RIPEMD-160: A strengthened version of RIPEMD

  • Hans Dobbertin
  • Antoon Bosselaers
  • Bart Preneel
Hash Functions
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1039)


Cryptographic hash functions are an important tool in cryptography for applications such as digital fingerprinting of messages, message authentication, and key derivation. During the last five years, several fast software hash functions have been proposed; most of them are based on the design principles of Ron Rivest's MD4. One such proposal was RIPEMD, which was developed in the framework of the EU project RIPE (Race Integrity Primitives Evaluation). Because of recent progress in the cryptanalysis of these hash functions, we propose a new version of RIPEMD with a 160-bit result, as well as a plug-in substitute for RIPEMD with a 128-bit result. We also compare the software performance of several MD4-based algorithms, which is of independent interest.


Boolean Function Hash Function Block Cipher Message Block Cryptographic Hash Function 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    R. Anderson, “The classification of hash functions,” Proc. of the IMA Conference on Cryptography and Coding, Cirencester, December 1993, Oxford University Press, 1995, pp. 83–95.Google Scholar
  2. 2.
    I.B. Damgård, “A design principle for hash functions,” Advances in Cryptology, Proc. Crypto'89, LNCS 435, G. Brassard, Ed., Springer-Verlag, 1990, pp. 416–427.Google Scholar
  3. 3.
    B. den Boer, A. Bosselaers, “An attack on the last two rounds of MD4,” Advances in Cryptology, Proc. Crypto'91, LNCS 576, J. Feigenbaum, Ed., Springer-Verlag, 1992, pp. 194–203.Google Scholar
  4. 4.
    B. den Boer, A. Bosselaers, “Collisions for the compression function of MD5,” Advances in Cryptology, Proc. Eurocrypt'93, LNCS 765, T. Helleseth, Ed., Springer-Verlag, 1994, pp. 293–304.Google Scholar
  5. 5.
    H. Dobbertin, “RIPEMD with two-round compress function is not collisionfree,” Journal of Cryptology, to appear.Google Scholar
  6. 6.
    H. Dobbertin, “Cryptanalysis of MD4,” Fast Software Encryption, this volume.Google Scholar
  7. 7.
    FIPS 180-1, Secure hash standard, NIST, US Department of Commerce, Washington D.C., April 1995.Google Scholar
  8. 8.
    R. Merkle, “One way hash functions and DES,” Advances in Cryptology, Proc. Crypto'89, LNCS 435, G. Brassard, Ed., Springer-Verlag, 1990, pp. 428–446.Google Scholar
  9. 9.
    C.H. Meyer, M. Schilling, “Secure program load with Manipulation Detection Code,” Proc. Securicom 1988, pp. 111–130.Google Scholar
  10. 10.
    B. Preneel, R. Govaerts, J. Vandewalle, “Hash functions based on block ciphers: a synthetic approach,” Advances in Cryptology, Proc. Crypto'93, LNCS 773, D. Stinson, Ed., Springer-Verlag, 1994, pp. 368–378.Google Scholar
  11. 11.
    B. Preneel, Cryptographic Hash Functions, Kluwer Academic Publishers, to appear.Google Scholar
  12. 12.
    RIPE, “Integrity Primitives for Secure Information Systems. Final Report of RACE Integrity Primitives Evaluation (RIPE-RACE 1040),” LNCS 1007, Springer-Verlag, 1995.Google Scholar
  13. 13.
    R.L. Rivest, “The MD4 message digest algorithm,” Advances in Cryptology, Proc. Crypto'90, LNCS 537, S. Vanstone, Ed., Springer-Verlag, 1991, pp. 303–311.Google Scholar
  14. 14.
    R.L. Rivest, “The MD4 message-digest algorithm,” Request for Comments (RFC) 1320, Internet Activities Board, Internet Privacy Task Force, April 1992.Google Scholar
  15. 15.
    R.L. Rivest, “The MD5 message-digest algorithm,” Request for Comments (RFC) 1321, Internet Activities Board, Internet Privacy Task Force, April 1992.Google Scholar
  16. 16.
    J. Touch, “Report on MD5 performance,” Request for Comments (RFC) 1810, Internet Activities Board, Internet Privacy Task Force, June 1995.Google Scholar
  17. 17.
    P.C. van Oorschot, M.J. Wiener, “Parallel collision search with application to hash functions and discrete logarithms,” Proc. 2nd ACM Conference on Computer and Communications Security, ACM, 1994, pp. 210–218.Google Scholar
  18. 18.
    S. Vaudenay, “On the need for multipermutations: cryptanalysis of MD4 and SAFER,” Fast Software Encryption, LNCS 1008, B. Preneel, Ed., Springer-Verlag, 1995, pp. 286–297.Google Scholar
  19. 19.
    G. Yuval, “How to swindle Rabin,” Cryptologia, Vol. 3, No. 3, 1979, pp. 187–189.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1996

Authors and Affiliations

  • Hans Dobbertin
    • 1
  • Antoon Bosselaers
    • 2
  • Bart Preneel
    • 2
  1. 1.German Information Security AgencyBonnGermany
  2. 2.Katholieke Universiteit Leuven, ESAT-COSICHeverleeBelgium

Personalised recommendations