Vlastimil Klíma

Early Life and Education

Vlastimil Klíma was born on 19 February 1957 in Benešov, in what is now the Czech Republic. He pursued advanced study in mathematics and physics, earning his doctorate from the Faculty of Mathematics and Physics at Charles University in 1984.

Academic Career

Following his doctoral work, Klíma joined the academic community as a lecturer, teaching Applied Cryptography at the Faculty of Mathematics and Physics at Charles University in Prague. He is widely recognized in the Czech Republic as a popularizer of cryptography and cryptanalysis, having authored more than 200 articles on the subject and delivered talks at numerous domestic and international security conferences.

Government and Security Work

Klíma served as Head of the research and development group at the Federal Ministry of Defense of the Czech Republic and the Czech National Security Authority. In 2006, he received a security clearance from the Czech NSA at the TOP SECRET level, enabling him to contribute to cryptographic projects and devices designed for the protection of classified information. His government-related cryptographic work continued as recently as 2024, when he worked for the National Cyber and Information Security Agency of the Czech Republic.

Notable Research

OpenPGP Vulnerability (2002)

In 2002, Klíma and Tomáš Rosa identified a significant vulnerability in the OpenPGP format concerning the protection of private signature keys. Their research demonstrated that a lack of integrity protection on the private key structure could be exploited by an attacker, ultimately leading to improvements in how PGP-compatible programs handle private key storage.

KPR Attack on SSL/TLS (2003)

In 2003, Klíma, alongside Pokorný and Rosa, presented a sophisticated side-channel attack on SSL/TLS, widely referred to as the "KPR attack." The work had a notable impact on strengthening the security of Internet communications protocols.

MD5 Collision Attacks (2005–2006)

In 2005, Klíma demonstrated a method for finding collisions in the MD5 hash function using only a laptop computer. Building on this, in 2006 he introduced the "Tunnels" method, which reduced the time required to find MD5 collisions to under one minute on a standard notebook computer. This work contributed to accelerating the design of the new SHA-3 hashing standard.

SHA-3 Candidates and Wide-Pipe Constructions

Klíma collaborated with researchers from the Norwegian University of Science and Technology and Charles University to propose two of the fifteen candidates for the SHA-3 hash standard: Blue Midnight Wish and EDON-R. His research with Danilo Gligoroski also demonstrated that "narrow-pipe" hash functions could be vulnerable to collision attacks with complexity lower than that of the birthday paradox, reinforcing the security arguments for "wide-pipe" and "sponge" constructions such as Keccak, the eventual SHA-3 winner.

Judicial Expert Work

In 2011, Klíma was appointed by the Czech Minister of Justice as a court expert in the field of computer technology. In this capacity, he worked with the Police of the Czech Republic and the Czech judiciary until 2020.

Later Years

After retiring in 2020, Klíma spent several years attempting to decipher the Voynich Manuscript, an effort he has described as unsuccessful. His extensive publication record is documented on his personal website.