Cryptanalysis of MD4

被引:75
作者
Dobbertin, H [1 ]
机构
[1] German Informat Secur Agcy, D-53133 Bonn, Germany
关键词
dedicated hash functions; collisions; MD4; MD5; RIPEMD;
D O I
10.1007/s001459900047
中图分类号
TP301 [理论、方法];
学科分类号
081202 [计算机软件与理论];
摘要
In 1990 Rivest introduced the hash function MD4. Two years later RIPEMD, a European proposal, was designed as a stronger mode of MD4. In 1995 the author found an attack against two of three rounds of RIPEMD. As we show in the present note, the methods developed to attack RIPEMD can be modified and supplemented such that it is possible to break the full MD4, while previously only partial attacks were known. An implementation of our attack allows us to find collisions for MD4 in a few seconds on a PC. An example of a collision is given demonstrating that our attack is of practical relevance.
引用
收藏
页码:253 / 271
页数:19
相关论文
共 12 条
[1]
[Anonymous], 1321 RFC INT ACT BOA
[2]
DENBOER B, 1992, LECT NOTES COMPUT SC, V576, P194
[3]
RIPEMD with two-round compress function is not collision-free [J].
Dobbertin, H .
JOURNAL OF CRYPTOLOGY, 1997, 10 (01) :51-69
[4]
Dobbertin H., 1996, CRYPTOBYTES, V2, P1
[5]
DOBBERTIN H, 1997, 1 2 ROUNDS MD4 NOT O
[6]
Dobbertin H., 1996, LNCS, V1039, P71
[7]
*FIPS, 1995, 1801 FIPS NIST US DE
[8]
*RIPE, 1995, LECT NOT COMP SCI, V1007
[9]
RIVEST RL, 1992, 1320 RFC INT ACT BOA
[10]
ROBSHAW MJB, 1996, B RSA LAB, V4