• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences >Meet-in-the-Middle (Second) Preimage Attacks on Two Double- Branch Hash Functions RIPEMD and RIPEMD-128
【24h】

Meet-in-the-Middle (Second) Preimage Attacks on Two Double- Branch Hash Functions RIPEMD and RIPEMD-128

机译:对两个双分支哈希函数RIPEMD和RIPEMD-128的中间(第二次)原始映像攻击

获取原文
获取原文并翻译 | 示例
           
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

Even though meet-in-the-middle preimage attack framework has been successfully applied to attack most of narrow-pipe hash functions, it seems difficult to apply this framework to attack double-branch hash functions. Only few results have been published on this research. This paper proposes a refined strategy of applying meet-in-the-middle attack framework to double-branch hash functions. The main novelty is a new local-collision approach named one-message-word local collision. We have applied our strategy to two double-branch hash functions RIPEMD and RIPEMD-128, and obtain the following results. 1.On RIPEMD. We find a pseudo-preimage attack on 47-step compression function, where the full version has 48 steps, with a complexity of 2~(119). It can be converted to a second preimage attack on 47-step hash function with a complexity of 2~(124.5). Moreover, we also im-prove previous preimage attacks on (intermediate) 35-step RIPEMD, and reduce the complexity from 2~(113) to 2~(96). 2.On RIPEMD-128. We find a pseudo-preimage on (intermediate) 36-step compression function, where the full version has 64 steps, with a complexity of 2123. It canl be converted to a preimage attack on (intermediate) 36-step hash function with a complexity of 2~(126.5). Both RIPEMD and RIPEMD-128 produce 128-bit digests. Therefore our attacks are faster than the brute-force attack, which means that our attacks break the theoretical security bound of the above step-reduced variants of those two hash functions in the sense of (second) preimage resistance. The maximum number of the attacked steps on both those two hash functions is 35 among previous works based to our best knowledge. Therefore we have successfully increased the number of the attacked steps. We stress that our attacks does not break the security of full-version RIPEMD and RIPEMD-128. But the security mergin of RIPEMD becomes very narrow. On the other hand, RIPEMD-128 still has enough security margin.
机译:即使中间相遇前映像攻击框架已成功应用于攻击大多数窄管哈希函数,但似乎很难将此框架应用于双分支哈希函数。该研究仅发表了很少的结果。本文提出了一种将中间相遇攻击框架应用于双分支哈希函数的改进策略。主要的新颖之处是一种新的本地冲突方法,称为单消息字本地冲突。我们将策略应用于两个双分支哈希函数RIPEMD和RIPEMD-128,并获得以下结果。 1.在RIPEMD上。我们发现对47步压缩功能的伪原像攻击,完整版有48步,复杂度为2〜(119)。可以将其转换为对47步哈希函数的第二次原像攻击,复杂度为2〜(124.5)。此外,我们还改进了先前对(中间)35步RIPEMD的原像攻击,并将复杂度从2〜(113)降低到2〜(96)。 2.在RIPEMD-128上。我们在(中间)36步压缩函数中找到了一个伪原像,其中完整版本有64步,复杂度为2123。它可以转换为对(中间)36步哈希函数的原像攻击为2〜(126.5)。 RIPEMD和RIPEMD-128均产生128位摘要。因此,我们的攻击比蛮力攻击要快,这意味着我们的攻击从(第二)原像抵抗的角度打破了这两个哈希函数的上述逐步精简变体的理论安全范围。根据我们的最新知识,在这两个哈希函数中,被攻击的步骤的最大数目为35。因此,我们已经成功增加了攻击步骤的数量。我们强调,我们的攻击不会破坏全版本RIPEMD和RIPEMD-128的安全性。但是RIPEMD的安全边界变得非常狭窄。另一方面,RIPEMD-128仍然具有足够的安全裕度。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号