IACR Newsletter The newsletter of the International Association for Cryptologic Research. Vol. 22, No. 1, Spring 2005. Contents * [1]Editorial * [2]Calendar of events in cryptology * [3]Announcements + NIST Standard for Key Wrap Algorithms + ECRYPT - Call for Stream Cipher Primitives + 2003 IACR Proceedings CD-ROM * [4]Top Downloads from the Cryptology ePrint Archive * [5]Open Positions in Cryptology Editorial Welcome to the 20th electronic Newsletter of the IACR. As I take the reins from Christian, I wish to first thank him for his contributions. I have made some cosmetic changes in the newsletter I hope you will find it useful. These include the use of links to details and a summary of the most accessed downloads from the Cryptology ePrint Archive. This list is not intended to insinuate that these are the best papers, but only to indicate the areas of Cryptology that have broad interest. I am very interested in feedback, positive or negative about this newsletter and how I can make it more relevant to the IACR Community. Please feel free to email me at the newsletter email address. Thanks James Hughes IACR Newsletter Editor Calendar of IACR events * IACR Conferences [6]EUROCRYPT 2005, May 22-26, Aarhus, Denmark. [7]CRYPTO 2005, August 14-18, Santa Barbara, California, USA. [8]ASIACRYPT 2005, December 4-8, Taj Coromandel, Chennai, India. * IACR Workshops [9]CHES 2005, August 30-September 1, Edinburgh, Scotland, UK. [10]PKC 2006, April 24-26, NYC, USA. * Conferences and Workshops In Cooperation With IACR [11]2005 IEEE Symposium on Security and Privacy, May 8-11, Oakland, USA. [12]Second Conference on Email and Anti-Spam, July 21-22, Palo Alto, California, USA. * [13]Complete Calendar of Cryptology Workshop Announcements * NIST Standard for Key Wrap Algorithms From: Morris Dworkin; Date: Tue, 07 Dec 2004 The National Institute of Standards and Technology (NIST) is serving as the editor of a standard for key wrap algorithms that is in development within Accredited Standards Committee X9, Financial Services, Inc. On behalf of the X9F1 working group, NIST requests a cryptographic review of the four algorithms that have been proposed for the standard. A document that specifies the algorithms and suggests security models for their analysis is available at the Cryptology ePrint Archive: [14]http://eprint.iacr.org/2004/340/ . Comments will be accepted until May 21, 2005. * ECRYPT - Call for Stream Cipher Primitives From: M Robshaw; Date: Fri, 17 Dec 2004 Just in case you missed out on mailings from different sources, you may be interested to know that ECRYPT has made a call for stream cipher primitives. More information is available at [15]http://www.ecrypt.eu.org/stream/ - please feel free to publicize this effort widely. * 2003 IACR Proceedings CD-ROM IACR has a few remaining copies of the 2003 CD-ROM of IACR Conference Proceedings, including: EUROCRYPT 1998-2003 CRYPTO 1998-2003 ASIACRYPT 1998-2003 FSE 1998-2003 PKC 1998-2003 These are now available for online purchase by credit card. You can find more information [16]http://www.iacr.org/cd/cd2.html Top downloads from the Cryptology ePrint Archive The top downloads continue to reflect the general information security communities focus on the MD5 hash algorithm. The one exception is the publication on RC4 misuse. The amount of traffic on all of these papers were generated by several "[17]slashdot" events where significant and public discussions of these issues occurred. While this seems very one sided, I expect that as time goes on, you will see a different set of subjects come across this page. * [18]Collisions for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD, X. Wang, D. Feng, X. Lai and H. Yu This is the paper for a series of collisions in the hash functions MD4, MD5, HAVAL-128 and RIPEMD that were announced at CRYPTO 2004 Rump Session by Ms. X. Wang. * [19]Colliding X.509 Certificates, A. Lenstra, X. Wang, and B. de Weger. Announces a method for the construction of pairs of valid X.509 certificates in which the "to be signed" parts form a collision for the MD5 hash function. As a result the issuer signatures in the certificates will be the same when the issuer uses MD5 as its hash function. * [20]The Misuse of RC4 in Microsoft Word and Excel, H. Wu Reports a flaw in Microsoft Word and Excel's use of the stream cipher RC4. When an encrypted document gets modified and saved, the initialization vector remains the same allowing information to be recovered. * [21]Finding MD5 Collisions - a Toy For a Notebook, V. Klima The author presents a new method for finding MD-5 collisions about 3 - 6 times faster than before. The first (complete) collision took 8 hours using a notebook PC (Intel Pentium 1.6 GHz). * [22]Musings on the Wang et al. MD5 Collision, P. Hawkes, M. Paddon and G. G. Rose This paper examines the internal differences and conditions required for the MD5 attack to be successful. The large number of conditions suggests that an attacker cannot use these differentials to cause second pre-image attacks with complexity less than generic attacks. Initial examination also suggests that an attacker cannot cause such collisions for HMAC-MD5 with complexity less than generic attacks. * [23]Complete list of recent papers in the IACR ePrint Archive Open positions in Cryptology Currently there are two announcements on the IACR Website for [24]Open Positions in Cryptology. * UCL in Belgium * Indiana University. You may opt out of the newsletter either by editing your contact information and preferences [25]here or by sending an email to the newsletter editor at newsletter (at) iacr.org. Contributions, announcements, book announcements or reviews, calls for papers ... are most welcome! Please include a URL and/or e-mail addresses for any item submitted (if possible). For things that are not on the Web, please submit a one-page ASCII version. Send your contributions to newsletter (at) iacr.org. [26]IACR contact information _________________________________________________________________ [ [27]IACR home page | [28]IACR Newsletter page and archive ] [29]Copyright IACR References 1. http://www.iacr.org/newsletter/v22n1/index.html#editorial 2. http://www.iacr.org/newsletter/v22n1/index.html#Calendar 3. http://www.iacr.org/newsletter/v22n1/index.html#Announcements 4. http://www.iacr.org/newsletter/v22n1/index.html#eprint 5. http://www.iacr.org/newsletter/v22n1/index.html#positions 6. http://www.brics.dk/eurocrypt05/ 7. http://www.iacr.org/conferences/crypto2005 8. http://www.cs.iitm.ernet.in/~ac05/index.html 9. http://www.chesworkshop.org/ 10. mailto:tal%20at%20cs%20columbia%20edu 11. http://www.ieee-security.org/TC/SP2005/oakland05-home.html 12. http://www.ceas.cc/index.html 13. http://www.iacr.org/events 14. http://eprint.iacr.org/2004/340 15. http://www.ecrypt.eu.org/stream/ 16. http://www.iacr.org/cd/cd2.html 17. http://www.slashdot.org/ 18. http://eprint.iacr.org/2004/199 19. http://eprint.iacr.org/2005/067 20. http://eprint.iacr.org/2005/007 21. http://eprint.iacr.org/2005/075 22. http://eprint.iacr.org/2004/264 23. http://eprint.iacr.org/cgi-bin/search.pl?last=182&title=1 24. http://www.iacr.org/jobs/index.html 25. https://s1.iacr.org/iacrmem/update.html 26. http://www.iacr.org/bod.html 27. http://www.iacr.org/index.html 28. http://www.iacr.org/newsletter/index.html 29. http://www.iacr.org/copyright.html