The MD4 Message Digest Algorithm
CRYPTO '90 Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology
Searching for differential paths in MD4
FSE'06 Proceedings of the 13th international conference on Fast Software Encryption
Efficient collision search attacks on SHA-0
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Finding collisions in the full SHA-1
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Cryptanalysis of the hash functions MD4 and RIPEMD
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
How to break MD5 and other hash functions
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Collisions of MMO-MD5 and their impact on original MD5
AFRICACRYPT'11 Proceedings of the 4th international conference on Progress in cryptology in Africa
Hi-index | 0.00 |
Wang et al. have proposed collision attacks for various hash functions. Their approach is to first construct a differential path, and then determine the conditions (sufficient conditions) that maintain the differential path. If a message that satisfies all sufficient conditions is found, a collision can be generated. Therefore, in order to apply the attack of Wang et al., we need techniques for constructing differential paths and for determining sufficient conditions. In this paper, we propose the “SC algorithm”, an algorithm that can automatically determine the sufficient conditions. The input of the SC algorithm is a differential path, that is, all message differentials and differentials of the chaining variables. The SC algorithm then outputs the sufficient conditions. The computation time of the SC algorithm is within few seconds. In applying the method of Wang et al. to MD5, there are 3 types of sufficient conditions: conditions for controlling the carry length when differentials appear in the chaining variables, conditions for controlling the output differentials of the Boolean function when the input variables of the function have differentials and conditions for controlling the relationship between the carry effect and left rotation operation. Sufficient conditions for SHA-1, SHA-0 and MD4 consist of only Type 1 and Type 2. Type 3 is unique to MD5. The SC algorithm can construct Type 1 and Type 2 conditions; we use the method of Liang et al. to construct Type 3 conditions. The complexity of the collision attack depends on the number of sufficient conditions needed. The SC algorithm constructs the fewest possible sufficient conditions. To check the feasibility of the SC algorithm, we apply it to the differential path of MD5 given by Wang et al. It is shown to yield 12 fewer conditions than the latest work on MD5. The SC algorithm is applicable to the MD-family and the SHA-family. This paper focuses on the sufficient conditions of MD5, but only as an example.