Difference between revisions of "RIPEMD"

From The ECRYPT Hash Function Website
(Collision Attacks)
(Collision Attacks)
Line 21: Line 21:
  
 
=== Collision Attacks ===
 
=== Collision Attacks ===
 +
<bibtex>
 +
@inproceedings{fseDebaertG01,
 +
  author    = {Christophe Debaert and Henri Gilbert},
 +
  title    = {The RIPEMD and RIPEMD Improved Variants of MD4 Are Not Collision Free},
 +
  pages    = {52-65},
 +
  url        = {http://link.springer.de/link/service/series/0558/bibs/2355/23550052.htm},
 +
  editor    = {Mitsuru Matsui},
 +
  booktitle = {FSE},
 +
  publisher = {Springer},
 +
  series    = {LNCS},
 +
  volume    = {2355},
 +
  year      = {2002},
 +
  isbn      = {3-540-43869-6},
 +
  abstract  = {In 1992, the cryptographic hash function RIPEMD, a European proposal, was introduced as an improved variant of the MD4 hash function. RIPEMD involves two parallel lines of modified versions of the MD4 compression function. Three years later, an attack against a reduced version of RIPEMD in which the first or the last round of the RIPEMD compression function is omitted was described by Hans Dobbertin, who also published in 1998 a cryptanalysis of MD4. In this paper, we present a method for finding collisions in each of the parallel lines of RIPEMD. The collision search procedure requires only a few seconds computing time. We show that although the modifications of the MD4 compression function Used in RIPEMD introduce additional constraints in the cryptanalysis as Compared with Dobbertin’s attack of MD4, these modifications do not result in an increase of the collision search computation time. It is still an open question whether collisions can be found for the full RIPEMD function.},
 +
}
 +
</bibtex>
  
 
<bibtex>
 
<bibtex>

Revision as of 19:39, 10 March 2008

1 Specification

  • digest size: 128 bits
  • max. message length: < 264 bits
  • compression function: 512-bit message block, 2 streams with each 128-bit chaining variable
  • Specification:


2 Cryptanalysis

2.1 Best Known Results


2.2 Generic Attacks


2.3 Collision Attacks

Christophe Debaert, Henri Gilbert - The RIPEMD and RIPEMD Improved Variants of MD4 Are Not Collision Free

FSE 2355:52-65,2002
http://link.springer.de/link/service/series/0558/bibs/2355/23550052.htm
Bibtex
Author : Christophe Debaert, Henri Gilbert
Title : The RIPEMD and RIPEMD Improved Variants of MD4 Are Not Collision Free
In : FSE -
Address :
Date : 2002

Hans Dobbertin - RIPEMD with Two-Round Compress Function is Not Collision-Free

J. Cryptology 10(1):51-70,1997
http://dx.doi.org/10.1007/s001459900019
Bibtex
Author : Hans Dobbertin
Title : RIPEMD with Two-Round Compress Function is Not Collision-Free
In : J. Cryptology -
Address :
Date : 1997

2.4 Second Preimage Attacks


2.5 Preimage Attacks


2.6 Others