access icon free Improved cryptanalysis on RIPEMD-128

© The Institution of Engineering and Technology
Received 19/05/2014, Accepted 06/03/2015, Revised 03/02/2015, Published 29/04/2015

RIPEMD-128 is an ISO/IEC standard cryptographic hash function proposed in 1996 by Dobbertin, Bosselaers and Preneel. The compression function of RIPEMD-128 consists of two different and almost independent parallel lines denoted by line1 operation and line2 operation. The initial values and the output values of the last step of the two operations are combined, resulting in the final value of one iteration. In this study, the authors present collision differential characteristics for both 40-step line1 operation and 40-step line2 operation by choosing a proper message difference. By using message modification technique, they improve the probabilities of the differential characteristics so that they can give a collision attack on 40-step RIPEMD-128 hash function with a complexity of 235 computations. Meanwhile, they improve the distinguishing attack proposed by Landelle and Peyrin at EUROCRYPT 2013, and give a distinguisher on the full RIPEMD-128 hash function with a complexity of 290.4 by doing message modification.

Inspec keywords: ISO standards; cryptography; IEC standards

Other keywords: cryptanalysis; ISO-IEC standard cryptographic hash function; message modification technique; EUROCRYPT 2013; 40-step RIPEMD-128 hash function

Subjects: Data security; Cryptography; Cryptography theory

References

    1. 1)
      • 24. Indesteege, S., Preneel, B.: ‘Practical collisions for EnRUPT’. Proc. FSE 2009, Leuven, Belgium, February 2009, pp. 246259.
    2. 2)
      • 20. Iwamoto, M., Peyrin, T., Sasaki, Y.: ‘Limited-birthday distinguishers for hash functions-collisions beyond the birthday bound can be meaningful’. Proc. ASIACRYPT 2013, Bengaluru, India, December 2013, pp. 504523.
    3. 3)
      • 25. Pramstaller, N., Rechberger, C., Rijmen, V.: ‘Exploiting coding theory for collision attacks on SHA-1’. Proc. Cryptography and Coding 2005, Cirencester, UK, December 2005, pp. 7895.
    4. 4)
      • 18. Ohtahara, C., Sasaki, Y., Shimoyama, T.: ‘Preimage attacks on step-reduced RIPEMD-128 and RIPEMD-160’. Proc. Inscrypt 2010, Shanghai, China, October 2010, pp. 169186.
    5. 5)
      • 4. Wang, X., Yin, Y.L., Yu, H.: ‘Finding collisions in the full SHA-1’. Proc. CRYPTO 2005, Santa Barbara, California, USA, August 2005, pp. 1736.
    6. 6)
      • 11. Kap, J.: ‘Test cases for HMAC-RIPEMD160 and HMAC-RIPEMD128’. Internet Engineering Task Force (IETF), RFC 2286, 1998, http://www.ietf.org/rfc/rfc2286.txt.
    7. 7)
      • 19. Wang, L., Sasaki, Y., Komatsubara, W., Ohta, K., Sakiyama, K.: ‘(Second) preimage attacks on step-reduced RIPEMD/RIPEMD-128 with a new local-collision approach’. Proc. CT-RSA 2011, San Francisco, CA, USA, February 2011, pp. 197212.
    8. 8)
      • 12. Rivest, R.: ‘The MD4 message digest algorithm’. Proc. CRYPTO 1990, Santa Barbara, California, USA, August 1990, pp. 303312.
    9. 9)
      • 9. Dobbertin, H., Bosselaers, A., Preneel, B.: ‘RIPEMD-160: a strengthened version of RIPEMD’. Proc. FSE 1996, Cambridge, UK, February 1996, pp. 7182.
    10. 10)
      • 1. Wang, X., Lai, X., Feng, D., Chen, H., Yu, X.: ‘Cryptanalysis for hash functions MD4 and RIPEMD’. Proc. EUROCRYPT 2005, Aarhus, Denmark, May 2005, pp. 118.
    11. 11)
      • 23. Brier, E., Khazaei, S., Meier, W., Peyrin, T.: ‘Linearization framework for collision attacks: application to CubeHash and MD6’. Proc. ASIACRYPT 2009, Tokyo, Japan, December 2009, pp. 560577.
    12. 12)
      • 6. Yu, H., Wang, G., Zhang, G., Wang, X.: ‘The second-preimage attack on MD4’. Proc. CANS 2005, Xiamen, China, December 2005, pp. 112.
    13. 13)
      • 8. Bosselaers, A., Preneel, B.: ‘Integrity primitives for secure information systems: Final Report of RACE Integrity Primitives Evaluation RIPE-RACE 1040’ (Springer Press, 1995).
    14. 14)
      • 17. Landelle, F., Peyrin, T.: ‘Cryptanalysis of full RIPEMD-128’. Proc. EUROCRYPT 2013, Athens, Greece, May 2013, pp. 228244.
    15. 15)
      • 3. Wang, X., Yu, B., Yin, Y.L.: ‘Efficient collision search attacks on SHA-0’. Proc. CRYPTO 2005, Santa Barbara, California, USA, August 2005, pp. 116.
    16. 16)
      • 14. Dobbertin, H.: ‘RIPEMD with two-round compress function is not collision-free’, J. Cryptol., 1997, 10, (1), p. 51C70.
    17. 17)
      • 22. De Cannière, C., Rechberger, C.: ‘Finding SHA-1 characteristics: general results and applications’. Proc. ASIACRYPT 2006, Shanghai, China, December 2006, pp. 120.
    18. 18)
      • 16. Mendel, F., Nad, T., Schlaffer, M.: ‘Collision attacks on the reduced dual-stream hash function RIPEMD-128’. Proc. FSE 2012, Washington, DC, USA, March 2012, pp. 226243.
    19. 19)
      • 10. ISO/IEC 10118-3 : 2004: ‘Information technology-security techniques-hash-functions-part 3: Dedicated hash functions’, 2004, http: //www.iso.org/iso/catalogue_detail.htm?csnumber=39876.
    20. 20)
      • 7. SHA-3 Cryptographic hash algorithm competition: http://www.csrc.nist.gov/groups/ST/hash/sha-3/index.html.
    21. 21)
      • 13. Mendel, F., Pramstaller, N., Rechberger, C., Rijmen, V.: ‘On the collision resistance of RIPEMD-160’. Proc. ISC 2006, Samos Island, Greece, August 2006, pp. 101116.
    22. 22)
      • 2. Wang, X., Yu, H.: ‘How to break MD5 and other hash functions’. Proc. EUROCRYPT 2005, Aarhus, Denmark, May 2005, pp. 1935.
    23. 23)
      • 5. Yu, H., Wang, X., Yun, A., Park, S.: ‘Cryptanalysis of the full HAVAL with 4 and 5 passes’. Proc. FSE 2006, Graz, Austria, March 2006, pp. 89110.
    24. 24)
      • 21. Sasaki, Y., Wang, L.: ‘Distinguishers beyond three rounds of the RIPEMD-128/-160 compression functions’. Proc. ACNS 2012, Singapore, June 2012, pp. 275292.
    25. 25)
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-ifs.2014.0244
Loading

Related content

content/journals/10.1049/iet-ifs.2014.0244
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading