How to break MD5 and other hash functions
Xiaoyun Wang,Hongbo Yu +1 more
- 22 May 2005
- pp 19-35
TL;DR: A new powerful attack on MD5 is presented, which unlike most differential attacks, does not use the exclusive-or as a measure of difference, but instead uses modular integer subtraction as the measure.
read more
Abstract: MD5 is one of the most widely used cryptographic hash functions nowadays. It was designed in 1992 as an improvement of MD4, and its security was widely studied since then by several authors. The best known result so far was a semi free-start collision, in which the initial value of the hash function is replaced by a non-standard value, which is the result of the attack. In this paper we present a new powerful attack on MD5 which allows us to find collisions efficiently. We used this attack to find collisions of MD5 in about 15 minutes up to an hour computation time. The attack is a differential attack, which unlike most differential attacks, does not use the exclusive-or as a measure of difference, but instead uses modular integer subtraction as the measure. We call this kind of differential a modular differential. An application of this attack to MD4 can find a collision in less than a fraction of a second. This attack is also applicable to other hash functions, such as RIPEMD and HAVAL.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
Finding collisions in the full SHA-1
Xiaoyun Wang,Yiqun Lisa Yin,Hongbo Yu +2 more
- 14 Aug 2005
TL;DR: This is the first attack on the full 80-step SHA-1 with complexity less than the 280 theoretical bound, and it is shown that collisions ofSHA-1 can be found with complexityLess than 269 hash operations.
•Book
The Algorithm Design Manual
Steven Skiena
- 01 Jan 1980
TL;DR: This newly expanded and updated second edition of the best-selling classic continues to take the "mystery" out of designing algorithms, and analyzing their efficacy and efficiency.
1.3K
An introduction to symplectic topology
Claude Viterbo
- 01 Jan 1991
TL;DR: In this article, the authors show that any symplectic vector space has even dimension and any isotropic subspace is contained in a Lagrangian subspace and Lagrangians have dimension equal to half the dimension of the total space.
Biclique cryptanalysis of the full AES
Andrey Bogdanov,Dmitry Khovratovich,Christian Rechberger +2 more
- 04 Dec 2011
TL;DR: This paper presents the novel technique of block cipher cryptanalysis with bicliques, which leads to the following results: the first key recovery method for the full AES-128 with computational complexity 2126.1.4 and key recovery methods with lower complexity for the reduced-round versions of AES not considered before.
Charm: a framework for rapidly prototyping cryptosystems
Joseph A. Akinyele,Christina Garman,Ian Miers,Matthew W. Pagano,Michael Rushanan,Matthew Green,Aviel D. Rubin +6 more
TL;DR: Charm as discussed by the authors is an extensible framework for rapidly prototyping cryptographic systems, including support for modular composition of cryptographic building blocks, infrastructure for developing interactive protocols, and an extensive library of re-usable code.
References
Collisions for the compression function of MD5
Bert den Boer,Antoon Bosselaers +1 more
- 02 Jan 1994
TL;DR: In this paper an algorithm is described that finds collisions for the compression function of MD5 and results in an approximate relation between any four consecutive additive constants.
Cryptanalysis of MD4
TL;DR: The methods developed to attack RIPEMD can be modified and supplemented such that it is possible to break the full MD4, while previously only partial attacks were known.
Near-collisions of SHA-0
Eli Biham,Rafi Chen +1 more
- 15 Aug 2004
TL;DR: This paper finds two near-collisions of the full compression function ofSHA-0, in which up to 142 of the 160 bits of the output are equal, and shows that 82-round SHA-0 is much weaker than the (80-round) SHA-1, although it has more rounds, and demonstrates that the strength of SHA- 0 is not monotonous in the number of rounds.
Differential Collisions in SHA-0
Florent Chabaud,Antoine Joux +1 more
- 23 Aug 1998
TL;DR: A theoretical attack on the compression function SHA-O with complexity 2 61 is obtained, which is thus better than the birthday paradox attack and is a strong evidence that the transition to version 1 indeed raised the level of security of SHA.
•Journal Article
Differential collisions in SHA-0
Florent Chabaud,Antoine Joux +1 more
TL;DR: In this paper, the authors presented a method for finding collisions in SHA-0 which is related to differential cryptanalysis of block ciphers and obtained a theoretical attack on the compression function SHA-O with complexity 2 61, which is thus better than the birthday paradox attack.
267
Related Papers (5)
Xiaoyun Wang,Yiqun Lisa Yin,Hongbo Yu +2 more
- 14 Aug 2005
Ivan Damgård
- 01 Jul 1989
Xiaoyun Wang,Hongbo Yu,Yiqun Lisa Yin +2 more
- 14 Aug 2005
Ralph C. Merkle
- 01 Jul 1989