From Collisions to Chosen-Prefix Collisions - Application to Full SHA-1.

摘要: A chosen-prefix collision attack is a stronger variant of attack, where an arbitrary pair challenge prefixes are turned into collision. Chosen-prefix collisions usually significantly harder to produce than (identical-prefix) collisions, but the practical impact such much larger. While many cryptographic constructions rely on collision-resistance for their security proofs, attacks hard turn break concrete protocols, because adversary has limited control over colliding messages. On other hand, have been shown certificates (by creating rogue CA) and internet protocols (TLS, SSH, IPsec).