Marc Stevens - Research
News Students Publications Honors Software
News
- Co-authored the revised and extended 2nd edition of the PQC Migration Handbook by AIVD, CWI and TNO. Zsolt Szabo, State Secretary for Kingdom Relations and Digitalization, was presented with the first copy during our PQC Symposium Episode VII in The Hague on the migration to post-quantum cryptography. December 3rd, 2024. News links: AIVD, CWI, TNO.
- Blast-RADIUS vulnerability. The RADIUS/UDP protocol dates from 1991 and uses MD5 in an ad-hoc construction to provide security. The RADIUS protocol is important since it is widely used to control administrative access to networks and network devices. We developed an improved and very fast chosen-prefix collision attack on MD5, reducing the attack time from hours to minutes. This allowed us to demonstrate a Man-in-the-Middle attack between a RADIUS client and a RADIUS server that allows an attacker to forge access to the device running the RADIUS client. July 9, 2024.
- Parlement & Wetenschap Minisymposium: "Klaar voor kwantum? De gevolgen van kwantumtechnologie voor de veiligheid". In this minisymposium, members of Parliament interact with scientists on the impact of quantum computers on the security of our information systems and what needs to happen now to be prepared for these developments. May 10, 2023.
- AIVD, CWI and TNO publish handbook on migration to quantum-secure communications. Alexandra van Huffelen, State Secretary for Kingdom Relations and Digitalization, was presented with the first copy during a meeting in The Hague on the migration to post-quantum cryptography. April 4, 2023.
- CANS 2021 - 20th International Conference on Cryptography and Network Security, December 13-15, 2021, Vienna Austria. Program co-Chairs: Mauro Conti and Marc Stevens. General Chair: Stephan Krenn.
- New Darmstadt Lattice SVP record for dimension 180 with Léo Ducas and Wessel van Woerden, accepted at EUROCRYPT2021. See CWI news.
- Awarded RealWorldCrypto'20 Levchin Prize with Xiaoyun Wang "for groundbreaking work on the security of collision resistant hash functions".
Students
- Stijn Maatje (MSc, 2024)
- Michael Yonli (PhD, 2023-)
- Aron van Baarsen (PhD, 2020-2024)
- Kevin Witlox (MSc, 2022)
- Esteban Landerreche (PhD, 2017-2020)
- Rusydi Makarim (PhD, 2014-2019)
- Esteban Landerreche (MSc, 2017)
- Huaifeng Chen (visiting PhD, 2015)
- Fatemeh Sefi Shahpar (visiting PhD, 2015)
- Maximilian Fillenger (MSc, 2013)
Publications (DBLP) (Google Scholar)
Selection of publications
- For all publications, click the button.
- The PQC Migration Handbook -- Revised and Extended 2nd Edition,
Alessandro Amadori, Thomas Attema, Maxime Bombar, João Diogo Duarte, Vincent Dunning,
Simona Etinski, Daniël van Gent, Matthieu Lequesne, Ward van der Schoot, Marc Stevens and
AIVD Cryptologists & Advisors. Digital Book. December 2024.
(PDF EN), (PDF NL).
- RADIUS/UDP Considered Harmful,
Sharon Goldberg, Miro Haller, Nadia Heninger, Mike Milano, Dan Shumow, Marc Stevens, Adam Suhl, USENIX Security, 2024.
(PDF).
- Simplified MITM Modeling for Permutations: New (Quantum) Attacks,
André Schrottenloher, Marc Stevens, CRYPTO, 2022.
(PDF).
- On Time-Lock Cryptographic Assumptions in Abelian Hidden-Order Groups,
Aron van Baarsen, Marc Stevens, ASIACRYPT, 2021.
(PDF).
- Advanced Lattice Sieving on GPUs, with Tensor Cores,
Léo Ducas, Marc Stevens, Wessel van Woerden, EUROCRYPT, 2021.
(PDF).
- The General Sieve Kernel and New Records in Lattice Reduction,
Martin R. Albrecht, Léo Ducas, Gottfried Herold, Elena Kirshanova, Eamonn W. Postlethwaite, Marc Stevens, EUROCRYPT 2019. (PDF).
- The first collision for full SHA-1,
Marc Stevens, Elie Bursztein, Pierre Karpman, Ange Albertini, Yarik Markov,
CRYPTO 2017. (PDF).
(– Winner of CRYPTO 2017 Best Paper Award. –)
(– Winner of BlackHat USA 2017 Pwnie Award for Best Cryptographic Attack. –)
- Speeding up detection of SHA-1 collision attacks using unavoidable attack conditions,
Marc Stevens, Dan Shumow, USENIX Security 2017. (PDF).
(– Integrated among others into Git, GitHub, ... to protect against SHA-1 attacks. Effectively used by millions of software developers worldwide. –)
- Reverse-engineering of the cryptanalytic attack used in the Flame super-malware,
Max Fillinger, and Marc Stevens, ASIACRYPT 2015,
Lecture Notes in Computer Science, vol. 9453, Springer, 2015, pp. 586-611,
(PDF).
- Counter-cryptanalysis,
Marc Stevens, CRYPTO 2013, Lecture Notes in Computer Science, vol. 8042, Springer, 2013, pp. 129-146,
(PDF).
(– Winner of the CRYPTO 2013 Best Young Researcher Paper Award. –)
- Short chosen-prefix collisions for MD5 and the creation of a rogue CA certificate,
Marc Stevens, Alexander Sotirov, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, Benne de Weger,
CRYPTO 2009, Lecture Notes in Computer Science, vol. 5677, Springer, 2009, pp. 55-69, (PDF).
(– Winner of the CRYPTO 2009 Best Paper Award. –)
Grants, Honors and Awards
- Awarded RealWorldCrypto'20 Levchin Prize with Xiaoyun Wang "for groundbreaking work on the security of collision resistant hash functions".
- CRYPTO 2017 Best Paper Award
- BlackHat USA 2017 Pwnie Award for Best Cryptographic Attack
- NWO (Netherlands Organization for Scientific Research) Blockchain Grant 2017, PI, Consortium between CWI, UvA, VU & ABN AMRO, ING, awarded 660k€
- Google Junior Faculty Applied Research Award in Security, Privacy
& Anti-abuse. Awarded $50k research gift to support my research in recognition of my work in
Cryptanalysis, in particular related to SHA-1.
- NWO Veni Grant
2014, PI, awarded 248k€
(NWO: "Veni is targeted at outstanding researchers who have recently
obtained their PhD")
- CRYPTO 2013 Best Young Researcher Paper Award
- Martinus van Marum Prize 2013. Yearly prize from the J.C. Ruigrok
Stichting awarded by the Royal Holland Society of Sciences and Humanities
(KHMW) to a reseacher for his PhD thesis and other publications
consisting of the KHMW 'Optimus Meritis' medal of honor and 12,000
euros.
(Awarded once every five years to a reseacher in Mathematics, Computer
Science, Physics or Astronomy.)
- NWO Vrije Competitie Grant 2012, Co-PI, awarded 216k€
- CRYPTO 2009 Best Paper Award
- TU/e Afstudeerprijs 2008. Yearly prize from the Technical
University of Eindhoven for the best Master's Thesis university-wide.
Software
See also My GitHub repositories
page.
Fun
- Cryptris, a browser game about lattice-based cryptography.
GitHub: https://github.com/cr-marcstevens/cryptris
Hash function Cryptanalysis
- Counter-cryptanalysis:
New improved release SHA-1 collision detection
library, which protects against twice as many SHA-1 attack classes (disturbance vectors),
but is 9 times faster than previous version. Speed is now 1.87 times normal
SHA-1.
It is currently used among others by Git, GitHub, GMail, Google Drive and Microsoft OneDrive.
GitHub: https://github.com/cr-marcstevens/sha1collisiondetection.
- MD5 & SHA-1 collision file format exploitations
GitHub: https://github.com/corkami/collisions
- GPU Framework for SHA-1 collisions
GitHub: https://github.com/cr-marcstevens/sha1_gpu_nearcollisionattacks
- HashClash project: an open-source C++ framework for MD5 & SHA-1 differential
path construction and chosen-prefix collisions for MD5, 2009-2012.
https://marc-stevens.nl/p/hashclash.
- fastcoll: fast MD5 collision generator, version 1.0.0.5-1 (2006).
See also
Fast Collision Attack on MD5 (PDF)
https://marc-stevens.nl/research/software/download.php?fastcoll_v1.0.0.5-1_source.zip.
Lattice Cryptanalysis
- G6K - GPU Tensor version
GitHub: https://github.com/WvanWoerden/G6K-GPU-Tensor
- G6K: The General Sieve Kernel.
GitHub: https://github.com/fplll/g6k
- fplll-extenum: An external enumeration library for fplll that is
more efficient and supports multithreading.
GitHub: https://github.com/cr-marcstevens/fplll-extenum
Multi-Variate Cryptanalysis
- M4GB: An efficient Groebner Basis algorithm.
GitHub: https://github.com/cr-marcstevens/m4gb
Code-based Cryptanalysis
- MCCL: Modular Code Cryptanalysis Library.
GitHub: https://github.com/codecryptanalysis/mccl
Others
- DBLP BibTex: a BibTeX aid program that can search and automatically download
citations and cross references from the DBLP Computer Science Bibliography
and the Cryptology ePrint Archive and add them to your BIB file.
http://marc-stevens.nl/dblpbibtex.
- Visual Cryptography: technique by Shamir and Naor that splits a black&white image file into two
images that seperately look like random static. However, put them on top of
each other when printed on transparents and the original image becomes
visible.
http://marc-stevens.nl/vck.
Selection of publications
- For all publications, click the button.
- The PQC Migration Handbook -- Revised and Extended 2nd Edition, Alessandro Amadori, Thomas Attema, Maxime Bombar, João Diogo Duarte, Vincent Dunning, Simona Etinski, Daniël van Gent, Matthieu Lequesne, Ward van der Schoot, Marc Stevens and AIVD Cryptologists & Advisors. Digital Book. December 2024. (PDF EN), (PDF NL).
- RADIUS/UDP Considered Harmful, Sharon Goldberg, Miro Haller, Nadia Heninger, Mike Milano, Dan Shumow, Marc Stevens, Adam Suhl, USENIX Security, 2024. (PDF).
- Simplified MITM Modeling for Permutations: New (Quantum) Attacks, André Schrottenloher, Marc Stevens, CRYPTO, 2022. (PDF).
- On Time-Lock Cryptographic Assumptions in Abelian Hidden-Order Groups, Aron van Baarsen, Marc Stevens, ASIACRYPT, 2021. (PDF).
- Advanced Lattice Sieving on GPUs, with Tensor Cores, Léo Ducas, Marc Stevens, Wessel van Woerden, EUROCRYPT, 2021. (PDF).
- The General Sieve Kernel and New Records in Lattice Reduction, Martin R. Albrecht, Léo Ducas, Gottfried Herold, Elena Kirshanova, Eamonn W. Postlethwaite, Marc Stevens, EUROCRYPT 2019. (PDF).
- The first collision for full SHA-1,
Marc Stevens, Elie Bursztein, Pierre Karpman, Ange Albertini, Yarik Markov,
CRYPTO 2017. (PDF).
(– Winner of CRYPTO 2017 Best Paper Award. –)
(– Winner of BlackHat USA 2017 Pwnie Award for Best Cryptographic Attack. –) - Speeding up detection of SHA-1 collision attacks using unavoidable attack conditions,
Marc Stevens, Dan Shumow, USENIX Security 2017. (PDF).
(– Integrated among others into Git, GitHub, ... to protect against SHA-1 attacks. Effectively used by millions of software developers worldwide. –) - Reverse-engineering of the cryptanalytic attack used in the Flame super-malware, Max Fillinger, and Marc Stevens, ASIACRYPT 2015, Lecture Notes in Computer Science, vol. 9453, Springer, 2015, pp. 586-611, (PDF).
- Counter-cryptanalysis,
Marc Stevens, CRYPTO 2013, Lecture Notes in Computer Science, vol. 8042, Springer, 2013, pp. 129-146,
(PDF).
(– Winner of the CRYPTO 2013 Best Young Researcher Paper Award. –) - Short chosen-prefix collisions for MD5 and the creation of a rogue CA certificate,
Marc Stevens, Alexander Sotirov, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, Benne de Weger,
CRYPTO 2009, Lecture Notes in Computer Science, vol. 5677, Springer, 2009, pp. 55-69, (PDF).
(– Winner of the CRYPTO 2009 Best Paper Award. –)
(NWO: "Veni is targeted at outstanding researchers who have recently obtained their PhD")
(Awarded once every five years to a reseacher in Mathematics, Computer Science, Physics or Astronomy.)
Fun
- Cryptris, a browser game about lattice-based cryptography.
GitHub: https://github.com/cr-marcstevens/cryptris
Hash function Cryptanalysis
- Counter-cryptanalysis:
New improved release SHA-1 collision detection
library, which protects against twice as many SHA-1 attack classes (disturbance vectors),
but is 9 times faster than previous version. Speed is now 1.87 times normal
SHA-1.
It is currently used among others by Git, GitHub, GMail, Google Drive and Microsoft OneDrive.
GitHub: https://github.com/cr-marcstevens/sha1collisiondetection. - MD5 & SHA-1 collision file format exploitations
GitHub: https://github.com/corkami/collisions - GPU Framework for SHA-1 collisions
GitHub: https://github.com/cr-marcstevens/sha1_gpu_nearcollisionattacks - HashClash project: an open-source C++ framework for MD5 & SHA-1 differential
path construction and chosen-prefix collisions for MD5, 2009-2012.
https://marc-stevens.nl/p/hashclash. - fastcoll: fast MD5 collision generator, version 1.0.0.5-1 (2006).
See also
Fast Collision Attack on MD5 (PDF)
https://marc-stevens.nl/research/software/download.php?fastcoll_v1.0.0.5-1_source.zip.
Lattice Cryptanalysis
- G6K - GPU Tensor version
GitHub: https://github.com/WvanWoerden/G6K-GPU-Tensor - G6K: The General Sieve Kernel.
GitHub: https://github.com/fplll/g6k - fplll-extenum: An external enumeration library for fplll that is
more efficient and supports multithreading.
GitHub: https://github.com/cr-marcstevens/fplll-extenum
Multi-Variate Cryptanalysis
- M4GB: An efficient Groebner Basis algorithm.
GitHub: https://github.com/cr-marcstevens/m4gb
Code-based Cryptanalysis
- MCCL: Modular Code Cryptanalysis Library.
GitHub: https://github.com/codecryptanalysis/mccl
Others
- DBLP BibTex: a BibTeX aid program that can search and automatically download
citations and cross references from the DBLP Computer Science Bibliography
and the Cryptology ePrint Archive and add them to your BIB file.
http://marc-stevens.nl/dblpbibtex. - Visual Cryptography: technique by Shamir and Naor that splits a black&white image file into two
images that seperately look like random static. However, put them on top of
each other when printed on transparents and the original image becomes
visible.
http://marc-stevens.nl/vck.