Skip to main content
SpringerLink
Log in

Collisions of MMO-MD5 and Their Impact on Original MD5

  • Conference paper
Progress in Cryptology – AFRICACRYPT 2011 (AFRICACRYPT 2011)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6737))

Included in the following conference series:

Abstract

In this paper, we find collisions of MD5 in the Matyas-Meyer-Oseas mode and Miyaguchi-Preneel mode with a complexity of 239 operations, which runs contrary to the cryptographer’s belief that these modes are stronger against collision attacks than the Davies-Meyer mode due to the impossibility of the message modification. We then show that, our collision attack for the Matyas-Meyer-Oseas mode can give impact to some collision properties of the Davies-Meyer mode, which we call “free-start given-message collisions” and “NMAC colliding keys”. These indicate that collisions of MMO-MD5 give some impacts on the original MD5. The attack is implemented on a PC and we present generated collisions of MMO-MD5.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Rivest, R.L.: Request for Comments 1321: The MD5 Message Digest Algorithm. The Internet Engineering Task Force (1992), http://www.ietf.org/rfc/rfc1321.txt

  2. den Boer, B., Bosselaers, A.: Collisions for the compression function of MD5. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 293–304. Springer, Heidelberg (1994)

    Chapter  Google Scholar 

  3. Dobbertin, H.: The status of MD5 after a recent attack. CryptoBytes The Technical Newsletter of RSA Laboratories, a Division of RSA Data Security, Inc. 2(2), (1996) (summer)

    Google Scholar 

  4. Wang, X., Yu, H.: How to break MD5 and other hash functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  5. Black, J., Cochran, M., Highland, T.: A study of the MD5 attacks: Insights and improvements. In: Robshaw, M.J.B. (ed.) FSE 2006. LNCS, vol. 4047, pp. 262–277. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  6. Klima, V.: Finding MD5 collisions on a notebook PC using multi-message modifications. In: International Scientific Conference Security and Protection of Information (May 2005)

    Google Scholar 

  7. Klima, V.: Tunnels in hash functions: MD5 collisions within a minute. In: IACR Cryptology ePrint Archive: Report 2006/105 (2006), http://eprint.iacr.org/2006/105.pdf

  8. Liang, J., Lai, X.: Improved collision attack on hash function MD5. Cryptology ePrint Archive, Report 2005/425 (2005), http://eprint.iacr.org/2005/425

  9. Sasaki, Y., Naito, Y., Kunihiro, N., Ohta, K.: Improved collision attacks on MD4 and MD5. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences E90-A(1), 36–47 (2007)

    Article  Google Scholar 

  10. Sasaki, Y., Naito, Y., Yajima, J., Shimoyama, T., Kunihiro, N., Ohta, K.: How to construct sufficient condition in searching collisions of MD5. In: Nguyên, P.Q. (ed.) VIETCRYPT 2006. LNCS, vol. 4341, pp. 243–259. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  11. Stevens, M.: Fast collision attack on MD5. Cryptology ePrint Archive, Report 2006/104 (2006), http://eprint.iacr.org/2006/104

  12. Vábek, J., Joscák, D., Bohácek, M., Tuma, J.: A new type of 2-block collisions in MD5. In: Chowdhury, D.R., Rijmen, V., Das, A. (eds.) INDOCRYPT 2008. LNCS, vol. 5365, pp. 78–90. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  13. Xie, T., Feng, D.: How to find weak input differences for MD5 collision attacks. Cryptology ePrint Archive, Report 2009/223 Version 20090530:102049 (2009), http://eprint.iacr.org/2009/223

  14. Xie, T., Liu, F., Feng, D.: Could the 1-MSB input difference be the fastest collision attack for MD5? Cryptology ePrint Archive, Report 2008/391 (2008), http://eprint.iacr.org/2008/391

  15. Xie, T., Feng, D.: Construct MD5 collisions using just a single block of message. Cryptology ePrint Archive, Report 2010/643, Version 20101225:061128 (2010), http://eprint.iacr.org/2010/643

  16. Xie, T., Feng, D.: The first 1-block collision attack on MD5 and call for a challedge. Cryptology ePrint Archive, Report 2009/223, Version 20101216:032027 (2010), http://eprint.iacr.org/2009/223

  17. Contini, S., Yin, Y.L.: Forgery and Partial Key-Recovery Attacks on HMAC and NMAC Using Hash Collisions. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 37–53. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  18. Fouque, P.A., Leurent, G., Nguyen, P.: Full key-recovery attacks on HMAC/NMAC-MD4 and NMAC-MD5. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 15–30. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  19. Kim, J., Biryukov, A., Preneel, B., Hong, S.: On the Security of HMAC and NMAC Based on HAVAL, MD4, MD5, SHA-0 and SHA-1. In: De Prisco, R., Yung, M. (eds.) SCN 2006. LNCS, vol. 4116, pp. 242–256. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  20. Rechberger, C., Rijmen, V.: On Authentication with HMAC and Non-random Properties. In: Dietrich, S., Dhamija, R. (eds.) FC 2007 and USEC 2007. LNCS, vol. 4886, pp. 119–133. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  21. Rechberger, C., Rijmen, V.: New results on NMAC/HMAC when instantiated with popular hash functions. Journal of Universal Computer Science 14(3), 347–376 (2008)

    MathSciNet  Google Scholar 

  22. Wang, L., Ohta, K., Kunihiro, N.: New key-recovery attacks on HMAC/NMAC-MD4 and NMAC-MD5. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 237–253. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  23. Wang, X., Yu, H., Wang, W., Zhang, H., Zhan, T.: Cryptanalysis on HMAC/NMAC-MD5 and MD5-MAC. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 121–133. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  24. Leurent, G.: Message freedom in MD4 and MD5 collisions: Application to APOP. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 309–328. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  25. Sasaki, Y., Wang, L., Ohta, K., Kunihiro, N.: Security of MD5 challenge and response: Extension of APOP password recovery attack. In: Malkin, T. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 1–18. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  26. Stevens, M., Lenstra, A.K., de Weger, B.: Chosen-prefix collisions for MD5 and colliding X.509 certificates for different identities. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 1–22. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  27. Stevens, M., Sotirov, A., Appelbaum, J., Lenstra, A.K., Molnar, D., Osvik, D.A., de Weger, B.: Short chosen-prefix collisions for MD5 and the creation of a rogue CA certificate. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 55–69. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  28. Mendel, F., Rechberger, C., Schläffer, M.: MD5 is weaker than weak: Attacks on concatenated combiners. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 144–161. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  29. Aoki, K., Sasaki, Y.: Preimage attacks on one-block MD4, 63-step MD5 and more. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 103–119. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  30. Aumasson, J.P., Meier, W., Mendel, F.: Preimage attacks on 3-pass HAVAL and step-reduced MD5. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 120–135. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  31. Sasaki, Y., Aoki, K.: Preimage attacks on step-reduced MD5. In: Mu, Y., Susilo, W. (eds.) ACISP 2008. LNCS, vol. 5107, pp. 282–296. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  32. Sasaki, Y., Aoki, K.: Finding preimages in full MD5 faster than exhaustive search. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 134–152. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  33. U.S. Department of Commerce, National Institute of Standards and Technology: Secure Hash Standard (SHS) (Federal Information Processing Standards Publication 180-3) (2008), http://csrc.nist.gov/publications/fips/fips180-3/fips180-3_final.pdf

  34. Preneel, B., Govaerts, R., Vandewalle, J.: Hash functions based on block ciphers: A synthetic approach. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 363–378. Springer, Heidelberg (1994)

    Google Scholar 

  35. Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of applied cryptography. CRC Press, Boca Raton (1997)

    MATH  Google Scholar 

  36. Ferguson, N., Lucks, S., Schneier, B., Whiting, D., Bellare, M., Kohno, T., Callas, J., Walker, J.: The Skein hash function family. Submission to NIST, Round 2 (2009)

    Google Scholar 

  37. Hirose, S., Kuwakado, H., Yoshida, H.: SHA-3 proposal: Lesamnta. Submission to NIST (2008)

    Google Scholar 

  38. Rijmen, V., Barreto, P.S.L.M.: The WHIRLPOOL hashing function. Submitted to NISSIE (September 2000)

    Google Scholar 

  39. Wang, X., Yin, Y.L., Yu, H.: Finding collisions in the full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  40. Mendel, F., Rechberger, C., Schläffer, M., Thomsen, S.S.: The rebound attack: Cryptanalysis of reduced whirlpool and grøstl. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 260–276. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  41. Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1–15. Springer, Heidelberg (1996)

    Google Scholar 

  42. Cannière, C.D., Rechberger, C.: Finding SHA-1 characteristics: General results and applications. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 1–20. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  43. Yu, H., Wang, G., Zhang, G., Wang, X.: The second-preimage attack on MD4. In: Desmedt, Y.G., Wang, H., Mu, Y., Li, Y. (eds.) CANS 2005. LNCS, vol. 3810, pp. 1–12. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. NTT Information Sharing Platform Laboratories, NTT Corporation, 3-9-11 Midoricho, Musashino-shi, Tokyo, 180-8585, Japan

    Yu Sasaki

Authors
  1. Yu Sasaki
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Département de Mathématiques, Université de Caen, Campus II, Boulevard Maréchal Juin, BP 5186, 14032, Caen Cedex, France

    Abderrahmane Nitaj

  2. École normale supérieure - CNRS - INRIA, Paris, France

    David Pointcheval

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Sasaki, Y. (2011). Collisions of MMO-MD5 and Their Impact on Original MD5. In: Nitaj, A., Pointcheval, D. (eds) Progress in Cryptology – AFRICACRYPT 2011. AFRICACRYPT 2011. Lecture Notes in Computer Science, vol 6737. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21969-6_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-21969-6_8

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-21968-9

  • Online ISBN: 978-3-642-21969-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation