CWI cryptanalyst Stevens develops method for detection of Flame virus

Publication date
19 Jun 2012

Cryptanalyst Marc Stevens from the Centrum Wiskunde & Informatica (CWI) – the national research centre for mathematics and computer science in the Netherlands– developed new forensic software to protect cryptographic systems against attacks such as the recent Flame virus: 'collision attacks'. With advanced mathematical techniques he proved that not only the widely used MD5 standard is no longer safe for digital signatures and internet security, but also SHA-1. This research is part of his PhD research at CWI. Marc Stevens defends his thesis 'Attacks on Hash Functions and Applications' at Leiden University on 19 June 2012. Recently he also analyzed the Flame virus, and discovered it uses a new, yet unknown variant of a collision attack.  

During his PhD research Marc Stevens investigated in particular the MD5 and SHA-1 hash functions, international standards that are commonly used for digital signatures on certificates, applications, emails and documents. He constructed more efficient and flexible attacks on MD5 by introducing so-called 'chosen-prefix collisions'. In addition, he made a step forwards towards a practical attack on SHA-1. The method he devised is more accurate, more successful and more flexible than previous approaches. Finally, Stevens designed a method that can detect if communications and files are constructed with collision attacks, so connections can be blocked before sensitive information is being leaked.

In 2008, mathematician Marc Stevens became worldwide known by 'cracking' the https internet security with an international team. "If, instead of us, malicious parties would have done this, then, for instance, the international payment traffic could have been hacked without being noticed", said Stevens. The industry responded quickly: international Certification Authorities abandoned MD5 for internet security within a few days. The Netherlands thus contributed significantly to the global Internet safety. Cracking https was published in media as the New York Times and Le Monde. His research led to several awards, including the prestigious Best Paper Award of CRYPTO 2009, one of the top conferences in cryptographic research. "However, MD5 is still being used in many applications," says Stevens. "For companies it is often a tradeoff between the risks and costs to replace these standards. That’s why I have designed software that can detect collision attacks like the one from the Flame virus".

After his PhD defence Marc Stevens will become a postdoc researcher at CWI. The groundbreaking cryptography research is done in CWI’s Cryptology group, headed by Prof. Ronald Cramer. This group investigates fundamental cryptographic questions from a broad scientific perspective, particularly from mathematics, computer science and physics. The research was funded by Ronald Cramer's Vici grant from the Netherlands Organisation for Scientific Research (NWO).


More information

- The PhD defence takes place on Tuesday 19 June 2012 in the Academiegebouw of Leiden University, Rapenburg 73 in Leiden.

- Promotores: Prof. R. Cramer (Centrum Wiskunde & Informatica and Leiden University) and Prof. A.K. Lenstra (École Polytechnique Fédérale de Lausanne); co-promotor dr. B.M.M. de Weger (Eindhoven University of Technology)

- PhD thesis Marc Stevens:
- First press release on the analysis of the Flame virus (7 June 2012):
- website marc Stevens:
- website CWI Cryptology group:
- website Ronald Cramer:

Picture: part of the cover of Marc Steven's PhD thesis; cover design by Ankita Sonone.