Distinguishers on double-branch compression Function and applications to round-reduced RIPEMD-128 and RIPEMD-160
This paper presents differential-based distinguishers against double-branch compression functions and applies them to ISO standard hash functions RIPEMD-128 and RIPEMD-160. A double-branch compression function computes two branch functions to update a chaining variable and then merges their outputs....
Saved in:
Main Authors: | , |
---|---|
Other Authors: | |
Format: | Article |
Language: | English |
Published: |
2014
|
Subjects: | |
Online Access: | https://hdl.handle.net/10356/103817 http://hdl.handle.net/10220/19335 |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Nanyang Technological University |
Language: | English |
id |
sg-ntu-dr.10356-103817 |
---|---|
record_format |
dspace |
spelling |
sg-ntu-dr.10356-1038172020-05-28T07:17:32Z Distinguishers on double-branch compression Function and applications to round-reduced RIPEMD-128 and RIPEMD-160 Sasaki, Yu Wang, Lei School of Computer Engineering DRNTU::Engineering::Computer science and engineering This paper presents differential-based distinguishers against double-branch compression functions and applies them to ISO standard hash functions RIPEMD-128 and RIPEMD-160. A double-branch compression function computes two branch functions to update a chaining variable and then merges their outputs. For such a compression function, we observe that second-order differential paths will be constructed by finding a sub-path in each branch independently. This leads to 4-sum attacks on 47 steps (out of 64 steps) of RIPEMD-128 and 40 steps (out of 80 steps) of RIPEMD-160. Then new properties called a (partial) 2-dimension sum and a q-multi-second-order collision are considered. The partial 2-dimension sum is generated on 48 steps of RIPEMD-128 and 42 steps of RIPEMD-160, with complexities of 235 and 236, respectively. Theoretically, the 2-dimension sum is generated faster than the brute force attack up to 52 steps of RIPEMD-128 and 51 steps of RIPEMD-160, with complexities of 2101 and 2158, respectively. The results on RIPEMD-128 can also be viewed as q-multi-second-order collision attacks. The practical attacks have been implemented and examples are presented. We stress that our results do not impact to the security of full RIPEMD-128 and RIPEMD-160 hash functions. Published version 2014-05-15T03:11:47Z 2019-12-06T21:20:59Z 2014-05-15T03:11:47Z 2019-12-06T21:20:59Z 2014 2014 Journal Article Sasaki, Y., & Wang, L. (2014). Distinguishers on Double-Branch Compression Function and Applications to Round-Reduced RIPEMD-128 and RIPEMD-160. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, E97-A (1), 177-190. 0916-8508 https://hdl.handle.net/10356/103817 http://hdl.handle.net/10220/19335 10.1587/transfun.E97.A.177 en IEICE transactions on fundamentals of electronics, communications and computer sciences © 2014 The Institute of Electronics, Information and Communication Engineers. This paper was published in IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences and is made available as an electronic reprint (preprint) with permission of The Institute of Electronics, Information and Communication Engineers. The paper can be found at the following official DOI: [http://dx.doi.org/10.1587/transfun.E97.A.177]. One print or electronic copy may be made for personal use only. Systematic or multiple reproduction, distribution to multiple locations via electronic or other means, duplication of any material in this paper for a fee or for commercial purposes, or modification of the content of the paper is prohibited and is subject to penalties under law. application/pdf |
institution |
Nanyang Technological University |
building |
NTU Library |
country |
Singapore |
collection |
DR-NTU |
language |
English |
topic |
DRNTU::Engineering::Computer science and engineering |
spellingShingle |
DRNTU::Engineering::Computer science and engineering Sasaki, Yu Wang, Lei Distinguishers on double-branch compression Function and applications to round-reduced RIPEMD-128 and RIPEMD-160 |
description |
This paper presents differential-based distinguishers against double-branch compression functions and applies them to ISO standard hash functions RIPEMD-128 and RIPEMD-160. A double-branch compression function computes two branch functions to update a chaining variable and then merges their outputs. For such a compression function, we observe that second-order differential paths will be constructed by finding a sub-path in each branch independently. This leads to 4-sum attacks on 47 steps (out of 64 steps) of RIPEMD-128 and 40 steps (out of 80 steps) of RIPEMD-160. Then new properties called a (partial) 2-dimension sum and a q-multi-second-order collision are considered. The partial 2-dimension sum is generated on 48 steps of RIPEMD-128 and 42 steps of RIPEMD-160, with complexities of 235 and 236, respectively. Theoretically, the 2-dimension sum is generated faster than the brute force attack up to 52 steps of RIPEMD-128 and 51 steps of RIPEMD-160, with complexities of 2101 and 2158, respectively. The results on RIPEMD-128 can also be viewed as q-multi-second-order collision attacks. The practical attacks have been implemented and examples are presented. We stress that our results do not impact to the security of full RIPEMD-128 and RIPEMD-160 hash functions. |
author2 |
School of Computer Engineering |
author_facet |
School of Computer Engineering Sasaki, Yu Wang, Lei |
format |
Article |
author |
Sasaki, Yu Wang, Lei |
author_sort |
Sasaki, Yu |
title |
Distinguishers on double-branch compression Function and applications to round-reduced RIPEMD-128 and RIPEMD-160 |
title_short |
Distinguishers on double-branch compression Function and applications to round-reduced RIPEMD-128 and RIPEMD-160 |
title_full |
Distinguishers on double-branch compression Function and applications to round-reduced RIPEMD-128 and RIPEMD-160 |
title_fullStr |
Distinguishers on double-branch compression Function and applications to round-reduced RIPEMD-128 and RIPEMD-160 |
title_full_unstemmed |
Distinguishers on double-branch compression Function and applications to round-reduced RIPEMD-128 and RIPEMD-160 |
title_sort |
distinguishers on double-branch compression function and applications to round-reduced ripemd-128 and ripemd-160 |
publishDate |
2014 |
url |
https://hdl.handle.net/10356/103817 http://hdl.handle.net/10220/19335 |
_version_ |
1681056179603636224 |