Welcome!
To use the personalized features of this site, please log in or register.
If you have forgotten your username or password, we can help.
|
 |
RIPEMD with two-round compress function is not collision-free
| |
|
RIPEMD with two-round compress function is not collision-free
Hans Dobbertin1 
| (1) |
German Information Security Agency, P.O. Box 20 03 63, D-53133 Bonn, Germany |
Received: 27 March 1995 Revised: 14 October 1995
Communicated by Ivan B. Damgård
Abstract In 1990 Rivest introduced the cryptographic hash function MD4. The compress function of MD4 has three rounds. After partial
attacks against MD4 were found, the stronger mode RIPEMD was designed as a European proposal in 1992 (RACE project). Its compress
function consists of two parallel lines of modified versions of MD4-compress. RIPEMD is currently being considered to become
an international standard (ISO/IEC Draft 10118-3). However, in this paper an attack against RIPEMD is described, which leads
to comparable results with the previously known attacks against MD4: The reduced versions of RIPEMD, where the first or the
last round of the compress function is omitted, are not collision-free. Moreover, it turns out that the methods developed
in this note can be applied to find collisions for the full MD4.
Key words Dedicated hash functions - RIPEMD - MD4 - RACE project - ISO/IEC 10118-3
Fulltext Preview (Small, Large)
 References secured to subscribers.
|
|
|
|
|
|