{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,7]],"date-time":"2025-12-07T13:10:10Z","timestamp":1765113010530,"version":"3.30.1"},"reference-count":0,"publisher":"Universitatsbibliothek der Ruhr-Universitat Bochum","issue":"4","license":[{"start":{"date-parts":[[2023,12,8]],"date-time":"2023-12-08T00:00:00Z","timestamp":1701993600000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["ToSC"],"abstract":"<jats:p>As an ISO\/IEC standard, the hash function RIPEMD-160 has been used to generate the Bitcoin address with SHA-256. However, due to the complex doublebranch structure of RIPEMD-160, the best collision attack only reaches 36 out of 80 steps of RIPEMD-160, and the best semi-free-start (SFS) collision attack only reaches 40 steps. To improve the 36-step collision attack proposed at EUROCRYPT 2023, we explored the possibility of using different message differences to increase the number of attacked steps, and we finally identified one choice allowing a 40-step collision attack. To find the corresponding 40-step differential characteristic, we re-implement the MILP-based method to search for signed differential characteristics with SAT\/SMT. As a result, we can find a colliding message pair for 40-step RIPEMD-160 in practical time, which significantly improves the best collision attack on RIPEMD-160. For the best SFS collision attack published at ToSC 2019, we observe that the bottleneck is the probability of the right-branch differential characteristics as they are fully uncontrolled in the message modification. To address this issue, we utilize our SAT\/SMT-based tool to search for high-probability differential characteristics for the right branch. Consequently, we can mount successful SFS collision attacks on 41, 42 and 43 steps of RIPEMD-160, thus significantly improving the SFS collision attacks. In addition, we also searched for a 44-step differential characteristic, but the differential probability is too low to allow a meaningful SFS collision attack.<\/jats:p>","DOI":"10.46586\/tosc.v2023.i4.112-142","type":"journal-article","created":{"date-parts":[[2023,12,12]],"date-time":"2023-12-12T06:44:18Z","timestamp":1702363458000},"page":"112-142","source":"Crossref","is-referenced-by-count":4,"title":["Automating Collision Attacks on RIPEMD-160"],"prefix":"10.46586","volume":"2023","author":[{"given":"Yingxin","family":"Li","sequence":"first","affiliation":[]},{"given":"Fukang","family":"Liu","sequence":"additional","affiliation":[]},{"given":"Gaoli","family":"Wang","sequence":"additional","affiliation":[]}],"member":"25480","published-online":{"date-parts":[[2023,12,8]]},"container-title":["IACR Transactions on Symmetric Cryptology"],"original-title":[],"link":[{"URL":"https:\/\/philosophymindscience.org\/index.php\/ToSC\/article\/download\/11282\/11520","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/philosophymindscience.org\/index.php\/ToSC\/article\/download\/11282\/11521","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/philosophymindscience.org\/index.php\/ToSC\/article\/download\/11282\/10814","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,12,10]],"date-time":"2024-12-10T14:04:54Z","timestamp":1733839494000},"score":1,"resource":{"primary":{"URL":"https:\/\/philosophymindscience.org\/index.php\/ToSC\/article\/view\/11282"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,12,8]]},"references-count":0,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2023,12,8]]}},"URL":"https:\/\/doi.org\/10.46586\/tosc.v2023.i4.112-142","relation":{},"ISSN":["2519-173X"],"issn-type":[{"type":"electronic","value":"2519-173X"}],"subject":[],"published":{"date-parts":[[2023,12,8]]}}}