{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,18]],"date-time":"2026-03-18T18:03:38Z","timestamp":1773857018980,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":49,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783662498897","type":"print"},{"value":"9783662498903","type":"electronic"}],"license":[{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2016]]},"DOI":"10.1007\/978-3-662-49890-3_18","type":"book-chapter","created":{"date-parts":[[2016,4,27]],"date-time":"2016-04-27T04:40:46Z","timestamp":1461732046000},"page":"459-483","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":31,"title":["Freestart Collision for Full SHA-1"],"prefix":"10.1007","author":[{"given":"Marc","family":"Stevens","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Pierre","family":"Karpman","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Thomas","family":"Peyrin","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2016,4,28]]},"reference":[{"key":"18_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"290","DOI":"10.1007\/978-3-540-28628-8_18","volume-title":"Advances in Cryptology \u2013 CRYPTO 2004","author":"E Biham","year":"2004","unstructured":"Biham, E., Chen, R.: Near-collisions of SHA-0. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 290\u2013305. Springer, Heidelberg (2004)"},{"key":"18_CR2","first-page":"36","volume-title":"Lecture Notes in Computer Science","author":"Eli Biham","year":"2005","unstructured":"Biham, E., Chen, R., Joux, A., Carribault, P., Lemuet, C., Jalby, W.: Collisions of SHA-0 and reduced SHA-1. In: Cramer [5], pp. 36\u201357"},{"key":"18_CR3","series-title":"Lecture Notes in Computer Science","volume-title":"Advances in Cryptology - CRYPTO 1989","year":"1990","unstructured":"Brassard, G. (ed.): Advances in Cryptology - CRYPTO 1989. LNCS, vol. 435. Springer, Heidelberg (1990)"},{"key":"18_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"56","DOI":"10.1007\/BFb0055720","volume-title":"Advances in Cryptology - CRYPTO 1998","author":"F Chabaud","year":"1998","unstructured":"Chabaud, F., Joux, A.: Differential collisions in SHA-0. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 56\u201371. Springer, Heidelberg (1998)"},{"key":"18_CR5","series-title":"Lecture Notes in Computer Science","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2005","year":"2005","unstructured":"Cramer, R. (ed.): Advances in Cryptology \u2013 EUROCRYPT 2005. LNCS, vol. 3494. Springer, Heidelberg (2005)"},{"key":"18_CR6","doi-asserted-by":"crossref","unstructured":"Damg\u00e5rd, I.B.: A design principle for hash functions. In: Brassard [3], pp. 416\u2013427","DOI":"10.1007\/0-387-34805-0_39"},{"key":"18_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"56","DOI":"10.1007\/978-3-540-77360-3_4","volume-title":"Selected Areas in Cryptography","author":"C De Canni\u00e8re","year":"2007","unstructured":"De Canni\u00e8re, C., Mendel, F., Rechberger, C.: Collisions for 70-Step SHA-1: on the full cost of collision search. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 56\u201373. Springer, Heidelberg (2007)"},{"key":"18_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/11935230_1","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2006","author":"C De Canni\u00e8re","year":"2006","unstructured":"De Canni\u00e8re, C., Rechberger, C.: Finding SHA-1 characteristics: general results and applications. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 1\u201320. Springer, Heidelberg (2006)"},{"key":"18_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"194","DOI":"10.1007\/3-540-46766-1_14","volume-title":"Advances in Cryptology \u2013 CRYPTO 1991","author":"B den Boer","year":"1992","unstructured":"den Boer, B., Bosselaers, A.: An attack on the last two rounds of MD4. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 194\u2013203. Springer, Heidelberg (1992)"},{"key":"18_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"293","DOI":"10.1007\/3-540-48285-7_26","volume-title":"Advances in Cryptology - EUROCRYPT 1993","author":"B den Boer","year":"1994","unstructured":"den Boer, B., Bosselaers, A.: Collisions for the compression function of MD-5. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 293\u2013304. Springer, Heidelberg (1994)"},{"key":"18_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"53","DOI":"10.1007\/3-540-60865-6_43","volume-title":"Fast Software Encryption","author":"H Dobbertin","year":"1996","unstructured":"Dobbertin, H.: Cryptanalysis of MD4. In: Gollmann, D. (ed.) FSE 1996. LNCS, vol. 1039, pp. 53\u201369. Springer, Heidelberg (1996)"},{"key":"18_CR12","unstructured":"Forum, C.: Ballot 152 - Issuance of SHA-1 certificates through 2016. Cabforum mailing list (2015). \n                    https:\/\/cabforum.org\/pipermail\/public\/2015-October\/006048.html"},{"key":"18_CR13","unstructured":"Forum, C.: Ballot 152 - Issuance of SHA-1 certificates through 2016. Cabforum mailing list (2015). \n                    https:\/\/cabforum.org\/pipermail\/public\/2015-October\/006081.html"},{"key":"18_CR14","unstructured":"Grechnikov, E.A.: Collisions for 72-step and 73-step SHA-1: Improvements in the Method of Characteristics. IACR Cryptology ePrint Archive 2010, 413 (2010)"},{"key":"18_CR15","unstructured":"Grechnikov, E.A., Adinetz, A.V.: Collision for 75-step SHA-1: Intensive Parallelization with GPU. IACR Cryptology ePrint Archive 2011, 641 (2011)"},{"key":"18_CR16","unstructured":"Hashclash project webpage. \n                    https:\/\/marc-stevens.nl\/p\/hashclash\/"},{"key":"18_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"244","DOI":"10.1007\/978-3-540-74143-5_14","volume-title":"Advances in Cryptology - CRYPTO 2007","author":"A Joux","year":"2007","unstructured":"Joux, A., Peyrin, T.: Hash functions and the (Amplified) boomerang attack. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 244\u2013263. Springer, Heidelberg (2007)"},{"key":"18_CR18","unstructured":"Jutla, C.S., Patthak, A.C.: A matching lower bound on the minimum weight of sha-1 expansion code. Cryptology ePrint Archive, Report 2005\/266 (2005)"},{"key":"18_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"623","DOI":"10.1007\/978-3-662-47989-6_30","volume-title":"Advances in Cryptology \u2013 CRYPTO 2015","author":"P Karpman","year":"2015","unstructured":"Karpman, P., Peyrin, T., Stevens, M.: Practical free-start collision attacks on 76-step SHA-1. In: Gennaro, R., Robshaw, M. (eds.) Advances in Cryptology \u2013 CRYPTO 2015. LNCS, vol. 9215, pp. 623\u2013642. Springer, Heidelberg (2015). \n                    http:\/\/dx.doi.org\/10.1007\/978-3-662-47989-6"},{"key":"18_CR20","unstructured":"Manuel, S.: Classification and generation of disturbance vectors for collision attacks against sha-1. Cryptology ePrint Archive, Report 2008\/469 (2008)"},{"issue":"1\u20133","key":"18_CR21","doi-asserted-by":"publisher","first-page":"247","DOI":"10.1007\/s10623-010-9458-9","volume":"59","author":"S Manuel","year":"2011","unstructured":"Manuel, S.: Classification and generation of disturbance vectors for collision attacks against SHA-1. Des. Codes Cryptography 59(1\u20133), 247\u2013263 (2011)","journal-title":"Des. Codes Cryptography"},{"key":"18_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"164","DOI":"10.1007\/11779360_14","volume-title":"Coding and Cryptography","author":"K Matusiewicz","year":"2006","unstructured":"Matusiewicz, K., Pieprzyk, J.: Finding good differential patterns for attacks on SHA-1. In: Ytrehus, \u00d8. (ed.) WCC 2005. LNCS, vol. 3969, pp. 164\u2013177. Springer, Heidelberg (2006)"},{"key":"18_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"278","DOI":"10.1007\/11799313_18","volume-title":"Fast Software Encryption","author":"F Mendel","year":"2006","unstructured":"Mendel, F., Pramstaller, N., Rechberger, C., Rijmen, V.: The impact of carries on the complexity of collision attacks on SHA-1. In: Robshaw, M. (ed.) FSE 2006. LNCS, vol. 4047, pp. 278\u2013292. Springer, Heidelberg (2006)"},{"key":"18_CR24","doi-asserted-by":"crossref","first-page":"428","DOI":"10.1007\/0-387-34805-0_40","volume-title":"Advances in Cryptology \u2014 CRYPTO\u2019 89 Proceedings","author":"Ralph C. Merkle","year":"1990","unstructured":"Merkle, R.C.: One way hash functions and DES. In: Brassard [3], pp. 428\u2013446"},{"key":"18_CR25","unstructured":"Microsoft: SHA-1 Deprecation Update. Microsoft blog (2015)"},{"key":"18_CR26","unstructured":"Mozilla: Continuing to Phase Out SHA-1 Certificates. Mozilla Security Blog (2015)"},{"key":"18_CR27","unstructured":"National Institute of Standards and Technology: FIPS 180: Secure Hash Standard, May 1993"},{"key":"18_CR28","unstructured":"National Institute of Standards and Technology: FIPS 180\u20131: Secure Hash Standard, April 1995"},{"key":"18_CR29","unstructured":"National Institute of Standards and Technology: FIPS 180\u20132: Secure Hash Standard, August 2002"},{"key":"18_CR30","unstructured":"National Institute of Standards and Technology: Special Publication 800\u201357 - Recommendation for Key Management Part 1: General (Revision 3), July 2012"},{"key":"18_CR31","unstructured":"National Institute of Standards and Technology: FIPS 202: SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions, August 2015"},{"key":"18_CR32","unstructured":"Nvidia Corporation: Nvidia Geforce GTX 970 Specifications. \n                    http:\/\/www.geforce.com\/hardware\/desktop-gpus\/geforce-gtx-970\/specifications"},{"key":"18_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"78","DOI":"10.1007\/11586821_7","volume-title":"Cryptography and Coding","author":"N Pramstaller","year":"2005","unstructured":"Pramstaller, N., Rechberger, C., Rijmen, V.: Exploiting Coding Theory for Collision Attacks on SHA-1. In: Smart, N.P. (ed.) Cryptography and Coding 2005. LNCS, vol. 3796, pp. 78\u201395. Springer, Heidelberg (2005)"},{"key":"18_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"58","DOI":"10.1007\/978-3-540-30574-3_6","volume-title":"Topics in Cryptology \u2013 CT-RSA 2005","author":"V Rijmen","year":"2005","unstructured":"Rijmen, V., Oswald, E.: Update on SHA-1. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 58\u201371. Springer, Heidelberg (2005)"},{"key":"18_CR35","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"303","DOI":"10.1007\/3-540-38424-3_22","volume-title":"Advances in Cryptology - CRYPTO 1990","author":"RL Rivest","year":"1991","unstructured":"Rivest, R.L.: The MD4 message digest algorithm. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 303\u2013311. Springer, Heidelberg (1991)"},{"key":"18_CR36","doi-asserted-by":"crossref","unstructured":"Rivest, R.L.: RFC 1321: the MD5 message-digest algorithm, April 1992","DOI":"10.17487\/rfc1321"},{"key":"18_CR37","unstructured":"Schneier, B.: When will we see collisions for sha-1? Schneier on Security (2012)"},{"key":"18_CR38","unstructured":"Services, A.W: Amazon EC2 - Virtual Server Hosting. \n                    https:\/\/aws.amazon.com\n                    \n                  , Retrieved Jan 2016"},{"key":"18_CR39","series-title":"Lecture Notes in Computer Science","volume-title":"Advances in Cryptology \u2013 CRYPTO 2005","year":"2005","unstructured":"Shoup, V. (ed.): Advances in Cryptology \u2013 CRYPTO 2005. LNCS, vol. 3621. Springer, Heidelberg (2005)"},{"key":"18_CR40","unstructured":"Survey of the ssl implementation of the most popular web sites. TIM Trustworthy Internet Movement (2015). \n                    https:\/\/www.trustworthyinternet.org\/ssl-pulse\/"},{"key":"18_CR41","unstructured":"Stevens, M.: Attacks on Hash Functions and Applications. Ph.D. thesis, Leiden University, June 2012"},{"key":"18_CR42","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"129","DOI":"10.1007\/978-3-642-40041-4_8","volume-title":"Advances in Cryptology \u2013 CRYPTO 2013","author":"M Stevens","year":"2013","unstructured":"Stevens, M.: Counter-cryptanalysis. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 129\u2013146. Springer, Heidelberg (2013). \n                    http:\/\/dx.doi.org\/10.1007\/978-3-642-40041-4"},{"key":"18_CR43","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"245","DOI":"10.1007\/978-3-642-38348-9_15","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2013","author":"M Stevens","year":"2013","unstructured":"Stevens, M.: New collision attacks on SHA-1 based on optimal joint local-collision analysis. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 245\u2013261. Springer, Heidelberg (2013). \n                    http:\/\/dx.doi.org\/10.1007\/978-3-642-38348-9"},{"key":"18_CR44","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-540-72540-4_1","volume-title":"Advances in Cryptology - EUROCRYPT 2007","author":"M Stevens","year":"2007","unstructured":"Stevens, M., Lenstra, A.K., de Weger, B.: Chosen-prefix collisions for MD5 and colliding X.509 certificates for different identities. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 1\u201322. Springer, Heidelberg (2007)"},{"key":"18_CR45","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"55","DOI":"10.1007\/978-3-642-03356-8_4","volume-title":"Advances in Cryptology - CRYPTO 2009","author":"M Stevens","year":"2009","unstructured":"Stevens, M., Sotirov, A., Appelbaum, J., Lenstra, A., Molnar, D., Osvik, D.A., de Weger, B.: Short chosen-prefix collisions for MD5 and the creation of a rogue CA certificate. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 55\u201369. Springer, Heidelberg (2009). \n                    http:\/\/dx.doi.org\/10.1007\/978-3-642-03356-8"},{"key":"18_CR46","doi-asserted-by":"crossref","first-page":"17","DOI":"10.1007\/11535218_2","volume-title":"Advances in Cryptology \u2013 CRYPTO 2005","author":"Xiaoyun Wang","year":"2005","unstructured":"Wang, X., Yin, Y.L., Yu, H.: Finding collisions in the full SHA-1. In: Shoup [38], pp. 17\u201336"},{"key":"18_CR47","first-page":"19","volume-title":"Lecture Notes in Computer Science","author":"Xiaoyun Wang","year":"2005","unstructured":"Wang, X., Yu, H.: How to break MD5 and other hash functions. In: Cramer [5], pp. 19\u201335"},{"key":"18_CR48","first-page":"1","volume-title":"Advances in Cryptology \u2013 CRYPTO 2005","author":"Xiaoyun Wang","year":"2005","unstructured":"Wang, X., Yu, H., Yin, Y.L.: Efficient collision search attacks on SHA-0. In: Shoup [38], pp. 1\u201316"},{"key":"18_CR49","doi-asserted-by":"crossref","unstructured":"Yajima, J., Iwasaki, T., Naito, Y., Sasaki, Y., Shimoyama, T., Kunihiro, N., Ohta, K.: A strict evaluation method on the number of conditions for the SHA-1 collision search. In: Abe, M., Gligor, V.D. (eds.) ASIACCS, pp. 10\u201320. ACM (2008)","DOI":"10.1145\/1368310.1368316"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 EUROCRYPT 2016"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-662-49890-3_18","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,5,7]],"date-time":"2020-05-07T00:05:43Z","timestamp":1588809943000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-662-49890-3_18"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016]]},"ISBN":["9783662498897","9783662498903"],"references-count":49,"URL":"https:\/\/doi.org\/10.1007\/978-3-662-49890-3_18","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2016]]},"assertion":[{"value":"28 April 2016","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}