Abstract
In the recent years, several practical methods have been published to compute collisions on some commonly used hash functions. Starting from two messages m 1 and m 2 these methods permit to compute m 1′ and m 2′ similar to the former such that they have the same image for a given hash function. In this paper we present a method to take into account, at the symbolic level, that an intruder actively attacking a protocol execution may use these collision algorithms in reasonable time during the attack. This decision procedure relies on the reduction of constraint solving for an intruder exploiting the collision properties of hash functions to constraint solving for an intruder operating on words, that is with an associative symbol of concatenation. The decidability of the latter is interesting in its own right as it is the first decidability result that we are aware of for an intruder system for which unification is infinitary, and permits to consider in other contexts an associative concatenation of messages instead of their pairing.
Supported by ARA-SSIA Cops and ACI JC 9005.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Basin, D.A., Mödersheim, S., Viganò, L.: Ofmc: A symbolic model checker for security protocols. Int. J. Inf. Sec. 4(3), 181–208 (2005)
Baudet, M.: Random polynomial-time attacks and Dolev-Yao models. In: Anantharaman, S. (ed.) SASYFT 2004. Proceedings of the Workshop on Security of Systems: Formalism and Tools, Orléans, France (June 2004)
Biham, E., Chen, R.: Near-collisions of sha-0. In: Frankli, M.K. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 290–305. Springer, Heidelberg (2004)
Chevalier, Y., Kourjieh, M.: A symbolic intruder model for hash-collision attacks. Technical report, IRIT (to appear)
Chevalier, Y., Rusinowitch, M.: Combining intruder theories. In: Caires, L., Italiano, G.F., Monteiro, L., Palamidessi, C., Yung, M. (eds.) ICALP 2005. LNCS, vol. 3580, pp. 639–651. Springer, Heidelberg (2005)
Chevalier, Y., Rusinowitch, M.: Hierarchical combination of intruder theories. In: Giesl, J. (ed.) RTA 2005. LNCS, vol. 3467, Springer, Heidelberg (2005)
Cramer, R.J.F. (ed.): EUROCRYPT 2005. LNCS, vol. 3494, pp. 22–26. Springer, Heidelberg (2005)
Daum, M., Lucks, S.: Attacking hash functions by poisoned messages. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, Springer, Heidelberg (2005), http://www.cits.rub.de/MD5Collisions
den Boer, B., Bosselaers, A.: Collisions for the compressin function of md5. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 293–304. Springer, Heidelberg (1994)
Klìma, V.: Finding md5 collisions on a notebook pc using multi-message modificatons, Cryptology ePrint Archive, Report 2005/102 (2005), http://eprint.iacr.org/
Larsen, K.G., Skyum, S., Winskel, G.: Automata, languages and programming. In: Larsen, K.G., Skyum, S., Winskel, G. (eds.) ICALP 1998. LNCS, vol. 1443, pp. 13–17. Springer, Heidelberg (1998)
Turuani, M.: The cl-atse protocol analyser, 17th international conference on term rewriting and applications - rta 2006, seattle, wa/usa (July 12 2006) 4098, 277–286 (2006)
Meadows, C.: The NRL protocol analyzer: an overview. Journal of Logic Programming 26(2), 113–131 (1996)
Plandowski, W.: Satisfiability of word equations with constants is in pspace. In: FOCS, pp. 495–500 (1999)
Plandowski, W.: Satisfiability of word equations with constants is in pspace. J. ACM, 483–496 (2004)
Plandowski, W., Rytter, W.: Application of lempel-ziv encodings to the solution of words equations. In: Larsen, K.G., Skyum, S., Winskel, G. (eds.) ICALP 1998. LNCS, vol. 1443, pp. 731–742. Springer, Heidelberg (1998)
Schulz, K.U.: Makanin’s algorithm for word equations - two improvements and a generalization. In: Schulz, K.U. (ed.) IWWERT 1990. LNCS, vol. 572, pp. 85–150. Springer, Heidelberg (1992)
Wang, X., Feng, D., Lai, X., Yu, H.: Collisions for hash functions md4, md5, haval-128 and ripemd (2004), http://eprint.iacr.org/
Wang, X., Lai, X., Feng, D., Chen, H., Yu, X.: Cryptanalysis of the hash functions md4 and ripemd. In: Cramer [7], pp. 1–18
Wang, X., Yin, Y.L., Yu, H.: Finding collisions in the full sha-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)
Wang, X., Yu, H.: How to break md5 and other hash functions. In: Cramer [7], pp. 19–35
Yajima, J., Shimoyama, T.: Wang’s sufficient conditions of md5 are not sufficient (2005), http://eprint.iacr.org/
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Chevalier, Y., Kourjieh, M. (2007). A Symbolic Intruder Model for Hash-Collision Attacks. In: Okada, M., Satoh, I. (eds) Advances in Computer Science - ASIAN 2006. Secure Software and Related Issues. ASIAN 2006. Lecture Notes in Computer Science, vol 4435. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-77505-8_2
Download citation
DOI: https://doi.org/10.1007/978-3-540-77505-8_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-77504-1
Online ISBN: 978-3-540-77505-8
eBook Packages: Computer ScienceComputer Science (R0)