Inversion attacks on secure hash functions using SAT solvers

Authors:
Debapratim De;Abishek Kumarasubramanian;Ramarathnam Venkatesan
Affiliations:
Cryptography, Security and Algorithms Research Group, Mircosoft Research India, Bangalore;Cryptography, Security and Algorithms Research Group, Mircosoft Research India, Bangalore;Cryptography, Security and Algorithms Research Group, Mircosoft Research India, Bangalore and Cryptography and Anti-Piracy Research Group, Microsoft Research, Redmond
Venue:
SAT'07 Proceedings of the 10th international conference on Theory and applications of satisfiability testing
Year:
2007

Citing 6
Cited 8

Chaff: engineering an efficient SAT solver

Proceedings of the 38th annual Design Automation Conference
The MD4 Message Digest Algorithm

CRYPTO '90 Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology
Efficient collision search attacks on SHA-0

CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Finding collisions in the full SHA-1

CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Cryptanalysis of the hash functions MD4 and RIPEMD

EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Applications of SAT solvers to cryptanalysis of hash functions

SAT'06 Proceedings of the 9th international conference on Theory and Applications of Satisfiability Testing

The effect of structural branching on the efficiency of clause learning SAT solving: An experimental study

Journal of Algorithms
MD4 is Not One-Way

Fast Software Encryption
Preimage Attacks on Step-Reduced MD5

ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
A Preimage Attack for 52-Step HAS-160

Information Security and Cryptology --- ICISC 2008
Preimage Attack on Hash Function RIPEMD

ISPEC '09 Proceedings of the 5th International Conference on Information Security Practice and Experience
Finding Preimages in Full MD5 Faster Than Exhaustive Search

EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
Input generation via decomposition and re-stitching: finding bugs in Malware

Proceedings of the 17th ACM conference on Computer and communications security
Improved preimage attack on one-block MD4

Journal of Systems and Software

Quantified Score

Hi-index	0.00

Visualization

Abstract

Inverting a function f at a given point y in its range involves finding any x in the domain such that f(x) = y. This is a general problem. We wish to find a heuristic for inverting those functions which satisfy certain statistical properties similar to those of random functions. As an example, we choose popular secure hash functions which are expected to be hard to invert and any successful strategy to do so will be quite useful. This provides an excellent challenge for SAT solvers. We first find the limits of inverting via direct encoding of these functions as SAT: for MD4 this is one round and twelve steps and for MD5 it is one round and ten steps. Then, we show that by adding customized constraints obtained by modifying an earlier attack by Dobbertin, we can invert MD4 up to 2 rounds and 7 steps in