A Design Principle for Hash Functions
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
One Way Hash Functions and DES
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
RIPEMD-160: A Strengthened Version of RIPEMD
Proceedings of the Third International Workshop on Fast Software Encryption
Practical Collisions for EnRUPT
Fast Software Encryption
Distinguisher and Related-Key Attack on the Full AES-256
CRYPTO '09 Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology
Linearization Framework for Collision Attacks: Application to CubeHash and MD6
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Hash functions and the (amplified) boomerang attack
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
(Second) preimage attacks on step-reduced RIPEMD/RIPEMD-128 with a new local-collision approach
CT-RSA'11 Proceedings of the 11th international conference on Topics in cryptology: CT-RSA 2011
Preimage attacks on step-reduced RIPEMD-128 and RIPEMD-160
Inscrypt'10 Proceedings of the 6th international conference on Information security and cryptology
On the collision resistance of RIPEMD-160
ISC'06 Proceedings of the 9th international conference on Information Security
Finding SHA-1 characteristics: general results and applications
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
Finding collisions in the full SHA-1
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Cryptanalysis of the hash functions MD4 and RIPEMD
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
How to break MD5 and other hash functions
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Exploiting coding theory for collision attacks on SHA-1
IMA'05 Proceedings of the 10th international conference on Cryptography and Coding
Finding SHA-2 characteristics: searching through a minefield of contradictions
ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
Differential attacks on reduced RIPEMD-160
ISC'12 Proceedings of the 15th international conference on Information Security
Finding collisions for round-reduced SM3
CT-RSA'13 Proceedings of the 13th international conference on Topics in Cryptology
Hi-index | 0.00 |
In this paper, we analyze the security of RIPEMD-128 against collision attacks. The ISO/IEC standard RIPEMD-128 was proposed 15 years ago and may be used as a drop-in replacement for 128-bit hash functions like MD5. Only few results have been published for RIPEMD-128, the best being a preimage attack for the first 33 steps of the hash function with complexity 2124.5. In this work, we provide a new assessment of the security margin of RIPEMD-128 by showing attacks on up to 48 (out of 64) steps of the hash function. We present a collision attack reduced to 38 steps and a near-collisions attack for 44 steps, both with practical complexity. Furthermore, we show non-random properties for 48 steps of the RIPEMD-128 hash function, and provide an example for a collision on the compression function for 48 steps. For all attacks we use complex nonlinear differential characteristics. Due to the more complicated dual-stream structure of RIPEMD-128 compared to its predecessor, finding high-probability characteristics as well as conforming message pairs is nontrivial. Doing any of these steps by hand is almost impossible or at least, very time consuming. We present a general strategy to analyze dual-stream hash functions and use an automatic search tool for the two main steps of the attack. Our tool is able to find differential characteristics and perform advanced message modification simultaneously in the two streams.