Author Login Editor-in-Chief Peer Review Editor Work Office Work

Computer Engineering ›› 2019, Vol. 45 ›› Issue (9): 147-152. doi: 10.19678/j.issn.1000-3428.0052363

Previous Articles     Next Articles

Complexity Analysis of Distinguishing Attack on 51-step RIPEMD-160

CUI Binbin, WANG Gaoli   

  1. School of Computer Science and Software Engineering, East China Normal University, Shanghai 200062, China
  • Received:2018-08-10 Revised:2018-10-05 Online:2019-09-15 Published:2019-09-03

针对51步RIPEMD-160区分攻击的复杂度分析

崔斌斌, 王高丽   

  1. 华东师范大学 计算机科学与软件工程学院, 上海 200062
  • 作者简介:崔斌斌(1993-),男,硕士研究生,主研方向为信息安全、哈希函数;王高丽(通信作者),副教授
  • 基金资助:
    国家密码发展基金(MMJJ20180201)。

Abstract: SASAKI Y,et al used message modification technology to differentiate attack on 51-step RIPEMD-160(Lecture Notes in Computer Science,Vol.7341),but they did not consider the influence of modular subtraction difference on differential routes,and could not guarantee that the probability of the validation of the first half of the left and right operations is 1,which led to the error in the complexity of RIPEMD-160.For this reason,RIPEMD-160 differentiator is constructed by 2-dimension sums method and an improved distinguishing attack complexity analysis method is proposed.Sufficient conditions are given to ensure the validation of modular subtraction difference in differential routes.The probability of the validation of the first half of differential routes of left and right operations is increased from 2-7.717 to 1 after message modification.The probability of the validation of differential routes of the second half is obtained through experimental tests.The analysis results show that the complexity of distinguishing attacks on 51-step RIPEMD-160 is 2152.672.

Key words: RIPEMD-160 algorithm, boomerang distinguisher, modular subtraction difference, sufficient condition, message modification

摘要: SASAKI Y等人使用消息修改技术对51步RIPEMD-160算法进行区分攻击时(Lecture Notes in Computer Science,Vol.7341),未考虑模减差分对差分路线的影响,不能保证左右操作前半部分成立的概率为1,导致所得到的复杂度有误。为此,通过2-dimension sums方法构建RIPEMD-160区分器,在此基础上提出一种改进的区分攻击复杂度分析方法。给出保证差分路线中模减差分成立的充分条件,使消息修改后左右操作差分路线前半部分成立的概率由2-7.717增加到1,从而提高区分器成立概率,同时通过实验测试得到后半部分差分路线成立的概率。分析结果表明,51步RIPEMD-160算法区分攻击的复杂度为2152.672

关键词: RIPEMD-160算法, boomerang区分器, 模减差分, 充分条件, 消息修改

CLC Number: