In this paper, we demonstrate that significantly more information can be deduced from the example collision. Namely, that these details are actually sufficient to reconstruct the collision attack to a great extent using some weak logical assumptions. In particular, we contribute an analysis of the differential path family for each of the four near-collision blocks, the chaining value differences elimination procedure and a complexity analysis of the near-collision block attacks and the associated birthday search for various parameter choices. Furthermore, we were able to prove a lower-bound for the attack's complexity.
This reverse-engineering of a non-academic cryptanalytic attack exploited in the real world seems to be without precedent. As it allegedly was developed by some nation-state(s), we discuss potential insights to their cryptanalytic knowledge and capabilities.Category / Keywords: secret-key cryptography / MD5, hash function, cryptanalysis, reverse engineering, signature forgery Original Publication (in the same form): IACR-ASIACRYPT-2015 Date: received 16 Mar 2016 Contact author: max fillinger at cwi nl Available format(s): PDF | BibTeX Citation Version: 20160317:162351 (All versions of this report) Short URL: ia.cr/2016/298 Discussion forum: Show discussion | Start new discussion