Collisions for the compression function of MD5
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
Proceedings of the 25th International Colloquium on Automata, Languages and Programming
ICALP '98 Proceedings of the 25th International Colloquium on Automata, Languages and Programming
Application of Lempel-Ziv Encodings to the Solution of Words Equations
ICALP '98 Proceedings of the 25th International Colloquium on Automata, Languages and Programming
Makanin's Algorithm for Word Equations - Two Improvements and a Generalization
IWWERT '90 Proceedings of the First International Workshop on Word Equations and Related Topics
Satisfiability of Word Equations with Constants is in PSPACE
FOCS '99 Proceedings of the 40th Annual Symposium on Foundations of Computer Science
Satisfiability of word equations with constants is in PSPACE
Journal of the ACM (JACM)
ICALP'05 Proceedings of the 32nd international conference on Automata, Languages and Programming
Finding collisions in the full SHA-1
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Cryptanalysis of the hash functions MD4 and RIPEMD
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Hierarchical combination of intruder theories
RTA'06 Proceedings of the 17th international conference on Term Rewriting and Applications
RTA'06 Proceedings of the 17th international conference on Term Rewriting and Applications
Hierarchical combination of intruder theories
Information and Computation
Towards an Automatic Analysis of Web Service Security
FroCoS '07 Proceedings of the 6th international symposium on Frontiers of Combining Systems
| Hi-index | 0.00 |
In the recent years, several practical methods have been published to compute collisions on some commonly used hash functions. Starting from two messages m1 and m2 these methods permit to compute m′1 and m′2 similar to the former such that they have the same image for a given hash function. In this paper we present a method to take into account, at the symbolic level, that an intruder actively attacking a protocol execution may use these collision algorithms in reasonable time during the attack. This decision procedure relies on the reduction of constraint solving for an intruder exploiting the collision properties of hash functions to constraint solving for an intruder operating on words, that is with an associative symbol of concatenation. The decidability of the latter is interesting in its own right as it is the first decidability result that we are aware of for an intruder system for which unification is infinitary, and permits to consider in other contexts an associative concatenation of messages instead of their pairing.