Distinguishers on double-branch compression Function and applications to round-reduced RIPEMD-128 and RIPEMD-160

This paper presents differential-based distinguishers against double-branch compression functions and applies them to ISO standard hash functions RIPEMD-128 and RIPEMD-160. A double-branch compression function computes two branch functions to update a chaining variable and then merges their outputs....

Full description

Saved in:
Bibliographic Details
Main Authors: Sasaki, Yu, Wang, Lei
Other Authors: School of Computer Engineering
Format: Article
Language:English
Published: 2014
Subjects:
Online Access:https://hdl.handle.net/10356/103817
http://hdl.handle.net/10220/19335
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Nanyang Technological University
Language: English
id sg-ntu-dr.10356-103817
record_format dspace
spelling sg-ntu-dr.10356-1038172020-05-28T07:17:32Z Distinguishers on double-branch compression Function and applications to round-reduced RIPEMD-128 and RIPEMD-160 Sasaki, Yu Wang, Lei School of Computer Engineering DRNTU::Engineering::Computer science and engineering This paper presents differential-based distinguishers against double-branch compression functions and applies them to ISO standard hash functions RIPEMD-128 and RIPEMD-160. A double-branch compression function computes two branch functions to update a chaining variable and then merges their outputs. For such a compression function, we observe that second-order differential paths will be constructed by finding a sub-path in each branch independently. This leads to 4-sum attacks on 47 steps (out of 64 steps) of RIPEMD-128 and 40 steps (out of 80 steps) of RIPEMD-160. Then new properties called a (partial) 2-dimension sum and a q-multi-second-order collision are considered. The partial 2-dimension sum is generated on 48 steps of RIPEMD-128 and 42 steps of RIPEMD-160, with complexities of 235 and 236, respectively. Theoretically, the 2-dimension sum is generated faster than the brute force attack up to 52 steps of RIPEMD-128 and 51 steps of RIPEMD-160, with complexities of 2101 and 2158, respectively. The results on RIPEMD-128 can also be viewed as q-multi-second-order collision attacks. The practical attacks have been implemented and examples are presented. We stress that our results do not impact to the security of full RIPEMD-128 and RIPEMD-160 hash functions. Published version 2014-05-15T03:11:47Z 2019-12-06T21:20:59Z 2014-05-15T03:11:47Z 2019-12-06T21:20:59Z 2014 2014 Journal Article Sasaki, Y., & Wang, L. (2014). Distinguishers on Double-Branch Compression Function and Applications to Round-Reduced RIPEMD-128 and RIPEMD-160. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, E97-A (1), 177-190. 0916-8508 https://hdl.handle.net/10356/103817 http://hdl.handle.net/10220/19335 10.1587/transfun.E97.A.177 en IEICE transactions on fundamentals of electronics, communications and computer sciences © 2014 The Institute of Electronics, Information and Communication Engineers. This paper was published in IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences and is made available as an electronic reprint (preprint) with permission of The Institute of Electronics, Information and Communication Engineers. The paper can be found at the following official DOI: [http://dx.doi.org/10.1587/transfun.E97.A.177]. One print or electronic copy may be made for personal use only. Systematic or multiple reproduction, distribution to multiple locations via electronic or other means, duplication of any material in this paper for a fee or for commercial purposes, or modification of the content of the paper is prohibited and is subject to penalties under law. application/pdf
institution Nanyang Technological University
building NTU Library
country Singapore
collection DR-NTU
language English
topic DRNTU::Engineering::Computer science and engineering
spellingShingle DRNTU::Engineering::Computer science and engineering
Sasaki, Yu
Wang, Lei
Distinguishers on double-branch compression Function and applications to round-reduced RIPEMD-128 and RIPEMD-160
description This paper presents differential-based distinguishers against double-branch compression functions and applies them to ISO standard hash functions RIPEMD-128 and RIPEMD-160. A double-branch compression function computes two branch functions to update a chaining variable and then merges their outputs. For such a compression function, we observe that second-order differential paths will be constructed by finding a sub-path in each branch independently. This leads to 4-sum attacks on 47 steps (out of 64 steps) of RIPEMD-128 and 40 steps (out of 80 steps) of RIPEMD-160. Then new properties called a (partial) 2-dimension sum and a q-multi-second-order collision are considered. The partial 2-dimension sum is generated on 48 steps of RIPEMD-128 and 42 steps of RIPEMD-160, with complexities of 235 and 236, respectively. Theoretically, the 2-dimension sum is generated faster than the brute force attack up to 52 steps of RIPEMD-128 and 51 steps of RIPEMD-160, with complexities of 2101 and 2158, respectively. The results on RIPEMD-128 can also be viewed as q-multi-second-order collision attacks. The practical attacks have been implemented and examples are presented. We stress that our results do not impact to the security of full RIPEMD-128 and RIPEMD-160 hash functions.
author2 School of Computer Engineering
author_facet School of Computer Engineering
Sasaki, Yu
Wang, Lei
format Article
author Sasaki, Yu
Wang, Lei
author_sort Sasaki, Yu
title Distinguishers on double-branch compression Function and applications to round-reduced RIPEMD-128 and RIPEMD-160
title_short Distinguishers on double-branch compression Function and applications to round-reduced RIPEMD-128 and RIPEMD-160
title_full Distinguishers on double-branch compression Function and applications to round-reduced RIPEMD-128 and RIPEMD-160
title_fullStr Distinguishers on double-branch compression Function and applications to round-reduced RIPEMD-128 and RIPEMD-160
title_full_unstemmed Distinguishers on double-branch compression Function and applications to round-reduced RIPEMD-128 and RIPEMD-160
title_sort distinguishers on double-branch compression function and applications to round-reduced ripemd-128 and ripemd-160
publishDate 2014
url https://hdl.handle.net/10356/103817
http://hdl.handle.net/10220/19335
_version_ 1681056179603636224