Topic
MD4
About: MD4 is a research topic. Over the lifetime, 172 publications have been published within this topic receiving 11297 citations.
Papers published on a yearly basis
Papers
1 Jan 1992
TL;DR: The MD4 message digest algorithm takes as input an input message of arbitrary length and produces as output a 128-bit "fingerprint" or "message digest" of the input that is ideal for digital signature applications.
Abstract: The MD4 message digest algorithm takes an input message of arbitrary length and produces an output 128-bit "fingerprint" or "message digest", in such a way that it is (hopefully) computationally infeasible to produce two messages having the same message digest, or to produce any message having a given prespecified target message digest. The MD4 algorithm is thus ideal for digital signature applications: a large file can be securely "compressed" with MD4 before being signed with (say) the RSA public-key cryptosystem.The MD4 algorithm is designed to be quite fast on 32-bit machines. For example, on a SUN Sparc station, MD4 runs at 1,450,000 bytes/second (11.6 Mbit/sec). In addition, the MD4 algorithm does not require any large substitution tables; the algorithm can be coded quite compactly.The MD4 algorithm is being placed in the public domain for review and possible adoption as a standard.
1,919 citations
14 Aug 2005
TL;DR: This is the first attack on the full 80-step SHA-1 with complexity less than the 280 theoretical bound, and it is shown that collisions ofSHA-1 can be found with complexityLess than 269 hash operations.
Abstract: In this paper, we present new collision search attacks on the hash function SHA-1. We show that collisions of SHA-1 can be found with complexity less than 269 hash operations. This is the first attack on the full 80-step SHA-1 with complexity less than the 280 theoretical bound.
1,780 citations
22 May 2005
TL;DR: A new powerful attack on MD5 is presented, which unlike most differential attacks, does not use the exclusive-or as a measure of difference, but instead uses modular integer subtraction as the measure.
Abstract: MD5 is one of the most widely used cryptographic hash functions nowadays. It was designed in 1992 as an improvement of MD4, and its security was widely studied since then by several authors. The best known result so far was a semi free-start collision, in which the initial value of the hash function is replaced by a non-standard value, which is the result of the attack. In this paper we present a new powerful attack on MD5 which allows us to find collisions efficiently. We used this attack to find collisions of MD5 in about 15 minutes up to an hour computation time. The attack is a differential attack, which unlike most differential attacks, does not use the exclusive-or as a measure of difference, but instead uses modular integer subtraction as the measure. We call this kind of differential a modular differential. An application of this attack to MD4 can find a collision in less than a fraction of a second. This attack is also applicable to other hash functions, such as RIPEMD and HAVAL.
1,771 citations
21 Feb 1996
TL;DR: A new version of RIPEMD with a 160-bit result is proposed, as well as a plug-in substitute for RIPEMd with a 128- bit result, and the software performance of several MD4-based algorithms is compared.
Abstract: Cryptographic hash functions are an important tool in cryptography for applications such as digital fingerprinting of messages, message authentication, and key derivation. During the last five years, several fast software hash functions have been proposed; most of them are based on the design principles of Ron Rivest's MD4. One such proposal was RIPEMD, which was developed in the framework of the EU project RIPE (Race Integrity Primitives Evaluation). Because of recent progress in the cryptanalysis of these hash functions, we propose a new version of RIPEMD with a 160-bit result, as well as a plug-in substitute for RIPEMD with a 128-bit result. We also compare the software performance of several MD4-based algorithms, which is of independent interest.
573 citations
22 May 2005
TL;DR: In this article, a chosen-message pre-image attack on MD4 with complexity below 28 was presented, where the complexity is only a single MD4 computation and a random message is a weak message with probability 2−2 to 2−6.
Abstract: MD4 is a hash function developed by Rivest in 1990 It serves as the basis for most of the dedicated hash functions such as MD5, SHAx, RIPEMD, and HAVAL In 1996, Dobbertin showed how to find collisions of MD4 with complexity equivalent to 220 MD4 hash computations In this paper, we present a new attack on MD4 which can find a collision with probability 2−2 to 2−6, and the complexity of finding a collision doesn't exceed 28 MD4 hash operations Built upon the collision search attack, we present a chosen-message pre-image attack on MD4 with complexity below 28 Furthermore, we show that for a weak message, we can find another message that produces the same hash value The complexity is only a single MD4 computation, and a random message is a weak message with probability 2−122
The attack on MD4 can be directly applied to RIPEMD which has two parallel copies of MD4, and the complexity of finding a collision is about 218 RIPEMD hash operations
566 citations
Related Topics (5)
Performance Metrics
| Year | Papers |
|---|---|
| 2020 | 3 |
| 2019 | 1 |
| 2018 | 2 |
| 2017 | 3 |
| 2016 | 4 |
| 2015 | 4 |