密码学报(中英文)2026,Vol.13Issue(2):268-282,15.DOI:10.13868/j.cnki.jcr.000850
对全轮RIPEMD-128的改进区分攻击
Improved Distinguishing Attack on Full RIPEMD-128
摘要
Abstract
RIPEMD hash functions have been widely used in practical applications such as PGP and Bitcoin,among which RIPEMD-128 was standardized by ISO/IEC in 2003.This sudy presents a distinguishing attack on the full-round RIPEMD-128 and further reduces its attack complexity.Since the basic structure of RIPEMD-128 consists of two parallel MD4-like lines,differential cryptanalysis is employed and the bit-tracing technique proposed by Wang and Yu is utilized to construct improved differential characteristics for both Line1 and Line2 of the dual-line parallel structure.In addition,besides using message modification techniques to satisfy most conditions in Line2,several conditions in Line1 are further modified through the message pair(m11,m15),thereby reducing the attack complexity to 298.Finally,by shifting the perspective of analysis,the proposed attack is investigated in the quantum setting.Theoretically,the complexity of the quantum attack can be reduced to 249.The results of this study may contribute to further improvements in attacks on RIPEMD-128.关键词
RIPEMD-128/区分攻击/差分路线/消息修改/中性比特/量子攻击Key words
RIPEMD-128/distinguishing attack/differential characteristic/message modification/neutral bits/quantum attack分类
信息技术与安全科学引用本文复制引用
曹荣蓉,卢政荣,于红波..对全轮RIPEMD-128的改进区分攻击[J].密码学报(中英文),2026,13(2):268-282,15.基金项目
国家密码科学基金(2025NCSF02014)National Cryptologic Science Fund of China(2025NCSF02014) (2025NCSF02014)
