SCIE, EI, Scopus, INSPEC, DBLP, CSCD, etc.
Citation: | Gao-Li Wang. Collision Attack on the Full Extended MD4 and Pseudo-Preimage Attack on RIPEMD[J]. Journal of Computer Science and Technology, 2013, 28(1): 129-143. DOI: 10.1007/s11390-013-1317-5 |
[1] |
Rivest R. The MD4 message digest algorithm. In Proc. the10th Int. Cryptology Conference (CRYPTO), Aug. 1990,pp.303-311.
|
[2] |
Rivest R. The MD5 message-digest algorithm. 1992, http://www.ietf.org/rfc/rfc1321.txt.
|
[3] |
Zheng Y, Pieprzyk J, Seberry J. HAVAL-A one-way hashingalgorithm with variable length of output. In Proc. Workshopon the Theory and Application of Gyptographic Techniques:Advances in Cryptology (AUSCRYPT), Dec. 1992, pp.81-104.
|
[4] |
Bosselaers A, Preneel B (eds.). Integrity Primitives for Se-cure Information Systems, Final Report of RACE IntegrityPrimitives Evalution, Springer-Verlag, 1995.
|
[5] |
Dobbertin H, Bosselaers A, Preneel B. RIPEMD-160: Astrengthened version of RIPEMD. In Proc. the 3rd Int.Workshop on Fast Software Encryption, Feb. 1996, pp.71-82.
|
[6] |
National Institute of Standards and Technology of USA. Se-cure hash standard. Federal Information Processing Stan-dard Publication, FIPS-180, May 1993, http://www.mavi-1.org/web security/cryptography/applied-crypto/fips180.txt.
|
[7] |
National Institute of Standards and Technology of USA. Se-cure hash standard. Federal Information Processing Stan-dards Publication, FIPS-180-1, April 17, 1995, http://www.itl. nist.gov/fipspubs/fip/189-1.htm.
|
[8] |
National Institute of Standards and Technology of USA. Se-cure hash standard. Federal Information Processing Stan-dards Publication, FIPS-180-2, August, 26, 2002, http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf.
|
[9] |
Vaudenay S. On the need for multipermutations: Crypta-nalysis of MD4 and SAFER. In Proc. the 2nd Int. Workshopon Fast Software Encryption, Dec. 1994, pp.286-297.
|
[10] |
den Boer B, Bosselaers A. Collisions for the compression func-tion of MD5. In Proc. Workshop on the Theory and Ap-plication of Cryptographic Techniques (EUROCRYPT), May1993, pp.293-304.
|
[11] |
Biham E, Chen R. Near-collisions of SHA-0. In Proc. Int.Cryptology Conf. (CRYPTO), Aug. 2004, pp.290-305.
|
[12] |
Biham E, Chen R, Joux A, Carribault P, Lemuet C, JalbyW. Collisions of SHA-0 and reduced SHA-1. In Proc. the24th Int. Conf. Theory and Applications of CryptographicTechniques (EUROCRYPT), May 2005, pp.36-57.
|
[13] |
Chabaud F, Joux A. Differential collisions in SHA-0. In Proc.the 18th Int. Cryptology Conf. (CRYPTO), Aug. 1998,pp.56-71.
|
[14] |
Dobbertin H. The first two rounds of MD4 are not one-way.In Proc. the 5th Int. Workshop on Fast Software Encryption,Mar. 1998, pp.284-292.
|
[15] |
Dobbertin H. Cryptanalysis of MD4. In Proc. the 3rd Int.Workshop on Fast Software Encryption, Feb. 1996, pp.53-69.
|
[16] |
Dobbertin H. Cryptanalysis of MD5 compress. In Proc. Int.Conf. Theory and Application of Cryptology and InformationSecurity (Rump Session), May 1996, http://www.iacr.org/conferences/ec96/ec96rump.html.
|
[17] |
Dobbertin H. RIPEMD with two round compress function isnot collision-free. Journal of Cryptology, 1997, 10(1): 51-70.
|
[18] |
Joux A. Collisions for SHA-0. In Proc. of CRYPTO 2004(Rump Session), Aug. 2004, http://www.iacr.org/confere-nces/ crypto2004/rump.html.
|
[19] |
Mendel F, Rechberger C, Rijmen V. Update on SHA-1. InProc. CRYPTO 2007 (Rump Session), Aug. 2007, http://rump2007.cr.yp.to.
|
[20] |
Rompay B, Biryukov A, Preneel B, Vandewalle J. Crypta-nalysis of 3-pass HAVAL. In Proc. the 9th Int. Conf. The-ory and Application of Cryptology and Information Security(ASIACRYPT), Nov. 30-Dec. 4, 2003, pp.228-245.
|
[21] |
Wang X Y, Feng D G, Lai X J, Yu H B. Collisions for hashfunctions MD4, MD5, HAVAL-128 and RIPEMD. In Proc.CRYPTO 2004 Rump Session, Aug. 2004, http://www.iacr.org/conferences/crypto2004/rump.html.
|
[22] |
Wang X Y, Lai X J, Feng D G, Chen H, Yu X Y. Crypta-nalysis of the hash functions MD4 and RIPEMD. In Proc. the24th Int. Conf. Theory and Applications of CryptographicTechniques (EUROCRYPT), May 2005, pp.1-18.
|
[23] |
Wang G L, Wang M Q. Cryptanalysis of reduced RIPEMD-128. Journal of Software, 2008, 19(9): 2442-2448.
|
[24] |
Wang X Y, Yu H B. How to break MD5 and other hashfunctions. In Proc. the 24th Int. Conf. Theory and Appli-cations of Cryptographic Techniques (EUROCRYPT), May2005, pp.19-35.
|
[25] |
Wang X Y, Yu H B, Yin L. Efficient collision search attacks onSHA-0. In Proc. the 25th Int. Cryptology Conf. (CRYPTO),Aug. 2005, pp.1-16.
|
[26] |
Wang X Y, Yin Y L, Yu H B. Finding collisions on the fullSHA-1. In Proc. the 25th Int. Cryptology Conf. (CRYPTO),Aug. 2005, pp.17-36.
|
[27] |
Wang X Y, Feng D G, Yu X Y. An attack on hash functionHAVAL-128. Science in China Ser. F: Information Sciences,2005, 48(5): 545-556.
|
[28] |
Yu H B, Wang X Y, Yun A, Park S. Cryptanalysis of the fullHAVAL with 4 and 5 passes. In Proc. the 13th Int. Workshopon Fast Software Encryption, Mar. 2006, pp.89-110.
|
[29] |
Yu H B,Wang X Y. Cryptanalysis of the compression functionof SIMD. In Proc. the 16th Australasian Conf. InformationSecurity and Privacy, Jul. 2011, pp.157-171.
|
[30] |
Yu H B, Chen J Z, Jia K T, Wang X Y. Near-collision at-tack on the step-reduced compression function of Skein-256.IACR Cryptology ePrint Archive, Report 2011/148, 2011,http://eprint.iacr.org/.
|
[31] |
Biham E, Shamir A. Differential cryptanalysis of DES-likecryptosystems. Journal of Cryptology, 1991, 4(1): 3-72.
|
[32] |
Yu H B, Wang G L, Zhang G Y, Wang X Y. The second-preimage attack on MD4. In Proc. the 4th Int. Conf. Cryp-tology and Network Security (CRYPTO), Dec. 2005, pp.1-12.
|
[33] |
De Canniμere C, Rechberger C. Finding SHA-1 characteris-tics: General results and applications. In Proc. the 12th Int.Conf. Theory and Application of Cryptology and InformationSecurity (ASIACRYPT), Dec. 2006, pp.1-20.
|
[34] |
De Canniμere C, Mendel F, Rechberger C. Collisions for 70-Step SHA-1: On the full cost of collision search. In Proc. the14th Int. Workshop. Selected Area in Cryptolography, Aug.2007, pp.56-73.
|
[35] |
Knudsen L R, Mathiassen J E. Preimage and collision attackson MD2. In Proc. the 12th Int. Conf. Fast Software Encryp-tion, Feb. 2005, pp.255-267.
|
[36] |
Muller F. The MD2 Hash function is not one-way. In Proc.the 10th Int. Conf. Theory and Application of Cryptologyand Information Security (ASIACRYPT), Dec. 2004, pp.214-229.
|
[37] |
Aoki K, Sasaki Y. Preimage attacks on one-block MD4, 63-step MD5 and more. In Proc. the 15th Int. Workshop. Se-lected Area in Cryptolography, Aug. 2008, pp.103-119.
|
[38] |
De D, Kumarasubramanian A, Venkatesan R. Inversion at-tacks on secure Hash functions using SAT solvers. In Proc.the 10th Int. Conf. Theory and Applications of SatisfiabilityTesting, May 2007, pp.377-382.
|
[39] |
Guo J, Ling S, Rechberger C, Wang H. Advanced meet-in-the-middle preimage attacks: First results on full Tiger, andimproved results on MD4 and SHA-2. In Proc. the 16th Int. Conf. Theory and Application of Cryptology and InformationSecurity (ASIACRYPT), Dec. 2010, pp.56-75.
|
[40] |
Leurent G. MD4 is not one-way. In Proc. the 15th Int. Conf.Fast Software Encryption, Feb. 2008, pp.412-428.
|
[41] |
Zhong J M, Lai X J. Improved preimage attack on one-blockMD4. Journal of Systems and Software, 2012, 85(4): 981-994.
|
[42] |
Sasaki Y, Aoki K. Finding preimages in full MD5 faster thanexhaustive search. In Proc. the 28th Int. Conf. Theory andApplications of Gryptolographic Techniques (EUROCRYPT),Apr. 2009, pp.134-152.
|
[43] |
Sasaki Y, Aoki K. Preimage attacks on 3, 4, and 5-passHAVAL. In Proc. the 14th Int. Conf. Theory and Applica-tion of Cryptology and Information Security (ASIACRYPT),Dec. 2008, pp.253-271.
|
[44] |
Sasaki Y, Aoki K. Meet-in-the-middle preimage attacks ondouble-branch hash functions: Application to RIPEMD andothers. In Proc. the 14th Australasian Conf. InformationSecurity and Privacy, Jul. 2009, pp.214-231.
|
[45] |
Wang G L, Wang S H. Preimage attack on Hash functionRIPEMD. In Proc. the 5th Int. Conf. Information SecurityPractice and Experience, Apr. 2009, pp.274-284.
|
[46] |
Ohtahara C, Sasaki Y, Shimoyama T. Preimage attackson step-reduced RIPEMD-128 and RIPEMD-160. In Proc.the 6th Int. Conf. Information Security and Cryptology(INSCRYPT), Oct. 2010, pp.169-186.
|
[47] |
Aoki K, Sasaki Y. Meet-in-the-middle preimage attacksagainst reduced SHA-0 and SHA-1. In Proc. the 29th Int.Cryptology Conf. (CRYPTO), Aug. 2009, pp.70-89.
|
[48] |
Aoki K, Guo J, Matusiewicz K, Sasaki Y, Wang L. Preimagesfor step reduced SHA-2. In Proc. the 15th Int. Conf. The-ory and Application of Cryptology and Information Security(ASIACRYPT), Dec. 2009, pp.578-597.
|
[49] |
Mendel F, Pramstaller N, Rechberger C. A (Second) preimageattack on the GOST Hash function. In Proc. the 15th Int.Conf. Fast Software Encryption, Feb. 2008, pp.224-234.
|
[50] |
Khovratovich D, Rechberger C, Savelieva A. Bicliques forpreimages: Attacks on Skein-512 and the SHA-2 family. InProc. the 19th Int. Conf. Fast Software Encryption, Mar.2012, pp.244-263.
|
[51] |
Sasaki Y. Meet-in-the-middle preimage attacks on AES hash-ing modes and an application to Whirlpool. In Proc. the18thInt. Conf. Fast Software Encryption, Feb. 2011, pp.378-396.
|
[52] |
Wu S, Feng D G, Wu W L, Guo J, Dong L, Zou J. (Pseudo)preimage attack on reduced-round Grstl hash function andothers. In Proc. the 19th Int. Conf. Fast Software Encryp-tion, Mar. 2012, pp.127-145.
|
[53] |
Aoki K, Sasaki Y. Preimage attacks on one-block MD4, 63-step MD5 and more. In Proc. the 15th Int. Workshop. Se-lected Area in Cryptology, Aug. 2008, pp.103-119.
|
[54] |
Diffie W, Hellman M E. Exhaustive cryptanalysis of the NBSdata encryption standard. Computer, 1977, 10(6): 74-84.
|
[55] |
Li J, Isobe T, Shibutani K. Converting meet-in-the-middlepreimage attack into pseudo collision attack: Application toSHA-2. In Proc. the 19th Int. Conf. Fast Software Encryp-tion, Mar. 2012, pp.264-286.
|
[56] |
Wang L, Sasaki Y, Komatsubara W, Ohta K,Sakiyama K. (Second) preimage attacks on step-reducedRIPEMD/RIPEMD-128 with a new local-collision approach.In Proc. the 11th Int. Conf. Topics in Cryptology, Feb.2011, pp.197-212.
|