Abstract
It is sometimes argued that finding meaningful hash collisions might prove difficult. We show that for several common public key systems it is easy to construct pairs of meaningful and secure public key data that either collide or share other characteristics with the hash collisions as quickly constructed by Wang et al. We present some simple results, investigate what we can and cannot (yet) achieve, and formulate some open problems of independent interest. We are not yet aware of truly interesting practical implications. Nevertheless, our results may be relevant for the practical assessment of the recent hash collision results. For instance, we show how to construct two different X.509 certificates that contain identical signatures.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
Bleichenbacher, D.: Generating ElGamal signatures without knowing the secret key. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 10–18. Springer, Heidelberg (1996)
Dobbertin, H.: Alf swindles Ann. Cryptobytes 1(3), 5 (1995)
Recent collision attacks on hash functions: ECRYPT position paper, revision 1.1 (February 2005), http://www.ecrypt.eu.org/documents/STVL-ERICS-2-HASH_STMT-1.1.pdf
Kaminsky, D.: MD5 to be considered harmful someday, preprint (December 2004), http://www.doxpara.com/md5_someday.pdf
Kelsey, J., Laurie, B.: Contributions to the mailing list cryptography@ metzdowd.com, December 22 (2004), available at http://diswww.mit.edu/bloom-picayune/crypto/16587
Lenstra, A.K.: Generating RSA moduli with a predetermined portion. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 1–10. Springer, Heidelberg (1998)
Lenstra, A.K., de Weger, B.: On the possibility of constructing meaningful hash collisions for public keys, full version, with an appendix on colliding X.509 certificates (April 2005), http://www.win.tue.nl/~bdeweger/CollidingCertificates/ddl-full.pdf
Lenstra, A.K., de Weger, B.: Twin RSA (April 2005) (submitted for publication)
Mikle, O.: Practical Attacks on Digital Signatures Using MD5 Message Digest, eprint archive 2004/356, http://eprint.iacr.org/2004/356
NIST, Digital Signature Standard, NIST FIPS PUB 186 (1994)
Randall, J., Szydlo, M.: Collisions for SHA0, MD5, HAVAL, MD4, and RIPEMD, but SHA1 still secure, RSA Laboratories technical notes, http://www.rsasecurity.com/rsalabs/node.asp?id=2738
Rescorla, E.: What’s the Worst That Could Happen?. In: Presentation at the DIMACS Workshop on Cryptography: Theory Meets Practice, October 14-15 (2004), http://dimacs.rutgers.edu/Workshops/Practice/slides/rescorla.pdf
Shamir, A.: RSA for paranoids. In: RSA Laboratories’ Cryptobytes, vol. 1(3), pp. 1–4 (1995)
Wang, X., Feng, D., Lai, X., Yu, H.: Collisions for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD, eprint archive 2004/199. In: Presented at the Crypto 2004 rump session, August 17 (2004), http://eprint.iacr.org/2004/199
Wang, X., Yu, H.: How to Break MD5 and Other Hash Functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005)
Wang, X., Lai, X., Feng, D., Chen, H., Yu, X.: Cryptanalysis of the Hash Functions MD4 and RIPEMD. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 1–18. Springer, Heidelberg (2005)
Wang, X., Chen, H., Yu, X.: How to Find Another Kind of Collision for MD4 Efficiently (2004) (preprint)
Wang, X., Feng, D., Yu, X.: An Attack on Hash Function HAVAL-128 (Chinese). Science in China Ser. F (Information Sciences) 35(4), 405–416 (2005)
Wiener, M.: Personal communication, November 17 (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lenstra, A., de Weger, B. (2005). On the Possibility of Constructing Meaningful Hash Collisions for Public Keys. In: Boyd, C., González Nieto, J.M. (eds) Information Security and Privacy. ACISP 2005. Lecture Notes in Computer Science, vol 3574. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11506157_23
Download citation
DOI: https://doi.org/10.1007/11506157_23
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-26547-4
Online ISBN: 978-3-540-31684-8
eBook Packages: Computer ScienceComputer Science (R0)