Geodesic
Estimates of collision resistance complexity for the hash function RIPEMD
Prikladnaya Diskretnaya Matematika. Supplement, no. 5 (2012), pp. 43-44.

Voir la notice de l'article provenant de la source Math-Net.Ru

In 2005, Wang et al. developed practical collision attacks on MD4 and RIPEMD hash functions. For RIPEMD however, description of the attack has been presented only at ideological level, raising concerns about the attack complexity claimed by the authors. X. Wang et al. stated that the attack complexity is about $2^{18}$ calls of compression function. In this paper, the omitted details of the Wang attack on RIPEMD hash function are recovered and the single-step message modification being the first stage of this attack is implemented. The experiments showed that the lower bound of the average complexity of the Wang's attack is greater than $2^{32,49}$ compression function calls. This estimation is significantly higher than the one stated in the Wang's paper. 
@article{PDMA_2012_5_a22,
     author = {G. A. Karpunin and E. Z. Ermolaeva},
     title = {Estimates of collision resistance complexity for the hash function {RIPEMD}},
     journal = {Prikladnaya Diskretnaya Matematika. Supplement},
     pages = {43--44},
     publisher = {mathdoc},
     number = {5},
     year = {2012},
     language = {ru},
     url = {http://geodesic.mathdoc.fr/item/PDMA_2012_5_a22/}
}
TY  - JOUR
AU  - G. A. Karpunin
AU  - E. Z. Ermolaeva
TI  - Estimates of collision resistance complexity for the hash function RIPEMD
JO  - Prikladnaya Diskretnaya Matematika. Supplement
PY  - 2012
SP  - 43
EP  - 44
IS  - 5
PB  - mathdoc
UR  - http://geodesic.mathdoc.fr/item/PDMA_2012_5_a22/
LA  - ru
ID  - PDMA_2012_5_a22
ER  - 
%0 Journal Article
%A G. A. Karpunin
%A E. Z. Ermolaeva
%T Estimates of collision resistance complexity for the hash function RIPEMD
%J Prikladnaya Diskretnaya Matematika. Supplement
%D 2012
%P 43-44
%N 5
%I mathdoc
%U http://geodesic.mathdoc.fr/item/PDMA_2012_5_a22/
%G ru
%F PDMA_2012_5_a22
G. A. Karpunin; E. Z. Ermolaeva. Estimates of collision resistance complexity for the hash function RIPEMD. Prikladnaya Diskretnaya Matematika. Supplement, no. 5 (2012), pp. 43-44. http://geodesic.mathdoc.fr/item/PDMA_2012_5_a22/

[1] “RIPE. Integrity Primitives for Secure Information Systems. Final Report of RACE Integrity Primitives Evaluation (RIPE-RACE 1040)”, LNCS, 1007, 1995, 69–111

[2] Rivest R. L., “The MD4 Message Digest Algorithm”, LNCS, 537, 1991, 303–311 | Zbl

[3] Dobbertin H., “RIPEMD With Two-Round Compress Function Is Not Collision-Free”, J. Cryptology, 10:1 (1997), 51–69 | DOI | Zbl

[4] Debaert C., Gilbert H., “The RIPEMD$^L$ and RIPEMD$^R$ Improved Variants of MD4 Are Not Collision Free”, LNCS, 2355, 2002, 52–65 | Zbl

[5] Wang X., Feng D., Lai X., Yu X., Collisions for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD, IACR Cryptology ePrint Archive. Report No 199, 2004

[6] Wang X., Lai X., Feng D., et al., “Cryptanalysis of the Hash Functions MD4 and RIPEMD”, LNCS, 3494, 2005, 1–18 | MR | Zbl

[7] Dobbertin H., Bosselaers A., Preneel B., The hash function RIPEMD-160. Dedicated web-page, http://homes.esat.kuleuven.be/~bosselae/ripemd160.html

[8] Dobbertin H., Bosselaers A., Preneel B., “RIPEMD-160, a strengthened version of RIPEMD”, LNCS, 1039, 1996, 71–82

[9] TrueCrypt. Free open-source disk encryption software for Windows 7/Vista/XP, Mac OS X, and Linux. Dedicated web-page, http://www.truecrypt.org/

[10] Stach P., MD4 Collision Generator, http://packetstormsecurity.org/files/41550/md4coll.c.html