Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
RIPEMD
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
{{Short description|Cryptographic hash function}} {{Infobox cryptographic hash function | name = RIPEMD | image = | caption = <!-- General --> | designers = [[Hans Dobbertin]], [[Antoon Bosselaers]] and [[Bart Preneel]] | publish date = 1992 | series = | derived from = | derived to = | related to = | certification = RIPEMD-160: [[CRYPTREC]] (Monitored) <!-- Detail --> | digest size = 128, 160, 256, 320 bits | structure = | rounds = | cryptanalysis = }} [[File:RIPEMD 160 2.png|thumbnail|right|300px|A sub-block from the compression function of the RIPEMD-160 hash algorithm]] {{Wikifunctions|Z10138|RIPEMD-128}} {{Wikifunctions|Z10139|RIPEMD-160}} '''RIPEMD''' ('''RIPE Message Digest''') is a family of [[cryptographic hash function]]s developed in 1992 (the original RIPEMD) and 1996 (other variants). There are five functions in the family: RIPEMD, RIPEMD-128, RIPEMD-160, RIPEMD-256, and RIPEMD-320, of which RIPEMD-160 is the most common.{{cn|reason=Most common is true but not a verified claim here|date=April 2024}} The original RIPEMD, as well as RIPEMD-128, is not considered secure because 128-bit result is too small and also (for the original RIPEMD) because of design weaknesses. The 256- and 320-bit versions of RIPEMD provide the same level of security as RIPEMD-128 and RIPEMD-160, respectively; they are designed for applications where the security level is sufficient but longer hash result is necessary. While RIPEMD functions are less popular than [[SHA-1]] and [[SHA-2]], they are used, among others, in [[Bitcoin]] and other [[cryptocurrencies]] based on Bitcoin.{{Citation needed|reason=I could only find sources for RIPEMD-160 being used for Bitcoin addresses, which, if that's the case, should have a citation and also be clarified with both the exact used function (RIPEMD-160) and use case (and be put in the Bitcoin article)|date=April 2024}} == History == The original RIPEMD function was designed in the framework of the [[European Union|EU]] project RIPE ([[RACE (Europe)|RACE]]<!--RACE = Research and Development in Advanced Communications Technologies in Europe --> Integrity Primitives Evaluation) in 1992.<ref>{{cite conference|first1=Hans|last1=Dobbertin|author-link1=Hans Dobbertin|first2=Antoon|last2=Bosselaers|first3=Bart|last3=Preneel|author-link3=Bart Preneel|title=RIPEMD-160: A strengthened version of RIPEMD|conference=Fast Software Encryption. Third International Workshop|location=Cambridge, UK|date=21β23 February 1996|pages=71β82|url=https://homes.esat.kuleuven.be/~bosselae/ripemd160/pdf/AB-9601/AB-9601.pdf|doi=10.1007/3-540-60865-6_44|doi-access=free}}</ref><ref>{{cite book|editor-first1=Antoon|editor-last1=Bosselaers|editor-first2=Bart|editor-last2=Preneel|editor-link2=Bart Preneel|title=Integrity Primitives for Secure Information Systems. Final Report of RACE Integrity Primitives Evaluation (RIPE-RACE 1040)|volume=1007|year=1995|doi=10.1007/3-540-60640-8|series=Lecture Notes in Computer Science|isbn=978-3-540-60640-6|last1=Bosselaers|first1=Antoon|last2=Preneel|first2=Bart|s2cid=12895857}}</ref> Its design was based on the [[MD4]] hash function. In 1996, in response to security weaknesses found in the original RIPEMD,<ref>{{cite journal|first=Hans|last=Dobbertin|author-link=Hans Dobbertin|title=RIPEMD with two-round compress function is not collision-free|date=December 1997|journal=[[Journal of Cryptology]]|volume=10|issue=1|pages=51β69|doi=10.1007/s001459900019|s2cid=15662054|doi-access=free}}</ref> [[Hans Dobbertin]], [[Antoon Bosselaers]] and [[Bart Preneel]] at the [[COSIC]] research group at the [[Katholieke Universiteit Leuven]] in [[Leuven|Leuven, Belgium]] published four strengthened variants: RIPEMD-128, RIPEMD-160, RIPEMD-256, and RIPEMD-320.<ref>{{cite web|url=https://homes.esat.kuleuven.be/~bosselae/ripemd160.html|title=The hash function RIPEMD-160|first=Antoon|last=Bosselaers}}</ref> In August 2004, a collision was reported for the original RIPEMD.<ref>{{Cite journal |last1=Wang |first1=Xiaoyun |author-link=Xiaoyun Wang |last2=Feng |first2=Dengguo |last3=Lai |first3=Xuejia |author-link3=Xuejia Lai |last4=Yu |first4=Hongbo |date=2004-08-17 |title=Collisions for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD |url=https://eprint.iacr.org/2004/199 |journal=[[Cryptology ePrint Archive]] |access-date=2017-03-03}}</ref> This does not apply to RIPEMD-160.<ref>{{Cite book |last1=Mendel |first1=Florian |last2=Pramstaller |first2=Norbert |last3=Rechberger |first3=Christian |last4=Rijmen |first4=Vincent |title=Information Security |chapter=On the Collision Resistance of RIPEMD-160 |series=Lecture Notes in Computer Science |author-link4=Vincent Rijmen |date=2006 |url=https://online.tugraz.at/tug_online/voe_main2.getvolltext?pCurrPk=17675 |volume=4176 |pages=101β116 |doi=10.1007/11836810_8 |access-date=2017-03-03 |doi-access=free|isbn=978-3-540-38341-3 }}</ref> In 2019, the best collision attack for RIPEMD-160 could reach 34 rounds out of 80 rounds, which was published at CRYPTO 2019.<ref>{{Cite conference |last1=Liu |first1=Fukang |last2=Dobraunig |first2=Christoph |last3=Mendel |first3=Florian |last4=Isobe |first4=Takanori |last5=Wang |first5=Gaoli |last6=Cao |first6=Zhenfu |title=Advances in Cryptology β CRYPTO 2019, Proceesings vol 2 |chapter=Efficient Collision Attack Frameworks for RIPEMD-160 |date=2019 |chapter-url=https://eprint.iacr.org/2018/652 |series=Lecture Notes in Computer Science |volume=11693 |pages=117β149 |doi=10.1007/978-3-030-26951-7_5 |isbn=978-3-030-26950-0 |s2cid=51860634 | conference =39th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 18β22, 2019 | editor1= Alexandra Boldyreva|editor2= Daniele Micciancio }}</ref> In February 2023, a collision attack for RIPEMD-160 was published at EUROCRYPT 2023, which could reach 36 rounds out of 80 rounds with time complexity of 2<sup>64.5</sup>.<ref>{{cite conference <!-- Citation bot no -->|last1=Liu |first1=Fukang |last2=Wang |first2=Gaoli |last3=Sarkar |first3=Santanu |last4=Anand |first4=Ravi |last5=Meier |first5=Willi |last6=Li |first6=Yingxin |last7=Isobe |first7=Takanori |title=Advances in Cryptology β EUROCRYPT 2023, Proceedings vol. 4|chapter=Analysis of RIPEMD-160: New Collision Attacks and Finding Characteristics with MILP |date=February 2023 |chapter-url=https://eprint.iacr.org/2023/277 |conference=42nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Lyon, France, April 23β27, 2023 |series=Lecture Notes in Computer Science |volume=14007 |pages=189β219 |doi=10.1007/978-3-031-30634-1_7 |isbn=978-3-031-30633-4 |s2cid=257235244 | editor1= Carmit Hazay | editor2= Martijn Stam}}</ref> In December 2023, an improved collision attack was found based on the technique from the previous best collision attack, this improved collision attack could reach 40 rounds out of 80 round with a theoretical time complexity of 2<sup>49.9</sup>.<ref name="Li Liu Wang 2023 pp. 112β142">{{cite journal | last=Li | first=Yingxin | last2=Liu | first2=Fukang | last3=Wang | first3=Gaoli | title=Automating Collision Attacks on RIPEMD-160 | journal=IACR Transactions on Symmetric Cryptology | volume=2023 | issue=4 | date=2023-12-08 | issn=2519-173X | doi=10.46586/tosc.v2023.i4.112-142 | pages=112β142| doi-access=free }}</ref> ==RIPEMD-160 hashes== The 160-bit RIPEMD-160 hashes (also termed RIPE ''message digests'') are typically represented as 40-digit [[hexadecimal]] numbers. The following demonstrates a 43-byte [[ASCII]] input and the corresponding RIPEMD-160 hash: RIPEMD-160("The quick brown fox jumps over the lazy {{Background color|#87CEEB|d}}og") = 37f332f68db77bd9d7edd4969571ad671cf9dd3b RIPEMD-160 behaves with the desired [[avalanche effect]] of cryptographic hash functions (small changes, e.g. changing {{mono|d}} to {{mono|c}}, result in a completely different hash): RIPEMD-160("The quick brown fox jumps over the lazy {{Background color|#87CEEB|c}}og") = 132072df690933835eb8b6ad0b77e7b6f14acad7 The hash of a zero-length string is: RIPEMD-160("") = 9c1185a5c5e9fc54612808977ee8f548b2258d31 == Implementations == Below is a list of cryptography libraries that support RIPEMD (specifically RIPEMD-160): * [[Botan (programming library)|Botan]] * [[Bouncy Castle (cryptography)|Bouncy Castle]] * [[Cryptlib]] * [[Crypto++]] * [[Libgcrypt]] * [[mbed TLS]] * [[Nettle (cryptographic library)|Nettle]] * [[OpenSSL]] * [[wolfSSL]] ==See also== * [[Hash function security summary]] * [[Comparison of cryptographic hash functions]] *[[Comparison of cryptography libraries]] * [[Topics in cryptography]] ==References== {{reflist}} ==External links== * [https://homes.esat.kuleuven.be/~bosselae/ripemd160.html The hash function RIPEMD-160] * [https://ehash.iaik.tugraz.at/wiki/RIPEMD-160 RIPEMD-160 Ecrypt page] * [https://homes.esat.kuleuven.be/~bosselae/ripemd/rmd128.txt RIPEMD-128bit Algorithm] {{Cryptography navbox | hash}} [[Category:Cryptographic hash functions]]
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)
Pages transcluded onto the current version of this page
(
help
)
:
Template:Background color
(
edit
)
Template:Citation needed
(
edit
)
Template:Cite book
(
edit
)
Template:Cite conference
(
edit
)
Template:Cite journal
(
edit
)
Template:Cite web
(
edit
)
Template:Cn
(
edit
)
Template:Cryptography navbox
(
edit
)
Template:Infobox cryptographic hash function
(
edit
)
Template:Mono
(
edit
)
Template:Reflist
(
edit
)
Template:Short description
(
edit
)
Template:Wikifunctions
(
edit
)