Estimates of collision resistance complexity for the hash function RIPEMD

In 2005, Wang et al. developed practical collision attacks on MD4 and RIPEMD hash functions. For RIPEMD however, description of the attack has been presented only at ideological level, raising concerns about the attack complexity claimed by the authors. X. Wang et al. stated that the attack complexity is about $2^{18}$ calls of compression function. In this paper, the omitted details of the Wang attack on RIPEMD hash function are recovered and the single-step message modification being the first stage of this attack is implemented. The experiments showed that the lower bound of the average complexity of the Wang's attack is greater than $2^{32,49}$ compression function calls. This estimation is significantly higher than the one stated in the Wang's paper.