Difference between revisions of "MD4"
(→Collision Attacks) |
(→Collision Attacks) |
||
| Line 39: | Line 39: | ||
=== Collision Attacks === | === Collision Attacks === | ||
| + | @inproceedings{fseSasakiWOK07, | ||
| + | author = {Yu Sasaki and Lei Wang and Kazuo Ohta and Noboru Kunihiro}, | ||
| + | title = {New Message Difference for MD4}, | ||
| + | pages = {329-348}, | ||
| + | url = {http://dx.doi.org/10.1007/978-3-540-74619-5_21}, | ||
| + | editor = {Alex Biryukov}, | ||
| + | booktitle = {FSE}, | ||
| + | publisher = {Springer}, | ||
| + | series = {LNCS}, | ||
| + | volume = {4593}, | ||
| + | year = {2007}, | ||
| + | isbn = {978-3-540-74617-1}, | ||
| + | abstract = {This paper proposes several approaches to improve | ||
| + | the collision attack on MD4 proposed by Wang et al. First, we | ||
| + | propose a new local collision that is the best for the MD4 collision | ||
| + | attack. Selection of a good message difference is the most important | ||
| + | step in achieving effective collision attacks. This is the first paper | ||
| + | to introduce an improvement to the message difference approach of | ||
| + | Wang et al., where we propose a new local collision. Second, we propose | ||
| + | a new algorithm for constructing differential paths. While similar | ||
| + | algorithms have been proposed, they do not support the new local collision | ||
| + | technique.Finally, we complete a collision attack, and show that the | ||
| + | complexity is smaller than the previous best work.} | ||
| + | } | ||
| + | </bibtex> | ||
<bibtex> | <bibtex> | ||
@inproceedings{fseLeurent07, | @inproceedings{fseLeurent07, | ||
Revision as of 12:16, 11 March 2008
Contents
1 Specification
- digest size: 128 bits
- max. message length: < 264 bits
- compression function: 512-bit message block, 128-bit chaining variable
- Specification:
Ronald L. Rivest - The MD4 Message Digest Algorithm
- CRYPTO 537:303-311,1990
- http://link.springer.de/link/service/series/0558/bibs/0537/05370303.htm
BibtexAuthor : Ronald L. Rivest
Title : The MD4 Message Digest Algorithm
In : CRYPTO -
Address :
Date : 1990
2 Cryptanalysis
2.1 Best Known Results
2.2 Generic Attacks
2.3 Collision Attacks
@inproceedings{fseSasakiWOK07,
author = {Yu Sasaki and Lei Wang and Kazuo Ohta and Noboru Kunihiro},
title = {New Message Difference for MD4},
pages = {329-348},
url = {http://dx.doi.org/10.1007/978-3-540-74619-5_21},
editor = {Alex Biryukov},
booktitle = {FSE},
publisher = {Springer},
series = {LNCS},
volume = {4593},
year = {2007},
isbn = {978-3-540-74617-1},
abstract = {This paper proposes several approaches to improve
the collision attack on MD4 proposed by Wang et al. First, we propose a new local collision that is the best for the MD4 collision attack. Selection of a good message difference is the most important step in achieving effective collision attacks. This is the first paper to introduce an improvement to the message difference approach of Wang et al., where we propose a new local collision. Second, we propose a new algorithm for constructing differential paths. While similar algorithms have been proposed, they do not support the new local collision technique.Finally, we complete a collision attack, and show that the complexity is smaller than the previous best work.} } </bibtex>
Gaëtan Leurent - Message Freedom in MD4 and MD5 Collisions: Application to APOP
- FSE 4593:309-328,2007
- http://dx.doi.org/10.1007/978-3-540-74619-5_20
BibtexAuthor : Gaëtan Leurent
Title : Message Freedom in MD4 and MD5 Collisions: Application to APOP
In : FSE -
Address :
Date : 2007
Xiaoyun Wang, Xuejia Lai, Dengguo Feng, Hui Chen, Xiuyuan Yu - Cryptanalysis of the Hash Functions MD4 and RIPEMD
- EUROCRYPT 3494:1-18,2005
- http://dx.doi.org/10.1007/11426639_1
BibtexAuthor : Xiaoyun Wang, Xuejia Lai, Dengguo Feng, Hui Chen, Xiuyuan Yu
Title : Cryptanalysis of the Hash Functions MD4 and RIPEMD
In : EUROCRYPT -
Address :
Date : 2005
Hans Dobbertin - Cryptanalysis of MD4
- J. Cryptology 11(4):253-271,1998
- http://link.springer.de/link/service/journals/00145/bibs/11n4p253.html
BibtexAuthor : Hans Dobbertin
Title : Cryptanalysis of MD4
In : J. Cryptology -
Address :
Date : 1998
Hans Dobbertin - Cryptanalysis of MD4
- FSE 1039:53-69,1996
- http://dx.doi.org/10.1007/s001459900047
BibtexAuthor : Hans Dobbertin
Title : Cryptanalysis of MD4
In : FSE -
Address :
Date : 1996
Serge Vaudenay - On the Need for Multipermutations: Cryptanalysis of MD4 and SAFER
- FSE 1008:286-297,1995
- http://dx.doi.org/10.1007/3-540-60590-8_22
BibtexAuthor : Serge Vaudenay
Title : On the Need for Multipermutations: Cryptanalysis of MD4 and SAFER
In : FSE -
Address :
Date : 1995
2.4 Second Preimage Attacks
2.5 Preimage Attacks
Hans Dobbertin - The First Two Rounds of MD4 are Not One-Way
- FSE 1372:284-292,1998
- http://dx.doi.org/10.1007/3-540-69710-1_19
BibtexAuthor : Hans Dobbertin
Title : The First Two Rounds of MD4 are Not One-Way
In : FSE -
Address :
Date : 1998
2.6 Others
<bibtex> @inproceedings{fseSchlafferO06,
author = {Martin Schläffer and Elisabeth Oswald},
title = {Searching for Differential Paths in MD4},
pages = {242-261},
url = {http://dx.doi.org/10.1007/11799313_16},
booktitle = {FSE},
publisher = {Springer},
series = {LNCS},
volume = {4047},
year = {2006},
isbn = {3-540-36597-4},
abstract = {The ground-breaking results of Wang et al.
have attracted a lot of attention to the collision resistance of hash functions. In their articles, Wang et al. give input differences, differential paths and the corresponding conditions that allow to find collisions with a high probability. However, Wang et al. do not explain how these paths were found. The common assumption is that they were found by hand with a great deal of intuition. In this article, we present an algorithm that allows to find paths in an automated way. Our algorithm is successful for MD4. We have found over 1000 differential paths so far. Amongst them, there are paths that have fewer conditions in the second round than the path of Wang et al. for MD4. This makes them better suited for the message modification techniques that were also introduced by Wang et al.} }
