Cryptology ePrint Archive: Report 2005/327

On the Security of Encryption Modes of MD4, MD5 and HAVAL

Jongsung Kim and Alex Biryukov and Bart Preneel and Sangjin Lee

Abstract: MD4 is a cryptographic hash function introduced in 1990 by Rivest. After MD4 was proposed, several hash functions such as MD5, HAVAL, RIPEMD, RIPEMD-160, SHA-1 and SHA-256 were designed based on the MD4 structure. In this paper, we cryptanalyze the compression functions of MD4, MD5 and 4-, 5-pass HAVAL in encryption modes. We exploit the recently proposed related-key rectangle and boomerang techniques to show non-randomness of MD4, MD5 and 4-, 5-pass HAVAL and to distinguish them from a randomly chosen cipher. The attacks are highly practical and have been confirmed by our experiments.

Category / Keywords: secret-key cryptography / hash functions

Publication Info: A shorten version of the paper will be published in ICICS 2005.

Date: received 16 Sep 2005, last revised 14 Oct 2005

Contact author: Kim Jongsung at esat kuleuven be

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Version: 20051014:130635 (All versions of this report)

Short URL: ia.cr/2005/327

Discussion forum: Show discussion | Start new discussion