Article

Preimage attacks on step-reduced RIPEMD-128 and RIPEMD-160

Authors:

Chiaki Ohtahara,

Takeshi ShimoyamaAuthors Info & Claims

Inscrypt'10: Proceedings of the 6th international conference on Information security and cryptology

Pages 169 - 186

Published: 20 October 2010 Publication History

Abstract

This paper presents the first results on the preimage resistance of ISO standard hash functions RIPEMD-128 and RIPEMD-160. They were designed as strengthened versions of RIPEMD. While preimage attacks on the first 33 steps and intermediate 35 steps of RIPEMD (48 steps in total) are known, no preimage attack exists on RIPEMD-128 (64 steps) or RIPEMD-160 (80 steps). This paper shows three variations of attacks on RIPEMD-128; the first 33 steps, intermediate 35 steps, and the last 32 steps. It is interesting that the number of attacked steps for RIPEMD-128 reaches the same level as RIPEMD. We show that our approach can also be applied to RIPEMD-160, and present preimage attacks on the first 30 steps and the last 31 steps.

References

[1]

U.S. Department of Commerce, National Institute of Standards and Technology: Federal Register/vol. 72, No. 212/Friday, November 2, 2007/Notices (2007).

[2]

Wang, X., Yu, H.: How to break MD5 and other hash functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19-35. Springer, Heidelberg (2005).

Digital Library

[3]

Wang, X., Yin, Y.L., Yu, H.: Finding collisions in the full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17-36. Springer, Heidelberg (2005).

Digital Library

[4]

Wang, X., Lai, X., Feng, D., Chen, H., Yu, X.: Cryptanalysis of the hash functions MD4 and RIPEMD. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 1-18. Springer, Heidelberg (2005).

Digital Library

[5]

Mendel, F., Rijmen, V.: Cryptanalysis of the tiger hash function. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 536-550. Springer, Heidelberg (2007).

Digital Library

[6]

Guo, J., Ling, S., Rechberger, C., Wang, H.: Advanced meet-in-the-middle preimage attacks: First results on full Tiger, and improved results on MD4 and SHA-2. Cryptology ePrint Archive, Report 2010/016 (2010).

[7]

Lamberger, M., Mendel, F., Rechberger, C., Rijmen, V., Schläffer, M.: Rebound distinguishers: Results on the full whirlpool compression function. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 126-143. Springer, Heidelberg (2009).

Digital Library

[8]

Saarinen, M.-J.O.: A meet-in-the-middle collision attack against the new FORK- 256. In: Srinathan, K., Rangan, C.P., Yung, M. (eds.) INDOCRYPT 2007. LNCS, vol. 4859, pp. 10-17. Springer, Heidelberg (2007).

Digital Library

[9]

Dobbertin, H., Bosselaers, A., Preneel, B.: RIPEMD-160: A strengthened version of RIPEMD. In: Gollmann, D. (ed.) FSE 1996. LNCS, vol. 1039, pp. 71-82. Springer, Heidelberg (1996).

Digital Library

[10]

RIPE Integrity Primitives: Integrity Primitives for Secure Information Systems, Final RIPE Report of RACE Integrity Primitives Evaluation, RIPE-RACE 1040 (1995).

Digital Library

[11]

International Organization for Standardization: ISO/IEC 10118-3:2004, Information technology - Security techniques - Hash-functions - Part 3: Dedicated hash-functions (2004).

[12]

Mendel, F., Pramstaller, N., Rechberger, C., Rijmen, V.: On the collision resistance of RIPEMD-160. In: Katsikas, S.K., López, J., Backes, M., Gritzalis, S., Preneel, B. (eds.) ISC 2006. LNCS, vol. 4176, pp. 101-116. Springer, Heidelberg (2006).

Digital Library

[13]

Wang, G., Wang, S.: Preimage attack on hash function RIPEMD. In: Bao, F., Li, H., Wang, G. (eds.) ISPEC 2009. LNCS, vol. 5451, pp. 274-284. Springer, Heidelberg (2009).

Digital Library

[14]

Sasaki, Y., Aoki, K.: Meet-in-the-middle preimage attacks on double-branch hash functions: Application to RIPEMD and others. In: Boyd, C., González Nieto, J. (eds.) ACISP 2009. LNCS, vol. 5594, pp. 214-231. Springer, Heidelberg (2009).

Digital Library

[15]

Hong, D., Chang, D., Sung, J., Lee, S.-J., Hong, S.H., Lee, J.S., Moon, D., Chee, S.: A new dedicated 256-bit hash function: FORK-256. In: Robshaw, M.J.B. (ed.) FSE 2006. LNCS, vol. 4047, pp. 195-209. Springer, Heidelberg (2006).

Digital Library

[16]

Aoki, K., Sasaki, Y.: Preimage attacks on one-block MD4, 63-step MD5 and more. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 103-119. Springer, Heidelberg (2009).

Digital Library

[17]

den Boer, B., Bosselaers, A.: An attack on the last two rounds of MD4. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 194-203. Springer, Heidelberg (1992).

Digital Library

[18]

Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of applied cryptography. CRC Press, Boca Raton (1997).

Digital Library

[19]

Leurent, G.: MD4 is not one-way. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 412-428. Springer, Heidelberg (2008).

Digital Library

[20]

Sasaki, Y., Aoki, K.: Finding preimages in full MD5 faster than exhaustive search. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 134-152. Springer, Heidelberg (2009).

Digital Library

Cited By

Landelle FPeyrin T(2016)Cryptanalysis of Full RIPEMD-128Journal of Cryptology10.1007/s00145-015-9213-529:4(927-951)Online publication date: 1-Oct-2016
https://dl.acm.org/doi/10.1007/s00145-015-9213-5
Mendel FNad TSchläffer M(2012)Collision attacks on the reduced dual-stream hash function RIPEMD-128Proceedings of the 19th international conference on Fast Software Encryption10.1007/978-3-642-34047-5_14(226-243)Online publication date: 19-Mar-2012
https://dl.acm.org/doi/10.1007/978-3-642-34047-5_14
Mendel FNad TScherz SSchläffer M(2012)Differential attacks on reduced RIPEMD-160Proceedings of the 15th international conference on Information Security10.1007/978-3-642-33383-5_2(23-38)Online publication date: 19-Sep-2012
https://dl.acm.org/doi/10.1007/978-3-642-33383-5_2
Show More Cited By

Recommendations

(Second) preimage attacks on step-reduced RIPEMD/RIPEMD-128 with a new local-collision approach
CT-RSA'11: Proceedings of the 11th international conference on Topics in cryptology: CT-RSA 2011

This paper uses new types of local collisions named onemessage-word local collisions to construct meet-in-the-middle preimage attacks on two double-branch hash functions RIPEMD and RIPEMD- 128, and obtains the following results.

1) A pseudo-preimage and ...
Preimage Attacks on 3, 4, and 5-Pass HAVAL
ASIACRYPT '08: Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology

This paper proposes preimage attacks on hash function HAVAL whose output length is 256 bits. This paper has three main contributions; a preimage attack on 3-pass HAVAL at the complexity of 2²²⁵, a preimage attack on 4-pass HAVAL at the complexity of 2^...
Distinguishers beyond three rounds of the RIPEMD-128/-160 compression functions
ACNS'12: Proceedings of the 10th international conference on Applied Cryptography and Network Security

This paper presents differential-based distinguishers against ISO standard hash functions RIPEMD-128 and RIPEMD-160. Second-order differential paths are constructed on reduced steps of their compression functions. These lead to 4-sum attacks on 47 steps ...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

Inscrypt'10: Proceedings of the 6th international conference on Information security and cryptology

October 2010

524 pages

ISBN:9783642215179

Editors:
Xuejia Lai
Shanghai Jiaotong University, Department of Computer Science and Engineering, Shanghai, China
,
Moti Yung
Google Inc. and Columbia University, Computer Science Department, NewYork, NY
,
Dongdai Lin
SKLOIS, Chinese Academy of Sciences, Institute of Software, Beijing, China

Sponsors

NSF of China: The National Natural Science Foundation of China
Chinese Academy of Sciences
Chinese Association for Cryptologic Research: Chinese Association for Cryptologic Research

In-Cooperation

Shanghai Jiao Tong University: Shanghai Jiao Tong University
IACR: The International Association for Cryptologic Research

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 20 October 2010

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 26 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Landelle FPeyrin T(2016)Cryptanalysis of Full RIPEMD-128Journal of Cryptology10.1007/s00145-015-9213-529:4(927-951)Online publication date: 1-Oct-2016
https://dl.acm.org/doi/10.1007/s00145-015-9213-5
Mendel FNad TSchläffer M(2012)Collision attacks on the reduced dual-stream hash function RIPEMD-128Proceedings of the 19th international conference on Fast Software Encryption10.1007/978-3-642-34047-5_14(226-243)Online publication date: 19-Mar-2012
https://dl.acm.org/doi/10.1007/978-3-642-34047-5_14
Mendel FNad TScherz SSchläffer M(2012)Differential attacks on reduced RIPEMD-160Proceedings of the 15th international conference on Information Security10.1007/978-3-642-33383-5_2(23-38)Online publication date: 19-Sep-2012
https://dl.acm.org/doi/10.1007/978-3-642-33383-5_2
Sasaki YWang L(2012)Distinguishers beyond three rounds of the RIPEMD-128/-160 compression functionsProceedings of the 10th international conference on Applied Cryptography and Network Security10.1007/978-3-642-31284-7_17(275-292)Online publication date: 26-Jun-2012
https://dl.acm.org/doi/10.1007/978-3-642-31284-7_17
Ohtahara COkada KSasaki YShimoyama T(2011)Preimage attacks on full-ARIRANGProceedings of the 16th Australasian conference on Information security and privacy10.5555/2029853.2029888(417-422)Online publication date: 11-Jul-2011
https://dl.acm.org/doi/10.5555/2029853.2029888
Wang LSasaki YKomatsubara WOhta KSakiyama K(2011)(Second) preimage attacks on step-reduced RIPEMD/RIPEMD-128 with a new local-collision approachProceedings of the 11th international conference on Topics in cryptology: CT-RSA 201110.5555/1964621.1964641(197-212)Online publication date: 14-Feb-2011
https://dl.acm.org/doi/10.5555/1964621.1964641
Ohtahara COkada KSasaki YShimoyama T(2011)Preimage attacks on Full-ARIRANGProceedings of the 12th international conference on Information Security Applications10.1007/978-3-642-27890-7_4(40-54)Online publication date: 22-Aug-2011
https://dl.acm.org/doi/10.1007/978-3-642-27890-7_4

View Options

View options

Figures

Tables

Media

View Table of Conten