Preimage Attacks on One-Block MD4, 63-Step MD5 and More
This paper shows preimage attacks on one-block MD4 and MD5 reduced to 63 (out of 64) steps. Our attacks are based on the meet-in-the-middle attack, and many additional improvements make the preimage computable faster than that of the brute-force attack, 2128 hash computation. A preimage of one-block MD4 can be computed in the complexity of the 2107 MD4 compression function computation, and a preimage of MD5 reduced to 63 steps can be computed in the complexity of the 2121 MD5 compression function computation. Moreover, we optimize the computational order of the brute-force attack against MD5, and a preimage of full-round MD5 can be computed in the complexity of the 2127 MD5 compression function computation.
KeywordsMD5 MD4 meet-in-the-middle local collision one-way preimage
- 1.Aumasson, J.-P., Meier, W., Mendel, F.: Preimage attacks on 3-pass HAVAL and step-reduced MD5. In: Avanzi, R., Keliher, L., Sica, F. (eds.) Selected Areas in Cryptography — Workshop Records of 15th Annual International Workshop, SAC 2008, Sackville, New Brunswick, Canada, pp. 99–114 (2008); also appeared in IACR Cryptology ePrint Archive: Report 2008/183 http://eprint.iacr.org/2008/183
- 7.Klima, V.: Tunnels in hash functions: MD5 collisions within a minute (IACR Cryptology ePrint Archive: Report 2006/105 ) (2006), http://eprint.iacr.org/2006/105
- 8.Kuwakado, H., Tanaka, H.: New algorithm for finding preimages in a reduced version of the MD4 compression function. IEICE Transactions Fundamentals of Electronics, Communications and Computer Sciences (Japan) E83-A(1), 97–100 (2000)Google Scholar
- 12.Rivest, R.L.: Request for Comments 1321: The MD5 Message Digest Algorithm. The Internet Engineering Task Force (1992), http://www.ietf.org/rfc/rfc1321.txt
- 14.U.S. Department of Commerce, National Institute of Standards and Technology. Announcing the SECURE HASH STANDARD (Federal Information Processing Standards Publication 180-2) (2002), http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf