Cryptology ePrint Archive: Report 2006/254

Applications of SAT Solvers to Cryptanalysis of Hash Functions

Ilya Mironov and Lintao Zhang

Abstract: Several standard cryptographic hash functions were broken in 2005. Some essential building blocks of these attacks lend themselves well to automation by encoding them as CNF formulas, which are within reach of modern SAT solvers. In this paper we demonstrate effectiveness of this approach. In particular, we are able to generate full collisions for MD4 and MD5 given only the differential path and applying a (minimally modified) off-the-shelf SAT solver. To the best of our knowledge, this is the first example of a SAT-solver-aided cryptanalysis of a non-trivial cryptographic primitive. We expect SAT solvers to find new applications as a validation and testing tool of practicing cryptanalysts.

Category / Keywords: secret-key cryptography / hash functions, cryptanalysis, SAT solver

Publication Info: Theory and Applications of Satisfiability Testing (SAT 06), pages 102--115, 2006

Date: received 23 Jul 2006, last revised 24 Jul 2006

Contact author: mironov at microsoft com

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Note: This is the full version of the paper presented at SAT 06.

Version: 20060727:062437 (All versions of this report)

Short URL: ia.cr/2006/254

Discussion forum: Show discussion | Start new discussion