Improved preimage attack on one-block MD4
Authors: 
Jinmin Zhong, Xuejia LaiAuthors Info & Claims
Jinmin Zhong, Xuejia LaiAuthors Info & ClaimsPages 981 - 994
Abstract
MD4 is a hash function designed by Rivest in 1990. The design philosophy of many important hash functions, such as MD5, SHA-1 and SHA-2, originated from that of MD4. We propose an improved preimage attack on one-block MD4 with the time complexity 2^9^5 MD4 compression function operations, as compared to the 2^1^0^7 complexity of the previous attack by Aoki et al. (SAC 2008). The attack is based on previous methods, but introduces new techniques. We also use the same techniques to improve the pseudo-preimage and preimage attacks on Extended MD4 with 2^2^5^.^2 and 2^1^2^.^6 improvement factor, as compared to previous attacks by Sasaki et al. (ACISP 2009).
References
[1]
Preimages for step-reduced SHA-2. In: Matsui, M. (Ed.), Advances in Cryptology - ASIACRY, 2009, Proceedings, Vol. 5912 of Lecture Notes in Computer Science, pp. 578-597.
[2]
Meet-in-the-middle preimage attacks against reduced SHA-0 and SHA-1. In: Halevi, S. (Ed.), Advances in Cryptology - CRYPTO 2009, Proceedings, Vol. 5677 of Lecture Notes in Computer Science, pp. 70-89.
[3]
Preimage attacks on one-block MD4, 63-step MD5 and more. In: Avanzi, R., Keliher, L., Sica, F. (Eds.), Selected Areas in Cryptography 2008, Proceedings, Vol. 5381 of Lecture Notes in Computer Science, pp. 103-119.
[4]
Preimage attacks on 3-pass HAVAL and step-reduced MD5. In: Avanzi, R., Keliher, L., Sica, F. (Eds.), Selected Areas in Cryptography 2008, Proceedings, Vol. 5381 of Lecture Notes in Computer Science, pp. 120-135.
[5]
A design principle for hash functions. In: Brassard, G. (Ed.), Advances in Cryptology - CRYPTO 1989, Proceedings, Vol. 435 of Lecture Notes in Computer Science, pp. 416-427.
[6]
Inversion attacks on secure hash functions using SAT solvers. In: Marques-Silva, J., Sakallah, K. (Eds.), Theory and Applications of Satisfiability Testing C SAT 2007, Vol. 4501 of Lecture Notes in Computer Science, Springer. pp. 377-382.
[7]
Preimages for reduced SHA-0 and SHA-1. In: Wagner, D. (Ed.), Advances in Cryptology - CRYPTO 2008, Proceedings, Vol. 5157 of Lecture Notes in Computer Science, pp. 179-202.
[8]
An attack on the last two rounds of MD4. In: Feigenbaum, J. (Ed.), Advances in Cryptology - CRYPTO 1991, Proceedings, Vol. 576 of Lecture Notes in Computer Science, pp. 194-203.
[9]
The first two rounds of MD4 are not one-way. In: Vaudenay, S. (Ed.), Fast Software Encryption 1998, Proceedings, Vol. 1372 of Lecture Notes in Computer Science, pp. 284-292.
[10]
Cryptanalysis of MD4. Journal of Cryptology. v11 i4. 253-271.
[11]
Fouque, P.-A., Leurent, G., Nguyen, P., 2007. Automatic search of differential path in MD4, Cryptology ePrint Archive, Report 2007/206, http://eprint.iacr.org/.
[12]
Advanced meet-in-the-middle preimage attacks: first results on Full Tiger, and improved results on MD4 and SHA-2. In: Abe, M. (Ed.), Advances in Cryptology - ASIACRY, 2010, Proceedings, Vol. 6477 of Lecture Notes in Computer Science, pp. 56-75.
[13]
Preimage attacks on reduced tiger and SHA-2. In: Dunkelman, O. (Ed.), Fast Software Encryption 2009, Proceedings, Vol. 5665 of Lecture Notes in Computer Science, pp. 139-155.
[14]
New algorithm for finding preimages in a reduced version of the MD4 compression function, IEICE TRANSACTIONS on Fundamentals of Electronics. Communications and Computer Sciences. v83 i1. 97-100.
[15]
Hash functions based on block ciphers. In: Rueppel, R.A. (Ed.), Advances in Cryptology - EUROCRY, 1992, Proceedings, Vol. 658 of Lecture Notes in Computer Science, pp. 55-70.
[16]
MD4 is not one-way. In: Nyberg, K. (Ed.), Fast Software Encryption 2008, Proceedings, Vol. 5086 of Lecture Notes in Computer Science, pp. 412-428.
[17]
Handbook of Applied Cryptography. CRC Press.
[18]
One way hash functions and DES. In: Brassard, G. (Ed.), Advances in Cryptology - CRYPTO 1989, Proceedings, Vol. 435 of Lecture Notes in Computer Science, pp. 428-446.
[19]
Improved collision attack on MD4 with probability almost 1. In: Won, D., Kim, S. (Eds.), Information Security and Cryptology - ICISC 2005, Proceedings, Vol. 3935 of Lecture Notes in Computer Science, pp. 129-145.
[20]
RIPEMD. In: Bosselaers, A., Preneel, B. (Eds.), Integrity Primitives for Secure Information Systems, Vol. 1007 of Lecture Notes in Computer Science, Springer, 1995, pp. 69-111.
[21]
The MD4 message digest algorithm. In: Menezes, A., Vanstone, S.A. (Eds.), Advances in Cryptology - CRYPTO 1990, Proceedings, Vol. 537 of Lecture Notes in Computer Science, pp. 303-311.
[22]
New message difference for MD4. In: Biryukov, A. (Ed.), Fast Software Encryption 2007, Proceedings, Vol. 4593 of Lecture Notes in Computer Science, pp. 329-348.
[23]
Preimage attacks on 3, 4, and 5-pass HAVAL. In: Pieprzyk, J. (Ed.), Advances in Cryptology - ASIACRY, 2008, Proceedings, Vol. 5350 of Lecture Notes in Computer Science, pp. 253-271.
[24]
Finding preimages in full MD5 faster than exhaustive search. In: Joux, A. (Ed.), Advances in Cryptology - EUROCRY, 2009, Proceedings, Vol. 5479 of Lecture Notes in Computer Science, pp. 134-152.
[25]
Meet-in-the-middle preimage attacks on double-branch hash functions: application to RIPEMD and others. In: Boyd, C., Nieto, J.G. (Eds.), Australasian Conference on Information Security and Privacy (ACISP) 2009, Proceedings, Vol. 5594 of Lecture Notes in Computer Science, pp. 214-231.
[26]
Searching for differential paths in MD4. In: Robshaw, M.J.B. (Ed.), Fast Software Encryption 2006, Proceedings, Vol. 4047 of Lecture Notes in Computer Science, pp. 242-261.
[27]
Parallel collision search with cryptanalytic applications. Journal of Cryptology. v12 i1. 1-28.
[28]
On the need for multipermutations: cryptanalysis of MD4 and SAFER. In: Preneel, B. (Ed.), Fast Software Encryption 1994, Proceedings, Vol. 1008 of Lecture Notes in Computer Science, pp. 286-297.
[29]
Cryptanalysis of the hash functions MD4 and RIPEMD. In: Cramer, R. (Ed.), Advances in Cryptology - EUROCRY, 2005, Proceedings, Vol. 3494 of Lecture Notes in Computer Science, pp. 1-18.
[30]
Preimage attack on hash function RIPEMD. In: Bao, F., Li, H., Wang, G. (Eds.), Information Security Practice and Experience, Vol. 5451 of Lecture Notes in Computer Science, Springer. pp. 274-284.
[31]
Multi-collision attack on the compression functions of MD4 and 3-pass HAVAL. In: Nam, K.-H., Rhee, G. (Eds.), Information Security and Cryptology - ICISC 2007, Proceedings, Vol. 4817 of Lecture Notes in Computer Science, pp. 206-226.
[32]
The second-preimage attack on MD4. In: Desmedt, Y., Wang, H., Mu, Y., Li, Y. (Eds.), Cryptology and Network Security (CANS) 2005, Proceedings, Vol. 3810 of Lecture Notes in Computer Science, pp. 1-12.
[33]
HAVAL - a one-way hashing algorithm with variable length of output. In: Seberry, J., Zheng, Y. (Eds.), Advances in Cryptology - ASIACRY, 1992, Proceedings, Vol. 718 of Lecture Notes in Computer Science, pp. 83-104.
- Improved preimage attack on one-block MD4
Recommendations
Preimage Attacks on One-Block MD4, 63-Step MD5 and More
Selected Areas in CryptographyThis paper shows preimage attacks on one-block MD4 and MD5 reduced to 63 (out of 64) steps. Our attacks are based on the meet-in-the-middle attack, and many additional improvements make the preimage computable faster than that of the brute-force attack, ...
MD4 is Not One-Way
Fast Software EncryptionMD4 is a hash function introduced by Rivest in 1990. It is still used in some contexts, and the most commonly used hash functions (MD5, Sha1, Sha2) are based on the design principles of MD4. MD4 has been extensively studied and very efficient collision ...
Preimage Attacks on 3, 4, and 5-Pass HAVAL
ASIACRYPT '08: Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in CryptologyThis paper proposes preimage attacks on hash function HAVAL whose output length is 256 bits. This paper has three main contributions; a preimage attack on 3-pass HAVAL at the complexity of 2225, a preimage attack on 4-pass HAVAL at the complexity of 2...
Comments
Information & Contributors
Information
Published In
Copyright © Elsevier Inc. © 2011.
Publisher
Elsevier Science Inc.
United States
Publication History
Published: 01 April 2012
Author Tags
Qualifiers
- Article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 22 Oct 2024
Other Metrics
Citations
View Options
View options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in