Marc Stevens (cryptology)

{{Short description|Dutch cryptographer (born 1981)}}

{{notability|1=Biographies|date=July 2017}}

{{Infobox scientist

| name = Marc Stevens

| birth_date = {{birth date and age|1981|4|7}}{{Cite web | title=Marc Stevens - Curriculum Vitae | url=https://marc-stevens.nl/research/cv.pdf | access-date=2024-12-16 | website=marc-stevens.nl}}

| other_names = Marc Martinus Jacobus Stevens

| alma_mater = {{plainlist|

• Leiden University
• Eindhoven University of Technology

}}

| thesis1_title = Attacks on Hash Functions and Applications

| thesis1_url = https://openaccess.leidenuniv.nl/handle/1887/19093

| thesis1_year = 2012

| thesis2_title = On Collisions for MD5

| thesis2_url = https://www.win.tue.nl/hashclash/On%20Collisions%20for%20MD5%20-%20M.M.J.%20Stevens.pdf

| thesis2_year = 2007

| doctoral_advisor =

| academic_advisors = {{plainlist|

• Ronald Cramer
• Arjen Lenstra

}}

| fields = Computer Science

| known_for = Cryptography

}}

Dr. ir. Marc Stevens is a cryptology researcher most known for his work on cryptographic hash collisions and for the creation of the chosen-prefix hash collision tool HashClash as part of his master's degree thesis.{{cite web|url=https://marc-stevens.nl/p/hashclash/|title=HashClash}} He first gained international attention for his work with Alexander Sotirov, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, and Benne de Weger in creating a rogue SSL certificate which was presented in 2008 during the 25th annual Chaos Communication Congress warning of the dangers of using the MD5 hash function in issuing SSL certificates.{{cite web|url=http://www.win.tue.nl/hashclash/rogue-ca/|title=MD5 considered harmful today}} Several years later in 2012, according to Microsoft, the authors of the Flame malware used similar methodology to that which the researchers warned of by initiating an MD5 collision to forge a Windows code-signing certificate.{{cite web|url=https://blogs.technet.microsoft.com/srd/2012/06/06/flame-malware-collision-attack-explained/|title=Flame Malware Collision Explained|date=2012-06-06}} Marc was most recently awarded the Google Security Privacy and Anti-abuse applied award. Google selected Stevens for this award in recognition of his work in Cryptanalysis, in particular related to the SHA-1 hash function.{{cite web|url=https://www.cwi.nl/news/2016/cryptology-researcher-marc-stevens-awarded-google-research-prize|title=Cryptology researcher Marc Stevens awarded with Google research prize}}

In February 2017, the first known successful SHA-1 collision attack in practice (termed "SHAttered") was recognized. Marc Stevens was first-credited in the subsequent paper{{Cite web| title=The first collision for full SHA-1 | url=https://shattered.io/static/shattered.pdf | archive-url=https://web.archive.org/web/20170223173427/https://shattered.io/static/shattered.pdf | access-date=2024-12-16 | archive-date=2017-02-23}} along with CWI Amsterdam colleague Pierre Karpman, and researchers Elie Bursztein, Ange Albertini, Yarik Markov, Alex Petit Bianco, Clement Baisse{{Cite web | url=https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html |title = Announcing the first SHA1 collision}} from Google.

Marc is currently employed as a Cryptology Researcher at Centrum Wiskunde & Informatica.{{cite web|url=https://www.cwi.nl/research-groups/Cryptology|title=CWI Cryptology Research Group}}