2013 | OriginalPaper | Buchkapitel
Cryptanalysis of Full RIPEMD-128
verfasst von : Franck Landelle, Thomas Peyrin
Erschienen in: Advances in Cryptology – EUROCRYPT 2013
Verlag: Springer Berlin Heidelberg
Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
In this article we propose a new cryptanalysis method for double-branch hash functions that we apply on the standard
RIPEMD-128
, greatly improving over know results. Namely, we were able to build a very good differential path by placing one non-linear differential part in each computation branch of the
RIPEMD-128
compression function, but not necessarily in the early steps. In order to handle the low differential probability induced by the non-linear part located in later steps, we propose a new method for using the freedom degrees, by attacking each branch separately and then merging them with free message blocks. Overall, we present the first collision attack on the full
RIPEMD-128
compression function as well as the first distinguisher on the full
RIPEMD-128
hash function. Experiments on reduced number of rounds were conducted, confirming our reasoning and complexity analysis. Our results show that 16 years old
RIPEMD-128
, one of the last unbroken primitives belonging to the
MD-SHA
family, might not be as secure as originally thought.