已为您找到该学者10条结果 成果回收站
【期刊论文】Collisions for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD
王小云, Xiaoyun Wang, Dengguo Feng, Xuejia Lai, Hongbo Yu
,-0001,():
-1年11月30日
-
1636浏览
-
0点赞
-
0收藏
-
0分享
-
201下载
-
0
-
引用
【期刊论文】How to Break MD5 and Other Hash Functions
王小云, Xiaoyun Wang and Hongbo Yu
EUROCRYPT 2005, LNCS 3494, pp. 19-35, 2005.,-0001,():
-1年11月30日
MD5 is one of the most widely used cryptographic hash functions nowadays. It was designed in 1992 as an improvement of MD4, and its security was widely studied since then by several authors. The best known result so far was a semi free-start collision, in which the initialvalue of the hash function is replaced by a non-standard value, which is the result of the attack. In this paper we present a new powerful attack on MD5 which allows us to find collisions efficiently. We used this attack to find collisions of MD5 in about 15 minutes up to an hour computation time. The attack is a differential attack, which unlike most differential attacks, does not use the exclusive-or as a measure of difference, but instead uses modular integer subtraction as the measure. We call this kind of differential a modular differential. An application of this attack to MD4 can find a collision in less than a fraction of a second. This attack is also applicable to other hash functions, such as RIPEMD and HAVAL.
-
377浏览
-
0点赞
-
0收藏
-
0分享
-
229下载
-
0
-
引用
【期刊论文】Cryptanalysis of the Hash Functions MD4 and RIPEMD
王小云, Xiaoyun Wang, Xuejia Lai, Dengguo Feng, Hui Chen, and Xiuyuan Yu
EUROCRYPT 2005, LNCS 3494, pp. 1-18, 2005.,-0001,():
-1年11月30日
MD4 is a hash function developed by Rivest in 1990. It serves as the basis for most of the dedicated hash functions such as MD5, SHAx, RIPEMD, and HAVAL. In 1996, Dobbertin showed how to find collisions of MD4 with complexity equivalent to 220 MD4 hash computations. In this paper, we present a new attack on MD4 which can find a collision with probability 2-2 to 2−6, and the complexity of finding a collision doesn't exceed 28 MD4 hash operations. Built upon the collision search attack, we present a chosen-message pre-image attack on MD4 with complexity below 28. Furthermore, we show that for a weak message, we can find another message that produces the same hash value. The complexity is only a single MD4 computation, and a random message is a weak message with probability 2−122. The attack on MD4 can be directly applied to RIPEMD which has two parallel copies of MD4, and the complexity of finding a collision is about 218 RIPEMD hash operations.
-
279浏览
-
0点赞
-
0收藏
-
0分享
-
131下载
-
0
-
引用
【期刊论文】The Second-Preimage Attack on MD4
王小云, Hongbo Yu, Gaoli Wang, Guoyan Zhang, and Xiaoyun Wang
CANS 2005, LNCS 3810, pp. 1-12, 2005.,-0001,():
-1年11月30日
In Eurocrypt'05, Wang et al. presented new techniques to find collisions of Hash function MD4. The techniques are not only efficient to search for collisions, but also applicable to explore the secondpreimage of MD4. About the second-preimage attack, they showed that a random message was a weak message with probability 2−122 and it only needed a one-time MD4 computation to find the second-preimage corresponding to the weak message. A weak message means that there exits a more efficient attack than the brute force attack to find its secondpreimage. In this paper, we find another new collision differential path which can be used to find the second-preimage for more weak messages. For any random message, it is a weak message with probability 2−56, and it can be converted into a weak message by message modification techniques with about 227 MD4 computations. Furthermore, the original message is close to the resulting message (weak message), i. e, the Hamming weight of the difference for two messages is about 44.
Hash function,, collision differential path,, second-preimage,, weak message.,
-
268浏览
-
0点赞
-
0收藏
-
0分享
-
103下载
-
0
-
引用
王小云, 王小云**, 冯登国, 于秀源
中国科学E辑信息科学,2005,35(3):1~12,-0001,():
-1年11月30日
给出了一种Hash函数HAVAL-128的有效攻击方法. HAVAL是由zheng等人在Auscrypto'92提出的,它的轮数可以是3、4或5,输出长度为128、160、192或224比特的杂凑值本文攻击的是具有128比特杂凑值的HAVAL算法本文的主要结论是,任给一个1024比特长的消息m,只要对m做一些适当的修改,修改后的消息m就会和另外一个消息m'以2-7的概率发生碰撞,其中m'=m+△m,△m是事先选定的一个固定的明文差分另外,本文还给出了两个碰撞的实例.
Hash函数, 碰撞, 差分分析, 差分特征
-
212浏览
-
0点赞
-
0收藏
-
0分享
-
154下载
-
0
-
引用