Filters








226 Hits in 2.1 sec

Searching for Differential Paths in MD4 [chapter]

Martin Schläffer, Elisabeth Oswald
2006 Lecture Notes in Computer Science  
In this article, we present an algorithm that allows to find paths in an automated way. Our algorithm is successful for MD4. We have found over 1000 differential paths so far.  ...  Amongst them, there are paths that have fewer conditions in the second round than the path of Wang et al. for MD4.  ...  Consequently, it is desirable for a path search algorithm to look for paths that have most conditions in the first round of MD4.  ... 
doi:10.1007/11799313_16 fatcat:rihy2lnj3vgfhh3kkq2yjfklue

The Second-Preimage Attack on MD4 [chapter]

Hongbo Yu, Gaoli Wang, Guoyan Zhang, Xiaoyun Wang
2005 Lecture Notes in Computer Science  
In this paper, we find another new collision differential path which can be used to find the second-preimage for more weak messages.  ...  The techniques are not only efficient to search for collisions, but also applicable to explore the secondpreimage of MD4.  ...  Constructing the Specific Collision Differential Path In order to find such a path, we select We find a collision differential path when e = 1 and i = 22 with 62 variable conditions which are showed in  ... 
doi:10.1007/11599371_1 fatcat:3bfhl2fhbngwxnao67wmkb3kuq

Practical key-recovery attack against APOP, an MD5-based challenge-response authentication

Gaetan Leurent
2008 International Journal of Applied Cryptography  
They used an approach suggested by Wang to find a near-collision for different IVs and used different differential paths to absorb the remaining differences.  ...  At EUROCRYPT '05 and CRYPTO '05, Wang et al. described a new class of attacks on most of the hash functions of the MD4 family, MD4, MD5, HAVAL, RIPEMD, SHA-0 and SHA-1 in [26, 28, 29, 27] , which allows  ...  Thanks are due to Phong Nguyen and Pierre-Alain Fouque for their precious help and proofreading. We also thank Louis Granboulan for his help in collecting and analysing WiFi data.  ... 
doi:10.1504/ijact.2008.017049 fatcat:tchulg6g4vewhfatm3p3gykhza

Boomerang Distinguishers on MD4-Family: First Practical Results on Full 5-Pass HAVAL [chapter]

Yu Sasaki
2012 Lecture Notes in Computer Science  
We then search for new differential paths.  ...  Firstly, we prove that the differential path for 5-pass HAVAL used in the previous boomerang distinguisher contains a critical flaw and thus the attack cannot work.  ...  We proved that the previous differential path on 5-pass HAVAL contained a flaw.  ... 
doi:10.1007/978-3-642-28496-0_1 fatcat:7yi6amv7hffyhbeppuzgcjdwou

Cryptanalysis of the Hash Functions MD4 and RIPEMD [chapter]

Xiaoyun Wang, Xuejia Lai, Dengguo Feng, Hui Chen, Xiuyuan Yu
2005 Lecture Notes in Computer Science  
MD4 is a hash function developed by Rivest in 1990. It serves as the basis for most of the dedicated hash functions such as MD5, SHAx, RIPEMD, and HAVAL.  ...  Built upon the collision search attack, we present a chosen-message pre-image attack on MD4 with complexity below 2 8 .  ...  Acknowledgements It is a pleasure to acknowledge Hans Dobbertin, Magnus Daum for their important advice, corrections, and suggestions, and for spending their precious time on our research.  ... 
doi:10.1007/11426639_1 fatcat:nc4f7czj6bc3boj2xgubx5rq2a

Applications of SAT Solvers to Cryptanalysis of Hash Functions [chapter]

Ilya Mironov, Lintao Zhang
2006 Lecture Notes in Computer Science  
In particular, we are able to generate full collisions for MD4 and MD5 given only the differential path and applying a (minimally modified) off-the-shelf SAT solver.  ...  Several standard cryptographic hash functions were broken in 2005.  ...  In particular, we refer to Black et al. and Oswald et al. [BCH06, SO06] for intuition on the discovery process of the differential path for MD4 and MD5 (Stages I and II of our framework).  ... 
doi:10.1007/11814948_13 fatcat:gyl6sxhjxvhbti56tx2l77fxte

Forgery and Partial Key-Recovery Attacks on HMAC and NMAC Using Hash Collisions [chapter]

Scott Contini, Yiqun Lisa Yin
2006 Lecture Notes in Computer Science  
In this paper, we analyze the security of HMAC and NMAC, both of which are hash-based message authentication codes.  ...  We present distinguishing, forgery, and partial key recovery attacks on HMAC and NMAC using collisions of MD4, MD5, SHA-0, and reduced SHA-1.  ...  We thank Mihir Bellare and Hugo Krawczyk for valuable suggestions on an early draft of this work. We thank Eli Biham for enlightening discussions.  ... 
doi:10.1007/11935230_3 fatcat:opfus47hrvcqzbt6aqiasohgme

Preimage Attack on MD4 Hash Function as a Problem of Parallel Sat-Based Cryptanalysis

2017 Bulletin of the South Ural State University Series Computational Mathematics and Software Engineering  
In this paper we study the inversion problem of MD4 cryptographic hash function developed by R. Rivest in 1990.  ...  By MD4-k we denote a truncated variant of MD4 hash function in which k represents a number of steps used to calculate a hash value (the full version of MD4 function corresponds to MD4-48). H.  ...  For example, in order to achieve results in solving the SAT instances for finding collisions from MD family hash functions it is nessesary to add special conditions called differential paths on chaining  ... 
doi:10.14529/cmse170302 fatcat:rbdxccexqfee7i27u5betzwctq

Efficient Collision Search Attacks on SHA-0 [chapter]

Xiaoyun Wang, Hongbo Yu, Yiqun Lisa Yin
2005 Lecture Notes in Computer Science  
In this paper, we present new techniques for collision search in the hash function SHA-0.  ...  Yao for their support and corrections on this paper. We also thank Ronald L. Rivest and many other anonymous reviewers for their important comments.  ...  Lenstra for his important suggestions and corrections, and for spending his precious time on our research. We would like to thank Andrew C. Yao and Frances.  ... 
doi:10.1007/11535218_1 fatcat:dfx4vrneqraddcj3zfhkuxnaby

Cryptanalysis of Reduced RIPEMD-128

Gao-Li WANG, Mei-Qin WANG
2008 Journal of Software (Chinese)  
RIPEMD-128 is a cryptographic hash function proposed in 1996 by Hans Dobbertin, Antoon Bosselaers and Bart Preneel.  ...  This paper presents a practical attack for finding collisions for the first 32-step reduced RIPEMD-128 with complexity of 2 28 32-step reduced RIPEMD-128 operations.  ...  We will describe the last three parts in details. Collision differential path for the first 32-step reduced RIPEMD-128 We use Wang's method to deduce the differential paths.  ... 
doi:10.3724/sp.j.1001.2008.02442 fatcat:smz56uhxsffaxfhjeqwhcjoqey

Improved Cryptanalysis of Reduced RIPEMD-160 [chapter]

Florian Mendel, Thomas Peyrin, Martin Schläffer, Lei Wang, Shuang Wu
2013 Lecture Notes in Computer Science  
Using a carefully designed non-linear path search tool, we study the potential differential paths that can be constructed from a difference in a single message word and show that some of these message  ...  words can lead to very good differential path candidates.  ...  The authors would like to thank the anonymous referees for their helpful comments.  ... 
doi:10.1007/978-3-642-42045-0_25 fatcat:h2spjrcc6va7vm7pcf7lhlyvu4

Translation of Algorithmic Descriptions of Discrete Functions to SAT with Applications to Cryptanalysis Problems

Alexander Semenov, Ilya Otpuschennikov, Irina Gribanova, Oleg Zaikin, Stepan Kochemazov
2018 Logical Methods in Computer Science  
In the present paper, we propose a technology for translating algorithmic descriptions of discrete functions to SAT. The proposed technology is aimed at applications in algebraic cryptanalysis.  ...  In~the theoretical part of the paper we justify the main principles of general reduction to SAT for discrete functions from a class containing the majority of functions employed in cryptography.  ...  We are grateful to anonymous reviewers for their valuable comments that made it possible to significantly improve the quality of the present paper.  ... 
doi:10.23638/lmcs-16(1:29)2020 fatcat:fuji3nvk75ggzb5535kccwdmbu

Translation of Algorithmic Descriptions of Discrete Functions to SAT with Applications to Cryptanalysis Problems [article]

Alexander Semenov, Ilya Otpuschennikov, Irina Gribanova, Oleg Zaikin, Stepan Kochemazov
2020 arXiv   pre-print
In the present paper, we propose a technology for translating algorithmic descriptions of discrete functions to SAT. The proposed technology is aimed at applications in algebraic cryptanalysis.  ...  In~the theoretical part of the paper we justify the main principles of general reduction to SAT for discrete functions from a class containing the majority of functions employed in cryptography.  ...  We are grateful to anonymous reviewers for their valuable comments that made it possible to significantly improve the quality of the present paper.  ... 
arXiv:1805.07239v5 fatcat:qrgcbbnag5a53davdbexvxbio4

New Distinguishing Attack on MAC Using Secret-Prefix Method [chapter]

Xiaoyun Wang, Wei Wang, Keting Jia, Meiqin Wang
2009 Lecture Notes in Computer Science  
The new distinguisher makes use of a special truncated differential path with high probability to distinguish an inner near-collision in the first round.  ...  The complexity for distinguishing the MAC with 43-step reduced SHA-1 is 2 124.5 queries. For the MAC with 61-step SHA-1, the complexity is 2 154.5 queries. The success probability is 0.70 for both.  ...  We would like to thank Christian Rechberger and three reviewers for their very helpful comments on the paper.  ... 
doi:10.1007/978-3-642-03317-9_22 fatcat:zu7xgbjferfktcc4awfjqrsdti

Cryptanalysis of Full RIPEMD-128 [chapter]

Franck Landelle, Thomas Peyrin
2013 Lecture Notes in Computer Science  
Namely, we were able to build a very good differential path by placing one non-linear differential part in each computation branch of the RIPEMD-128 compression function, but not necessarily in the early  ...  In order to handle the low differential probability induced by the non-linear part located in later steps, we propose a new method for using the freedom degrees, by attacking each branch separately and  ...  The Final Differential Path Skeleton Applying our non-linear part search tool and reusing notations from [4] , we obtain the differential path in Figure 3 , for which we provide at each step i the differential  ... 
doi:10.1007/978-3-642-38348-9_14 fatcat:wcm6kihxsngwzdfe4hucnpr7hu
« Previous Showing results 1 — 15 out of 226 results