Cryptanalysis of Hash Functions Seminar (203.4485) - Spring 2011

Spring 2011 General Information

Syllabus:

Announcements

• 1.4.12 - The list of paper assignments has been released. Please take a look at it. In case you do not think that you can handle the paper/date, please let me know by Tuesday, 3.4.12 at midnight.
• 25.3.12 - Contrary to mentioned in class, this week's meeting will start as usual (at 16:15). On 1.4 we will have a supplementary meeting 17:30-19:00 at Jacobs' 506.
• 14.3.12 - Please take a look at the abstracts of the papers, and pick the ones you are interested in presenting. The papers are grouped into three groups, and you need to send Orr a list of at least three papers (not all of them of the same group), and three dates you would like to talk at (any Wed. when classes take place, starting the 18th of April). Please send your preferences until the 25th of March.
• 14.3.12 - The lecture of next week (21.3) as well as the office hour on Sunday (18.3) are canceled. There will a supplementary lecture on the 1.4, information concerning location will follow.
• 12.3.12 - please note the change of lecture room to Madrega 3043.
• 10.3.12 - there will be no meeting in the course on 21.3. A replacement meeting will be held (its time and place to be announced later).

Lecture slides

Topic	Lecture	Slides	Comments
Introduction	7/3, 14/3	PDF
MD5/SHA1	14/3	PDF
Generic Attacks	14/3,28/3,1/4	PDF
Differential Cryptanalysis	1/4,18/4	PDF
Hitchhiker's Guide to SHA-3	20/6	PDF

The slides are in PDF format. I may change the slides a little bit before and after the lecture. Be aware of changes.

The Papers for the Seminar

Structural Cryptanalysis

Number	Title	Authors	Publication Information	Paper	Student
S1	Multicollisions in Iterated Hash Functions. Application to Cascaded Constructions	Antoine Joux	Crypto 2004 (pp. 306-316)	PDF	Raz, 2/5
S2	Second Preimages on n-Bit Hash Functions for Much Less than 2^n Work	John Kelsey and Bruce Schneier	Eurocrypt 2005 (pp. 474-490)	PDF	Available
S3	Herding Hash Functions and the Nostradamus Attack	John Kelsey and Tadayoshi Kohno	Eurocrypt 2006 (pp. 183-200)	PDF	Ohad, 16/5
S4	Second Preimage Attacks on Dithered Hash Functions	Elena Andreeva, Charles Bouillaguet, Pierre-Alain Fouque, Jonathan J. Hoch, John Kelsey, Adi Shamir, and Sebastien Zimmer	Eurocrypt 2008 (pp. 270-288)	PDF	Tomer, 23/5
S5	Herding, Second Preimage and Trojan Message Attacks beyond Merkle-Damgard	Elena Andreeva, Charles Bouillaguet, Orr Dunkelman, and John Kelsey	Selected Areas in Cryptography 2009 (pp. 393-414)	PDF	Available
S6	Improved Generic Algorithms for 3-Collisions	Antoine Joux and Stefan Lucks	Asiacrypt 2009 (pp. 347-363)	PDF	Alon, 6/6

Cryptanalysis of Specific Hash Functions

Number	Title	Authors	Publication Information	Paper	Student
I1	Differential Collisions in SHA-0	Florent Chabaud and Antoine Joux	Crypto 1998 (pp. 56-71)	Encrypted Zip	Fadi, 9/5
I2	Near-Collisions of SHA-0	Eli Biham and Rafi Chen	Crypto 2004 (pp. 290-305)	PDF	Available
I3	Collisions of SHA-0 and Reduced SHA-1	Eli Biham, Rafi Chen, Antoine Joux, Patrick Carribault, Christophe Lemuet, and William Jalby	Eurocrypt 2005 (pp. 36-57)	PDF	Nael, 16/5
I4	How to Break MD5 and Other Hash Functions	Xiaoyun Wang and Hongbo Yu	Eurocrypt 2005 (pp. 19-35)	PDF	Saar, 9/5
I5	Finding Collisions in the Full SHA-1	Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu	Crypto 2005 (pp. 17-36)	PDF	Available
I6	Finding SHA-1 Characteristics: General Results and Applications	Christophe De Canniere and Christian Rechberger	Asiacrypt 2006 (pp. 1-20)	PDF	Available
I7	Preimages for Reduced SHA-0 and SHA-1	Christophe De Canniere and Christian Rechberger	Crypto 2008 (pp. 179-202)	PDF	Stav, 23/5
I8	Tunnels in Hash Functions: MD5 Collisions Within a Minute	Vlastimil Klima	IACR ePrint Report 2006/105	Report	Available

Applications and Advanced Cryptanalytic Techniques

Number	Title	Authors	Publication Information	Paper	Student
A1	Chosen-Prefix Collisions for MD5 and Colliding X.509 Certificates for Different Identities	Marc Stevens, Arjen K. Lenstra, and Benne de Weger	Eurocrypt 2007 (pp. 1-22)	PDF	Available
A2	Short Chosen-Prefix Collisions for MD5 and the Creation of a Rogue CA Certificate	Marc Stevens, Alexander Sotirov, Jacob Appelbaum, Arjen K. Lenstra, David Molnar, Dag Arne Osvik, and Benne de Weger	Crypto 2009 (pp. 55-69)	PDF	Sela, 30/5
A3	Hash Functions and the (Amplified) Boomerang Attack	Antoine Joux and Thomas Peyrin	Crypto 2007 (pp. 244-263)	PDF	Available
A4	The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Grostl	Florian Mendel, Christian Rechberger, Martin Schlaffer, and Soren S. Thomsen	Fast Software Encryption 2009 (pp. 260-276)	PDF	Dikla, 30/5
A5	MD5 Is Weaker Than Weak: Attacks on Concatenated Combiners	Florian Mendel, Christian Rechberger, and Martin Schlaffer	Asiacrypt 2009 (pp. 144-161)	PDF	Available
A6	A Note on the Practical Value of Single Hash Collisions for Special File Formats	Max Gebhardt, Georg Illies, and Werner Schindler	NIST Hash Function workshop 2005	PDF	Ilya, 13/6

The Seminar's Schedule

Date	Student	Paper	Presentation
2/5	Raz	S1 - Multicollisions in Iterated Hash Functions. Application to Cascaded Constructions	PDF
9/5	Fadi	I1 - Differential Collisions in SHA-0	HTML
9/5	Saar	I4 - How to Break MD5 and Other Hash Functions	PDF
16/5	Nael	I3 - Collisions of SHA-0 and Reduced SHA-1	PDF
16/5	Ohad	S3 - Herding Hash Functions and the Nostradamus Attack	PDF
23/5	Stav	I7 - Preimages for Reduced SHA-0 and SHA-1	PDF
23/5	Tomer	S4 - Second Preimage Attacks on Dithered Hash Functions	PDF
30/5	Dikla	A4 - The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Grostl	PDF
30/5	Sela	A2 - Short Chosen-Prefix Collisions for MD5 and the Creation of a Rogue CA Certificate	PDF
6/6	Alon	S6 - Improved Generic Algorithms for 3-Collisions	PDF
13/6	Ilya	A6 - A Note on the Practical Value of Single Hash Collisions for Special File Formats

Note that this schedule is not final, and may be changed!

The order between the speakers of the same class, to be determined between them (or if no agreement is found, by a coin flip).