Collisions for the compression function of MD5
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
A Generalized Birthday Problem
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
The MD4 Message Digest Algorithm
CRYPTO '90 Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology
HAVAL - A One-Way Hashing Algorithm with Variable Length of Output
ASIACRYPT '92 Proceedings of the Workshop on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
FSE '99 Proceedings of the 6th International Workshop on Fast Software Encryption
Fast Software Encryption
Preimage Attacks on 3, 4, and 5-Pass HAVAL
ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Finding Preimages in Full MD5 Faster Than Exhaustive Search
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
Preimage Attacks on One-Block MD4, 63-Step MD5 and More
Selected Areas in Cryptography
Preimage Attacks on 3-Pass HAVAL and Step-Reduced MD5
Selected Areas in Cryptography
Hash functions and the (amplified) boomerang attack
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
How to find many collisions of 3-pass HAVAL
IWSEC'07 Proceedings of the Security 2nd international conference on Advances in information and computer security
FSE'11 Proceedings of the 18th international conference on Fast software encryption
Cryptanalysis of the full HAVAL with 4 and 5 passes
FSE'06 Proceedings of the 13th international conference on Fast Software Encryption
Non-randomness of the full 4 and 5-pass HAVAL
SCN'04 Proceedings of the 4th international conference on Security in Communication Networks
Finding collisions in the full SHA-1
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Cryptanalysis of the hash functions MD4 and RIPEMD
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
How to break MD5 and other hash functions
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
On the security of encryption modes of MD4, MD5 and HAVAL
ICICS'05 Proceedings of the 7th international conference on Information and Communications Security
The Return of the Cryptographic Boomerang
IEEE Transactions on Information Theory
New message difference for MD4
FSE'07 Proceedings of the 14th international conference on Fast Software Encryption
Second-Order differential collisions for reduced SHA-256
ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
Boomerang attacks on hash function using auxiliary differentials
CT-RSA'12 Proceedings of the 12th conference on Topics in Cryptology
Distinguishers beyond three rounds of the RIPEMD-128/-160 compression functions
ACNS'12 Proceedings of the 10th international conference on Applied Cryptography and Network Security
Analysis of differential attacks in ARX constructions
ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
Second order collision for the 42-step reduced DHA-256 hash function
Information Processing Letters
Hi-index | 0.00 |
In this paper, we study a boomerang attack approach on MD4-based hash functions, and present a practical 4-sum distinguisher against the compression function of the full 5-pass HAVAL. Our approach is based on the previous work by Kim et al., which proposed the boomerang distinguisher on the encryption mode of MD4, MD5, and HAVAL in the related-key setting. Firstly, we prove that the differential path for 5-pass HAVAL used in the previous boomerang distinguisher contains a critical flaw and thus the attack cannot work. We then search for new differential paths. Finally, by using the new paths, we mount the distinguisher on the compression function of the full 5-pass HAVAL which generates a 4-sum quartet with a complexity of approximately 211 compression function computations. As far as we know, this is the first result on the full compression function of 5-pass HAVAL that can be computed in practice. We also point out that the 4-sum distinguisher can also be constructed for other MD4-based hash functions such as MD5, 3-pass HAVAL, and 4-pass HAVAL. Our attacks are implemented on a PC and we present a generated 4-sum quartet for each attack target.