(Second) Preimage Attacks on Step-Reduced RIPEMD/RIPEMD-128 with a New Local-Collision Approach
This paper uses new types of local collisions named one-message-word local collisions to construct meet-in-the-middle preimage attacks on two double-branch hash functions RIPEMD and RIPEMD-128, and obtains the following results.
A pseudo-preimage and second preimage attacks on the first 47 steps of RIPEMD (full version: 48 steps) are proposed with complexities of 2119 and 2124.5 compression function computations, respectively. The number of the attacked steps is greatly increased from previous preimage attacks on the first 33 steps and intermediate 35 steps.
A pseudo-preimage and preimage attacks on intermediate 36 steps of RIPEMD-128 (full version: 64 steps) are proposed with complexities of 2123 and 2126.5 compression function computations, respectively, while previous attacks can work at most intermediate 35 steps.
KeywordsRIPEMD RIPEMD-128 Meet-in-the-Middle One-Message-Word Local Collision
Unable to display preview. Download preview PDF.
- 6.Goos, G., Hartmanis, J., van Leeuwen, J. (eds.):Integrity Primitives for Secure Information Systems, Final Report of RACE Integrity Primitives Evaluation RIPE-RACE 1040. LNCS, ch. RIPEMD, vol. 1007, pp. 69–111. Springer, Heidelberg (1995)Google Scholar
- 9.Klima, V.: Tunnels in hash functions: MD5 collisions within a minute. Cryptology ePrint Archive, Report 2006/105 (2006), http://eprint.iacr.org/2006/105
- 11.Ohtahara, C., Sasaki, Y., Shimoyama, T.: Preimage attacks on step-reduced RIPEMD-128 and RIPEMD-160. In: INSCRYPT (2010)Google Scholar