Cryptanalysis of 48-step RIPEMD-160
DOI:
https://doi.org/10.13154/tosc.v2017.i2.177-202Keywords:
Hash functions, RIPEMD-160, Semi-free-start collision, Generalized message modificationAbstract
In this paper, we show how to theoretically compute the step differential probability of RIPEMD-160 under the condition that only one internal variable contains difference and the difference is a power of 2. Inspired by the way of computing the differential probability, we can do message modification such that a step differential hold with probability 1. Moreover, we propose a semi-free-start collision attack on 48-step RIPEMD-160, which improves the best semi-free start collision by 6 rounds. This is mainly due to that some bits of the chaining variable in the i-th step can be computed by adding some conditions in advance, even though some chaining variables before step i are unknown. Therefore, the uncontrolled probability of the differential path is increased and the number of the needed starting points is decreased. Then a semi-free-start collision attack on 48-step RIPEMD-160 can be obtained based on the differential path constructed by Mendel et al. at ASIACRYPT 2013. The experiments confirm our reasoning and complexity analysis.Published
2017-06-19
How to Cite
Wang, G., Shen, Y., & Liu, F. (2017). Cryptanalysis of 48-step RIPEMD-160. IACR Transactions on Symmetric Cryptology, 2017(2), 177–202. https://doi.org/10.13154/tosc.v2017.i2.177-202
Issue
Section
Articles
License
Copyright (c) 2017 Gaoli Wang, Yanzhao Shen, Fukang Liu
This work is licensed under a Creative Commons Attribution 4.0 International License.
