039, pp. 71–82. Springer, Heidelberg (1996)
Dobbertin, H.: RIPEMD with Two Round Compress Function Is Not Collision-Free. Journal of Cryptology 10(1), 51–70 (1997)
Dobbertin, H.: The First Two Rounds of MD4 are Not One-Way. In: Vaudenay, S. (ed.) FSE 1998. LNCS, vol. 1372, pp. 284–292. Springer, Heidelberg (1998)
FIPS 180: Secure Hash Standard, Federal Information Processing Standards Publication\(\pounds\)NIST\(\pounds\) (May 1993)
FIPS 180-1: Secure Hash Standard, Federal Information Processing Standards Publication, NIST, US Department of Commerce, Washington D.C. (1996)
FIPS 180-2: Secure Hash Standard, Federal Information Processing Standards Publication, NIST (2002), http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
Wang, G., Wang, M.: Cryptanalysis of reduced RIPEMD-128. Journal of Software 19(9), 2442–2448 (2008)
Joux, A.: Collisions for SHA-0. In: The Rump Session of CRYPTO 2004 (2004)
National Institute of Standards and Technology, Cryptographic hash project, http://csrc.nist.gov/groups/ST/hash/index.html
RIPE: Integrity Primitives for Secure Information Systems, Final Report of RACE Integrity Primitives Evalution (RIPE-RACE 1040). LNCS, vol. 1007. Springer, Heidelberg
Rivest, R.: The MD4 Message Digest Algorithm. In: Menezes, A., Vanstone, S. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 303–311. Springer, Heidelberg (1991)
Rivest, R.: The MD4 message-digest algorithm. Request for Comments (RFC) 1320, Internet Activities Board, Internet Privacy Task Force (1992)
Van Rompay, B., Biryukov, A., Preneel, B., Vandewalle, J.: Cryptanalysis of 3-pass HAVAL. In: Laih, C.S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 228–245. Springer, Heidelberg (2003)
The MD5 Message-digest Algorithm. In: Request for Comments (RFC) 1321, Internet Activities Board, Internet Privacy Task Force (1992)
Vaudenay, S.: On the Need for Multipermutations: Cryptanalysis of MD4 and SAFER. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 286–297. Springer, Heidelberg (1995)
Wang, X., Feng, D., Lai, X., Yu, H.: Collisions for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD. In: The Rump Session of CRYPTO 2004 (2004)
Wang, X., Lai, X., Feng, D., Chen, H., Yu, X.: Cryptanalysis of the Hash Functions MD4 and RIPEMD. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 1–18. Springer, Heidelberg (2005)
Wang, X., Yu, H.: How to Break MD5 and Other Hash Functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005)
Wang, X., Yu, H., Yin, Y.L.: Efficient Collision Search Attacks on SHA-0. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 1–16. Springer, Heidelberg (2005)
Wang, X., Yin, Y.L., Yu, H.: Finding Collisions in the Full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)
Wang, X., Feng, D., Yu, X.: An attack on HAVAL function HAVAL-128. Science in China Ser. F Information Sciences 48(5), 1–12 (2005)
Yu, H., Wang, G., Zhang, G., Wang, X.: The Second-preimage Attack on MD4. In: Desmedt, Y.G., Wang, H., Mu, Y., Li, Y. (eds.) CANS 2005. LNCS, vol. 3810, pp. 1–12. Springer, Heidelberg (2005)
Yu, H., Wang, X., Yun, A., Park, S.: Cryptanalysis of the Full HAVAL with 4 and 5 Passes. In: Robshaw, M. (ed.) FSE 2006. LNCS, vol. 4047, pp. 89–110. Springer, Heidelberg (2006)
Zheng, Y., Pieprzyk, J., Seberry, J.: HAVAL-A One-way Hashing Algorithm with Variable Length of Output. In: Zheng, Y., Seberry, J. (eds.) AUSCRYPT 1992. LNCS, vol. 718, pp. 81–104. Springer, Heidelberg (1993)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Wang, G. (2011). Collision Attack for the Hash Function Extended MD4. In: Qing, S., Susilo, W., Wang, G., Liu, D. (eds) Information and Communications Security. ICICS 2011. Lecture Notes in Computer Science, vol 7043. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-25243-3_19
Download citation
DOI: https://doi.org/10.1007/978-3-642-25243-3_19
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-25242-6
Online ISBN: 978-3-642-25243-3
eBook Packages: Computer ScienceComputer Science (R0)