IACR Newsletter

Vol. 22, No. 1, Spring 2005.

Contents

• Editorial
• Calendar of events in cryptology
• Announcements
  • NIST Standard for Key Wrap Algorithms
  • ECRYPT - Call for Stream Cipher Primitives
  • 2003 IACR Proceedings CD-ROM
• Top Downloads from the Cryptology ePrint Archive
• Open Positions in Cryptology

Editorial

Welcome to the 20th electronic Newsletter of the IACR. As I take the reins from Christian, I wish to first thank him for his contributions. I have made some cosmetic changes in the newsletter I hope you will find it useful. These include the use of links to details and a summary of the most accessed downloads from the Cryptology ePrint Archive. This list is not intended to insinuate that these are the best papers, but only to indicate the areas of Cryptology that have broad interest.

I am very interested in feedback, positive or negative about this newsletter and how I can make it more relevant to the IACR Community. Please feel free to email me at the newsletter email address.

Thanks

James Hughes

IACR Newsletter Editor

Calendar of IACR events

• IACR Conferences

EUROCRYPT 2005 , May 22-26, Aarhus, Denmark.

CRYPTO 2005 , August 14-18, Santa Barbara, California, USA.

ASIACRYPT 2005 , December 4-8, Taj Coromandel, Chennai, India.

• IACR Workshops

CHES 2005 , August 30-September 1, Edinburgh, Scotland, UK.

PKC 2006 , April 24-26, NYC, USA.

• Conferences and Workshops In Cooperation With IACR

2005 IEEE Symposium on Security and Privacy , May 8-11, Oakland, USA.

Second Conference on Email and Anti-Spam , July 21-22, Palo Alto, California, USA.

• Complete Calendar of Cryptology Workshop

Announcements

• NIST Standard for Key Wrap Algorithms

From: Morris Dworkin; Date: Tue, 07 Dec 2004

The National Institute of Standards and Technology (NIST) is serving as the editor of a standard for key wrap algorithms that is in development within Accredited Standards Committee X9, Financial Services, Inc. On behalf of  the X9F1 working group, NIST requests a cryptographic review of the four  algorithms that have been proposed for the standard. A document that  specifies the algorithms and suggests security models for their analysis is available at the Cryptology ePrint Archive: http://eprint.iacr.org/2004/340 / .
Comments will be accepted until May 21, 2005.

• ECRYPT - Call for Stream Cipher Primitives

From: M Robshaw; Date: Fri, 17 Dec 2004

Just in case you missed out on mailings from different sources, you may be interested to know that ECRYPT has made a call for stream cipher primitives. More information is available at http://www.ecrypt.eu.org/stream/ - please feel free to publicize this effort widely.

• 2003 IACR Proceedings CD-ROM

IACR has a few remaining copies of the 2003 CD-ROM of IACR Conference Proceedings, including:

EUROCRYPT 1998-2003
CRYPTO 1998-2003
ASIACRYPT 1998-2003
FSE 1998-2003
PKC 1998-2003

These are now available for online purchase by credit card. You can find more information http://www.iacr.org/cd/cd2.html

Top downloads from the Cryptology ePrint Archive

The top downloads continue to reflect the general information security communities focus on the MD5 hash algorithm. The one exception is the publication on RC4 misuse. The amount of traffic on all of these papers were generated by several " slashdot " events where significant and public discussions of these issues occurred. While this seems very one sided, I expect that as time goes on, you will see a different set of subjects come across this page.

• Collisions for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD , X. Wang, D. Feng, X. Lai and H. Yu

This is the paper for a series of collisions in the hash functions MD4, MD5, HAVAL-128 and RIPEMD that were announced at CRYPTO 2004 Rump Session by Ms. X. Wang.

• Colliding X.509 Certificates , A. Lenstra, X. Wang, and B. de Weger.

Announces a method for the construction of pairs of valid X.509 certificates in which the "to be signed" parts form a collision for the MD5 hash function. As a result the issuer signatures in the certificates will be the same when the issuer uses MD5 as its hash function.

• The Misuse of RC4 in Microsoft Word and Excel , H. Wu

Reports a flaw in Microsoft Word and Excel's use of the stream cipher RC4. When an encrypted document gets modified and saved, the initialization vector remains the same allowing information to be recovered.

• Finding MD5 Collisions – a Toy For a Notebook , V. Klima

The author presents a new method for finding MD-5 collisions about 3 - 6 times faster than before. The first (complete) collision took 8 hours using a notebook PC (Intel Pentium 1.6 GHz).

• Musings on the Wang et al. MD5 Collision , P. Hawkes, M. Paddon and G. G. Rose

This paper examines the internal differences and conditions required for the MD5 attack to be successful. The large number of conditions suggests that an attacker cannot use these differentials to cause second pre-image attacks with complexity less than generic attacks. Initial examination also suggests that an attacker cannot cause such collisions for HMAC-MD5 with complexity less than generic attacks.

• Complete list of recent papers in the IACR ePrint Archive

Open positions in Cryptology

Currently there are two announcements on the IACR Website for Open Positions in Cryptology .

• UCL in Belgium
• Indiana University.

You may opt out of the newsletter either by editing your contact information and preferences here or by sending an email to the newsletter editor at newsletter (at) iacr.org .

Contributions, announcements, book announcements or reviews, calls for papers ... are most welcome! Please include a URL and/or e-mail addresses for any item submitted (if possible). For things that are not on the Web, please submit a one-page ASCII version. Send your contributions to newsletter (at) iacr.org .

IACR contact information