密码学报2023,Vol.10Issue(6):1209-1224,16.DOI:10.13868/j.cnki.jcr.000659
基于选择前缀攻击的哈希函数多文件格式碰撞
Hash Collisions for Special File Formats Based on Chosen-Prefix Attacks
摘要
Abstract
Hash functions are widely used in digital signatures and integrity checking.From the aspect of collision attack,the progress of near-collision attacks on hash functions is introduced,current collision applications implemented using two types of near-collision attacks are summarized,and the collision of hash functions with single and multiple file types using near-collision attacks are given.Then,the first collision for hash functions for MP3-PDF-JPEG files is implemented using chosen-prefix collision attack.The attack takes advantage of the stability of the MP3 structure,and solves the problem of comment segment length in JPEG files by splitting MP3 files,breaking the length limit of MP3 files.Then the feature of PDF is used to combine three files above,and a new file structure is constructed by using the stream object in PDF and the comment segment in JPEG,which can lead to collision for hash functions by building chosen-prefix collision attack twice.To verify the conclusion,a collision for MD5 is implemented with the above mentioned three files,and the complexity of the collision for SHA-1 of these three files is evaluated to be 264.4.The method of implementing collision proposed in this paper can be applied to arbitrary hash functions with MD structures.关键词
哈希函数/相同前缀攻击/选择前缀攻击/文件格式解析Key words
hash functions/identical-prefix attack/chosen-prefix attack/file format explanation分类
信息技术与安全科学引用本文复制引用
李德刚,杨阳,曾光..基于选择前缀攻击的哈希函数多文件格式碰撞[J].密码学报,2023,10(6):1209-1224,16.基金项目
数学工程与先进计算国家重点实验室开放课题(2020A08)Open Fund of State Key Laboratory of Mathematical Engineering and Advanced Computing(2020A08) (2020A08)
