Sciweavers

ACISP
2005
Springer

On the Possibility of Constructing Meaningful Hash Collisions for Public Keys

14 years 5 months ago
On the Possibility of Constructing Meaningful Hash Collisions for Public Keys
It is sometimes argued (as in [6]) that finding meaningful hash collisions might prove difficult. We show that at least one of the arguments involved is wrong, by showing that for several common public key systems it is easy to construct pairs of meaningful and secure public key data that either collide or share other characteristics with the hash collisions as quickly constructed in [22]. We present some simple results, investigate what we can and cannot (yet) achieve, and formulate some open problems of independent interest. At this point we are not yet aware of truly interesting practical implications. Nevertheless, our results may be relevant for the practical assessment of the recent hash collision results in [22]. For instance, we show how to use hash collisions to construct two X.509 certificates that contain identical signatures and that differ only in the public keys. Thus hash collisions indeed undermine one of the principles underlying Public Key Infrastructures.
Arjen K. Lenstra, Benne de Weger
Added 26 Jun 2010
Updated 26 Jun 2010
Type Conference
Year 2005
Where ACISP
Authors Arjen K. Lenstra, Benne de Weger
Comments (0)