¹ School of Computer Science and Technology, Donghua University, Shanghai, China
² Shanghai Key Laboratory of Integrate Administration Technologies for Information Security, Shanghai, China
³State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China
⁴ Department of Computer Science and Engineering, Shanghai Jiao Tong University, Shanghai, China
⁵ Department of Information Science and Technology, East China University of Political Science and Law, Shanghai, China
⁶ ESAT/COSIC and IBBT, Katholieke Universiteit Leuven, Leuven, Belgium
⁷ Department of Computer Science and Engineering, University of Shanghai for Science and Technology, Shanghai, China

---

Abstract—The MD5, proposed by R. Riverst in 1992, is a widely used hash function with Merkle-Damgard structure. In the literature, many studies have been devoted to classical cryptanalysis on the MD5, such as the collision attack, the preimage attack etc. In this paper, we propose a new differential fault analysis on the MD5 compression function in the word-oriented random fault model. The simulating experimental results show that 144 random faults on average are required to obtain the current input message block. Our method not only increases the efficiency of fault injection, but also decreases the number of fault hash values. It provides a new reference for the security analysis of the same structure of the hash compression functions.

Index Terms—Hash function, MD5, Differential fault analysis

[PDF]

Cite: Wei Li, Zhi Tao, Dawu Gu, Yi Wang, Zhiqiang Liu, and Ya Liu, " Differential Fault Analysis on the MD5 Compression Function," Journal of Computers vol. 8, no. 11, pp. 2888-2894, 2013.