MD4 is Not One-Way
نویسنده
چکیده
MD4 is a hash function introduced by Rivest in 1990. It is still used in some contexts, and the most commonly used hash function (MD5, SHA-1, SHA-2) are based on the design principles of MD4. MD4 has been extensively studied and very efficient collision attacks are known, but it is still believed to be a one-way function. In this paper we show a partial pseudo-preimage attack on the compression function of MD4, using some ideas from previous cryptanalysis of MD4. We can choose 64 bits of the output for the cost of 2 compression function computations (the remaining bits are randomly chosen by the preimage algorithm). This gives a preimage attack on the compression function of MD4 with complexity 2, and we extend it to an attack on the full MD4 with complexity 2. As far as we know this is the first preimage attack on a member of the MD4 family.
منابع مشابه
The First Two Rounds of MD4 are Not One-Way
In [1] it was shown that there are very effective attacks leading to collisions for the hash function MD4 designed by R. Rivest [3]. A summary of the status of hash functions of the MD4-family with respect to collision-resistence can be found in [2] and [4]. However, attacking the one-wayness of a hash function is a much more demanding challenge, and in case of success it has much more devastat...
متن کاملThe Compression Functions of SHA , MD 2 , MD 4 and MD 5 are not A ne
In this paper, we show that the compressions functions of SHA, MD2, MD4 and MD5 are not a ne transformations of their inputs.
متن کاملAutomatic Search of Differential Path in MD4
Abstract. In 2004, Wang et al. obtained breakthrough collision attacks on the main hash functions from the MD4 family. The attacks are differential attacks in which one closely follows the inner steps of the underlying compression function, based on a so-called differential path. It is generally assumed that such differential paths were found “by hand”. In this paper, we present an algorithm wh...
متن کاملMulti-collision Attack on the Compression Functions of MD4 and 3-Pass HAVAL
In this paper, we present a new type of MultiCollision attack on the compression functions both of MD4 and 3-Pass HAVAL. For MD4, we utilize two feasible different collision differential paths to find a 4collision with 2 MD4 computations. For 3-Pass HAVAL, we present three near-collision differential paths to find a 8-NearCollision with 2 HAVAL computations.
متن کاملImproved preimage attack on one-block MD4
We propose an improved preimage attack on one-block MD4 with the time complexity 2 MD4 compression function operations, as compared to 2 in [3]. We research the attack procedure in [3] and formulate the complexity for computing a preimage attack on one-block MD4. We attain the result mainly through the following two aspects with the help of the complexity formula. First, we continue to compute ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2008