Cryptography Reference
In-Depth Information
Algorithm 8.1
The MD4 hash function (overview).
(
m
=
m
0
m
1
...m
s−
1
)
Construct
M
=
M
[0]
M
[1]
...M
[
N −
1]
A ←
0x67452301
B ←
0xEFCDAB89
C ←
0x98BADCFE
D ←
0x10325476
for
i
=0to
N/
16
−
1 do
for
j
=0to 15 do
X
[
j
]=
M
[
i ·
16 +
j
]
A
← A
B
← B
C
← C
D
← D
Round 1 (Algorithm 8.2)
Round 2 (Algorithm 8.3)
Round 3 (Algorithm 8.4)
A ← A
+
A
B ← B
+
B
C ← C
+
C
D
D
+
D
(
h
(
m
)=
A B C D
)
←
8.3.1
MD4
As mentioned earlier, MD4 was proposed in 1990 and is specified in RFC 1320
[4].
15
It represents a Merkle-Damgard construction that hashes a message in 512-bit
blocks (i.e.,
b
= 512) and that produces an output of 128 bits (i.e.,
l
= 128). As
also mentioned earlier, MD4 was designed to be efficiently implementable on 32-
bit processors. It assumes a little-endian architecture, meaning that a 4-byte word
a
1
a
2
a
3
a
4
represents the following integer:
a
4
2
24
+
a
3
2
16
+
a
2
2
8
+
a
1
In a big-endian architecture, the same 4-byte word
a
1
a
2
a
3
a
4
would represent
the integer
a
1
2
24
+
a
2
2
16
+
a
3
2
8
+
a
4
.
15
The original version of MD4 was published in October 1990 in RFC 1196. A slightly revised version
of it was published in April 1992 (at the same time as MD5) in RFC 1320.