Cryptanalysis of 3-Pass HAVAL

Rompay, Bart Van; Biryukov, Alex; Preneel, Bart; Vandewalle, Joos

doi:10.1007/978-3-540-40061-5_14

Cited by 19 publications

(14 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We have shown that only about 4 to 64 random selected messages are needed in order to find a collision of MD4, and only about 2 16 random selected messages to for RIPEMD.…”

Section: Resultsmentioning

confidence: 96%

See 1 more Smart Citation

Cryptanalysis of the Hash Functions MD4 and RIPEMD

Wang

Lai

Feng³

et al. 2005

Lecture Notes in Computer Science

308

280

View full text Add to dashboard Cite

Abstract. MD4 is a hash function developed by Rivest in 1990. It serves as the basis for most of the dedicated hash functions such as MD5, SHAx, RIPEMD, and HAVAL. In 1996, Dobbertin showed how to find collisions of MD4 with complexity equivalent to 2 20 MD4 hash computations. In this paper, we present a new attack on MD4 which can find a collision with probability 2 −2 to 2 −6 , and the complexity of finding a collision doesn't exceed 2 8 MD4 hash operations. Built upon the collision search attack, we present a chosen-message pre-image attack on MD4 with complexity below 28 . Furthermore, we show that for a weak message, we can find another message that produces the same hash value. The complexity is only a single MD4 computation, and a random message is a weak message with probability 2 −122 .The attack on MD4 can be directly applied to RIPEMD which has two parallel copies of MD4, and the complexity of finding a collision is about 2 18 RIPEMD hash operations.

show abstract

“…We have shown that only about 4 to 64 random selected messages are needed in order to find a collision of MD4, and only about 2 16 random selected messages to for RIPEMD.…”

Section: Resultsmentioning

confidence: 96%

“…At Asiacrypt 2003, B.V. Rompay etc. [16] gave a collision attack on HAVAL-128 with probability 2 −29 . Some very interesting results on hash functions came out simultaneously in Crypto 2004.…”

Section: Introductionmentioning

confidence: 99%

Cryptanalysis of the Hash Functions MD4 and RIPEMD

Wang

Lai

Feng³

et al. 2005

Lecture Notes in Computer Science

308

280

View full text Add to dashboard Cite

show abstract

“…While three preimage attacks on MD4 are known [3,5,6], the picture is different for MD5: using a SAT-solver De et al [3] inverted 26 (out of 64) steps of MD5, and no analytical attack is known to date. Idem for HAVAL: while several collision attacks [7,13,20,21] and even a second preimage attack [9] were published, no preimage attack is known. Independent Work.…”

Section: Introductionmentioning

confidence: 99%

Preimage Attacks on 3-Pass HAVAL and Step-Reduced MD5

Aumasson

Meier

Mendel

2009

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. This paper presents preimage attacks on the hash functions 3-pass HAVAL and step-reduced MD5. Introduced in 1992 and 1991 respectively, these functions underwent severe collision attacks, but no preimage attack. We describe two preimage attacks on the compression function of 3-pass HAVAL. The attacks have a complexity of about 2 224 compression function evaluations instead of 2 256 . We present several preimage attacks on the MD5 compression function that invert up to 47 steps (out of 64) within 2 96 trials instead of 2 128 . Although our attacks are not practical, they show that the security margin of 3-pass HAVAL and step-reduced MD5 with respect to preimage attacks is not as high as expected.

show abstract

“…-Its structure should be resistant against known attacks including Wang et al's attack [1,2,3,4,5,7,8,14,15,16,17,18]. -The performance should be as competitive as that of SHA-256.…”

Section: Introductionmentioning

confidence: 99%

A New Dedicated 256-Bit Hash Function: FORK-256

Hong

Chang

Sung

et al. 2006

Fast Software Encryption

View full text Add to dashboard Cite

Abstract. This paper describes a new software-efficient 256-bit hash function, FORK-256. Recently proposed attacks on MD5 and SHA-1 motivate a new hash function design. It is designed not only to have higher security but also to be faster than SHA-256. The performance of the new hash function is at least 30% better than that of SHA-256 in software. And it is secure against any known cryptographic attacks on hash functions.

show abstract

Cryptanalysis of 3-Pass HAVAL

Cited by 19 publications

References 9 publications

Cryptanalysis of the Hash Functions MD4 and RIPEMD

Cryptanalysis of the Hash Functions MD4 and RIPEMD

Preimage Attacks on 3-Pass HAVAL and Step-Reduced MD5

A New Dedicated 256-Bit Hash Function: FORK-256

Contact Info

Product

Resources

About