How to Break MD5 and Other Hash Functions

Wang, Xiaoyun; Yu, Haiyan

doi:10.1007/11426639_2

Cited by 928 publications

(701 citation statements)

References 13 publications

Supporting

Mentioning

688

Contrasting

Unclassified

Order By: Relevance

“…Namely, it should be impossible for an adversary to find a collision (two different messages that lead to the same hash value) in less than 2 n/2 hash computations, or a (second)-preimage (a message hashing to a given challenge) in less than 2 n hash computations. Recently, most of the standardized hash functions [29,35] have suffered from major improvements in hash function cryptanalysis [38,39]. As a response, the NIST organized the SHA-3 competition [31] and 51 candidates were accepted to the first round.…”

Section: Introductionmentioning

confidence: 99%

Super-Sbox Cryptanalysis: Improved Attacks for AES-Like Permutations

Gilbert

Peyrin

2010

Fast Software Encryption

135

201

View full text Add to dashboard Cite

Abstract. In this paper, we improve the recent rebound and start-fromthe-middle attacks on AES-like permutations. Our new cryptanalysis technique uses the fact that one can view two rounds of such permutations as a layer of big Sboxes preceded and followed by simple affine transformations. The big Sboxes encountered in this alternative representation are named Super-Sboxes. We apply this method to two second-round SHA-3 candidates Grøstl and ECHO, and obtain improvements over the previous cryptanalysis results for these two schemes. Moreover, we improve the best distinguisher for the AES block cipher in the known-key setting, reaching 8 rounds for the 128-bit version.

show abstract

Section: Introductionmentioning

confidence: 99%

Super-Sbox Cryptanalysis: Improved Attacks for AES-Like Permutations

Gilbert

Peyrin

2010

Fast Software Encryption

135

201

View full text Add to dashboard Cite

show abstract

“…However, collision-resistant hash functions are threatened species these days due to collapses of MD5, RIPEMD, SHA, SHA-1, etc. [9,23,24,25,26]. Furthermore, 160 bits is still pretty large for human beings to authenticate.…”

Section: Setting Up Secure Communicationsmentioning

confidence: 99%

On Bluetooth Repairing: Key Agreement Based on Symmetric-Key Cryptography

Vaudenay

2005

Information Security and Cryptology

View full text Add to dashboard Cite

Abstract. Despite many good (secure) key agreement protocols based on publickey cryptography exist, secure associations between two wireless devices are often established using symmetric-key cryptography for cost reasons. The consequence is that common daily used security protocols such as Bluetooth pairing are insecure in the sense that an adversary can easily extract the main private key from the protocol communications. Nevertheless, we show that a feature in the Bluetooth standard provides a pragmatic and costless protocol that can eventually repair privateless associations, thanks to mobility. This proves (in the random oracle model) the pragmatic security of the Bluetooth pairing protocol when repairing is used. Setting up Secure CommunicationsDigital communications are often secured by means of symmetric encryption and message authentication codes. This provided high throughput and security. However, setting up this channel requires agreeing on a private key with large entropy. Private key agreement between remote peers through insecure channel is a big challenge. A first (impractical) solution was proposed in 1975 by Merkle [19]. A solution was proposed by Diffie and Hellman in 1976 [12]. It works, provided that the two peers can communicate over an authenticated channel which protects the integrity of messages and that a standard computational problem (namely, the Diffie-Hellman problem) is hard.To authenticate messages of the Diffie-Hellman protocol is still expensive since those messages are pretty long (typically, a thousand bits, each) and that authentication is often manually done by human beings. Folklore solutions consist of shrinking this amount of information by means of a collision-resistant hash function and of authenticating only the digest of the protocol transcript. The amount of information to authenticate typically reduces to 160 bits. However, collision-resistant hash functions are threatened species these days due to collapses of MD5, RIPEMD, SHA, etc. [9,23,24,25,26]. Furthermore, 160 bits is still pretty large for human beings to authenticate. Another solution using shorter messages have been proposed by Pasini and Vaudenay [20] using

show abstract

“…The building of hash functions has received extensive work over the years, for example, the design of MD4 [17], MD5 [18], SHA-0 [3] and SHA-1 [2]. On the other hand, the cryptanalysis of hash functions has been carried out by many researchers, for instance, recent attacks on MD4, MD5, SHA-0 and SHA-1 [6,7,10,14,[19][20][21][22].…”

Section: Introductionmentioning

confidence: 99%

On the Internal Structure of Alpha-MAC

Huang

Seberry

Susilo

2006

Progress in Cryptology - VIETCRYPT 2006

View full text Add to dashboard Cite

Abstract. ALPHA-MAC is a MAC function which uses the building blocks of AES. This paper studies the internal structure of this new design. First, we provide a method to find second preimages based on the assumption that a key or an intermediate value is known. The proposed searching algorithm exploits the algebraic properties of the underlying block cipher and needs to solve eight groups of linear functions to find a second preimage. Second, we show that our idea can also be used to find internal collisions under the same assumption. We do not make any claims that those findings in any way endanger the security of this MAC function. Our contribution is showing how algebraic properties of AES can be used for analysis of this MAC function.

show abstract

How to Break MD5 and Other Hash Functions

Cited by 928 publications

References 13 publications

Super-Sbox Cryptanalysis: Improved Attacks for AES-Like Permutations

Super-Sbox Cryptanalysis: Improved Attacks for AES-Like Permutations

On Bluetooth Repairing: Key Agreement Based on Symmetric-Key Cryptography

On the Internal Structure of Alpha-MAC

Contact Info

Product

Resources

About