Analysis of RIPEMD-160: New Collision Attacks and Finding Characteristics with MILP

Fukang Liu; Gaoli Wang; Santanu Sarkar; Ravi Anand; Willi Meier; Yingxin Li; Takanori Isobe

doi:10.1007/978-3-031-30634-1_7

Analysis of RIPEMD-160: New Collision Attacks and Finding Characteristics with MILP

Fukang Liu^*, Gaoli Wang, Santanu Sarkar, Ravi Anand, Willi Meier, Yingxin Li, Takanori Isobe

^*Corresponding author for this work

Software Engineering Institute

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

8 Scopus citations

Abstract

The hash function RIPEMD-160 is an ISO/IEC standard and is being used to generate the bitcoin address together with SHA-256. Despite the fact that many hash functions in the MD-SHA hash family have been broken, RIPEMD-160 remains secure and the best collision attack could only reach up to 34 out of 80 rounds, which was published at CRYPTO 2019. In this paper, we propose a new collision attack on RIPEMD-160 that can reach up to 36 rounds with time complexity 2 ^64.5. This new attack is facilitated by a new strategy to choose the message differences and new techniques to simultaneously handle the differential conditions on both branches. Moreover, different from all the previous work on RIPEMD-160, we utilize a MILP-based method to search for differential characteristics, where we construct a model to accurately describe the signed difference transitions through its round function. As far as we know, this is the first model targeting the signed difference transitions for the MD-SHA hash family. Indeed, we are more motivated to design this model by the fact that many automatic tools to search for such differential characteristics are not publicly available and implementing them from scratch is too time-consuming and difficult. Hence, we expect that this can be an alternative easy tool for future research, which only requires to write down some simple linear inequalities.

Original language	English
Title of host publication	Advances in Cryptology – EUROCRYPT 2023 - 42nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2023, Proceedings
Editors	Carmit Hazay, Martijn Stam
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	189-219
Number of pages	31
ISBN (Print)	9783031306334
DOIs	https://doi.org/10.1007/978-3-031-30634-1_7
State	Published - 2023
Event	42nd Annual International Conference on Theory and Applications of Cryptographic Techniques, EUROCRYPT 2023 - Lyon, France Duration: 23 Apr 2023 → 27 Apr 2023

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	14007 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	42nd Annual International Conference on Theory and Applications of Cryptographic Techniques, EUROCRYPT 2023
Country/Territory	France
City	Lyon
Period	23/04/23 → 27/04/23

Keywords

MILP
RIPEMD-160
collision attack
modular difference
signed difference

Access to Document

10.1007/978-3-031-30634-1_7

Cite this

Liu, F., Wang, G., Sarkar, S., Anand, R., Meier, W., Li, Y., & Isobe, T. (2023). Analysis of RIPEMD-160: New Collision Attacks and Finding Characteristics with MILP. In C. Hazay, & M. Stam (Eds.), Advances in Cryptology – EUROCRYPT 2023 - 42nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2023, Proceedings (pp. 189-219). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 14007 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-30634-1_7

Liu, Fukang ; Wang, Gaoli ; Sarkar, Santanu et al. / Analysis of RIPEMD-160 : New Collision Attacks and Finding Characteristics with MILP. Advances in Cryptology – EUROCRYPT 2023 - 42nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2023, Proceedings. editor / Carmit Hazay ; Martijn Stam. Springer Science and Business Media Deutschland GmbH, 2023. pp. 189-219 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{42a2c4ac52ed4ceaa188b483387e34b5,

title = "Analysis of RIPEMD-160: New Collision Attacks and Finding Characteristics with MILP",

abstract = "The hash function RIPEMD-160 is an ISO/IEC standard and is being used to generate the bitcoin address together with SHA-256. Despite the fact that many hash functions in the MD-SHA hash family have been broken, RIPEMD-160 remains secure and the best collision attack could only reach up to 34 out of 80 rounds, which was published at CRYPTO 2019. In this paper, we propose a new collision attack on RIPEMD-160 that can reach up to 36 rounds with time complexity 2 64.5. This new attack is facilitated by a new strategy to choose the message differences and new techniques to simultaneously handle the differential conditions on both branches. Moreover, different from all the previous work on RIPEMD-160, we utilize a MILP-based method to search for differential characteristics, where we construct a model to accurately describe the signed difference transitions through its round function. As far as we know, this is the first model targeting the signed difference transitions for the MD-SHA hash family. Indeed, we are more motivated to design this model by the fact that many automatic tools to search for such differential characteristics are not publicly available and implementing them from scratch is too time-consuming and difficult. Hence, we expect that this can be an alternative easy tool for future research, which only requires to write down some simple linear inequalities.",

keywords = "MILP, RIPEMD-160, collision attack, modular difference, signed difference",

author = "Fukang Liu and Gaoli Wang and Santanu Sarkar and Ravi Anand and Willi Meier and Yingxin Li and Takanori Isobe",

note = "Publisher Copyright: {\textcopyright} 2023, International Association for Cryptologic Research.; 42nd Annual International Conference on Theory and Applications of Cryptographic Techniques, EUROCRYPT 2023 ; Conference date: 23-04-2023 Through 27-04-2023",

year = "2023",

doi = "10.1007/978-3-031-30634-1\_7",

language = "英语",

isbn = "9783031306334",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "189--219",

editor = "Carmit Hazay and Martijn Stam",

booktitle = "Advances in Cryptology – EUROCRYPT 2023 - 42nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2023, Proceedings",

address = "德国",

}

Liu, F, Wang, G, Sarkar, S, Anand, R, Meier, W, Li, Y & Isobe, T 2023, Analysis of RIPEMD-160: New Collision Attacks and Finding Characteristics with MILP. in C Hazay & M Stam (eds), Advances in Cryptology – EUROCRYPT 2023 - 42nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2023, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 14007 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 189-219, 42nd Annual International Conference on Theory and Applications of Cryptographic Techniques, EUROCRYPT 2023, Lyon, France, 23/04/23. https://doi.org/10.1007/978-3-031-30634-1_7

Analysis of RIPEMD-160: New Collision Attacks and Finding Characteristics with MILP. / Liu, Fukang; Wang, Gaoli; Sarkar, Santanu et al.
Advances in Cryptology – EUROCRYPT 2023 - 42nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2023, Proceedings. ed. / Carmit Hazay; Martijn Stam. Springer Science and Business Media Deutschland GmbH, 2023. p. 189-219 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 14007 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Analysis of RIPEMD-160

T2 - 42nd Annual International Conference on Theory and Applications of Cryptographic Techniques, EUROCRYPT 2023

AU - Liu, Fukang

AU - Wang, Gaoli

AU - Sarkar, Santanu

AU - Anand, Ravi

AU - Meier, Willi

AU - Li, Yingxin

AU - Isobe, Takanori

PY - 2023

Y1 - 2023

N2 - The hash function RIPEMD-160 is an ISO/IEC standard and is being used to generate the bitcoin address together with SHA-256. Despite the fact that many hash functions in the MD-SHA hash family have been broken, RIPEMD-160 remains secure and the best collision attack could only reach up to 34 out of 80 rounds, which was published at CRYPTO 2019. In this paper, we propose a new collision attack on RIPEMD-160 that can reach up to 36 rounds with time complexity 2 64.5. This new attack is facilitated by a new strategy to choose the message differences and new techniques to simultaneously handle the differential conditions on both branches. Moreover, different from all the previous work on RIPEMD-160, we utilize a MILP-based method to search for differential characteristics, where we construct a model to accurately describe the signed difference transitions through its round function. As far as we know, this is the first model targeting the signed difference transitions for the MD-SHA hash family. Indeed, we are more motivated to design this model by the fact that many automatic tools to search for such differential characteristics are not publicly available and implementing them from scratch is too time-consuming and difficult. Hence, we expect that this can be an alternative easy tool for future research, which only requires to write down some simple linear inequalities.

AB - The hash function RIPEMD-160 is an ISO/IEC standard and is being used to generate the bitcoin address together with SHA-256. Despite the fact that many hash functions in the MD-SHA hash family have been broken, RIPEMD-160 remains secure and the best collision attack could only reach up to 34 out of 80 rounds, which was published at CRYPTO 2019. In this paper, we propose a new collision attack on RIPEMD-160 that can reach up to 36 rounds with time complexity 2 64.5. This new attack is facilitated by a new strategy to choose the message differences and new techniques to simultaneously handle the differential conditions on both branches. Moreover, different from all the previous work on RIPEMD-160, we utilize a MILP-based method to search for differential characteristics, where we construct a model to accurately describe the signed difference transitions through its round function. As far as we know, this is the first model targeting the signed difference transitions for the MD-SHA hash family. Indeed, we are more motivated to design this model by the fact that many automatic tools to search for such differential characteristics are not publicly available and implementing them from scratch is too time-consuming and difficult. Hence, we expect that this can be an alternative easy tool for future research, which only requires to write down some simple linear inequalities.

KW - MILP

KW - RIPEMD-160

KW - collision attack

KW - modular difference

KW - signed difference

UR - https://www.scopus.com/pages/publications/85161725603

U2 - 10.1007/978-3-031-30634-1_7

DO - 10.1007/978-3-031-30634-1_7

M3 - 会议稿件

AN - SCOPUS:85161725603

SN - 9783031306334

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 189

EP - 219

BT - Advances in Cryptology – EUROCRYPT 2023 - 42nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2023, Proceedings

A2 - Hazay, Carmit

A2 - Stam, Martijn

PB - Springer Science and Business Media Deutschland GmbH

Y2 - 23 April 2023 through 27 April 2023

ER -

Liu F, Wang G, Sarkar S, Anand R, Meier W, Li Y et al. Analysis of RIPEMD-160: New Collision Attacks and Finding Characteristics with MILP. In Hazay C, Stam M, editors, Advances in Cryptology – EUROCRYPT 2023 - 42nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2023, Proceedings. Springer Science and Business Media Deutschland GmbH. 2023. p. 189-219. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-031-30634-1_7