How easy is collision search? Application to DES
EUROCRYPT '89 Proceedings of the workshop on the theory and application of cryptographic techniques on Advances in cryptology
Collisions for the compression function of MD5
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
One Way Hash Functions and DES
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
The MD4 Message Digest Algorithm
CRYPTO '90 Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology
RIPEMD-160: A Strengthened Version of RIPEMD
Proceedings of the Third International Workshop on Fast Software Encryption
Chosen-Prefix Collisions for MD5 and Colliding X.509 Certificates for Different Identities
EUROCRYPT '07 Proceedings of the 26th annual international conference on Advances in Cryptology
Collisions on SHA-0 in One Hour
Fast Software Encryption
On the Strength of the Concatenated Hash Combiner When All the Hash Functions Are Weak
ICALP '08 Proceedings of the 35th international colloquium on Automata, Languages and Programming, Part II
On Free-Start Collisions and Collisions for TIB3
ISC '09 Proceedings of the 12th International Conference on Information Security
Short Chosen-Prefix Collisions for MD5 and the Creation of a Rogue CA Certificate
CRYPTO '09 Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology
Constructing an ideal hash function from weak ideal compression functions
SAC'06 Proceedings of the 13th international conference on Selected areas in cryptography
Hash functions and the (amplified) boomerang attack
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
Collisions for 70-step SHA-1: on the full cost of collision search
SAC'07 Proceedings of the 14th international conference on Selected areas in cryptography
On the collision resistance of RIPEMD-160
ISC'06 Proceedings of the 9th international conference on Information Security
Finding SHA-1 characteristics: general results and applications
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
Finding collisions in the full SHA-1
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Merkle-Damgård revisited: how to construct a hash function
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
How to break MD5 and other hash functions
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Collisions of MMO-MD5 and their impact on original MD5
AFRICACRYPT'11 Proceedings of the 4th international conference on Progress in cryptology in Africa
Analysis of differential attacks in ARX constructions
ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
| Hi-index | 0.00 |
We consider a long standing problem in cryptanalysis: attacks on hash function combiners. In this paper, we propose the first attack that allows collision attacks on combiners with a runtime below the birthday-bound of the smaller compression function. This answers an open question by Joux posed in 2004. As a concrete example we give such an attack on combiners with the widely used hash function MD5. The cryptanalytic technique we use combines a partial birthday phase with a differential inside-out technique, and may be of independent interest. This potentially reduces the effort for a collision attack on a combiner like MD5||SHA-1 for the first time.