Advertisement

Inversion Attacks on Secure Hash Functions Using sat Solvers

  • Debapratim De
  • Abishek Kumarasubramanian
  • Ramarathnam Venkatesan
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4501)

Abstract

Inverting a function f at a given point y in its range involves finding any x in the domain such that f(x) = y. This is a general problem. We wish to find a heuristic for inverting those functions which satisfy certain statistical properties similar to those of random functions. As an example, we choose popular secure hash functions which are expected to be hard to invert and any successful strategy to do so will be quite useful. This provides an excellent challenge for sat solvers. We first find the limits of inverting via direct encoding of these functions as SAT: for md4 this is one round and twelve steps and for md5 it is one round and ten steps. Then, we show that by adding customized constraints obtained by modifying an earlier attack by Dobbertin, we can invert md4 up to 2 rounds and 7 steps in < 8 hours.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Moskewicz, M.W., et al.: Chaff: Engineering an efficient sat solver. In: Proc. Design Automation Conference (DAC) (June 2001)Google Scholar
  2. 2.
    Eén, N., Sörensson, N.: An Extensible SAT-solver. In: Giunchiglia, E., Tacchella, A. (eds.) SAT 2003. LNCS, vol. 2919, pp. 502–518. Springer, Heidelberg (2004)Google Scholar
  3. 3.
    Lai, X., et al.: Cryptanalysis of the Hash Functions MD4 and RIPEMD. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 1–18. Springer, Heidelberg (2005)Google Scholar
  4. 4.
    Wang, X., Yu, H.: How to break md5 and other hash functions. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, Springer, Heidelberg (2005)Google Scholar
  5. 5.
    Yin, Y.L., Wang, X., Yu, H.: Efficient Collision Search Attacks on SHA-0. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 1–16. Springer, Heidelberg (2005)Google Scholar
  6. 6.
    Wang, X., Yin, Y.L., Yu, H.: Finding collisions in the full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, Springer, Heidelberg (2005)Google Scholar
  7. 7.
    Mironov, I., Zhang, L.: Applications of SAT Solvers to Cryptanalysis of Hash Functions. In: Biere, A., Gomes, C.P. (eds.) SAT 2006. LNCS, vol. 4121, pp. 102–115. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  8. 8.
    Rivest, R.L.: The MD4 Message Digest Algorithm. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 303–311. Springer, Heidelberg (1991)Google Scholar
  9. 9.
    Rivest, R.L.: The md5 message digest algorithm. RFC 1321, The Internet Engineering Task Force (1992)Google Scholar
  10. 10.
    Dobbertin, H.: The md4 message digest algorithm. In: Vaudenay, S. (ed.) FSE 1998. LNCS, vol. 1372, Springer, Heidelberg (1998)CrossRefGoogle Scholar
  11. 11.
    Biere, A., Eén, N.: Effective Preprocessing in SAT Through Variable and Clause Elimination. In: Bacchus, F., Walsh, T. (eds.) SAT 2005. LNCS, vol. 3569, pp. 61–75. Springer, Heidelberg (2005)Google Scholar

Copyright information

© Springer Berlin Heidelberg 2007

Authors and Affiliations

  • Debapratim De
    • 1
  • Abishek Kumarasubramanian
    • 1
  • Ramarathnam Venkatesan
    • 1
    • 2
  1. 1.Cryptography, Security and Algorithms Research Group, Mircosoft Research India, Bangalore 
  2. 2.Cryptography and Anti-Piracy Research Group, Microsoft Research, Redmond 

Personalised recommendations