基于选择前缀攻击的哈希函数多文件格式碰撞

Hash Collisions for Special File Formats Based on Chosen-Prefix Attacks

哈希函数在数字签名以及完整性检验方面被广泛使用.本文从攻击应用的角度出发,首先介绍了哈希函数的近似碰撞攻击进展,总结了目前利用两种近似碰撞攻击技术实现的碰撞应用,给出了近似碰撞攻击实现单一类型或者多种文件类型的碰撞技术.然后,首次利用选择前缀攻击实现了MP3-PDF-JPEG文件的碰撞攻击应用.该攻击利用MP3本身结构的稳定性,将MP3文件分割解决了JPEG文件中注释段长度过短的问题,突破了MP3文件的字节长度限制.并利用PDF自下向上解析的特点将三种文件结合,利用PDF中自带的流对象和JPEG中的注释段构造新的文件结构,通过两次选择前缀攻击可实现碰撞应用.为了验证结论的正确性,实现了三种文件的MD5碰撞实例,评估三种文件的SHA-1碰撞实例的攻击复杂度约为2^(64.4).所提出的碰撞应用方法可以适用于任意MD结构的哈希函数.

Hash functions are widely used in digital signatures and integrity checking.From the aspect of collision attack,the progress of near-collision attacks on hash functions is introduced,current collision applications implemented using two types of near-collision attacks are summarized,and the collision of hash functions with single and multiple file types using near-collision attacks are given.Then,the first collision for hash functions for MP3-PDF-JPEG files is implemented using chosenprefix collision attack.The attack takes advantage of the stability of the MP3 structure,and solves the problem of comment segment length in JPEG files by splitting MP3 files,breaking the length limit of MP3 files.Then the feature of PDF is used to combine three files above,and a new file structure is constructed by using the stream object in PDF and the comment segment in JPEG,which can lead to collision for hash functions by building chosen-prefix collision attack twice.To verify the conclusion,a collision for MD5 is implemented with the above mentioned three files,and the complexity of the collision for SHA-1 of these three files is evaluated to be 264.4.The method of implementing collision proposed in this paper can be applied to arbitrary hash functions with MD structures.