Preimage Attacks on the Step-Reduced RIPEMD-128 and RIPEMD-160


IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences   Vol.E95-A   No.10   pp.1729-1739
Publication Date: 2012/10/01
Online ISSN: 1745-1337
DOI: 10.1587/transfun.E95.A.1729
Print ISSN: 0916-8508
Type of Manuscript: PAPER
Category: Cryptography and Information Security
RIPEMD-128,  RIPEMD-160,  hash,  preimage,  meet-in-the-middle,  

Full Text: PDF>>
Buy this Article

In this paper, we present the first results on the preimage resistance against step-reduced versions of ISO standard hash functions RIPEMD-128 and RIPEMD-160, which were designed as strengthened versions of RIPEMD. While preimage attacks on the first 33 steps and intermediate 35 steps of RIPEMD (48 steps in total) are known, no preimage attack exists on RIPEMD-128 (64 steps) or RIPEMD-160 (80 steps). This paper shows three variations of preimage attacks of RIPEMD-128; the first 33 steps, intermediate 35 steps, and the last 32 steps. Because of the large security margin, full RIPEMD-128 is still enough secure, however, it is interesting that the number of attacked steps for RIPEMD-128 reaches the same level as for RIPEMD. We also show that our approach can be applied to RIPEMD-160, and present preimage attacks on the first 30 steps and the last 31 steps.