Inverting Cryptographic Hash Functions via Cube-and-Conquer › Обзор исследований

Standard

Inverting Cryptographic Hash Functions via Cube-and-Conquer. / Zaikin, Oleg.

в: Journal of Artificial Intelligence Research, Том 81, 2024, стр. 359-399.

Результаты исследований: Научные публикации в периодических изданиях › статья › Рецензирование

Harvard

Zaikin, O 2024, 'Inverting Cryptographic Hash Functions via Cube-and-Conquer', Journal of Artificial Intelligence Research, Том. 81, стр. 359-399. https://doi.org/10.1613/jair.1.15244

APA

Zaikin, O. (2024). Inverting Cryptographic Hash Functions via Cube-and-Conquer. Journal of Artificial Intelligence Research, 81, 359-399. https://doi.org/10.1613/jair.1.15244

Vancouver

Zaikin O. Inverting Cryptographic Hash Functions via Cube-and-Conquer. Journal of Artificial Intelligence Research. 2024;81:359-399. doi: 10.1613/jair.1.15244

Author

Zaikin, Oleg. / Inverting Cryptographic Hash Functions via Cube-and-Conquer. в: Journal of Artificial Intelligence Research. 2024 ; Том 81. стр. 359-399.

BibTeX

@article{906b45f176e94927b6d2b900489e1ec8,

title = "Inverting Cryptographic Hash Functions via Cube-and-Conquer",

abstract = "MD4 and MD5 are fundamental cryptographic hash functions proposed in the early 1990s. MD4 consists of 48 steps and produces a 128-bit hash given a message of arbitrary finite size. MD5 is a more secure 64-step extension of MD4. Both MD4 and MD5 are vulnerable to practical collision attacks, yet it is still not realistic to invert them, i.e., to find a message given a hash. In 2007, the 39-step version of MD4 was inverted by reducing to SAT and applying a CDCL solver along with the so-called Dobbertin{\textquoteright}s constraints. As for MD5, in 2012 its 28-step version was inverted via a CDCL solver for one specified hash without adding any extra constraints. In this study, Cube-and-Conquer (a combination of CDCL and lookahead) is applied to invert step-reduced versions of MD4 and MD5. For this purpose, two algorithms are proposed. The first one generates inverse problems for MD4 by gradually modifying the Dobbertin{\textquoteright}s constraints. The second algorithm tries the cubing phase of Cube-and-Conquer with different cutoff thresholds to find the one with the minimum runtime estimate of the conquer phase. This algorithm operates in two modes: (i) estimating the hardness of a given propositional Boolean formula; (ii) incomplete SAT solving of a given satisfiable propositional Boolean formula. While the first algorithm is focused on inverting step-reduced MD4, the second one is not area-specific and is therefore applicable to a variety of classes of hard SAT instances. In this study, 40-, 41-, 42-, and 43-step MD4 are inverted for the first time via the first algorithm and the estimating mode of the second algorithm. Also, 28-step MD5 is inverted for four hashes via the incomplete SAT solving mode of the second algorithm. For three hashes out of them, it is done for the first time.",

author = "Oleg Zaikin",

note = "This study was financially supported by the Mathematical Center in Akademgorodok under the agreement No. 075-15-2022-282 with the Ministry of Science and Higher Education of the Russian Federation.",

year = "2024",

doi = "10.1613/jair.1.15244",

language = "English",

volume = "81",

pages = "359--399",

journal = "Journal of Artificial Intelligence Research",

issn = "1076-9757",

publisher = "Morgan Kaufmann Publishers, Inc.",

}

RIS

TY - JOUR

T1 - Inverting Cryptographic Hash Functions via Cube-and-Conquer

AU - Zaikin, Oleg

N1 - This study was financially supported by the Mathematical Center in Akademgorodok under the agreement No. 075-15-2022-282 with the Ministry of Science and Higher Education of the Russian Federation.

PY - 2024

Y1 - 2024

N2 - MD4 and MD5 are fundamental cryptographic hash functions proposed in the early 1990s. MD4 consists of 48 steps and produces a 128-bit hash given a message of arbitrary finite size. MD5 is a more secure 64-step extension of MD4. Both MD4 and MD5 are vulnerable to practical collision attacks, yet it is still not realistic to invert them, i.e., to find a message given a hash. In 2007, the 39-step version of MD4 was inverted by reducing to SAT and applying a CDCL solver along with the so-called Dobbertin’s constraints. As for MD5, in 2012 its 28-step version was inverted via a CDCL solver for one specified hash without adding any extra constraints. In this study, Cube-and-Conquer (a combination of CDCL and lookahead) is applied to invert step-reduced versions of MD4 and MD5. For this purpose, two algorithms are proposed. The first one generates inverse problems for MD4 by gradually modifying the Dobbertin’s constraints. The second algorithm tries the cubing phase of Cube-and-Conquer with different cutoff thresholds to find the one with the minimum runtime estimate of the conquer phase. This algorithm operates in two modes: (i) estimating the hardness of a given propositional Boolean formula; (ii) incomplete SAT solving of a given satisfiable propositional Boolean formula. While the first algorithm is focused on inverting step-reduced MD4, the second one is not area-specific and is therefore applicable to a variety of classes of hard SAT instances. In this study, 40-, 41-, 42-, and 43-step MD4 are inverted for the first time via the first algorithm and the estimating mode of the second algorithm. Also, 28-step MD5 is inverted for four hashes via the incomplete SAT solving mode of the second algorithm. For three hashes out of them, it is done for the first time.

AB - MD4 and MD5 are fundamental cryptographic hash functions proposed in the early 1990s. MD4 consists of 48 steps and produces a 128-bit hash given a message of arbitrary finite size. MD5 is a more secure 64-step extension of MD4. Both MD4 and MD5 are vulnerable to practical collision attacks, yet it is still not realistic to invert them, i.e., to find a message given a hash. In 2007, the 39-step version of MD4 was inverted by reducing to SAT and applying a CDCL solver along with the so-called Dobbertin’s constraints. As for MD5, in 2012 its 28-step version was inverted via a CDCL solver for one specified hash without adding any extra constraints. In this study, Cube-and-Conquer (a combination of CDCL and lookahead) is applied to invert step-reduced versions of MD4 and MD5. For this purpose, two algorithms are proposed. The first one generates inverse problems for MD4 by gradually modifying the Dobbertin’s constraints. The second algorithm tries the cubing phase of Cube-and-Conquer with different cutoff thresholds to find the one with the minimum runtime estimate of the conquer phase. This algorithm operates in two modes: (i) estimating the hardness of a given propositional Boolean formula; (ii) incomplete SAT solving of a given satisfiable propositional Boolean formula. While the first algorithm is focused on inverting step-reduced MD4, the second one is not area-specific and is therefore applicable to a variety of classes of hard SAT instances. In this study, 40-, 41-, 42-, and 43-step MD4 are inverted for the first time via the first algorithm and the estimating mode of the second algorithm. Also, 28-step MD5 is inverted for four hashes via the incomplete SAT solving mode of the second algorithm. For three hashes out of them, it is done for the first time.

UR - https://www.mendeley.com/catalogue/5d8a928f-05e2-37b2-9080-4d262e6f397e/

U2 - 10.1613/jair.1.15244

DO - 10.1613/jair.1.15244

M3 - Article

VL - 81

SP - 359

EP - 399

JO - Journal of Artificial Intelligence Research

JF - Journal of Artificial Intelligence Research

SN - 1076-9757

ER -

ID: 61306374