Abstract
In 1990 Rivest introduced the hash function MD4. Two years later RIPEMD, a European proposal, was designed as a stronger mode of MD4. Recently we have found an attack against two of three rounds of RIPEMD. As we shall show in the present note, the methods developed to attack RIPEMD can be modified and supplemented such that it is possible to break the full MD4, while previously only partial attacks were known. An implementation of our attack allows to find collisions for MD4 in a few seconds on a PC. An example of a collision is given demonstrating that our attack is of practical relevance.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
FIPS 180-1, Secure hash standard, Federal Information Processing Standard, NIST, US Department of Commerce, Washington D.C., April 1995.
RIPE, Integrity Primitives for Secure Information Systems. Final Report of RACE Integrity Primitives Evaluation (RIPE-RACE 1040), Lecture Notes in Computer Science, vol. 1007, Springer-Verlag, 1995.
den Boer, B., Bosselaers, A.: An attack on the last two rounds of MD4, Advances in Cryptology, CRYPTO '91, Lecture Notes in Computer Science, vol. 576, Springer-Verlag, 1992, pp. 194–203.
Dobbertin, H.: RIPEMD with two-round compress function is not collision-free, J. of Cryptology, to appear.
Dobbertin, H.: The compress function of extended MD4 is not collision-free, preprint.
Dobbertin, H., Bosselaers, A., Preneel, B.: RIPEMD-160: A strengthened version of RIPEMD, these proceedings.
Rivest, R.: The MD4 message-digest algorithm, Request for Comments (RFC) 1320, Internet Activities Board, Internet Privacy Task Force, April 1992.
Rivest, R.: The MD5 message-digest algorithm, Request for Comments (RFC) 1321, Internet Activities Board, Internet Privacy Task Force, April 1992.
Vaudenay, S.: On the need of multipermutations: Cryptanalysis of MD4 and SAFER, Fast Software Encryption (Proceedings of the 1994 Leuven Workshop on Cryptographic Algorithms), Lecture Notes in Computer Science, vol. 1008, Springer-Verlag, 1995, pp. 286–297.
Yuval, G.: How to swindle Rabin, Cryptologia, vol. 3, no. 3, 1979, pp. 187–189.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1996 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Dobbertin, H. (1996). Cryptanalysis of MD4. In: Gollmann, D. (eds) Fast Software Encryption. FSE 1996. Lecture Notes in Computer Science, vol 1039. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-60865-6_43
Download citation
DOI: https://doi.org/10.1007/3-540-60865-6_43
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-60865-3
Online ISBN: 978-3-540-49652-6
eBook Packages: Springer Book Archive