CryptoDB
Cryptanalysis of 48-step RIPEMD-160
| Authors: |
|
|---|---|
| Download: | |
| Abstract: | In this paper, we show how to theoretically compute the step differential probability of RIPEMD-160 under the condition that only one internal variable contains difference and the difference is a power of 2. Inspired by the way of computing the differential probability, we can do message modification such that a step differential hold with probability 1. Moreover, we propose a semi-free-start collision attack on 48-step RIPEMD-160, which improves the best semi-free start collision by 6 rounds. This is mainly due to that some bits of the chaining variable in the i-th step can be computed by adding some conditions in advance, even though some chaining variables before step i are unknown. Therefore, the uncontrolled probability of the differential path is increased and the number of the needed starting points is decreased. Then a semi-free-start collision attack on 48-step RIPEMD-160 can be obtained based on the differential path constructed by Mendel et al. at ASIACRYPT 2013. The experiments confirm our reasoning and complexity analysis. |
BibTeX
@article{tosc-2017-28493,
title={Cryptanalysis of 48-step RIPEMD-160},
journal={IACR Trans. Symmetric Cryptol.},
publisher={Ruhr-Universität Bochum},
volume={2017, Issue 2},
pages={177-202},
url={https://tosc.iacr.org/index.php/ToSC/article/view/643},
doi={10.13154/tosc.v2017.i2.177-202},
author={Gaoli Wang and Yanzhao Shen and Fukang Liu},
year=2017
}