Colliding X.509 Certificates

Weger, B.M.M. de b.m.m.d.weger at TUE.nl
Tue Mar 1 14:21:37 EST 2005


Hi all,

We announce the construction of two different valid X.509 certificates
that have identical signatures. This is based on MD5 collisions.

One could e.g. construct the to-be-signed parts of the certificates,
and get the one certificate signed by a CA. Then a valid signature for 
the other certificate is obtained, while the CA has not seen proof of 
possession of the private key of this second certificate. 

The certificates we constructed can be downloaded from
http://www.win.tue.nl/~bdeweger/CollidingCertificates/.
>From this site some more technical information can be downloaded as
well.

We provide a short paper explaining in detail our method.
It is available on the website, and on the Cryptology ePrint Archive,
at http://eprint.iacr.org/2005/067.

This is joint work with Arjen Lenstra (Lucent Bell Labs and TU
Eindhoven)
and Xiaoyun Wang (Shandong University).

Grtz,
Benne de Weger

========================================= 
Technische Universiteit Eindhoven 
Coding & Crypto Groep 
Faculteit Wiskunde en Informatica 
Den Dolech 2 
Postbus 513 
5600 MB Eindhoven 
e-mail: b at m@m at d@weger.tue at nl 
www: http://www.win.tue.nl/~bdeweger 
========================================= 


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list