What's the state of the art attack to get the first pre-image on MD4?

Question

What's the state of the art attack to get the first pre-image on MD4?

Is it still $2^{102}$ as described by Gaëtan Leurent in "MD4 is Not One-Way" ?

Answer 1

The latest I know about is indeed "MD4 is Not One-Way." by Gaëtan Leurent (PDF) FSE 2008. Some of the more interesting and more recent publications to check on are "Advanced Meet-in-the-Middle Preimage Attacks: First Results on Full Tiger, and Improved Results on MD4 and SHA-2", Jian Guo/San Ling/Christian Rechberger/Huaxiong Wang, 2010 (PDF) and the paper Henrick Hellström mentioned in his comment. I don't think you'll find any more recent and/or note-worthy discoveries.

In 2011 there was RFC 6150 (https://www.rfc-editor.org/rfc/rfc6150) which stated that MD4 aka RFC 1320 (https://www.rfc-editor.org/rfc/rfc1320) is "historic"; meaning: "obsolete". I guess, due to the now "historic" status of MD4, there won't be too much interest to expand further on the issue.