Algorithm 8.1

The MD4 hash function (overview).

( m = m 0 m 1 ...m s− 1 )

Construct M = M [0] M [1] ...M [ N − 1]

A ← 0x67452301

B ← 0xEFCDAB89

C ← 0x98BADCFE

D ← 0x10325476

for i =0to N/ 16 − 1 do

for j =0to 15 do X [ j ]= M [ i · 16 + j ]

A ← A

B ← B

C ← C

D ← D

Round 1 (Algorithm 8.2)

Round 2 (Algorithm 8.3)

Round 3 (Algorithm 8.4)

A ← A + A

B ← B + B

C ← C + C

D

D + D

( h ( m )= A B C D )

←

8.3.1

MD4

As mentioned earlier, MD4 was proposed in 1990 and is specified in RFC 1320

[4]. 15 It represents a Merkle-Damgard construction that hashes a message in 512-bit

blocks (i.e., b = 512) and that produces an output of 128 bits (i.e., l = 128). As

also mentioned earlier, MD4 was designed to be efficiently implementable on 32-

bit processors. It assumes a little-endian architecture, meaning that a 4-byte word

a 1 a 2 a 3 a 4 represents the following integer:

a 4 2 24 + a 3 2 16 + a 2 2 8 + a 1

In a big-endian architecture, the same 4-byte word a 1 a 2 a 3 a 4 would represent

the integer

a 1 2 24 + a 2 2 16 + a 3 2 8 + a 4 .

15

The original version of MD4 was published in October 1990 in RFC 1196. A slightly revised version

of it was published in April 1992 (at the same time as MD5) in RFC 1320.