Skip to main content
View expanded cover

International Conference on Theory and Applications of Satisfiability Testing

SAT 2006: Theory and Applications of Satisfiability Testing - SAT 2006 pp 102–115Cite as

Applications of SAT Solvers to Cryptanalysis of Hash Functions

  • Conference paper

Part of the Lecture Notes in Computer Science book series (LNTCS,volume 4121)

Abstract

Several standard cryptographic hash functions were broken in 2005. Some essential building blocks of these attacks lend themselves well to automation by encoding them as CNF formulas, which are within reach of modern SAT solvers. In this paper we demonstrate effectiveness of this approach. In particular, we are able to generate full collisions for MD4 and MD5 given only the differential path and applying a (minimally modified) off-the-shelf SAT solver. To the best of our knowledge, this is the first example of a SAT-solver-aided cryptanalysis of a non-trivial cryptographic primitive. We expect SAT solvers to find new applications as a validation and testing tool of practicing cryptanalysts.

This is a preview of subscription content, access via your institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/11814948_13
  • Chapter length: 14 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   89.00
Price excludes VAT (USA)
  • ISBN: 978-3-540-37207-3
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   119.00
Price excludes VAT (USA)
Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Biham, E., Chen, R.: Near-collisions of SHA-0. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 290–305. Springer, Heidelberg (2004)

    Google Scholar 

  2. Black, J., Cochran, M., Highland, T.: A study of the MD5 attacks: Insights and improvements. In: Fast Software Encryption (2006)

    Google Scholar 

  3. Biham, E., Chen, R., Joux, A., Carribault, P., Lemuet, C., Jalby, W.: Collisions of SHA-0 and reduced SHA-1. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 36–57. Springer, Heidelberg (2005)

    CrossRef  Google Scholar 

  4. Brassard, G. (ed.): CRYPTO 1989. LNCS, vol. 435. Springer, Heidelberg (1990)

    MATH  Google Scholar 

  5. Chabaud, F., Joux, A.: Differential collisions in SHA-0. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 56–71. Springer, Heidelberg (1998)

    Google Scholar 

  6. Cramer, R. (ed.): EUROCRYPT 2005. LNCS, vol. 3494. Springer, Heidelberg (2005)

    MATH  Google Scholar 

  7. Damgård, I.: Collision free hash functions and public key signature schemes. In: Price, W.L., Chaum, D. (eds.) EUROCRYPT 1987. LNCS, vol. 304, pp. 203–216. Springer, Heidelberg (1988)

    CrossRef  Google Scholar 

  8. Damgård, I.: A design principle for hash functions. In: McCurley, K.S., Ziegler, C.D. (eds.) Advances in Cryptology 1981 - 1997. LNCS, vol. 1440, pp. 416–427. Springer, Heidelberg (1999)

    CrossRef  Google Scholar 

  9. Daum, M.: Cryptanalysis of Hash Functions of the MD4-Family. PhD thesis, Ruhr-Universität Bochum (2005)

    Google Scholar 

  10. den Boer, B., Bosselaers, A.: Collisions for the compressin function of MD5. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 293–304. Springer, Heidelberg (1994)

    CrossRef  Google Scholar 

  11. Dobbertin, H.: Cryptanalysis of MD4. In: Gollmann, D. (ed.) FSE 1996. LNCS, vol. 1039, pp. 53–69. Springer, Heidelberg (1996)

    Google Scholar 

  12. Dobbertin, H.: The status of MD5 after a recent attack. CryptoBytes 2(2), 1–6 (1996)

    MathSciNet  Google Scholar 

  13. Eén, N., Biere, A.: Effective preprocessing in SAT through variable and clause elimination. In: Bacchus, F., Walsh, T. (eds.) SAT 2005. LNCS, vol. 3569, pp. 61–75. Springer, Heidelberg (2005)

    CrossRef  Google Scholar 

  14. Eén, N., Sörensson, N.: An extensible SAT-solver. In: Giunchiglia, E., Tacchella, A. (eds.) SAT 2003. LNCS, vol. 2919, Springer, Heidelberg (2004)

    CrossRef  Google Scholar 

  15. Eén, N., Sörensson, N.: Translating pseudo-boolean constraints into SAT. J. Satisfiability, Boolean Modeling and Computation 2, 1–26 (2006)

    MATH  Google Scholar 

  16. Fiorini, C., Martinelli, E., Massacci, F.: How to fake an RSA signature by encoding modular root finding as a SAT problem. Discrete Applied Mathematics 130(2), 101–127 (2003)

    MATH  CrossRef  MathSciNet  Google Scholar 

  17. Goldberg, E., Novikov, Y.: BerkMin: A fast and robust Sat-solver. In: DATE, pp. 142–149 (2002)

    Google Scholar 

  18. Hawkes, P., Paddon, M., Rose, G.G.: Musings on the Wang et al. MD5 collision. Cryptology ePrint Archive, Report 2004/264 (2004), http://eprint.iacr.org/

  19. Jovanović, D., Janičić, P.: Logical analysis of hash functions. In: Gramlich, B. (ed.) FroCos 2005. LNCS (LNAI), vol. 3717, pp. 200–215. Springer, Heidelberg (2005)

    CrossRef  Google Scholar 

  20. Evans Jr., A., Kantrowitz, W., Weiss, E.: A user authentication scheme not requiring secrecy in the computer. Commun. ACM 17(8), 437–442 (1974)

    CrossRef  Google Scholar 

  21. Klima, V.: Finding MD5 collisions on a notebook PC using multi-message modifications. Cryptology ePrint Archive, Report, 2005/102 (2005), http://eprint.iacr.org/

  22. Lamport, L.: Constructing digital signatures from a one-way function. Technical Report CSL-98, SRI International (October 1979)

    Google Scholar 

  23. Massacci, F.: Using Walk-SAT and Rel-SAT for cryptographic key search. In: International Joint Conference on Artificial Intelligence, IJCAI 99, pp. 290–295 (1999)

    Google Scholar 

  24. Merkle, R.C.: One way hash functions and DES. In: McCurley, K.S., Ziegler, C.D. (eds.) Advances in Cryptology 1981 - 1997. LNCS, vol. 1440, pp. 428–446. Springer, Heidelberg (1999)

    Google Scholar 

  25. Massacci, F., Marraro, L.: Logical cryptanalysis as a SAT problem. Journal of Automated Reasoning 24, 165–203 (2000)

    MATH  CrossRef  MathSciNet  Google Scholar 

  26. Moskewicz, M.W., Madigan, C.F., Zhao, Y., Zhang, L., Malik, S.: Chaff: Engineering an efficient SAT solver. In: Proceedings of the Design Automation Conference (DAC) (June 2001)

    Google Scholar 

  27. Marques-Silva, J.P., Sakallah, K.A.: GRASP—a search algorithm for propositional satisfiability. IEEE Transactions in Computers 48(5), 506–521 (1999)

    CrossRef  MathSciNet  Google Scholar 

  28. Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1996)

    CrossRef  Google Scholar 

  29. NIST. Secure hash standard. FIPS PUB 180, National Institute of Standards and Technology (May 1993)

    Google Scholar 

  30. NIST. Secure hash standard. FIPS PUB 180-1, National Institute of Standards and Technology (April 1995)

    Google Scholar 

  31. Rivest, R.L.: The MD4 message digest algorithm. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 303–311. Springer, Heidelberg (1991)

    Google Scholar 

  32. Rivest, R.L.: The MD5 message-digest algorithm. RFC 1321, The Internet Engineering Task Force (April 1992)

    Google Scholar 

  33. Rivest, R.L., Shamir, A., Adleman, L.M.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)

    MATH  CrossRef  MathSciNet  Google Scholar 

  34. Ryan, L.: Efficient algorithms for clause-learning SAT solvers. M.Sc. Thesis, Simon Fraser University (February 2004)

    Google Scholar 

  35. Shoup, V. (ed.): CRYPTO 2005. LNCS, vol. 3621. Springer, Heidelberg (2005)

    MATH  Google Scholar 

  36. Schläffer, M., Oswald, E.: Searching for differential paths in MD4. In: Fast Software Encryption (2006)

    Google Scholar 

  37. Tseytin, G.: On the complexity of derivation in propositional calculus, pp. 115–125. Consultant Bureau, New York-London (1968)

    Google Scholar 

  38. Wang, X., Lai, X., Feng, D., Chen, H., Yu, X.: Cryptanalysis of the hash functions MD4 and RIPEMD. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 1–18. Springer, Heidelberg (2005)

    CrossRef  Google Scholar 

  39. Wedler, M., Stoffel, D., Kunz, W.: Arithmetic reasoning in DPLL-based SAT solving. In: DATE, pp. 30–35 (2004)

    Google Scholar 

  40. Wang, X., Yu, H.: How to break MD5 and other hash functions. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005)

    CrossRef  Google Scholar 

  41. Wang, X., Yin, Y.L., Yu, H.: Finding collisions in the full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)

    Google Scholar 

  42. Wang, X., Yu, H., Yin, Y.L.: Efficient collision search attacks on SHA-0. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 1–16. Springer, Heidelberg (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Microsoft Research, Silicon Valley Campus

    Ilya Mironov & Lintao Zhang

Authors
  1. Ilya Mironov
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lintao Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institute for Formal Models and Verification, Johannes Kepler University, Linz, Austria

    Armin Biere

  2. Department of Computer Science, Cornell University, 14853, Ithaca, NY, U.S.A.

    Carla P. Gomes

Rights and permissions

Reprints and Permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Mironov, I., Zhang, L. (2006). Applications of SAT Solvers to Cryptanalysis of Hash Functions. In: Biere, A., Gomes, C.P. (eds) Theory and Applications of Satisfiability Testing - SAT 2006. SAT 2006. Lecture Notes in Computer Science, vol 4121. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11814948_13

Download citation

  • DOI: https://doi.org/10.1007/11814948_13

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-37206-6

  • Online ISBN: 978-3-540-37207-3

  • eBook Packages: Computer ScienceComputer Science (R0)