Paper 2023/277

Analysis of RIPEMD-160: New Collision Attacks and Finding Characteristics with MILP

Fukang Liu, Tokyo Institute of Technology, University of Hyogo
Gaoli Wang, East China Normal University, State Key Laboratory of Cryptology
Santanu Sarkar, Indian Institute of Technology Madras
Ravi Anand, University of Hyogo
Willi Meier, FHNW
Yingxin Li, East China Normal University
Takanori Isobe, University of Hyogo, NICT

The hash function RIPEMD-160 is an ISO/IEC standard and is being used to generate the bitcoin address together with SHA-256. Despite the fact that many hash functions in the MD-SHA hash family have been broken, RIPEMD-160 remains secure and the best collision attack could only reach up to 34 out of 80 rounds, which was published at CRYPTO 2019. In this paper, we propose a new collision attack on RIPEMD-160 that can reach up to 36 rounds with time complexity $2^{64.5}$. This new attack is facilitated by a new strategy to choose the message differences and new techniques to simultaneously handle the differential conditions on both branches. Moreover, different from all the previous work on RIPEMD-160, we utilize a MILP-based method to search for differential characteristics, where we construct a model to accurately describe the signed difference transitions through its round function. As far as we know, this is the first model targeting the signed difference transitions for the MD-SHA hash family. Indeed, we are more motivated to design this model by the fact that many automatic tools to search for such differential characteristics are not publicly available and implementing them from scratch is too time-consuming and difficult. Hence, we expect that this can be an alternative easy tool for future research, which only requires to write down some simple linear inequalities.

Available format(s)
Attacks and cryptanalysis
Publication info
A major revision of an IACR publication in EUROCRYPT 2023
RIPEMD-160collision attacksigned differencemodular differenceMILP
Contact author(s)
liufukangs @ gmail com
glwang @ sei ecnu edu cn
santanu @ iitm ac in
ravianandsps @ gmail com
willimeier48 @ gmail com
liyx1140 @ 163 com
takanori isobe @ ai u-hyogo ac jp
2023-02-27: approved
2023-02-24: received
See all versions
Short URL
Creative Commons Attribution


      author = {Fukang Liu and Gaoli Wang and Santanu Sarkar and Ravi Anand and Willi Meier and Yingxin Li and Takanori Isobe},
      title = {Analysis of RIPEMD-160: New Collision Attacks and Finding Characteristics with MILP},
      howpublished = {Cryptology ePrint Archive, Paper 2023/277},
      year = {2023},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.