A New Type of 2-Block Collisions in MD5

  • Jiří Vábek
  • Daniel Joščák
  • Milan Boháček
  • Jiří Tůma
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5365)


We present a new type of 2-block collisions for MD5. The colliding messages differ in words m2 , m9 , m12 in both blocks. The differential paths for the collisions were generated by our implementation of Stevens algorithm [11]. The actual colliding messages were found by a version of Klima’s algorithm involving tunnels [3].


MD5 differential paths collisions Stevens algorithm 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    den Boer, B., Bosselaers, A.: Collisions for the Compression Function MD5. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 293–304. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  2. 2.
    Joščák, D.: Finding Collisions in Cryptographic Hash Functions Master’s thesis, Charles University in Prague (2006), http://cryptography.hyperlink.cz/2006/diplomka.pdf
  3. 3.
    Klima, V.: Tunnels in Hash Functions: MD5 Collisions Within a Minute, Cryptology ePrint Archive: Report 105/2006, http://eprint.iacr.org/2006/105
  4. 4.
    Leurent, G.: Message Freedom in MD4 and MD5 Collisions: Application to APOP. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 320–339. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  5. 5.
    Liang, J., Lai, X.: Improved collision attack on hash function MD5, Cryptology ePrint Archive: Report 425/2005, http://eprint.iacr.org/2005/425
  6. 6.
    Rivest, R.: The MD5 Message-Digest Algorithm, Request for Comments: 1321 (April 1992), http://rfc.net/rfc1321.html
  7. 7.
    Sasaki, Y., Naito, Y., Kunihiro, N., Ohta, K.: Improved Collision Attack on MD5, Cryptology ePrint Archive: Report 400/2005, http://eprint.iacr.org/2005/400
  8. 8.
    Sasaki, Y., Naito, Y., Yajima, J., Shimoyama, T., Kunihiro, N., Ohta, K.: How to Construct Sufficient Condition in Searching Collisions of MD5, Cryptology ePrint Archive: Report 074/2006, http://eprint.iacr.org/2006/074
  9. 9.
    Sasaki, Y., Yamamoto, G., Aoki, K.: Practical Password Recovery on an MD5 Challenge and Response, Cryptology ePrint Archive: Report 101/2007, http://eprint.iacr.org/2007/101
  10. 10.
    Sasaki, Y., Wang, L., Ohta, K., Kunihiro, N.: Security of MD5 Challenge and Response: Extension of APOP Password Recovery Attack. In: Malkin, T.G. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 1–18. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  11. 11.
    Stevens, M., Lenstra, A., de Weger, B.: Chosen-prefix collisions for MD5 and colliding X.509 certificates for different identities. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 1–22. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  12. 12.
    Stevens, M.: Fast Collision Attack on MD5, Cryptology ePrint Archive, Report 2006/104 (2006), http://eprint.iacr.org/
  13. 13.
    Stevens, M.: On Collisions for MD5, Master’s thesis, Eidhoven University of Technology (2007)Google Scholar
  14. 14.
    Muir, J.A., Stinson, D.R.: Minimality and other properties of the width-w nonadjacent form. Mathematics of Computation 75, 369–384 (2006)MathSciNetCrossRefMATHGoogle Scholar
  15. 15.
    Yajima, J., Shimoyama, T.: Wangs sufficient conditions of MD5 are not sufficient, Cryptology ePrint Archive: Report 263/2005, http://eprint.iacr.org/2005/263
  16. 16.
    Yajima, J., Shimoyama, T., Sasaki, Y., Naito, Y., Kunihiro, N., Ohta, K.: How to construct a differential path of MD5 for collision search. In: SCIS 2006 (2006)Google Scholar
  17. 17.
    Wang, X., Feng, D., Lai, X., Yu, H.: Collisions for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD. Cryptology ePrint Archive, Report 2004/199 (2004), http://eprint.iacr.org/2004/199
  18. 18.
    Wang, X., Yu, H.: How to Break MD5 and Other Hash Functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  19. 19.
    Xie, T., Feng, D., Liu, F.: A New Collision Differential For MD5 With Its Full Differential Path, Cryptology ePrint Archive, Report 2008/230 (2008), http://eprint.iacr.org/2008/230

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Jiří Vábek
    • 1
  • Daniel Joščák
    • 1
    • 2
  • Milan Boháček
    • 1
  • Jiří Tůma
    • 1
  1. 1.Department of AlgebraCharles University in PraguePrague 8Czech Republic
  2. 2.S.ICZ a.s.Praha 4Slovakia

Personalised recommendations