{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,14]],"date-time":"2026-02-14T00:24:16Z","timestamp":1771028656811,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":43,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783662479889","type":"print"},{"value":"9783662479896","type":"electronic"}],"license":[{"start":{"date-parts":[[2015,1,1]],"date-time":"2015-01-01T00:00:00Z","timestamp":1420070400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015]]},"DOI":"10.1007\/978-3-662-47989-6_30","type":"book-chapter","created":{"date-parts":[[2015,7,30]],"date-time":"2015-07-30T22:36:05Z","timestamp":1438295765000},"page":"623-642","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":22,"title":["Practical Free-Start Collision Attacks on 76-step SHA-1"],"prefix":"10.1007","author":[{"given":"Pierre","family":"Karpman","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Thomas","family":"Peyrin","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Marc","family":"Stevens","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2015,8,1]]},"reference":[{"key":"30_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"290","DOI":"10.1007\/978-3-540-28628-8_18","volume-title":"Advances in Cryptology \u2013 CRYPTO 2004","author":"E Biham","year":"2004","unstructured":"Biham, E., Chen, R.: Near-collisions of SHA-0. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 290\u2013305. Springer, Heidelberg (2004)"},{"key":"30_CR2","doi-asserted-by":"crossref","unstructured":"Biham, E., Chen, R., Joux, A., Carribault, P., Lemuet, C., Jalby, W.: Collisions of SHA-0 and reduced SHA-1. In: Cramer [5], pp. 36\u201357","DOI":"10.1007\/11426639_3"},{"key":"30_CR3","series-title":"Lecture Notes in Computer Science","volume-title":"Advances in Cryptology - CRYPTO 1989","year":"1990","unstructured":"Brassard, G. (ed.): CRYPTO 1989. LNCS, vol. 435. Springer, Heidelberg (1990)"},{"key":"30_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"56","DOI":"10.1007\/BFb0055720","volume-title":"Advances in Cryptology - CRYPTO 1998","author":"F Chabaud","year":"1998","unstructured":"Chabaud, F., Joux, A.: Differential collisions in SHA-0. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 56\u201371. Springer, Heidelberg (1998)"},{"key":"30_CR5","series-title":"Lecture Notes in Computer Science","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2005","year":"2005","unstructured":"Cramer, R. (ed.): EUROCRYPT 2005. LNCS, vol. 3494. Springer, Heidelberg (2005)"},{"key":"30_CR6","doi-asserted-by":"crossref","unstructured":"Damg\u00e5rd, I.: A design principle for hash functions. In: Brassard [3], pp. 416\u2013427","DOI":"10.1007\/0-387-34805-0_39"},{"key":"30_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"56","DOI":"10.1007\/978-3-540-77360-3_4","volume-title":"Selected Areas in Cryptography","author":"C Canni\u00e8re De","year":"2007","unstructured":"De Canni\u00e8re, C., Mendel, F., Rechberger, C.: Collisions for 70-step SHA-1: on the full cost of collision search. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 56\u201373. Springer, Heidelberg (2007)"},{"key":"30_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/11935230_1","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2006","author":"C Canni\u00e8re De","year":"2006","unstructured":"De Canni\u00e8re, C., Rechberger, C.: Finding SHA-1 characteristics: general results and applications. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 1\u201320. Springer, Heidelberg (2006)"},{"key":"30_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"194","DOI":"10.1007\/3-540-46766-1_14","volume-title":"Advances in Cryptology - CRYPTO 1991","author":"B Boer den","year":"1992","unstructured":"den Boer, B., Bosselaers, A.: An attack on the last two rounds of MD4. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 194\u2013203. Springer, Heidelberg (1992)"},{"key":"30_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"293","DOI":"10.1007\/3-540-48285-7_26","volume-title":"Advances in Cryptology - EUROCRYPT 1993","author":"B Boer den","year":"1994","unstructured":"den Boer, B., Bosselaers, A.: Collisions for the compression function of MD\n                      \n                        \n                      \n                      $$_5$$\n                      \n                        \n                          \n                            \n                            5\n                          \n                        \n                      \n                    . In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 293\u2013304. Springer, Heidelberg (1994)"},{"key":"30_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"53","DOI":"10.1007\/3-540-60865-6_43","volume-title":"Fast Software Encryption","author":"H Dobbertin","year":"1996","unstructured":"Dobbertin, H.: Cryptanalysis of MD4. In: Gollmann, D. (ed.) FSE 1996. LNCS, vol. 1039, pp. 53\u201369. Springer, Heidelberg (1996)"},{"key":"30_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"365","DOI":"10.1007\/978-3-642-13858-4_21","volume-title":"Fast Software Encryption","author":"H Gilbert","year":"2010","unstructured":"Gilbert, H., Peyrin, T.: Super-sbox cryptanalysis: improved attacks for AES-like permutations. In: Hong, S., Iwata, T. (eds.) FSE 2010. LNCS, vol. 6147, pp. 365\u2013383. Springer, Heidelberg (2010). \n                      http:\/\/dx.doi.org\/10.1007\/978-3-642-13858-4"},{"key":"30_CR13","unstructured":"Grechnikov, E.A.: Collisions for 72-step and 73-step SHA-1: improvements in the method of characteristics. IACR Cryptology ePrint Archive 2010, 413 (2010)"},{"key":"30_CR14","unstructured":"Grechnikov, E.A., Adinetz, A.V.: Collision for 75-step SHA-1: intensive parallelization with GPU. IACR Cryptology ePrint Archive 2011, 641 (2011)"},{"key":"30_CR15","unstructured":"Hashclash project webpage. \n                      https:\/\/marc-stevens.nl\/p\/hashclash\/"},{"key":"30_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"110","DOI":"10.1007\/978-3-642-34047-5_7","volume-title":"Fast Software Encryption","author":"J Jean","year":"2012","unstructured":"Jean, J., Naya-Plasencia, M., Peyrin, T.: Improved rebound attack on the finalist Gr\u00f8stl. In: Canteaut, A. (ed.) FES 2012. LNCS, vol. 7549, pp. 110\u2013126. Springer, Heidelberg (2012)"},{"key":"30_CR17","series-title":"Lecture Notes in Computer Science","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2013","year":"2013","unstructured":"Johansson, T., Nguyen, P.Q. (eds.): EUROCRYPT 2013. LNCS, vol. 7881. Springer, Heidelberg (2013). \n                      http:\/\/dx.doi.org\/10.1007\/978-3-642-38348-9"},{"key":"30_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"244","DOI":"10.1007\/978-3-540-74143-5_14","volume-title":"Advances in Cryptology - CRYPTO 2007","author":"A Joux","year":"2007","unstructured":"Joux, A., Peyrin, T.: Hash functions and the (amplified) boomerang attack. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 244\u2013263. Springer, Heidelberg (2007)"},{"key":"30_CR19","doi-asserted-by":"crossref","unstructured":"Karpman, P., Peyrin, T., Stevens, M.: Practical free-start collision attacks on 76-step SHA-1. IACR Cryptology ePrint Archive 2015, 530 (2015)","DOI":"10.1007\/978-3-662-47989-6_30"},{"key":"30_CR20","unstructured":"Kl\u00edma, V.: Tunnels in hash functions: MD5 collisions within a minute. IACR Cryptology ePrint Archive 2006, 105 (2006)"},{"key":"30_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"126","DOI":"10.1007\/978-3-642-10366-7_8","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2009","author":"M Lamberger","year":"2009","unstructured":"Lamberger, M., Mendel, F., Rechberger, C., Rijmen, V., Schl\u00e4ffer, M.: Rebound distinguishers: results on the full whirlpool compression function. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 126\u2013143. Springer, Heidelberg (2009). \n                      http:\/\/dx.doi.org\/10.1007\/978-3-642-10366-7"},{"key":"30_CR22","doi-asserted-by":"crossref","unstructured":"Landelle, F., Peyrin, T.: Cryptanalysis of full RIPEMD-128. In: Johansson and Nguyen [17], pp. 228\u2013244. \n                      http:\/\/dx.doi.org\/10.1007\/978-3-642-38348-9","DOI":"10.1007\/978-3-642-38348-9"},{"issue":"1\u20133","key":"30_CR23","doi-asserted-by":"publisher","first-page":"247","DOI":"10.1007\/s10623-010-9458-9","volume":"59","author":"S Manuel","year":"2011","unstructured":"Manuel, S.: Classification and generation of disturbance vectors for collision attacks against SHA-1. Des. Codes Crypt. 59(1\u20133), 247\u2013263 (2011)","journal-title":"Des. Codes Crypt."},{"key":"30_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"16","DOI":"10.1007\/978-3-642-05445-7_2","volume-title":"Selected Areas in Cryptography","author":"F Mendel","year":"2009","unstructured":"Mendel, F., Peyrin, T., Rechberger, C., Schl\u00e4ffer, M.: Improved cryptanalysis of the reduced Gr\u00f8stl compression function, ECHO permutation and AES block cipher. In: Jacobson Jr., M.J., Rijmen, V., Safavi-Naini, R. (eds.) SAC 2009. LNCS, vol. 5867, pp. 16\u201335. Springer, Heidelberg (2009). \n                      http:\/\/dx.doi.org\/10.1007\/978-3-642-05445-7"},{"key":"30_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"260","DOI":"10.1007\/978-3-642-03317-9_16","volume-title":"Fast Software Encryption","author":"F Mendel","year":"2009","unstructured":"Mendel, F., Rechberger, C., Schl\u00e4ffer, M., Thomsen, S.S.: The rebound attack: cryptanalysis of reduced whirlpool and Gr\u00f8stl. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 260\u2013276. Springer, Heidelberg (2009). \n                      http:\/\/dx.doi.org\/10.1007\/978-3-642-03317-9"},{"key":"30_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"509","DOI":"10.1007\/978-3-662-46706-0_26","volume-title":"Fast Software Encryption","author":"F Mendel","year":"2015","unstructured":"Mendel, F., Rijmen, V., Schl\u00e4ffer, M.: Collision attack on 5 rounds of Gr\u00f8stl. In: Cid, C., Rechberger, C. (eds.) FSE 2014. LNCS, vol. 8540, pp. 509\u2013521. Springer, Heidelberg (2015). \n                      http:\/\/dx.doi.org\/10.1007\/978-3-662-46706-0"},{"key":"30_CR27","doi-asserted-by":"crossref","unstructured":"Merkle, R.C.: One way hash functions and DES. In: Brassard [3], pp. 428\u2013446","DOI":"10.1007\/0-387-34805-0_40"},{"key":"30_CR28","unstructured":"National Institute of Standards and Technology: FIPS 180: Secure Hash Standard, May 1993"},{"key":"30_CR29","unstructured":"National Institute of Standards and Technology: FIPS 180\u20131: Secure Hash Standard, April 1995"},{"key":"30_CR30","unstructured":"National Institute of Standards and Technology: FIPS 180\u20132: Secure Hash Standard, August 2002"},{"key":"30_CR31","unstructured":"National Institute of Standards and Technology: Draft FIPS 202: SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions, May 2014"},{"key":"30_CR32","unstructured":"Nvidia Corporation: Cuda C Programming Guide. \n                      https:\/\/docs.nvidia.com\/cuda\/cuda-c-programming-guide"},{"key":"30_CR33","unstructured":"Nvidia Corporation: Nvidia Geforce GTX 970 Specifications. \n                      http:\/\/www.geforce.com\/hardware\/desktop-gpus\/geforce-gtx-970\/specifications"},{"key":"30_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"303","DOI":"10.1007\/3-540-38424-3_22","volume-title":"Advances in Cryptology - CRYPTO 1990","author":"RL Rivest","year":"1991","unstructured":"Rivest, R.L.: The MD4 message digest algorithm. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 303\u2013311. Springer, Heidelberg (1991)"},{"key":"30_CR35","doi-asserted-by":"crossref","unstructured":"Rivest, R.L.: RFC 1321: The MD5 Message-Digest Algorithm, April 1992","DOI":"10.17487\/rfc1321"},{"key":"30_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"36","DOI":"10.1007\/978-3-540-39887-5_4","volume-title":"Fast Software Encryption","author":"M-JO Saarinen","year":"2003","unstructured":"Saarinen, M.-J.O.: Cryptanalysis of block ciphers based on SHA-1 and MD5. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 36\u201344. Springer, Heidelberg (2003)"},{"key":"30_CR37","unstructured":"Stevens, M.: Attacks on Hash Functions and Applications. Ph.D. thesis, Leiden University, June 2012"},{"key":"30_CR38","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"129","DOI":"10.1007\/978-3-642-40041-4_8","volume-title":"Advances in Cryptology \u2013 CRYPTO 2013","author":"M Stevens","year":"2013","unstructured":"Stevens, M.: Counter-cryptanalysis. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 129\u2013146. Springer, Heidelberg (2013). \n                      http:\/\/dx.doi.org\/10.1007\/978-3-642-40041-4"},{"key":"30_CR39","doi-asserted-by":"crossref","unstructured":"Stevens, M.: New collision attacks on SHA-1 based on optimal joint local-collision analysis. In: Johansson and Nguyen [17], pp. 245\u2013261. \n                      http:\/\/dx.doi.org\/10.1007\/978-3-642-38348-9","DOI":"10.1007\/978-3-642-38348-9"},{"key":"30_CR40","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-540-72540-4_1","volume-title":"Advances in Cryptology - EUROCRYPT 2007","author":"M Stevens","year":"2007","unstructured":"Stevens, M., Lenstra, A.K., de Weger, B.: Chosen-prefix collisions for MD5 and colliding X.509 certificates for different identities. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 1\u201322. Springer, Heidelberg (2007). \n                      http:\/\/dx.doi.or\/10.1007\/978-3-540-72540-4_1"},{"key":"30_CR41","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"55","DOI":"10.1007\/978-3-642-03356-8_4","volume-title":"Advances in Cryptology - CRYPTO 2009","author":"M Stevens","year":"2009","unstructured":"Stevens, M., Sotirov, A., Appelbaum, J., Lenstra, A., Molnar, D., Osvik, D.A., de Weger, B.: Short chosen-prefix collisions for MD5 and the creation of a rogue CA certificate. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 55\u201369. Springer, Heidelberg (2009). \n                      http:\/\/dx.doi.org\/10.1007\/978-3-642-03356-8"},{"key":"30_CR42","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"17","DOI":"10.1007\/11535218_2","volume-title":"Advances in Cryptology \u2013 CRYPTO 2005","author":"X Wang","year":"2005","unstructured":"Wang, X., Yin, Y.L., Yu, H.: Finding collisions in the full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17\u201336. Springer, Heidelberg (2005)"},{"key":"30_CR43","doi-asserted-by":"crossref","unstructured":"Wang, X., Yu, H.: How to break MD5 and other hash functions. In: Cramer [5], pp. 19\u201335","DOI":"10.1007\/11426639_2"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology -- CRYPTO 2015"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-662-47989-6_30","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,8,9]],"date-time":"2019-08-09T20:06:03Z","timestamp":1565381163000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-662-47989-6_30"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015]]},"ISBN":["9783662479889","9783662479896"],"references-count":43,"URL":"https:\/\/doi.org\/10.1007\/978-3-662-47989-6_30","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2015]]},"assertion":[{"value":"1 August 2015","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}