Malicious Hashing: Eve's Variant of SHA-1

Ange Albertini; Jean-Philippe Aumasson; Maria Eichlseder; Florian Mendel; Martin Schläffer

doi:10.1007/978-3-319-13051-4_1

Malicious Hashing: Eve's Variant of SHA-1

Ange Albertini, Jean-Philippe Aumasson, Maria Eichlseder^*, Florian Mendel, Martin Schläffer

^*Corresponding author for this work

Institute of Applied Information Processing and Communications (7050)

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Abstract

We present collisions for a version of SHA-1 with modified constants, where the colliding payloads are valid binary files. Examples are given of colliding executables, archives, and images. Our malicious SHA-1 instances have round constants that differ from the original ones in only 40 bits (on average). Modified versions of cryptographic standards are typically used on closed systems (e.g., in pay-TV, media and gaming platforms) and aim to differentiate cryptographic components across customers or services. Our proof-of-concept thus demonstrates the exploitability of custom SHA-1 versions for malicious purposes, such as the injection of user surveillance features. To encourage further research on such malicious hash functions, we propose definitions of malicious hash functions and of associated security notions.

Original language	English
Title of host publication	Selected Areas in Cryptography
Editors	Antoine Joux
Publisher	Springer
Pages	1-19
Volume	8781
DOIs	https://doi.org/10.1007/978-3-319-13051-4_1
Publication status	Published - 2014
Event	International Workshop on Selected Areas in Cryptography: SAC 2014 - Montreal, Canada Duration: 14 Aug 2014 → 15 Aug 2014

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer
Volume	8781

Conference

Conference	International Workshop on Selected Areas in Cryptography
Country/Territory	Canada
City	Montreal
Period	14/08/14 → 15/08/14

Fields of Expertise

Information, Communication & Computing

Treatment code (Nähere Zuordnung)

Basic - Fundamental (Grundlagenforschung)

Access to Document

10.1007/978-3-319-13051-4_1

SePAG - Secure Privacy-Aware Solutions for Smart Grids
Mendel, F., Plos, T., Schmidt, J. & Kirschbaum, M.
1/07/12 → 30/09/14
Project: Research project
Cryptography
Schläffer, M., Oswald, M. E., Lipp, P., Dobraunig, C. E., Mendel, F., Eichlseder, M., Nad, T., Posch, R., Lamberger, M., Rijmen, V. & Rechberger, C.
1/01/95 → 31/01/19
Project: Research area

Cite this

Albertini, A, Aumasson, J-P, Eichlseder, M, Mendel, F & Schläffer, M 2014, Malicious Hashing: Eve's Variant of SHA-1. in A Joux (ed.), Selected Areas in Cryptography. vol. 8781, Lecture Notes in Computer Science, vol. 8781, Springer, pp. 1-19, International Workshop on Selected Areas in Cryptography, Montreal, Canada, 14/08/14. https://doi.org/10.1007/978-3-319-13051-4_1

@inproceedings{c4718834464d4e26875227bff849cd39,

title = "Malicious Hashing: Eve's Variant of SHA-1",

abstract = "We present collisions for a version of SHA-1 with modified constants, where the colliding payloads are valid binary files. Examples are given of colliding executables, archives, and images. Our malicious SHA-1 instances have round constants that differ from the original ones in only 40 bits (on average). Modified versions of cryptographic standards are typically used on closed systems (e.g., in pay-TV, media and gaming platforms) and aim to differentiate cryptographic components across customers or services. Our proof-of-concept thus demonstrates the exploitability of custom SHA-1 versions for malicious purposes, such as the injection of user surveillance features. To encourage further research on such malicious hash functions, we propose definitions of malicious hash functions and of associated security notions.",

author = "Ange Albertini and Jean-Philippe Aumasson and Maria Eichlseder and Florian Mendel and Martin Schl{\"a}ffer",

year = "2014",

doi = "10.1007/978-3-319-13051-4_1",

language = "English",

volume = "8781",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "1--19",

editor = "Antoine Joux",

booktitle = "Selected Areas in Cryptography",

note = "International Workshop on Selected Areas in Cryptography : SAC 2014 ; Conference date: 14-08-2014 Through 15-08-2014",

}

TY - GEN

T1 - Malicious Hashing: Eve's Variant of SHA-1

AU - Albertini, Ange

AU - Aumasson, Jean-Philippe

AU - Eichlseder, Maria

AU - Mendel, Florian

AU - Schläffer, Martin

PY - 2014

Y1 - 2014

N2 - We present collisions for a version of SHA-1 with modified constants, where the colliding payloads are valid binary files. Examples are given of colliding executables, archives, and images. Our malicious SHA-1 instances have round constants that differ from the original ones in only 40 bits (on average). Modified versions of cryptographic standards are typically used on closed systems (e.g., in pay-TV, media and gaming platforms) and aim to differentiate cryptographic components across customers or services. Our proof-of-concept thus demonstrates the exploitability of custom SHA-1 versions for malicious purposes, such as the injection of user surveillance features. To encourage further research on such malicious hash functions, we propose definitions of malicious hash functions and of associated security notions.

AB - We present collisions for a version of SHA-1 with modified constants, where the colliding payloads are valid binary files. Examples are given of colliding executables, archives, and images. Our malicious SHA-1 instances have round constants that differ from the original ones in only 40 bits (on average). Modified versions of cryptographic standards are typically used on closed systems (e.g., in pay-TV, media and gaming platforms) and aim to differentiate cryptographic components across customers or services. Our proof-of-concept thus demonstrates the exploitability of custom SHA-1 versions for malicious purposes, such as the injection of user surveillance features. To encourage further research on such malicious hash functions, we propose definitions of malicious hash functions and of associated security notions.

U2 - 10.1007/978-3-319-13051-4_1

DO - 10.1007/978-3-319-13051-4_1

M3 - Conference paper

VL - 8781

T3 - Lecture Notes in Computer Science

SP - 1

EP - 19

BT - Selected Areas in Cryptography

A2 - Joux, Antoine

PB - Springer

T2 - International Workshop on Selected Areas in Cryptography

Y2 - 14 August 2014 through 15 August 2014

ER -

Malicious Hashing: Eve's Variant of SHA-1

Abstract

Publication series

Conference

Fields of Expertise

Treatment code (Nähere Zuordnung)

Access to Document

Fingerprint

Projects

SePAG - Secure Privacy-Aware Solutions for Smart Grids

Cryptography

Cite this