Applications of SAT Solvers to Cryptanalysis of Hash Functions

  • Ilya Mironov
  • Lintao Zhang
Conference paper

DOI: 10.1007/11814948_13

Part of the Lecture Notes in Computer Science book series (LNCS, volume 4121)
Cite this paper as:
Mironov I., Zhang L. (2006) Applications of SAT Solvers to Cryptanalysis of Hash Functions. In: Biere A., Gomes C.P. (eds) Theory and Applications of Satisfiability Testing - SAT 2006. SAT 2006. Lecture Notes in Computer Science, vol 4121. Springer, Berlin, Heidelberg

Abstract

Several standard cryptographic hash functions were broken in 2005. Some essential building blocks of these attacks lend themselves well to automation by encoding them as CNF formulas, which are within reach of modern SAT solvers. In this paper we demonstrate effectiveness of this approach. In particular, we are able to generate full collisions for MD4 and MD5 given only the differential path and applying a (minimally modified) off-the-shelf SAT solver. To the best of our knowledge, this is the first example of a SAT-solver-aided cryptanalysis of a non-trivial cryptographic primitive. We expect SAT solvers to find new applications as a validation and testing tool of practicing cryptanalysts.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Ilya Mironov
    • 1
  • Lintao Zhang
    • 1
  1. 1.Microsoft Research

Personalised recommendations