Vol. 22, No. 1, Spring 2005.
Welcome to the 20th electronic Newsletter of the IACR. As I take the reins from Christian, I wish to first thank him for his contributions. I have made some cosmetic changes in the newsletter I hope you will find it useful. These include the use of links to details and a summary of the most accessed downloads from the Cryptology ePrint Archive. This list is not intended to insinuate that these are the best papers, but only to indicate the areas of Cryptology that have broad interest.
I am very interested in feedback, positive or negative about this newsletter and how I can make it more relevant to the IACR Community. Please feel free to email me at the newsletter email address.
IACR Newsletter Editor
EUROCRYPT 2005, May 22-26, Aarhus, Denmark.
CRYPTO 2005, August 14-18, Santa Barbara, California, USA.
ASIACRYPT 2005, December 4-8, Taj Coromandel, Chennai, India.
2005 IEEE Symposium on Security and Privacy, May 8-11, Oakland, USA.
Second Conference on Email and Anti-Spam, July 21-22, Palo Alto, California, USA.
From: Morris Dworkin; Date: Tue, 07 Dec 2004
The National Institute of Standards and Technology (NIST) is serving as the editor of a standard for key wrap algorithms that is in development within Accredited Standards Committee X9, Financial Services, Inc. On behalf of the X9F1 working group, NIST requests a cryptographic review of the four algorithms that have been proposed for the standard. A document that specifies the algorithms and suggests security models for their analysis is available at the Cryptology ePrint Archive: http://eprint.iacr.org/2004/340/ .
Comments will be accepted until May 21, 2005.
From: M Robshaw; Date: Fri, 17 Dec 2004
Just in case you missed out on mailings from different sources, you may be interested to know that ECRYPT has made a call for stream cipher primitives. More information is available at http://www.ecrypt.eu.org/stream/ - please feel free to publicize this effort widely.
IACR has a few remaining copies of the 2003 CD-ROM of IACR Conference Proceedings, including:
These are now available for online purchase by credit card. You can find more information http://www.iacr.org/cd/cd2.html
The top downloads continue to reflect the general information security communities focus on the MD5 hash algorithm. The one exception is the publication on RC4 misuse. The amount of traffic on all of these papers were generated by several "slashdot" events where significant and public discussions of these issues occurred. While this seems very one sided, I expect that as time goes on, you will see a different set of subjects come across this page.
- Collisions for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD, X. Wang, D. Feng, X. Lai and H. Yu
This is the paper for a series of collisions in the hash functions MD4, MD5, HAVAL-128 and RIPEMD that were announced at CRYPTO 2004 Rump Session by Ms. X. Wang.
- Colliding X.509 Certificates, A. Lenstra, X. Wang, and B. de Weger.
Announces a method for the construction of pairs of valid X.509 certificates in which the "to be signed" parts form a collision for the MD5 hash function. As a result the issuer signatures in the certificates will be the same when the issuer uses MD5 as its hash function.
Reports a flaw in Microsoft Word and Excel's use of the stream cipher RC4. When an encrypted document gets modified and saved, the initialization vector remains the same allowing information to be recovered.
The author presents a new method for finding MD-5 collisions about 3 - 6 times faster than before. The first (complete) collision took 8 hours using a notebook PC (Intel Pentium 1.6 GHz).
- Musings on the Wang et al. MD5 Collision, P. Hawkes, M. Paddon and G. G. Rose
This paper examines the internal differences and conditions required for the MD5 attack to be successful. The large number of conditions suggests that an attacker cannot use these differentials to cause second pre-image attacks with complexity less than generic attacks. Initial examination also suggests that an attacker cannot cause such collisions for HMAC-MD5 with complexity less than generic attacks.
Currently there are two announcements on the IACR Website for Open Positions in Cryptology.
- UCL in Belgium
- Indiana University.
You may opt out of the newsletter either by editing your contact information and preferences here or by sending an email to the newsletter editor at newsletter (at) iacr.org.
Contributions, announcements, book announcements or reviews, calls for papers ... are most welcome! Please include a URL and/or e-mail addresses for any item submitted (if possible). For things that are not on the Web, please submit a one-page ASCII version. Send your contributions to newsletter (at) iacr.org.