RACE Integrity Primitives Evaluation Message Digest
A family of cryptographic hash routines is called RACE Integrity Primitives Evaluation Message Digest (RIPEMD). It was created as part of the RIPE (RACE Integrity Primitives Evaluation) research initiative in Europe.
Definition and Purpose
One-way cryptographic hash functions like RACE Integrity Primitives Evaluation Message Digest generate a variable-length “message digest” or “hash value” from any size message or data. Hashed numbers are usually hexadecimal. Because they transform data into an irregular value of a defined length, hash functions are essential to system security.
Key Properties of Cryptographic Hash Functions
A strong cryptographic hash function demonstrates a number of critical characteristics:
Deterministic: Consistently, the same input will yield the same output.
One-way (Preimage Resistance): In other words, you cannot use the hash value to determine the original input data because it is computationally impossible to reverse the process.
Collision-resistant: Finding two distinct inputs that provide the exact same hash value is really challenging.
Avalanche Effect: Even slight input modifications (such as altering a single character) produce entirely different hash outputs.
History and Development
In 1992, as part of the EU project RIPE, Hans Dobbertin, Antoon Bosselaers, and Bart Preneel created the first RACE Integrity Primitives Evaluation Message Digest function. The MD4 hash function served as the basis for its design.
The same creators of RACE Integrity Primitives Evaluation Message Digest released four enhanced versions in 1996 in reaction to security flaws discovered in the original:
- RIPEMD 128
- RIPEMD – 160
- RIPEMD-256.
- “RIPEMD-320”
The RIPEMD Family and Security
Each of the five functions in the RACE Integrity Primitives Evaluation Message Digest family produces a distinct digest size.
RIPEMD (original): Generates a hash of 128 bits. Because to design flaws, it is not regarded as secure. For the first RACE Integrity Primitives Evaluation Message Digest, a collision was reported in August 2004.
RIPEMD-128: Generates a hash of 128 bits. Even with the removal of design problems, its 128-bit output is still seen as being excessively tiny and less secure.
RIPEMD-160: Creates a 160-bit hash, which is commonly expressed as 40 hexadecimal digits. The most popular and extensively used variant, it is intended to take the place of 128-bit hash algorithms such as MD4, MD5, and RIPEMD-128. It raises the security level by lengthening the output to 160 bits. Its complex architecture and “double-branch” structure, which processes data in two operations, make it more resistant to some attacks.
RIPEMD-256 and RIPEMD-320: Create 256-bit and 320-bit hashes. These versions are secure like RIPEMD-128 and RIPEMD-160. Rather than being made for increased security, they are made for applications that want a longer hash result.
Versions of RIPEMD:
| Version | Output size | Security |
|---|---|---|
| RIPEMD | 128 bits | Broken — insecure |
| RIPEMD-128 | 128 bits | Better but weak now |
| RIPEMD-160 | 160 bits | Most widely used, still considered secure |
| RIPEMD-256 | 256 bits | Larger output, not much more secure |
| RIPEMD-320 | 320 bits | Larger output, overkill for most use cases |
Known Attacks on RIPEMD-160
Even while RIPEMD-160 is thought to be secure, current research has found potential collision attacks on fewer rounds:
- In 2019, a collision attack that reached 34 out of 80 rounds was reported.
- A collision approach that achieved 36 out of 80 rounds with a temporal complexity of 2^64.5 was disclosed in February 2023.
- A better collision attack was discovered in December 2023, with a theoretical temporal complexity of 2^49.9 and the ability to reach 40 out of 80 rounds. Note that the entire 80-round RIPEMD-160 is not susceptible to these attacks.
Applications
Numerous cryptographic applications make use of RIPEMD functionalities, especially RIPEMD-160:
Bitcoin Addresses: Notably, RIPEMD-160 is utilized by Bitcoin and other Bitcoin-based coins. A procedure known as “Hash160” is used by Bitcoin to generate a public address from a public key. To get a shorter, 160-bit address, the public key is first hashed using SHA-256 and the output is then hashed one again using RIPEMD-160. Shorter addresses and improved security through layered defence are the results of this two-step procedure that aids in compressing and securing the public key.
Ethereum Addresses: With Ethereum, a 256-bit public key is converted into a 160-bit account address using the RIPEMD-160-bit hash function. Additionally, it is accessible at Ethereum address 0x3 as a precompiled contract.
Digital Signatures and Data Integrity: Like SHA (Secure Hash Algorithm) or MD5, RACE Integrity Primitives Evaluation Message Digest is used to ensure data integrity and digital signatures.
Advantages and Disadvantages
Advantages:
- Transparently planned and thoroughly researched.
- For the entire 80 rounds, it is resistant to known RIPEMD-160 attacks.
- Still suitable for some cryptography and blockchain applications.
Disadvantages:
- Both the original RIPEMD and RIPEMD-128 versions lack security.
- Compared to certain contemporary algorithms, it may be slower.
- These days, SHA-2 and SHA-3 are more frequently utilised and advised in numerous applications.
Implementations
A number of cryptographic libraries, such as Botan, Bouncy Castle, Cryptlib, Crypto++, Libgcrypt, mbed TLS, Nettle, OpenSSL, and wolfSSL, support RIPEMD, more especially RIPEMD-160. RIPEMD-160 is also supported by Python’s hashlib package.
Summary Table
| Feature | Details |
|---|---|
| Full name | RACE Integrity Primitives Evaluation Message Digest |
| Developed by | COSIC Group (Belgium), 1992–1996 |
| Main secure version | RIPEMD-160 |
| Output size (RIPEMD-160) | 160 bits (20 bytes) |
| Use cases | Bitcoin addresses, digital signatures, data integrity |
| Current status | RIPEMD-160 is secure but less common today |