Meet-in-the-Middle (Second) Preimage Attacks on Two Double-Branch Hash Functions RIPEMD and RIPEMD-128
スポンサーリンク
概要
- 論文の詳細を見る
Even though meet-in-the-middle preimage attack framework has been successfully applied to attack most of narrow-pipe hash functions, it seems difficult to apply this framework to attack double-branch hash functions. Only few results have been published on this research. This paper proposes a refined strategy of applying meet-in-the-middle attack framework to double-branch hash functions. The main novelty is a new local-collision approach named one-message-word local collision. We have applied our strategy to two double-branch hash functions RIPEMD and RIPEMD-128, and obtain the following results.• On RIPEMD. We find a pseudo-preimage attack on 47-step compression function, where the full version has 48 steps, with a complexity of 2119. It can be converted to a second preimage attack on 47-step hash function with a complexity of 2124.5. Moreover, we also improve previous preimage attacks on (intermediate) 35-step RIPEMD, and reduce the complexity from 2113 to 296.• On RIPEMD-128. We find a pseudo-preimage on (intermediate) 36-step compression function, where the full version has 64 steps, with a complexity of 2123. It canl be converted to a preimage attack on (intermediate) 36-step hash function with a complexity of 2126.5.Both RIPEMD and RIPEMD-128 produce 128-bit digests. Therefore our attacks are faster than the brute-force attack, which means that our attacks break the theoretical security bound of the above step-reduced variants of those two hash functions in the sense of (second) preimage resistance. The maximum number of the attacked steps on both those two hash functions is 35 among previous works based to our best knowledge. Therefore we have successfully increased the number of the attacked steps. We stress that our attacks does not break the security of full-version RIPEMD and RIPEMD-128. But the security mergin of RIPEMD becomes very narrow. On the other hand, RIPEMD-128 still has enough security margin.
- The Institute of Electronics, Information and Communication Engineersの論文
- 2012-01-01
著者
-
WANG Lei
University of Electro-Communications
-
OHTA Kazuo
University of Electro-Communications
-
SASAKI Yu
University of Electro-Communications
-
SAKIYAMA Kazuo
University of Electro-Communications
-
Sakiyama Kazuo
Department Of Informatics The University Of Electro-communications
-
Ohta Kazuo
Department Of Informatics The University Of Electro-communications
-
Sasaki Yu
Ntt Information Sharing Platform Laboratories Ntt Corp.
-
Komatsubara Wataru
University Of Electro-communications
-
Sasaki Yu
Ntt Informating Sharing Platform Laboratories Ntt Corporation
関連論文
- Cryptanalysis of Two MD5-Based Authentication Protocols: APOP and NMAC
- Extended Password Recovery Attacks against APOP, SIP, and Digest Authentication
- Toward the Fair Anonymous Signatures : Deniable Ring Signatures(Signatures,Cryptography and Information Security)
- Security of Cryptosystems Using Merkle-Damgård in the Random Oracle Model
- Preimage Attack on 23-Step Tiger
- Extension of Secret Handshake Protocols with Multiple Groups in Monotone Condition
- Standard Deviation and Intra Prediction Mode Based Adaptive Spatial Error Concealment (SEC) in H.264/AVC
- Variable Block Size Motion Vector Retrieval Schemes for H.264 Inter Frame Error Concealment
- Cryptanalysis of Two MD5-Based Authentication Protocols : APOP and NMAC
- Practical Password Recovery Attacks on MD4 Based Prefix and Hybrid Authentication Protocols
- Extended Password Recovery Attacks against APOP, SIP, and Digest Authentication
- A Strict Evaluation on the Number of Conditions for SHA-1 Collision Search
- New Message Differences for Collision Attacks on MD4 and MD5
- Improved Collision Attacks on MD4 and MD5(Hash Functions,Cryptography and Information Security)
- Universally composable client-to-client general authenticated key exchange (特集:情報システムを支えるコンピュータセキュリティ技術の再考)
- On Clock-Based Fault Analysis Attack for an AES Hardware Using RSL
- Universally Composable Hierarchical Hybrid Authenticated Key Exchange(Protocols,Cryptography and Information Security)
- Improved Collision Search for Hash Functions : New Advanced Message Modification
- Probabilistic Multi-Signature Schemes Using a One-Way Trapdoor Permutation(Discrete Mathematics and Its Applications)
- OAEP-ES : Methodology of Universal Padding Technique (Asymmetric Cipher) (Cryptography and Information Security)
- Solutions to Security Problems of Rivest and Shamir's Pay Word Scheme(Application)(Cryptography and Information Security)
- Provably Secure Multisignatures in Formal Security Model and Their Optimality
- Taxonomical Security Consideration of OAEP Variants(Discrete Mathematics and Its Applications)
- Preimage Attack on 23-Step Tiger
- Power Analysis against a DPA-Resistant S-Box Implementation Based on the Fourier Transform
- Near-Collision Attacks on MD4 : Applied to MD4-Based Protocols
- Maurer-Yacobi ID-Based Key Distribution Revisited(Discrete Mathematics and Its Applications)
- Security of Cryptosystems Using Merkle-Damgard in the Random Oracle Model
- Visual Secret Sharing Schemes for Multiple Secret Images Allowing the Rotation of Shares(Discrete Mathematics and Its Applications)
- Ring signatures: universally composable definitions and constructions (特集:情報システムを支えるコンピュータセキュリティ技術の再考)
- Differential-Linear Cryptanalysis of FEAL-8 (Special Section on Cryptography and Information Security)
- Leaky Random Oracle
- FOREWORD
- Cryptanalyses of Double-Mix Merkle-Damgard Mode in the Original Version of AURORA-512
- Universally Composable NBAC-Based Fair Voucher Exchange for Mobile Environments
- How to Shorten a Ciphertext of Reproducible Key Encapsulation Mechanisms in the Random Oracle Model
- De-embedding of On-Chip Inductor at Millimeter-Wave Range
- Differential Fault Analysis on Stream Cipher MUGI
- Preimage Attacks against PKC98-Hash and HAS-V
- Preimage Attacks on the Step-Reduced RIPEMD-128 and RIPEMD-160
- Meet-in-the-Middle (Second) Preimage Attacks on Two Double-Branch Hash Functions RIPEMD and RIPEMD-128
- Toward Effective Countermeasures against an Improved Fault Sensitivity Analysis
- Proxiable Designated Verifier Signature
- Correlation Power Analysis and Countermeasure on the Stream Cipher Enocoro-128v2
- A New Type of Fault-Based Attack: Fault Behavior Analysis
- Preimage Attacks on the Step-Reduced RIPEMD-128 and RIPEMD-160