Cryptography Reference
In-Depth Information
We conclude this section with a brief overview of a hash algorithm developed
under the European
Race Integrity Primitives Evaluation
(RIPE) project by a
research groupthat had successfully cryptanalyzed MD4 and MD5 (see [41] and
[72]). The following version is the evolution of earlier attempts, so represents
the best upgrade, to date, of the group's efforts. We give only a brief description
since the details are similar to SHA-1, which we have described in detail and
use for comparison.
RIPEMD-160 Message Digest Algorithm
The algorithm takes binary inputs of arbitrary length and outputs 160-bit
message digests. The input is separated into 512-bit blocks.
Algorithm Steps
1.
Padding
: The input
m
is padded so that its bitlength is congruent to 448
modulo 512.
2.
Appending
: A block of 64 bits is appended to
m
.
3.
Buffering
: A 160-bit buffer is used to house intermediate and final outputs,
and is separated into five 32-bit registers.
4.
Processing
: This is the primary mechanism of the algorithm, consisting
of ten rounds of sixteen steps each of processing. The ten rounds are
separated into two parallel sequences of five rounds each. The ten rounds
have the same structure with five different primitive functions and additive
constants, but the order of application differs (to which we will return
in the analysis after the algorithm description). Each round inputs the
current 512-bit block being processed and updates the contents of the
buffer. The output of the fifth round (80th step) is (independently) added
to the chaining variable input to the first round (compare to the same idea
used in SHA-1; see Diagram 7.2 on page 258).
Analysis and Comparison
: RIPEMD-160 uses two parallel sequences of
five rounds each to increase the complexity inherent in finding collisions be-
tween rounds, since this could be the starting point for finding collisions of the
compression function (notably a problem the designers found in cryptanalyzing
MD4 and MD5). Since the two sequences are virtually the same in logic de-
sign, there were differences introduced: the additive constants differ; the order
of applications of the five primitive functions is reversed; and the processing of
32-bit blocks is different.
In comparison with SHA-1, RIPEMD-160 is equally resistant to weak col-
lision attacks. Moreover, the parallel processing in RIPEMD-160 makes it
stronger against cryptanalysis than SHA-1. In terms of speed, SHA-1 has 80
(four rounds of 20) steps, whereas RIPEMD-160 has 160 (five paired rounds of
sixteen) steps. Thus, SHA-1 is slightly faster than RIPEMD-160, but again it
is a trade-off between security and e:ciency. There are also MACs based upon
RIPEMD-160 (see [42]), but we will not discuss them in the next section where
a wealth of MAC information is otherwise available.
Search WWH ::
Custom Search