On the Possibility of Constructing Meaningful Hash Collisions for Public Keys

  • Arjen Lenstra
  • Benne de Weger
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3574)


It is sometimes argued that finding meaningful hash collisions might prove difficult. We show that for several common public key systems it is easy to construct pairs of meaningful and secure public key data that either collide or share other characteristics with the hash collisions as quickly constructed by Wang et al. We present some simple results, investigate what we can and cannot (yet) achieve, and formulate some open problems of independent interest. We are not yet aware of truly interesting practical implications. Nevertheless, our results may be relevant for the practical assessment of the recent hash collision results. For instance, we show how to construct two different X.509 certificates that contain identical signatures.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bleichenbacher, D.: Generating ElGamal signatures without knowing the secret key. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 10–18. Springer, Heidelberg (1996)Google Scholar
  2. 2.
    Dobbertin, H.: Alf swindles Ann. Cryptobytes 1(3), 5 (1995)Google Scholar
  3. 3.
    Recent collision attacks on hash functions: ECRYPT position paper, revision 1.1 (February 2005),
  4. 4.
    Kaminsky, D.: MD5 to be considered harmful someday, preprint (December 2004),
  5. 5.
    Kelsey, J., Laurie, B.: Contributions to the mailing list cryptography@, December 22 (2004), available at
  6. 6.
    Lenstra, A.K.: Generating RSA moduli with a predetermined portion. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 1–10. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  7. 7.
    Lenstra, A.K., de Weger, B.: On the possibility of constructing meaningful hash collisions for public keys, full version, with an appendix on colliding X.509 certificates (April 2005),
  8. 8.
    Lenstra, A.K., de Weger, B.: Twin RSA (April 2005) (submitted for publication)Google Scholar
  9. 9.
    Mikle, O.: Practical Attacks on Digital Signatures Using MD5 Message Digest, eprint archive 2004/356,
  10. 10.
    NIST, Digital Signature Standard, NIST FIPS PUB 186 (1994)Google Scholar
  11. 11.
    Randall, J., Szydlo, M.: Collisions for SHA0, MD5, HAVAL, MD4, and RIPEMD, but SHA1 still secure, RSA Laboratories technical notes,
  12. 12.
    Rescorla, E.: What’s the Worst That Could Happen?. In: Presentation at the DIMACS Workshop on Cryptography: Theory Meets Practice, October 14-15 (2004),
  13. 13.
    Shamir, A.: RSA for paranoids. In: RSA Laboratories’ Cryptobytes, vol. 1(3), pp. 1–4 (1995)Google Scholar
  14. 14.
    Wang, X., Feng, D., Lai, X., Yu, H.: Collisions for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD, eprint archive 2004/199. In: Presented at the Crypto 2004 rump session, August 17 (2004),
  15. 15.
    Wang, X., Yu, H.: How to Break MD5 and Other Hash Functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  16. 16.
    Wang, X., Lai, X., Feng, D., Chen, H., Yu, X.: Cryptanalysis of the Hash Functions MD4 and RIPEMD. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 1–18. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  17. 17.
    Wang, X., Chen, H., Yu, X.: How to Find Another Kind of Collision for MD4 Efficiently (2004) (preprint)Google Scholar
  18. 18.
    Wang, X., Feng, D., Yu, X.: An Attack on Hash Function HAVAL-128 (Chinese). Science in China Ser. F (Information Sciences) 35(4), 405–416 (2005)MathSciNetGoogle Scholar
  19. 19.
    Wiener, M.: Personal communication, November 17 (2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Arjen Lenstra
    • 1
    • 2
  • Benne de Weger
    • 2
  1. 1.Lucent Technologies, Bell LaboratoriesMurray HillUSA
  2. 2.Technische Universiteit EindhovenEindhovenThe Netherlands

Personalised recommendations