Paper 2024/350

Automating Collision Attacks on RIPEMD-160

Yingxin Li, East China Normal University
Fukang Liu, Tokyo Institute of Technology
Gaoli Wang, East China Normal University
Abstract

As an ISO/IEC standard, the hash function RIPEMD-160 has been used to generate the Bitcoin address with SHA-256. However, due to the complex double-branch structure of RIPEMD-160, the best collision attack only reaches 36 out of 80 steps of RIPEMD-160, and the best semi-free-start (SFS) collision attack only reaches 40 steps. To improve the 36-step collision attack proposed at EUROCRYPT 2023, we explored the possibility of using different message differences to increase the number of attacked steps, and we finally identified one choice allowing a 40-step collision attack. To find the corresponding 40-step differential characteristic, we re-implement the MILP-based method to search for signed differential characteristics with SAT/SMT. As a result, we can find a colliding message pair for 40-step RIPEMD-160 in practical time, which significantly improves the best collision attack on RIPEMD-160. For the best SFS collision attack published at ToSC 2019, we observe that the bottleneck is the probability of the right-branch differential characteristics as they are fully uncontrolled in the message modification. To address this issue, we utilize our SAT/SMT-based tool to search for high-probability differential characteristics for the right branch. Consequently, we can mount successful SFS collision attacks on 41, 42 and 43 steps of RIPEMD-160, thus significantly improving the SFS collision attacks. In addition, we also searched for a 44-step differential characteristic, but the differential probability is too low to allow a meaningful SFS collision attack.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
A minor revision of an IACR publication in TOSC 2023
Keywords
Semi-free-start collisioncollisionRIPEMD-160SAT/SMT
Contact author(s)
liyx1140 @ 163 com
liufukangs @ gmail com
glwang @ sei ecnu edu cn
History
2024-02-27: approved
2024-02-27: received
See all versions
Short URL
https://ia.cr/2024/350
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2024/350,
      author = {Yingxin Li and Fukang Liu and Gaoli Wang},
      title = {Automating Collision Attacks on {RIPEMD}-160},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/350},
      year = {2024},
      url = {https://eprint.iacr.org/2024/350}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.