IACR Newsletter

The newsletter of the International Association for Cryptologic Research.

Vol. 22, No. 1, Spring 2005.



Welcome to the 20th electronic Newsletter of the IACR. As I take the reins from Christian, I wish to first thank him for his contributions. I have made some cosmetic changes in the newsletter I hope you will find it useful. These include the use of links to details and a summary of the most accessed downloads from the Cryptology ePrint Archive. This list is not intended to insinuate that these are the best papers, but only to indicate the areas of Cryptology that have broad interest.

I am very interested in feedback, positive or negative about this newsletter and how I can make it more relevant to the IACR Community. Please feel free to email me at the newsletter email address.


James Hughes

IACR Newsletter Editor

Calendar of IACR events


From: Morris Dworkin; Date: Tue, 07 Dec 2004

The National Institute of Standards and Technology (NIST) is serving as the editor of a standard for key wrap algorithms that is in development within Accredited Standards Committee X9, Financial Services, Inc. On behalf of  the X9F1 working group, NIST requests a cryptographic review of the four  algorithms that have been proposed for the standard. A document that  specifies the algorithms and suggests security models for their analysis is available at the Cryptology ePrint Archive: http://eprint.iacr.org/2004/340 / .
Comments will be accepted until May 21, 2005.

From: M Robshaw; Date: Fri, 17 Dec 2004

Just in case you missed out on mailings from different sources, you may be interested to know that ECRYPT has made a call for stream cipher primitives. More information is available at http://www.ecrypt.eu.org/stream/ - please feel free to publicize this effort widely.

IACR has a few remaining copies of the 2003 CD-ROM of IACR Conference Proceedings, including:

EUROCRYPT 1998-2003
CRYPTO 1998-2003
ASIACRYPT 1998-2003
FSE 1998-2003
PKC 1998-2003

These are now available for online purchase by credit card. You can find more information http://www.iacr.org/cd/cd2.html

Top downloads from the Cryptology ePrint Archive

The top downloads continue to reflect the general information security communities focus on the MD5 hash algorithm. The one exception is the publication on RC4 misuse. The amount of traffic on all of these papers were generated by several " slashdot " events where significant and public discussions of these issues occurred. While this seems very one sided, I expect that as time goes on, you will see a different set of subjects come across this page.

This is the paper for a series of collisions in the hash functions MD4, MD5, HAVAL-128 and RIPEMD that were announced at CRYPTO 2004 Rump Session by Ms. X. Wang.

Announces a method for the construction of pairs of valid X.509 certificates in which the "to be signed" parts form a collision for the MD5 hash function. As a result the issuer signatures in the certificates will be the same when the issuer uses MD5 as its hash function.

Reports a flaw in Microsoft Word and Excel's use of the stream cipher RC4. When an encrypted document gets modified and saved, the initialization vector remains the same allowing information to be recovered.

The author presents a new method for finding MD-5 collisions about 3 - 6 times faster than before. The first (complete) collision took 8 hours using a notebook PC (Intel Pentium 1.6 GHz).

This paper examines the internal differences and conditions required for the MD5 attack to be successful. The large number of conditions suggests that an attacker cannot use these differentials to cause second pre-image attacks with complexity less than generic attacks. Initial examination also suggests that an attacker cannot cause such collisions for HMAC-MD5 with complexity less than generic attacks.

Open positions in Cryptology

Currently there are two announcements on the IACR Website for Open Positions in Cryptology .

You may opt out of the newsletter either by editing your contact information and preferences here or by sending an email to the newsletter editor at newsletter (at) iacr.org .

Contributions, announcements, book announcements or reviews, calls for papers ... are most welcome! Please include a URL and/or e-mail addresses for any item submitted (if possible). For things that are not on the Web, please submit a one-page ASCII version. Send your contributions to newsletter (at) iacr.org .

IACR contact information