We present a rebound attack on the 4-branch type-2 generalized Feistel structure with an SPS round function, which is called the type-2 GFN-SPS in this paper. Applying a non-full-active-match technique, we construct a 6-round known-key truncated differential distinguisher, and it can deduce a near-collision attack on compression functions of this structure embedding the MMO or MP modes. Extending the 6-round attack, we build a 7-round truncated differential path to get a known-key differential distinguisher with seven rounds. The results give some evidences that this structure is not stronger than the type-2 GFN with an SP round function and not weaker than that with an SPSP round function against the rebound attack.

The most widely used hash functions from MD4 family have been broken, which lead to a public competition on designing new hash functions held by NIST. This paper focuses on one concept called near-collision resistance: computationally difficult to find a pair of messages with hash values differing in only few bits, which new hash functions should satisfy. In this paper, we will give a model of near-collisions on MD4, and apply it to attack protocols including HMAC/NMAC-MD4 and MD4(Password||Challenge). Our new outer-key recovery attacks on HMAC/NMAC-MD4 has a complexity of 272 online queries and 277 MD4 computations, while previous result was 288 online queries and 295 MD4 computations. Our attack on MD4(Password||Challenge) can recover 16 password characters with a complexity of 237 online queries and 221 MD4 computations, which is the first approach to attack such protocols.