Abstract
A series of recent papers have demonstrated collision attacks on popularly used hash functions, including the widely deployed MD5 and SHA-1 algorithm. To assess this threat, the natural response has been to evaluate the extent to which various protocols actually depend on collision resistance for their security, and potentially schedule an upgrade to a stronger hash function. Other options involve altering the protocol in some way. This work suggests a different option. We present several simple message pre-processing techniques and show how the techniques can be combined with MD5 or SHA-1 so that applications are no longer vulnerable to the known collision attacks. For some applications, this may a viable alternative to upgrading the hash function.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Biham, E., Chen, R.: Near Collisions of SHA-0. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 290–305. Springer, Heidelberg (2004)
Biham, E., Chen, R.: New Results on SHA-0 and SHA-1. In: Crypto 2004 Rump Session (August 2004)
Biham, E., Chen, R., Joux, A., Carribault, P., Jalby, W., Lemuet, C.: Collisions in SHA-0 and Reduced SHA-1. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 36–57. Springer, Heidelberg (2005)
Coron, J., Dodis, Y., Malinaud, C., Puniya, P.: Merkle-Damgård Revisited: How to Construct a Hash Function. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 430–448. Springer, Heidelberg (2005)
Chabaud, F., Joux, A.: Differential Collisions in SHA-0. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, p. 56. Springer, Heidelberg (1998)
Damgård, I.: A Design Principle for Hash Functions. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 416–427. Springer, Heidelberg (1990)
Daum, M., Lucks, S.: The Story of Alice and her Boss. In: Rump session of Eurocrypt (2005), http://www.cits.rub.de/MD5Collisions/
Handschuh, H., Gilbert, H.: Security Analysis of SHA-256 and Sisters. In: Matsui, M., Zuccherato, R.J. (eds.) SAC 2003. LNCS, vol. 3006, Springer, Heidelberg (2004)
Halevi, S., Krawczyk, H.: Strengthening Digital Signatures via Randomized Hashing, Internet-Draft (May 12, 2005), http://www.ietf.org/internet-drafts/draft-irtf-cfrg-rhash-00.txt
Hawkes, P., Paddon, M., Rose, G.: On Corrective Patterns for the SHA-2 Family, http://eprint.iacr.org/2004/207
Joux, A.: Collisions for SHA-0. In: Rump session of Crypto 2004 (August 2004)
C. Jutla and A. Patthak A Simple and Provably Good Code for SHA Message Expansion, IACR Eprint archive, Report 2005/247, http://eprint.iacr.org/2005/247
Klima, V.: Finding MD5 Collisions on a Notebook PC Using Multi-message Modifications, IACR Eprint archive, Report 2005/102, http://eprint.iacr.org/2005/102
Lenstra, A., Wang, X., de Weger, B.: Colliding X.509 Certificates, IACR Eprint archive, Report 2005/067, http://eprint.iacr.org/
Merkle, R.: One Way hash Functions and DES. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 428–446. Springer, Heidelberg (1990)
Matusiewicz, K., Pieprzyk, J.: Finding Good Differential Patterns for Attacks on SHA-1. IACR Eprint archive (December 2004)
Naito, Y., Sasaki, Y., Kunihiro, N., Ohta, K.: Improved Collision Attack on MD4 IACR Eprint archive, Report 2005/151
Rijmen, V., Oswald, E.: Update on SHA-1. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 58–71. Springer, Heidelberg (2005)
NIST. Secure hash standard. Federal Information Processing Standard, FIPS 180 (May 1993)
NIST. Secure hash standard. Federal Information Processing Standard, FIPS 180-1 (April 1995)
NIST. Secure hash standard. Federal Information Processing Standard, FIPS 180-2 (August 2002)
Wang, X., Guo, F., Lai, X., Yu, H.: Collisions for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD. In: Rump session of Crypto 2004 and IACR Eprint archive (August 2004)
Wang, X., Lai, X., Guo, F., Chen, H., Yu, X.: Cryptanalysis for Hash Functions MD4 and RIPEMD. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 1–18. Springer, Heidelberg (2005)
Wang, X., Yin, Y.L., Yu, H.: Finding Collisions in the full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. Finding Collisions in the full SHA-1, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)
Wang, X., Yu, H.: How to Break MD5 and Other Hash Functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005)
Wang, X., Yu, H., Yin, Y.L.: Efficient Collision Search Attacks on SHA-0. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 1–16. Springer, Heidelberg (2005)
Wang, X., Yao, A., Yao, F.: New Collision search for SHA-1. Rump Session Crypto 2005 (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Szydlo, M., Yin, Y.L. (2006). Collision-Resistant Usage of MD5 and SHA-1 Via Message Preprocessing. In: Pointcheval, D. (eds) Topics in Cryptology – CT-RSA 2006. CT-RSA 2006. Lecture Notes in Computer Science, vol 3860. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11605805_7
Download citation
DOI: https://doi.org/10.1007/11605805_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-31033-4
Online ISBN: 978-3-540-32648-9
eBook Packages: Computer ScienceComputer Science (R0)