Chosen-prefix Collisions for MD5 and Colliding X.509 Certificates for Different Identities (2009)
Marc Stevens, Arjen Lenstra, Benne De Weger
Abstract. We present a novel, automated way to find differential paths for MD5. As an application we have shown how, at an approximate expected cost of 2 50 calls to the MD5 compression function, for...
Some Diophantine equations from finite group theory: m(x) (2009)
Luca, Florian, Moree, Pieter, Weger, Benne De
We show that the equation in the title (with n the nth cyclotomic polynomial) has no integer solution with n 1 in the cases (m, p) = (15, 41), (15, 5581), (10, 271). These equations arise in a recent...
A Partial Key Exposure Attack on RSA Using a 2-Dimensional Lattice (2008)
Ellen Jochemsz, Benne De Weger
Abstract. We describe an attack on the RSA cryptosystem when the private exponent d is chosen to be ’small’, under the condition that a sufficient amount of bits of d is available to the...
Target Collisions for MD5 and Colliding Certificates For . . . (2006)
Marc Stevens, Arjen Lenstra, Benne De Weger
One of us has shown how for any two target messages m1 and m2 , values b1 and b2 can effectively be constructed such that the concatenated values m1||b1 and m2||b2 collide under MD5. Although the...
Target Collisions for MD5 and Colliding X.509 Certificates for Different Identities (2006)
Marc Stevens, Arjen Lenstra, Benne De Weger
We have shown how, at a cost of about 2^52 calls to the MD5 compression function, for any two target messages m1 and m2, values b1 and b2 can be constructed such that the concatenated values m1||b1...
Partial Key Exposure Attacks on RSA up to Full Size Exponents (2005)
Matthias Ernst, Ellen Jochemsz, Alexander May, Er May, Benne De Weger
We present several attacks on RSA that factor the modulus in polynomial time under the condition that a fraction of the most significant bits or least significant bits of the private exponent is...
Partial Key Exposure Attacks on RSA up to Full Size Exponents (2005)
Matthias Ernst, Ellen Jochemsz, Alexander May, Er May, Benne De Weger
We present several attacks on RSA that factor the modulus in polynomial time under the condition that a fraction of the most significant bits or least significant bits of the private exponent is...
Partial Key Exposure Attacks on RSA Up to Full Size Exponents (2005)
Matthias Ernst, Ellen Jochemsz, Er May, Benne De Weger
Abstract. We present several attacks on RSA that factor the modulus in polynomial time under the condition that a fraction of the most significant bits or least significant bits of the private...
On the possibility of constructing meaningful hash collisions for public keys (2005)
Abstract. It is sometimes argued that finding meaningful hash collisions might prove difficult. We show that for several common public key systems it is easy to construct pairs of meaningful and...
Theoretical and Computational Bounds for M-Cycles of the 3n + 1 Problem (2004)
An m-cycle of the 3n+1-problem is defined as a periodic orbit with m local minima. In this article we derive lower and upper bounds for the cycle length and the elements of (hypothetical) m-cycles.
Algorithms for diophantine equations / (1988)
Thesis (doctoral)--Rijksuniversiteit te Leiden, 1988.