A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
Filters
Searching for Differential Paths in MD4
[chapter]
2006
Lecture Notes in Computer Science
Preserved Fulltext
In this article, we present an algorithm that allows to find paths in an automated way. Our algorithm is successful for MD4. We have found over 1000 differential paths so far. ...
Amongst them, there are paths that have fewer conditions in the second round than the path of Wang et al. for MD4. ...
Consequently, it is desirable for a path search algorithm to look for paths that have most conditions in the first round of MD4. ...
doi:10.1007/11799313_16
fatcat:rihy2lnj3vgfhh3kkq2yjfklue
The Second-Preimage Attack on MD4
[chapter]
2005
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2010; you can also visit the original URL.
The file type is application/pdf.
In this paper, we find another new collision differential path which can be used to find the second-preimage for more weak messages. ...
The techniques are not only efficient to search for collisions, but also applicable to explore the secondpreimage of MD4. ...
Constructing the Specific Collision Differential Path In order to find such a path, we select We find a collision differential path when e = 1 and i = 22 with 62 variable conditions which are showed in ...
doi:10.1007/11599371_1
fatcat:3bfhl2fhbngwxnao67wmkb3kuq
Practical key-recovery attack against APOP, an MD5-based challenge-response authentication
2008
International Journal of Applied Cryptography
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
They used an approach suggested by Wang to find a near-collision for different IVs and used different differential paths to absorb the remaining differences. ...
At EUROCRYPT '05 and CRYPTO '05, Wang et al. described a new class of attacks on most of the hash functions of the MD4 family, MD4, MD5, HAVAL, RIPEMD, SHA-0 and SHA-1 in [26, 28, 29, 27] , which allows ...
Thanks are due to Phong Nguyen and Pierre-Alain Fouque for their precious help and proofreading. We also thank Louis Granboulan for his help in collecting and analysing WiFi data. ...
doi:10.1504/ijact.2008.017049
fatcat:tchulg6g4vewhfatm3p3gykhza
Boomerang Distinguishers on MD4-Family: First Practical Results on Full 5-Pass HAVAL
[chapter]
2012
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
We then search for new differential paths. ...
Firstly, we prove that the differential path for 5-pass HAVAL used in the previous boomerang distinguisher contains a critical flaw and thus the attack cannot work. ...
We proved that the previous differential path on 5-pass HAVAL contained a flaw. ...
doi:10.1007/978-3-642-28496-0_1
fatcat:7yi6amv7hffyhbeppuzgcjdwou
Cryptanalysis of the Hash Functions MD4 and RIPEMD
[chapter]
2005
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
MD4 is a hash function developed by Rivest in 1990. It serves as the basis for most of the dedicated hash functions such as MD5, SHAx, RIPEMD, and HAVAL. ...
Built upon the collision search attack, we present a chosen-message pre-image attack on MD4 with complexity below 2 8 . ...
Acknowledgements It is a pleasure to acknowledge Hans Dobbertin, Magnus Daum for their important advice, corrections, and suggestions, and for spending their precious time on our research. ...
doi:10.1007/11426639_1
fatcat:nc4f7czj6bc3boj2xgubx5rq2a
Applications of SAT Solvers to Cryptanalysis of Hash Functions
[chapter]
2006
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2007; you can also visit the original URL.
The file type is application/pdf.
In particular, we are able to generate full collisions for MD4 and MD5 given only the differential path and applying a (minimally modified) off-the-shelf SAT solver. ...
Several standard cryptographic hash functions were broken in 2005. ...
In particular, we refer to Black et al. and Oswald et al. [BCH06, SO06] for intuition on the discovery process of the differential path for MD4 and MD5 (Stages I and II of our framework). ...
doi:10.1007/11814948_13
fatcat:gyl6sxhjxvhbti56tx2l77fxte
Forgery and Partial Key-Recovery Attacks on HMAC and NMAC Using Hash Collisions
[chapter]
2006
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
In this paper, we analyze the security of HMAC and NMAC, both of which are hash-based message authentication codes. ...
We present distinguishing, forgery, and partial key recovery attacks on HMAC and NMAC using collisions of MD4, MD5, SHA-0, and reduced SHA-1. ...
We thank Mihir Bellare and Hugo Krawczyk for valuable suggestions on an early draft of this work. We thank Eli Biham for enlightening discussions. ...
doi:10.1007/11935230_3
fatcat:opfus47hrvcqzbt6aqiasohgme
Preimage Attack on MD4 Hash Function as a Problem of Parallel Sat-Based Cryptanalysis
2017
Bulletin of the South Ural State University Series Computational Mathematics and Software Engineering
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2018; you can also visit the original URL.
The file type is application/pdf.
In this paper we study the inversion problem of MD4 cryptographic hash function developed by R. Rivest in 1990. ...
By MD4-k we denote a truncated variant of MD4 hash function in which k represents a number of steps used to calculate a hash value (the full version of MD4 function corresponds to MD4-48). H. ...
For example, in order to achieve results in solving the SAT instances for finding collisions from MD family hash functions it is nessesary to add special conditions called differential paths on chaining ...
doi:10.14529/cmse170302
fatcat:rbdxccexqfee7i27u5betzwctq
Efficient Collision Search Attacks on SHA-0
[chapter]
2005
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
In this paper, we present new techniques for collision search in the hash function SHA-0. ...
Yao for their support and corrections on this paper. We also thank Ronald L. Rivest and many other anonymous reviewers for their important comments. ...
Lenstra for his important suggestions and corrections, and for spending his precious time on our research. We would like to thank Andrew C. Yao and Frances. ...
doi:10.1007/11535218_1
fatcat:dfx4vrneqraddcj3zfhkuxnaby
Cryptanalysis of Reduced RIPEMD-128
2008
Journal of Software (Chinese)
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2018; you can also visit the original URL.
The file type is application/pdf.
RIPEMD-128 is a cryptographic hash function proposed in 1996 by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. ...
This paper presents a practical attack for finding collisions for the first 32-step reduced RIPEMD-128 with complexity of 2 28 32-step reduced RIPEMD-128 operations. ...
We will describe the last three parts in details.
Collision differential path for the first 32-step reduced RIPEMD-128 We use Wang's method to deduce the differential paths. ...
doi:10.3724/sp.j.1001.2008.02442
fatcat:smz56uhxsffaxfhjeqwhcjoqey
Improved Cryptanalysis of Reduced RIPEMD-160
[chapter]
2013
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2018; you can also visit the original URL.
The file type is application/pdf.
Using a carefully designed non-linear path search tool, we study the potential differential paths that can be constructed from a difference in a single message word and show that some of these message ...
words can lead to very good differential path candidates. ...
The authors would like to thank the anonymous referees for their helpful comments. ...
doi:10.1007/978-3-642-42045-0_25
fatcat:h2spjrcc6va7vm7pcf7lhlyvu4
Translation of Algorithmic Descriptions of Discrete Functions to SAT with Applications to Cryptanalysis Problems
2018
Logical Methods in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
In the present paper, we propose a technology for translating algorithmic descriptions of discrete functions to SAT. The proposed technology is aimed at applications in algebraic cryptanalysis. ...
In~the theoretical part of the paper we justify the main principles of general reduction to SAT for discrete functions from a class containing the majority of functions employed in cryptography. ...
We are grateful to anonymous reviewers for their valuable comments that made it possible to significantly improve the quality of the present paper. ...
doi:10.23638/lmcs-16(1:29)2020
fatcat:fuji3nvk75ggzb5535kccwdmbu
Translation of Algorithmic Descriptions of Discrete Functions to SAT with Applications to Cryptanalysis Problems
[article]
2020
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Other Versions
In the present paper, we propose a technology for translating algorithmic descriptions of discrete functions to SAT. The proposed technology is aimed at applications in algebraic cryptanalysis. ...
In~the theoretical part of the paper we justify the main principles of general reduction to SAT for discrete functions from a class containing the majority of functions employed in cryptography. ...
We are grateful to anonymous reviewers for their valuable comments that made it possible to significantly improve the quality of the present paper. ...
arXiv:1805.07239v5
fatcat:qrgcbbnag5a53davdbexvxbio4
New Distinguishing Attack on MAC Using Secret-Prefix Method
[chapter]
2009
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2018; you can also visit the original URL.
The file type is application/pdf.
The new distinguisher makes use of a special truncated differential path with high probability to distinguish an inner near-collision in the first round. ...
The complexity for distinguishing the MAC with 43-step reduced SHA-1 is 2 124.5 queries. For the MAC with 61-step SHA-1, the complexity is 2 154.5 queries. The success probability is 0.70 for both. ...
We would like to thank Christian Rechberger and three reviewers for their very helpful comments on the paper. ...
doi:10.1007/978-3-642-03317-9_22
fatcat:zu7xgbjferfktcc4awfjqrsdti
Cryptanalysis of Full RIPEMD-128
[chapter]
2013
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2018; you can also visit the original URL.
The file type is application/pdf.
Namely, we were able to build a very good differential path by placing one non-linear differential part in each computation branch of the RIPEMD-128 compression function, but not necessarily in the early ...
In order to handle the low differential probability induced by the non-linear part located in later steps, we propose a new method for using the freedom degrees, by attacking each branch separately and ...
The Final Differential Path Skeleton Applying our non-linear part search tool and reusing notations from [4] , we obtain the differential path in Figure 3 , for which we provide at each step i the differential ...
doi:10.1007/978-3-642-38348-9_14
fatcat:wcm6kihxsngwzdfe4hucnpr7hu
« Previous
Showing results 1 — 15 out of 226 results