Collision Attack for the Hash Function Extended MD4

Extended MD4 is a hash function proposed by Rivest in 1990 with a 256-bit hash value. The compression function consists of two different and independent parallel lines called Left Line and Right Line, and each line has 48 steps. The initial values of Left Line and Right Line are denoted by IV0 and IV1 respectively. Dobbertin proposed a collision attack for the compression function of Extended MD4 with a complexity of about 240 under the condition that the value for IV0 = IV1 is prescribed. In this paper, we gave a collision attack on the full Extended MD4 with a complexity of about 237. Firstly, we propose a collision differential path for both lines by choosing a proper message difference, and deduce a set of sufficient conditions that ensure the differential path hold. Then by using some precise message modification techniques to improve the success probability of the attack, we find two-block collisions of Extended MD4 with less than 237 computations. This work provides a new reference to the collision analysis of other hash functions such as RIPEMD-160 etc. which consist of two lines.

[1]  Dengguo Feng,et al.  Collisions for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD , 2004, IACR Cryptol. ePrint Arch..

[2]  Mei-Qin Wang,et al.  Cryptanalysis of Reduced RIPEMD-128: Cryptanalysis of Reduced RIPEMD-128 , 2008 .

[3]  Antoine Joux,et al.  Collisions of SHA-0 and Reduced SHA-1 , 2005, EUROCRYPT.

[4]  Antoine Joux,et al.  Differential Collisions in SHA-0 , 1998, CRYPTO.

[5]  Feng Dengguo,et al.  An attack on hash function HAVAL-128 , 2005 .

[6]  Hugo Krawczyk,et al.  Advances in Cryptology - CRYPTO '98 , 1998 .

[7]  Bart Preneel,et al.  RIPEMD-160: A Strengthened Version of RIPEMD , 1996, FSE.

[8]  Antoon Bosselaers,et al.  Collisions for the Compressin Function of MD5 , 1994, EUROCRYPT.

[9]  Jennifer Seberry,et al.  Advances in Cryptology — AUSCRYPT '92 , 1992, Lecture Notes in Computer Science.

[10]  Gerhard Goos,et al.  Fast Software Encryption , 2001, Lecture Notes in Computer Science.

[11]  Ronald L. Rivest,et al.  The MD5 Message-Digest Algorithm , 1992, RFC.

[12]  Guojun Wang,et al.  A unified approximate reasoning theory suitable for both propositional calculus system $$\mathcal{L}^* $$ and predicate calculus system $$\mathcal{K}^* $$ , 2005, Science in China Series F: Information Sciences.

[13]  Mark Manulis,et al.  Cryptology and Network Security , 2012, Lecture Notes in Computer Science.

[14]  Xiaoyun Wang,et al.  Finding Collisions in the Full SHA-1 , 2005, CRYPTO.

[15]  Hui Chen,et al.  Cryptanalysis of the Hash Functions MD4 and RIPEMD , 2005, EUROCRYPT.

[16]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[17]  Xiaoyun Wang,et al.  Cryptanalysis of the Full HAVAL with 4 and 5 Passes , 2006, FSE.

[18]  Wang Mei,et al.  Cryptanalysis of Reduced RIPEMD-128 , 2008 .

[19]  Xiaoyun Wang,et al.  The Second-Preimage Attack on MD4 , 2005, CANS.

[20]  Hans Dobbertin Cryptanalysis of MD4 , 1996, FSE.

[21]  Tor Helleseth,et al.  Advances in Cryptology — EUROCRYPT ’93 , 2001, Lecture Notes in Computer Science.

[22]  Hans Dobbertin,et al.  RIPEMD with two-round compress function is not collision-free , 1997, Journal of Cryptology.

[23]  Jennifer Seberry,et al.  HAVAL - A One-Way Hashing Algorithm with Variable Length of Output , 1992, AUSCRYPT.

[24]  Florian Mendel,et al.  Collisions for 70-Step SHA-1: On the Full Cost of Collision Search , 2007, Selected Areas in Cryptography.

[25]  Shirley M. Radack,et al.  Secure Hash Standard: Updated Specifications Approved and Issued as Federal Information Processing Standard (FIPS) 180-4 | NIST , 2012 .

[26]  Xiaoyun Wang,et al.  Efficient Collision Search Attacks on SHA-0 , 2005, CRYPTO.

[27]  Hans Dobbertin Cryptanalysis of MD5 Compress , 1996 .

[28]  Ronald L. Rivest,et al.  The MD4 Message-Digest Algorithm , 1990, RFC.

[29]  Eli Biham,et al.  Differential cryptanalysis of DES-like cryptosystems , 1990, Journal of Cryptology.

[30]  Joos Vandewalle,et al.  Cryptanalysis of 3-Pass HAVAL , 2003, ASIACRYPT.

[31]  Ronald Cramer,et al.  Advances in Cryptology - EUROCRYPT 2005, 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, May 22-26, 2005, Proceedings , 2005, EUROCRYPT.

[32]  Victor Shoup Advances in Cryptology - CRYPTO 2005: 25th Annual International Cryptology Conference, Santa Barbara, California, USA, August 14-18, 2005, Proceedings , 2005, CRYPTO.

[33]  Kefei Chen,et al.  Advances in Cryptology - ASIACRYPT 2006, 12th International Conference on the Theory and Application of Cryptology and Information Security, Shanghai, China, December 3-7, 2006, Proceedings , 2006, ASIACRYPT.

[34]  Chi Sung Laih,et al.  Advances in Cryptology - ASIACRYPT 2003 , 2003 .

[35]  Antoine Joux,et al.  Collisions in SHA-0 , 2004, CRYPTO 2004.

[36]  Antoon Bosselaers,et al.  Collisions for the Compressin Function of MD5 , 1994, EUROCRYPT.

[37]  Wang Mei-qin,et al.  Cryptanalysis of Reduced RIPEMD-128 , 2008 .

[38]  Matthew Franklin,et al.  Advances in Cryptology – CRYPTO 2004 , 2004, Lecture Notes in Computer Science.

[39]  Eli Biham,et al.  Differential cryptanalysis of DES-like cryptosystems , 1990, Journal of Cryptology.

[40]  Hans Dobbertin,et al.  The First Two Rounds of MD4 are Not One-Way , 1998, FSE.

[41]  Joos Vandewalle,et al.  Integrity primitives for secure information systems : final report of RACE Integrity Primitives Evaluation RIPE-RACE 1040 , 1995 .

[42]  Christophe De Cannière,et al.  Finding SHA-1 Characteristics: General Results and Applications , 2006, ASIACRYPT.

[43]  Serge Vaudenay,et al.  On the Need for Multipermutations: Cryptanalysis of MD4 and SAFER , 1994, FSE.

[44]  Dengguo Feng,et al.  An attack on hash function HAVAL-128 , 2007, Science in China Series F: Information Sciences.

[45]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.

[46]  Pulak Mishra,et al.  Mergers, Acquisitions and Export Competitive- ness: Experience of Indian Manufacturing Sector , 2012 .

[47]  Xiaoyun Wang,et al.  How to Break MD5 and Other Hash Functions , 2005, EUROCRYPT.

[48]  Eli Biham,et al.  Near-Collisions of SHA-0 , 2004, CRYPTO.