Paper 2008/048

Improved Cryptanalysis of APOP-MD4 and NMAC-MD4 using New Differential Paths

Donghoon Chang, Jaechul Sung, Seokhie Hong, and Sangjin Lee


In case of security analysis of hash functions, finding a good collision-inducing differential paths has been only focused on. However, it is not clear how differential paths of a hash function influence the securities of schemes based on the hash function. In this paper, we show that any differential path of a hash function can influence the securities of schemes based on the hash function. We explain this fact with the MD4 hash function. We first show that APOP-MD4 with a nonce of fixed length can be analyzed efficiently with a new differential path. Then we improve the result of the key-recovery attack on NMAC-MD4 described by Fouque {\em et al.} \cite{FoLeNg07} by combining new differential paths. Our results mean that good hash functions should have the following property : \textit{It is computationally infeasible to find differential a path of hash functions with a high probability}.

Available format(s)
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
MD4Differential PathAPOPNMAC.
Contact author(s)
pointchang @ gmail com
2008-01-30: received
Short URL
Creative Commons Attribution


      author = {Donghoon Chang and Jaechul Sung and Seokhie Hong and Sangjin Lee},
      title = {Improved Cryptanalysis of {APOP}-{MD4} and {NMAC}-{MD4} using New Differential Paths},
      howpublished = {Cryptology ePrint Archive, Paper 2008/048},
      year = {2008},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.