Collisions for the compression function of MD5
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
The MD4 Message Digest Algorithm
CRYPTO '90 Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology
Differential Collisions in SHA-0
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
HAVAL - A One-Way Hashing Algorithm with Variable Length of Output
ASIACRYPT '92 Proceedings of the Workshop on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
RIPEMD-160: A Strengthened Version of RIPEMD
Proceedings of the Third International Workshop on Fast Software Encryption
Proceedings of the Third International Workshop on Fast Software Encryption
The First Two Rounds of MD4 are Not One-Way
FSE '98 Proceedings of the 5th International Workshop on Fast Software Encryption
Collisions for 70-step SHA-1: on the full cost of collision search
SAC'07 Proceedings of the 14th international conference on Selected areas in cryptography
Finding SHA-1 characteristics: general results and applications
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
The second-preimage attack on MD4
CANS'05 Proceedings of the 4th international conference on Cryptology and Network Security
Cryptanalysis of the full HAVAL with 4 and 5 passes
FSE'06 Proceedings of the 13th international conference on Fast Software Encryption
Efficient collision search attacks on SHA-0
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Finding collisions in the full SHA-1
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Cryptanalysis of the hash functions MD4 and RIPEMD
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
How to break MD5 and other hash functions
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Collisions of SHA-0 and reduced SHA-1
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
| Hi-index | 0.01 |
Extended MD4 is a hash function proposed by Rivest in 1990 with a 256-bit hash value. The compression function consists of two different and independent parallel lines called Left Line and Right Line, and each line has 48 steps. The initial values of Left Line and Right Line are denoted by IV0 and IV1 respectively. Dobbertin proposed a collision attack for the compression function of Extended MD4 with a complexity of about 240 under the condition that the value for IV0 = IV1 is prescribed. In this paper, we gave a collision attack on the full Extended MD4 with a complexity of about 237. Firstly, we propose a collision differential path for both lines by choosing a proper message difference, and deduce a set of sufficient conditions that ensure the differential path hold. Then by using some precise message modification techniques to improve the success probability of the attack, we find two-block collisions of Extended MD4 with less than 237 computations. This work provides a new reference to the collision analysis of other hash functions such as RIPEMD-160 etc. which consist of two lines.