Abstract
In this paper, we show how to theoretically compute the step differential probability of RIPEMD-160 under the condition that only one internal variable contains difference and the difference is a power of 2. Inspired by the way of computing the differential probability, we can do message modification such that a step differential hold with probability 1. Moreover, we propose a semi-free-start collision attack on 48-step RIPEMD-160, which improves the best semi-free start collision by 6 rounds. This is mainly due to that some bits of the chaining variable in the i-th step can be computed by adding some conditions in advance, even though some chaining variables before step i are unknown. Therefore, the uncontrolled probability of the differential path is increased and the number of the needed starting points is decreased. Then a semi-free-start collision attack on 48-step RIPEMD-160 can be obtained based on the differential path constructed by Mendel et al. at ASIACRYPT 2013. The experiments confirm our reasoning and complexity analysis.
Highlights
Cryptographic hash functions play an important role in modern cryptography, which can be used in digital signature schemes, message authentication codes, password authentication schemes and so on
We present a method and give a partial answer to calculate the theoretical probability of a given differential path in RIPEMD-160, the step function of which is no longer a T -function
We propose a method to carry out the message modification such that a step differential path holds with probability 1 after message modification
Summary
Cryptographic hash functions play an important role in modern cryptography, which can be used in digital signature schemes, message authentication codes, password authentication schemes and so on. H. Semi-free-start collision resistance means it is impossible to find (IV , M) and (IV , M ) such that. The semi-free-start collision attack on Merkle-Damgård hash functions is of great significance. Because of the break-through progresses in MD-SHA hash function cryptanalysis [WLF+05, WY05, WYY05b, WYY05a, YWYP06, YWZW05], especially the analysis of MD5 [WY05] and SHA-1 [WYY05a], NIST started a four-year hash function competition to design a new hash standard SHA-3 [SHA]. Many techniques such as advanced message modification [WLF+05]. The early cryptanalysis of RIPEMD-0 was from Dobbertin [Dob97] and the practical collision attack was proposed by Wang et al [WLF+05]. The continuous analysis of the security margin of RIPEMD-160 is of great significance
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.