Presentation is loading. Please wait.

Presentation is loading. Please wait.

“Chinese” Attacks on Hashes March 11, 2006, Bing Wu Topic 1.Background 2.“Chinese” collision attacks 3.Results for MD4 and MD5.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "“Chinese” Attacks on Hashes March 11, 2006, Bing Wu Topic 1.Background 2.“Chinese” collision attacks 3.Results for MD4 and MD5."— Presentation transcript:

1 “Chinese” Attacks on Hashes March 11, 2006, Bing Wu (bwu@cs.washington.edu) Topic 1.Background 2.“Chinese” collision attacks 3.Results for MD4 and MD5 attacks 4.What does it mean and what to do about it? 5.Conclusion

2 “Chinese” Attacks on Hashes March 11, 2006, Bing Wu (bwu@cs.washington.edu) Background 1.Two sides of a coin: developing new hash functions and breaking them. 2.MD4 (1990) family hash functions and attacks on them. 3.Breakthroughs by “Chinese” attacks in 2004 and 2005: MD4, MD5, HAVAL, RIPEMD, SHA-0, SHA-1. 4.Best results: MD4: 2^8 MD4 operations. MD5: 2^39 MD5 operations for first blocks and 2^32 for second blocks. SHA-1: 2^63 SHA-1 operations.

3 “Chinese” Attacks on Hashes March 11, 2006, Bing Wu (bwu@cs.washington.edu) “Chinese” collision attacks Find a “low-Hamming-weight differential” Δ (a vector of almost all zeros) such that for messages M, the probability that h(M  Δ) = h(M) is larger than it should be. Basically, the attacks are involved with three steps: 1.Find a collision differential for which M and M’ probably produce a collision. 2.Derive a set of sufficient conditions which ensure the collision differential to hold. 3.Make some modification to M such that almost all the sufficient conditions hold. This is done by two types of message modification techniques, which are termed as “single-step modification” and “multi- step modification”. This greatly improves the probability that M and M’ may produce a collision.

4 “Chinese” Attacks on Hashes March 11, 2006, Bing Wu (bwu@cs.washington.edu) Results for MD4 and MD5 attacks Computational resource: My PC, Pentium4, 3.40G, WinXP. C programs on Unix/Linux (Cygwin on Windows). Results for “Chinese” attacks on MD4 and MD5. MD4: about 5 seconds to produce a collision. MD5: about 1 hour to produce a collision.

5 “Chinese” Attacks on Hashes March 11, 2006, Bing Wu (bwu@cs.washington.edu) What does it mean and what to do about it? Hash functions such as MD5 are no longer useful as digital signature hashes. No panic. Attacks are collision resistance attacks, not pre-image attacks. Applications that use hashes, such as HMAC-MD5 protocols are still fine. Don’t use MD4, MD5, HAVAL, RIPEMD, SHA-0, and avoid SHA-1 if possible. Upgrade to stronger ones, such as SHA-2. VSH is about the best generally published hash function, but needs more review. Alternative approaches: 1) Protocols without requiring that the hash function be collision resistant, such as adding randomness to hash functions. 2) Message pre-processing to convert plaintext messages into a form that makes all existing collision attacks inapplicable.

6 “Chinese” Attacks on Hashes March 11, 2006, Bing Wu (bwu@cs.washington.edu) Conclusion “Chinese” attacks on hashes are remarkable in the cryptographic area. Makes people upgrade their systems to employ better hash functions as well as develop new and more collision-resistant hash functions. Greatly help us achieve a more secure digital world.

Download ppt "“Chinese” Attacks on Hashes March 11, 2006, Bing Wu Topic 1.Background 2.“Chinese” collision attacks 3.Results for MD4 and MD5."

Similar presentations

Hash Function. What are hash functions? Just a method of compressing strings – E.g., H : {0,1}*  {0,1} 160 – Input is called “message”, output is “digest”

Hash Function. What are hash functions? Just a method of compressing strings – E.g., H : {0,1}*  {0,1} 160 – Input is called “message”, output is “digest”
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
MD Collision Sought Marian Ščerbák University of Pavol Jozef Šafárik Košice.

MD Collision Sought Marian Ščerbák University of Pavol Jozef Šafárik Košice.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
G22.3250-001 Robert Grimm New York University Using Encryption for Authentication in Computer Networks.

G Robert Grimm New York University Using Encryption for Authentication in Computer Networks.
Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.

Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.
Announcements:Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions and SHA-1 Hash Functions.

Announcements:Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions and SHA-1 Hash Functions.
CMSC 414 Computer and Network Security Lecture 5 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 5 Jonathan Katz.
Foundations of Network and Computer Security J J ohn Black Lecture #8 Sep 15 th 2005 CSCI 6268/TLEN 5831, Fall 2005.

Foundations of Network and Computer Security J J ohn Black Lecture #8 Sep 15 th 2005 CSCI 6268/TLEN 5831, Fall 2005.
Announcements: 1. HW6 due now 2. HW7 posted Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions.

Announcements: 1. HW6 due now 2. HW7 posted Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
Hash Functions Nathanael Paul Oct. 9, 2002. Hash Functions: Introduction Cryptographic hash functions –Input – any length –Output – fixed length –H(x)

Hash Functions Nathanael Paul Oct. 9, Hash Functions: Introduction Cryptographic hash functions –Input – any length –Output – fixed length –H(x)
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.

Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.
1 Message Authentication and Hash Functions Authentication Requirements Authentication Functions Message Authentication Codes Hash Functions Security of.

1 Message Authentication and Hash Functions Authentication Requirements Authentication Functions Message Authentication Codes Hash Functions Security of.
By Jyh-haw Yeh Boise State University ICIKM 2013.

By Jyh-haw Yeh Boise State University ICIKM 2013.
Acknowledgements: William Stallings.William Stallings All rights Reserved Session 4 Public Key Cryptography (Part 2) Network Security Essentials Application.

Acknowledgements: William Stallings.William Stallings All rights Reserved Session 4 Public Key Cryptography (Part 2) Network Security Essentials Application.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

Similar presentations

Ads by Google