Collisions for the compression function of MD5

den Boer, Bert; Bosselaers, Antoon

doi:10.1007/3-540-48285-7_26

Bert den Boer⁴ &
Antoon Bosselaers⁵

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 765))

Included in the following conference series:

Workshop on the Theory and Application of of Cryptographic Techniques

6633 Accesses
3 Altmetric

Abstract

At Crypto’ 91 Ronald L. Rivest introduced the MD5 Message Digest Algorithm as a strengthened version of MD4, differing from it on six points. Four changes are due to the two existing attacks on the two round versions of MD4. The other two changes should additionally strengthen MD5. However both these changes cannot be described as well-considered. One of them results in an approximate relation between any four consecutive additive constants. The other allows to create collisions for the compression function of MD5. In this paper an algorithm is described that finds such collisions.

A C program implementing the algorithm establishes a work load of finding about 2¹⁶ collisions for the first two rounds of the MD5 compression function to find a collision for the entire four round function. On a 33MHz 80386 based PC the mean run time of this program is about 4 minutes.

Download to read the full chapter text

Chapter PDF

Practical Free-Start Collision Attacks on 76-step SHA-1

An Efficient Construction of a Compression Function for Cryptographic Hash

A Tweak for a PRF Mode of a Compression Function and Its Applications

Keywords

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

R.L. Rivest, “The MD4 message digest algorithm,” Advances in Cryptology, Proc. Crypto’90, LNCS 537, S. Vanstone, Ed., Springer-Verlag, 1991, pp. 303–311.
Google Scholar
R.C. Merkle, Unpublished result, 1990.
Google Scholar
B. den Boer and A. Bosselaers, “An attack on the last two rounds of MD4,” Advances in Cryptology, Proc. Crypto’91, LNCS 576, J. Feigenbaum, Ed., Springer-Verlag, 1992, pp. 194–203.
Google Scholar
R.L. Rivest, “The MD5 message digest algorithm,” Presented at the rump session of Crypto’91.
Google Scholar
B. Schneier, “One-way hash functions,” Dr. Dobb’s Journal, Vol. 16, No. 9, 1991, pp. 148–151.
Google Scholar
R.L. Rivest, “The MD4 message-digest algorithm,” Request for Comments (RFC) 1320, Internet Activities Board, Internet Privacy Task Force, April 1992.
Google Scholar
R.L. Rivest, “The MD5 message-digest algorithm,” Request for Comments (RFC) 1321, Internet Activities Board, Internet Privacy Task Force, April 1992.
Google Scholar

Download references

Author information

Authors and Affiliations

Philips Crypto B.V., P.O. Box 218, 5600 MD, Eindhoven, The Netherlands
Bert den Boer
ESAT Laboratory, K.U. Leuven, Kard. Mercierlaan 94, B-3001, Heverlee, Belgium
Antoon Bosselaers

Authors

Bert den Boer
View author publications
You can also search for this author in PubMed Google Scholar
Antoon Bosselaers
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Department of Informatics, University of Bergen, Høyteknologisenteret, N-5020, Bergen, Norway
Tor Helleseth

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

den Boer, B., Bosselaers, A. (1994). Collisions for the compression function of MD5. In: Helleseth, T. (eds) Advances in Cryptology — EUROCRYPT ’93. EUROCRYPT 1993. Lecture Notes in Computer Science, vol 765. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48285-7_26

Download citation

DOI: https://doi.org/10.1007/3-540-48285-7_26
Published: 13 July 2001
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-57600-6
Online ISBN: 978-3-540-48285-7
eBook Packages: Springer Book Archive

Publish with us

Policies and ethics