The First Two Rounds of MD4 are Not One-Way
نویسنده
چکیده
In [1] it was shown that there are very effective attacks leading to collisions for the hash function MD4 designed by R. Rivest [3]. A summary of the status of hash functions of the MD4-family with respect to collision-resistence can be found in [2] and [4]. However, attacking the one-wayness of a hash function is a much more demanding challenge, and in case of success it has much more devastating consequences. No result along this line is known for MD4 and its successors. Therefore it is worth to explore how the recently developed new analytic methods for finding collisions can be applied to construct preimages or second preimages. As a first step, we state here the following partial result: Denote by MD4 the reduced version of MD4, where the third round of its underlying three-round compression function is cancelled, but everything else of its specification is kept (e.g. initial value, padding rule).
منابع مشابه
Collisions for the compression function of MD5
At Crypto ’91 Ronald L. Rivest introduced the MD5 Message Digest Algorithm as a strengthened version of MD4, differing from it on six points. Four changes are due to the two existing attacks on the two round versions of MD4. The other two changes should additionally strengthen MD5. However both these changes cannot be described as well-considered. One of them results in an approximate relation ...
متن کاملCollisions and Near-Collisions for Reduced-Round Tiger
We describe a collision-finding attack on 16 rounds of the Tiger hash function requiring the time for about 2 compression function invocations. This extends to a collision-finding attack on 17 rounds of the Tiger hash function in time of about 2 compression function invocations. Another attack generates circular near-collisions, for 20 rounds of Tiger with work less than that of 2 compression f...
متن کاملMD4 is Not One-Way
MD4 is a hash function introduced by Rivest in 1990. It is still used in some contexts, and the most commonly used hash function (MD5, SHA-1, SHA-2) are based on the design principles of MD4. MD4 has been extensively studied and very efficient collision attacks are known, but it is still believed to be a one-way function. In this paper we show a partial pseudo-preimage attack on the compression...
متن کاملCollisions for the Compressin Function of MD5
At Crypto '91 Ronald L. Rivest introduced the MD5 Message Digest Algorithm as a strengthened version of MD4, di ering from it on six points. Four changes are due to the two existing attacks on the two round versions of MD4. The other two changes should additionally strengthen MD5. However both these changes cannot be described as well-considered. One of them results in an approximate relation b...
متن کاملAutomatic Search of Differential Path in MD4
Abstract. In 2004, Wang et al. obtained breakthrough collision attacks on the main hash functions from the MD4 family. The attacks are differential attacks in which one closely follows the inner steps of the underlying compression function, based on a so-called differential path. It is generally assumed that such differential paths were found “by hand”. In this paper, we present an algorithm wh...
متن کامل