International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Benne de Weger

Affiliation: Technische Universiteit Eindhoven

Publications

Year
Venue
Title
2015
EPRINT
2009
CRYPTO
2007
EUROCRYPT
2006
EPRINT
Target Collisions for MD5 and Colliding X.509 Certificates for Different Identities
Marc Stevens Arjen Lenstra Benne de Weger
We have shown how, at a cost of about $2^{52}$ calls to the MD5 compression function, for any two target messages $m_1$ and $m_2$, values $b_1$ and $b_2$ can be constructed such that the concatenated values $m_1\|b_1$ and $m_2\|b_2$ collide under MD5. Although the practical attack potential of this construction of \emph{target collisions} is limited, it is of greater concern than random collisions for MD5. In this note we sketch our construction. To illustrate its practicality, we present two MD5 based X.509 certificates with identical signatures but different public keys \emph{and} different Distinguished Name fields, whereas our previous construction of colliding X.509 certificates required identical name fields. We speculate on other possibilities for abusing target collisions.
2005
EUROCRYPT
2005
EPRINT
Colliding X.509 Certificates
Arjen Lenstra Xiaoyun Wang Benne de Weger
We announce the construction of a pair of valid X.509 certificates with identical signatures.
2005
EPRINT
Twin RSA
Arjen K. Lenstra Benjamin M.M. de Weger
We introduce {\em Twin RSA}, pairs of RSA moduli $(n,n+2)$, and formulate several questions related to it. Our main questions are: is Twin RSA secure, and what is it good for?
2000
EPRINT
Cryptanalysis of RSA with small prime difference
Benne de Weger
We show that choosing an RSA modulus with a small difference of its prime factors yields improvements on the small private exponent attacks of Wiener and Boneh-Durfee.