On the Possibility of Constructing Meaningful Hash Collisions for Public Keys

It is sometimes argued that finding meaningful hash collisions might prove difficult. We show that for several common public key systems it is easy to construct pairs of meaningful and secure public key data that either collide or share other characteristics with the hash collisions as quickly constructed by Wang et al. We present some simple results, investigate what we can and cannot (yet) achieve, and formulate some open problems of independent interest. We are not yet aware of truly interesting practical implications. Nevertheless, our results may be relevant for the practical assessment of the recent hash collision results. For instance, we show how to construct two different X.509 certificates that contain identical signatures.

[1]  Daniel J. Bernstein,et al.  Circuits for Integer Factorization: A Proposal , 2001 .

[2]  Dengguo Feng,et al.  Collisions for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD , 2004, IACR Cryptol. ePrint Arch..

[3]  Michael J. Wiener The Full Cost of Cryptanalytic Attacks , 2003, Journal of Cryptology.

[4]  Hui Chen,et al.  Cryptanalysis of the Hash Functions MD4 and RIPEMD , 2005, EUROCRYPT.

[5]  Xiaoyun Wang,et al.  Colliding X.509 Certificates , 2005, IACR Cryptol. ePrint Arch..

[6]  Karen A. Cerulo What's the Worst That Could Happen? , 2006 .

[7]  Dan Kaminsky,et al.  MD5 To Be Considered Harmful Someday , 2004, IACR Cryptol. ePrint Arch..

[8]  Bruce Schneier,et al.  Second Preimages on n-bit Hash Functions for Much Less than 2n Work , 2005, IACR Cryptol. ePrint Arch..

[9]  Feng Dengguo,et al.  An attack on hash function HAVAL-128 , 2005 .

[10]  Kazuo Ohta,et al.  Advances in Cryptology — ASIACRYPT’98 , 2002, Lecture Notes in Computer Science.

[11]  Arjen K. Lenstra,et al.  Generating RSA Moduli with a Predetermined Portion , 1998, ASIACRYPT.

[12]  Xiaoyun Wang,et al.  How to Break MD5 and Other Hash Functions , 2005, EUROCRYPT.

[13]  de Ng Dick Bruijn On the number of positive integers $\leq x$ and free of prime factors $>y$ , 1951 .

[14]  Arjen K. Lenstra,et al.  Twin RSA , 2005, Mycrypt.

[15]  Dengguo Feng,et al.  An attack on hash function HAVAL-128 , 2007, Science in China Series F: Information Sciences.

[16]  Ondrej Mikle,et al.  Practical Attacks on Digital Signatures Using MD5 Message Digest , 2004, IACR Cryptol. ePrint Arch..

[17]  Andrew W. Appel,et al.  Formal aspects of mobile code security , 1999 .

[18]  Ueli Maurer,et al.  Advances in Cryptology — EUROCRYPT ’96 , 2001, Lecture Notes in Computer Science.

[19]  Ronald Cramer,et al.  Advances in Cryptology - EUROCRYPT 2005, 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, May 22-26, 2005, Proceedings , 2005, EUROCRYPT.

[20]  Aaas News,et al.  Book Reviews , 1893, Buffalo Medical and Surgical Journal.

[21]  Daniel Bleichenbacher,et al.  Generating EIGamal Signatures Without Knowing the Secret Key , 1996, EUROCRYPT.