Collision Attacks on the Reduced Dual-Stream Hash Function RIPEMD-128

Florian Mendel, Tomislav Nad, Martin Schläffer

Research output: Chapter in Book/Report/Conference proceedingConference paperpeer-review

Abstract

n this paper, we analyze the security of RIPEMD-128 against collision attacks. The ISO/IEC standard RIPEMD-128 was proposed 15 years ago and may be used as a drop-in replacement for 128-bit hash functions like MD5. Only few results have been published for RIPEMD-128, the best being a preimage attack for the first 33 steps of the hash function with complexity 2124.5. In this work, we provide a new assessment of the security margin of RIPEMD-128 by showing attacks on up to 48 (out of 64) steps of the hash function. We present a collision attack reduced to 38 steps and a near-collisions attack for 44 steps, both with practical complexity. Furthermore, we show non-random properties for 48 steps of the RIPEMD-128 hash function, and provide an example for a collision on the compression function for 48 steps.

For all attacks we use complex nonlinear differential characteristics. Due to the more complicated dual-stream structure of RIPEMD-128 compared to its predecessor, finding high-probability characteristics as well as conforming message pairs is nontrivial. Doing any of these steps by hand is almost impossible or at least, very time consuming. We present a general strategy to analyze dual-stream hash functions and use an automatic search tool for the two main steps of the attack. Our tool is able to find differential characteristics and perform advanced message modification simultaneously in the two streams.
Original languageEnglish
Title of host publicationFast Software Encryption
Place of PublicationBerlin; Heidelberg
PublisherSpringer
Pages226-243
ISBN (Print)978-3-642-34046-8
DOIs
Publication statusPublished - 2012
Event19th Fast Software Encryption Workshop: FSE 2012 - Washington DC, United States
Duration: 19 Mar 201221 Mar 2012

Publication series

NameLecture Notes in Computer Science
PublisherSpringer
Volume7549

Conference

Conference19th Fast Software Encryption Workshop
Abbreviated titleFSE 2012
Country/TerritoryUnited States
CityWashington DC
Period19/03/1221/03/12

Fields of Expertise

  • Information, Communication & Computing

Fingerprint

Dive into the research topics of 'Collision Attacks on the Reduced Dual-Stream Hash Function RIPEMD-128'. Together they form a unique fingerprint.
  • FWF - kryptographische Hashfu - Cryptanalysis of modern cryptographic hash functions II

    Nad, T. (Co-Investigator (CoI)), Mendel, F. (Co-Investigator (CoI)), Schläffer, M. (Co-Investigator (CoI)), Lamberger, M. (Co-Investigator (CoI)) & Rijmen, V. (Principal Investigator (PI))

    1/02/1031/01/13

    Project: Research project

  • EU - ECRYPT II - European network of excellence in cryptology - Phase II

    Schmidt, J.-M. (Co-Investigator (CoI)), Nad, T. (Co-Investigator (CoI)), Kirschbaum, M. (Co-Investigator (CoI)), Feldhofer, M. (Co-Investigator (CoI)), Schläffer, M. (Co-Investigator (CoI)), Aigner, M. J. (Co-Investigator (CoI)), Rechberger, C. (Co-Investigator (CoI)), Lamberger, M. (Co-Investigator (CoI)), Tillich, S. (Co-Investigator (CoI)), Medwed, M. (Co-Investigator (CoI)), Hutter, M. (Co-Investigator (CoI)), Rijmen, V. (Co-Investigator (CoI)), Mendel, F. (Co-Investigator (CoI)) & Posch, R. (Principal Investigator (PI))

    1/08/0831/01/13

    Project: Research project

  • Cryptography

    Schläffer, M. (Co-Investigator (CoI)), Oswald, M. E. (Co-Investigator (CoI)), Lipp, P. (Co-Investigator (CoI)), Dobraunig, C. E. (Co-Investigator (CoI)), Mendel, F. (Co-Investigator (CoI)), Eichlseder, M. (Co-Investigator (CoI)), Nad, T. (Co-Investigator (CoI)), Posch, R. (Co-Investigator (CoI)), Lamberger, M. (Co-Investigator (CoI)), Rijmen, V. (Co-Investigator (CoI)) & Rechberger, C. (Co-Investigator (CoI))

    1/01/9531/01/19

    Project: Research area

Cite this