Difference between revisions of "MD4"
From The ECRYPT Hash Function Website
(→Collision Attacks) |
(→Second Preimage Attacks) |
||
| Line 89: | Line 89: | ||
=== Second Preimage Attacks === | === Second Preimage Attacks === | ||
| + | |||
| + | <bibtex> | ||
| + | @inproceedings{fseDobbertin98, | ||
| + | owner = {tnad}, | ||
| + | author = {Hans Dobbertin}, | ||
| + | title = {The First Two Rounds of MD4 are Not One-Way}, | ||
| + | pages = {284-292}, | ||
| + | editor = {Serge Vaudenay}, | ||
| + | booktitle = {FSE}, | ||
| + | publisher = {Springer}, | ||
| + | series = {LNCS}, | ||
| + | volume = {1372}, | ||
| + | year = {1998}, | ||
| + | isbn = {3-540-64265-X}, | ||
| + | abstract = {In [1] it was shown that there are very effective attacks leading | ||
| + | to collisions for the hash function MD4 designed by R. Rivest [3]. | ||
| + | A summary of the status of hash functions of the MD4-family with respect to | ||
| + | collision-resistence can be found in [2] and [4]. However, attacking the one-wayness | ||
| + | of a hash function is a much more demanding challenge, and in case of success it has much more devastating | ||
| + | consequences. No result along this line is known for MD4 and its | ||
| + | successors. Therefore it is worth to explore how the recently developed | ||
| + | new analytic methods for finding collisions can be applied to construct | ||
| + | preimages or second preimages. As a first step, we state here the following partial result.}, | ||
| + | url = {http://dx.doi.org/10.1007/3-540-69710-1_19} | ||
| + | } | ||
| + | </bibtex> | ||
---- | ---- | ||
Revision as of 18:45, 10 March 2008
Contents
1 Specification
- digest size: 128 bits
- max. message length: < 264 bits
- compression function: 512-bit message block, 128-bit chaining variable
- Specification:
2 Cryptanalysis
2.1 Best Known Results
2.2 Generic Attacks
2.3 Collision Attacks
Hans Dobbertin - Cryptanalysis of MD4
- J. Cryptology 11(4):253-271,1998
- http://link.springer.de/link/service/journals/00145/bibs/11n4p253.html
BibtexAuthor : Hans Dobbertin
Title : Cryptanalysis of MD4
In : J. Cryptology -
Address :
Date : 1998
Hans Dobbertin - Cryptanalysis of MD4
- FSE 1039:53-69,1996
- http://dx.doi.org/10.1007/s001459900047
BibtexAuthor : Hans Dobbertin
Title : Cryptanalysis of MD4
In : FSE -
Address :
Date : 1996
Serge Vaudenay - On the Need for Multipermutations: Cryptanalysis of MD4 and SAFER
- FSE 1008:286-297,1995
- http://dx.doi.org/10.1007/3-540-60590-8_22
BibtexAuthor : Serge Vaudenay
Title : On the Need for Multipermutations: Cryptanalysis of MD4 and SAFER
In : FSE -
Address :
Date : 1995
2.4 Second Preimage Attacks
Hans Dobbertin - The First Two Rounds of MD4 are Not One-Way
- FSE 1372:284-292,1998
- http://dx.doi.org/10.1007/3-540-69710-1_19
BibtexAuthor : Hans Dobbertin
Title : The First Two Rounds of MD4 are Not One-Way
In : FSE -
Address :
Date : 1998
