The MD4 Message Digest Algorithm

  • Ronald L. Rivest
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 537)


The MD4 message digest algorithm takes an input message of arbitrary length and produces an output 128-bit “fingerprint” or “message digest”, in such a way that it is (hopefully) computationally infeasible to produce two messages having the same message digest, or to produce any message having a given prespecified target message digest. The MD4 algorithm is thus ideal for digital signature applications: a large file can be securely “compressed” with MD4 before being signed with (say) the RSA public-key cryptosystem.

The MD4 algorithm is designed to be quite fast on 32-bit machines. For example, on a SUN Sparc station, MD4 runs at 1,450,000 bytes/second (11.6 Mbit/sec). In addition, the MD4 algorithm does not require any large substitution tables; the algorithm can be coded quite compactly.

The MD4 algorithm is being placed in the public domain for review and possible adoption as a standard.


Hash Function User Authentication Scheme Digital Signature Scheme Secure Digital Signature Secure Digital Signature Scheme 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [1]
    Ivan Bjerre Damgård. A design principle for hash functions. In G. Brassard, editor, Proceedings CRYPTO 89, pages 416–427. Springer, 1990. Lecture Notes in Computer Science No. 435.CrossRefGoogle Scholar
  2. [2]
    D. W. Davies and W. L. Price. The application of digital signatures based on public-key cryptosystems. In Proc. Fifth Intl. Computer Communications Conference, pages 525–530, October 1980.Google Scholar
  3. [3]
    W. Diffie and M. E. Hellman. New directions in cryptography. IEEE Trans. Inform. Theory, IT-22:644–654, November 1976.MathSciNetCrossRefGoogle Scholar
  4. [4]
    A. Evans, W. Kantrowitz, and E. Weiss. A user authentication scheme not requiring secrecy in the computer. CACM, 17:437–442, August 1974.CrossRefGoogle Scholar
  5. [5]
    Russell Impagliazzo, Leonid A. Levin, and Michael Luby. Pseudo-random generation from one-way functions. In Proc. 21th ACM Symposium on Theory of Computing, pages 12–24, Seattle, 1989. ACM.Google Scholar
  6. [6]
    Donald E. Knuth. Seminumerical Algorithms, volume 2 of The Art of Computer Programming. Addison-Wesley, 1969. Second edition, 1981.Google Scholar
  7. [7]
    Ralph C. Merkle. One way hash functions and DES. In G. Brassard, editor, Proceedings CRYPTO 89, pages 428–446. Springer, 1990. Lecture Notes in Computer Science No. 435.CrossRefGoogle Scholar
  8. [8]
    M. Naor and M. Yung. Universal one-way hash functions and their cryptographic applications. In Proc. 21th ACM Symposium on Theory of Computing, pages 33–43, Seattle, 1989. ACM.Google Scholar
  9. [9]
    John Rompel. One-way functions are necessary and sufficient for secure signatures. In Proc. 22nd ACM Symposium on Theory of Computing, pages 387–394, Baltimore, Maryland, 1990. ACM.Google Scholar
  10. [10]
    M. V. Wilkes. Time-sharing computer systems. Elsevier, 1975. Third edition.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1991

Authors and Affiliations

  • Ronald L. Rivest
    • 1
  1. 1.Laboratory for Computer ScienceMassachusetts Institute of TechnologyCambridgeUSA

Personalised recommendations