Difference between revisions of "MD4"

 author    = {Martin Schläffer and Elisabeth Oswald},
 title     = {Searching for Differential Paths in MD4},
 pages     = {242-261},
 url        = {http://dx.doi.org/10.1007/11799313_16},
 booktitle = {FSE},
 publisher = {Springer},
 series    = {LNCS},
 volume    = {4047},
 year      = {2006},
 isbn      = {3-540-36597-4},
 abstract  = {The ground-breaking results of Wang et al.

have attracted a lot of attention to the collision resistance of hash functions. In their articles, Wang et al. give input differences, differential paths and the corresponding conditions that allow to find collisions with a high probability. However, Wang et al. do not explain how these paths were found. The common assumption is that they were found by hand with a great deal of intuition. In this article, we present an algorithm that allows to find paths in an automated way. Our algorithm is successful for MD4. We have found over 1000 differential paths so far. Amongst them, there are paths that have fewer conditions in the second round than the path of Wang et al. for MD4. This makes them better suited for the message modification techniques that were also introduced by Wang et al.} }

@@ Line 91: / Line 91: @@
 }
 </bibtex>
+<bibtex>
+@inproceedings{iciscNaitoSKO05,
+  author    = {Yusuke Naito and Yu Sasaki and Noboru Kunihiro and Kazuo Ohta},
+  title     = {Improved Collision Attack on MD4 with Probability Almost 1},
+  booktitle = {ICISC},
+  year      = {2005},
+  pages     = {129-145},
+  url        = {http://dx.doi.org/10.1007/11734727_12},
+  editor    = {Dongho Won and Seungjoo Kim},
+  publisher = {Springer},
+  series    = {LNCS},
+  volume    = {3935},
+  isbn      = {3-540-33354-1},
+  abstract  = {In EUROCRYPT2005, a collision attack on MD4 was proposed by Wang, Lai, Chen, and Yu. They claimed that collision messages were found with probability 2^{-6} to 2^{-2}, and the complexity was less than 2^8 MD4 hash operations. However, there were some tyops and oversights in their paper. In this paper, first, we reevaluate the exact success probability. Second, we point out the typos and oversights in the paper of Wang et al, and we show how to improve them. Third, we propose a new message modification method for the third round of MD4. From the first result, we reevaluate that the method of Wang et al. can find collision messages with success probability 2^{-5.61}. From the second result, we can find collision messages with success probability 2^{-2}. Also by combining the second result and the third result, our improved method is able to find collision messages with probability almost 1. This complexity is less than 3 repetitions of MD4 hash operations. Our improved method is about 85 times as fast as the method of Wang et al.},
+}
+</bibtex>
 <bibtex>

Difference between revisions of "MD4"

Revision as of 14:52, 11 March 2008

Contents

1 Specification

2 Cryptanalysis

2.1 Best Known Results

2.2 Generic Attacks

2.3 Collision Attacks

2.4 Second Preimage Attacks

2.5 Preimage Attacks

2.6 Others

Navigation menu

Views

Personal tools

Navigation

Search

Tools