Cryptography Reference
In-Depth Information
Algorithm 8.4
Round 3 of the MD4 hash function.
1.
A ←
(
A
+
h
(
B, C, D
)+
X
[0] +
c
2
)
←
3
2.
D ←
(
D
+
h
(
A, B, C
)+
X
[8] +
c
2
)
←
9
3.
C ←
(
C
+
h
(
D, A, B
)+
X
[4] +
c
2
)
←
11
4.
B ←
(
B
+
h
(
C, D, A
)+
X
[12] +
c
2
)
←
15
5.
A ←
(
A
+
h
(
B, C, D
)+
X
[2] +
c
2
)
←
3
6.
D ←
(
D
+
h
(
A, B, C
)+
X
[10] +
c
2
)
←
9
7.
C ←
(
C
+
h
(
D, A, B
)+
X
[6] +
c
2
)
←
11
8.
B ←
(
B
+
h
(
C, D, A
)+
X
[14] +
c
2
)
←
15
9.
A ←
(
A
+
h
(
B, C, D
)+
X
[1] +
c
2
)
←
3
10.
D
←
(
D
+
h
(
A, B, C
)+
X
[9] +
c
2
)
←
9
11.
C
←
(
C
+
h
(
D, A, B
)+
X
[5] +
c
2
)
←
11
12.
B
←
(
B
+
h
(
C, D, A
)+
X
[13] +
c
2
)
←
15
13.
A
←
(
A
+
h
(
B, C, D
)+
X
[3] +
c
2
)
←
3
14.
D
9
15.
C ←
(
C
+
h
(
D, A, B
)+
X
[7] +
c
2
)
←
11
16.
B ←
(
B
+
h
(
C, D, A
)+
X
[15] +
c
2
)
←
15
←
(
D
+
h
(
A, B, C
)+
X
[11] +
c
2
)
←
The three rounds used in the MD4 hash function are different. The following
operations are employed in the three rounds (
X
and
Y
denote input words, and each
operation produces an output word):
X
∧
Y
Bitwise and of
X
and
Y
(AND)
X
∨
Y
Bitwise or of
X
and
Y
(OR)
X
⊕
Y
Bitwise exclusive or of
X
and
Y
(XOR)
¬
X
Bitwise complement of
X
(NOT)
Integer addition of
X
and
Y
modulo 2
32
X
+
Y
31)
Note that all of these operations are very fast and that the only arithmetic
operation is addition modulo 2
32
. As mentioned earlier, MD4 assumes a little-endian
architecture.
16
Consequently, if an MD4 hash value must be computed on a big-
endian machine, then the addition operation is a little bit more involved and must be
implemented accordingly.
Rounds 1, 2, and 3 of the MD4 hash algorithm use the following three auxiliary
functions
f
,
g
,and
h
:
X
←
s
Circular left shift of
X
by
s
positions (0
≤
s
≤
f
(
X, Y, Z
)=
X
∧
Y
)
∨
((
¬
X
)
∧
Z
)
16
Rivest chose to assume a little-endian architecture mainly because he observed that big-endian
architectures are generally faster and can therefore better afford the processing penalty (of reversing
each word for processing).
