Benne de Weger scite author profile

Abstract. We present a novel, automated way to find differential paths for MD5. As an application we have shown how, at an approximate expected cost of 2 50 calls to the MD5 compression function, for any two chosen message prefixes P and P , suffixes S and S can be constructed such that the concatenated values P S and P S collide under MD5. Although the practical attack potential of this construction of chosen-prefix collisions is limited, it is of greater concern than random collisions for MD5. To illustrate the practicality of our method, we constructed two MD5 based X.509 certificates with identical signatures but different public keys and different Distinguished Name fields, whereas our previous construction of colliding X.509 certificates required identical name fields. We speculate on other possibilities for abusing chosenprefix collisions. More details than can be included here can be found on www.win.tue.nl/hashclash/ChosenPrefixCollisions/.

show abstract

Partial Key Exposure Attacks on RSA up to Full Size Exponents

Ernst

Jochemsz

May

et al. 2005

View full text Add to dashboard Cite

show abstract

Short Chosen-Prefix Collisions for MD5 and the Creation of a Rogue CA Certificate

et al. 2009

View full text Add to dashboard Cite

Abstract. We present a refined chosen-prefix collision construction for MD5 that allowed creation of a rogue Certification Authority (CA) certificate, based on a collision with a regular end-user website certificate provided by a commercial CA. Compared to the previous construction from Eurocrypt 2007, this paper describes a more flexible family of differential paths and a new variable birthdaying search space. Combined with a time-memory trade-off, these improvements lead to just three pairs of near-collision blocks to generate the collision, enabling construction of RSA moduli that are sufficiently short to be accepted by current CAs. The entire construction is fast enough to allow for adequate prediction of certificate serial number and validity period: it can be made to require about 2 49 MD5 compression function calls. Finally, we improve the complexity of identical-prefix collisions for MD5 to about 2 16 MD5 compression function calls and use it to derive a practical single-block chosen-prefix collision construction of which an example is given.

show abstract

Cryptanalysis of RSA with Small Prime Difference

Weger¹

2002

Applicable Algebra in Engineering, Communication and Computing

View full text Add to dashboard Cite

show abstract

Dynamic Tardos Traitor Tracing Schemes

Laarhoven

Doumen

Roelse

et al. 2013

IEEE Trans. Inform. Theory

View full text Add to dashboard Cite

We construct binary dynamic traitor tracing schemes, where the number of watermark bits needed to trace and disconnect any coalition of pirates is quadratic in the number of pirates, and logarithmic in the total number of users and the error probability. Our results improve upon results of Tassa, and our schemes have several other advantages, such as being able to generate all codewords in advance, a simple accusation method, and flexibility when the feedback from the pirate network is delayed.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Benne de Weger

Chosen-Prefix Collisions for MD5 and Colliding X.509 Certificates for Different Identities

Partial Key Exposure Attacks on RSA up to Full Size Exponents

Short Chosen-Prefix Collisions for MD5 and the Creation of a Rogue CA Certificate

Cryptanalysis of RSA with Small Prime Difference

Dynamic Tardos Traitor Tracing Schemes

Contact Info

Product

Resources

About