On the Possibility of Constructing Meaningful Hash Collisions for Public Keys

Lenstra, Arjen; de Weger, Benne

doi:10.1007/11506157_23

Arjen Lenstra^18,19 &
Benne de Weger¹⁹

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3574))

Included in the following conference series:

Australasian Conference on Information Security and Privacy

1323 Accesses
19 Citations

Abstract

It is sometimes argued that finding meaningful hash collisions might prove difficult. We show that for several common public key systems it is easy to construct pairs of meaningful and secure public key data that either collide or share other characteristics with the hash collisions as quickly constructed by Wang et al. We present some simple results, investigate what we can and cannot (yet) achieve, and formulate some open problems of independent interest. We are not yet aware of truly interesting practical implications. Nevertheless, our results may be relevant for the practical assessment of the recent hash collision results. For instance, we show how to construct two different X.509 certificates that contain identical signatures.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Bleichenbacher, D.: Generating ElGamal signatures without knowing the secret key. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 10–18. Springer, Heidelberg (1996)
Google Scholar
Dobbertin, H.: Alf swindles Ann. Cryptobytes 1(3), 5 (1995)
Google Scholar
Recent collision attacks on hash functions: ECRYPT position paper, revision 1.1 (February 2005), http://www.ecrypt.eu.org/documents/STVL-ERICS-2-HASH_STMT-1.1.pdf
Kaminsky, D.: MD5 to be considered harmful someday, preprint (December 2004), http://www.doxpara.com/md5_someday.pdf
Kelsey, J., Laurie, B.: Contributions to the mailing list cryptography@ metzdowd.com, December 22 (2004), available at http://diswww.mit.edu/bloom-picayune/crypto/16587
Lenstra, A.K.: Generating RSA moduli with a predetermined portion. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 1–10. Springer, Heidelberg (1998)
Chapter Google Scholar
Lenstra, A.K., de Weger, B.: On the possibility of constructing meaningful hash collisions for public keys, full version, with an appendix on colliding X.509 certificates (April 2005), http://www.win.tue.nl/~bdeweger/CollidingCertificates/ddl-full.pdf
Lenstra, A.K., de Weger, B.: Twin RSA (April 2005) (submitted for publication)
Google Scholar
Mikle, O.: Practical Attacks on Digital Signatures Using MD5 Message Digest, eprint archive 2004/356, http://eprint.iacr.org/2004/356
NIST, Digital Signature Standard, NIST FIPS PUB 186 (1994)
Google Scholar
Randall, J., Szydlo, M.: Collisions for SHA0, MD5, HAVAL, MD4, and RIPEMD, but SHA1 still secure, RSA Laboratories technical notes, http://www.rsasecurity.com/rsalabs/node.asp?id=2738
Rescorla, E.: What’s the Worst That Could Happen?. In: Presentation at the DIMACS Workshop on Cryptography: Theory Meets Practice, October 14-15 (2004), http://dimacs.rutgers.edu/Workshops/Practice/slides/rescorla.pdf
Shamir, A.: RSA for paranoids. In: RSA Laboratories’ Cryptobytes, vol. 1(3), pp. 1–4 (1995)
Google Scholar
Wang, X., Feng, D., Lai, X., Yu, H.: Collisions for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD, eprint archive 2004/199. In: Presented at the Crypto 2004 rump session, August 17 (2004), http://eprint.iacr.org/2004/199
Wang, X., Yu, H.: How to Break MD5 and Other Hash Functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005)
Chapter Google Scholar
Wang, X., Lai, X., Feng, D., Chen, H., Yu, X.: Cryptanalysis of the Hash Functions MD4 and RIPEMD. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 1–18. Springer, Heidelberg (2005)
Chapter Google Scholar
Wang, X., Chen, H., Yu, X.: How to Find Another Kind of Collision for MD4 Efficiently (2004) (preprint)
Google Scholar
Wang, X., Feng, D., Yu, X.: An Attack on Hash Function HAVAL-128 (Chinese). Science in China Ser. F (Information Sciences) 35(4), 405–416 (2005)
MathSciNet Google Scholar
Wiener, M.: Personal communication, November 17 (2004)
Google Scholar

Download references

Author information

Authors and Affiliations

Lucent Technologies, Bell Laboratories, Room 2T-504, 600 Mountain Avenue, P.O.Box 636, Murray Hill, NJ, 07974-0636, USA
Arjen Lenstra
Technische Universiteit Eindhoven, P.O.Box 513, 5600 MB, Eindhoven, The Netherlands
Arjen Lenstra & Benne de Weger

Authors

Arjen Lenstra
View author publications
You can also search for this author in PubMed Google Scholar
Benne de Weger
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Information Security Institute, Queensland University of Technology, GPO Box 2434, Qld 4001, Brisbane, Australia
Colin Boyd
Information Security Institute, Queensland University of Technology, GPO Box 2434, QLD 4001, Brisbane, Australia
Juan Manuel González Nieto

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Lenstra, A., de Weger, B. (2005). On the Possibility of Constructing Meaningful Hash Collisions for Public Keys. In: Boyd, C., González Nieto, J.M. (eds) Information Security and Privacy. ACISP 2005. Lecture Notes in Computer Science, vol 3574. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11506157_23

Download citation

DOI: https://doi.org/10.1007/11506157_23
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-26547-4
Online ISBN: 978-3-540-31684-8
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics