Inverting 43-Step MD4 via Cube-and-Conquer
Abstract
MD4 is a prominent cryptographic hash function proposed in 1990. The full version consists of 48 steps and produces a hash of size 128 bits given a message of an arbitrary finite size. In 2007, its truncated 39-step version was inverted via reducing to SAT and applying a CDCL solver. Since that time, several attempts have been made but the 40-step version still remains unbroken. In this study, 40-, 41-, 42-, and 43-step versions of MD4 are successfully inverted. The problems are reduced to SAT and solved via the Cube-and-Conquer approach. Two algorithms are proposed for this purpose. The first one generates inversion problems for MD4 by adding special constraints. The second one is aimed at finding a proper threshold for the cubing phase of Cube-and-Conquer. While the first algorithm is focused on inverting MD4 and similar cryptographic hash functions, the second one is not area specific and so is applicable to a variety of classes of hard SAT instances.
Cite
Text
Zaikin. "Inverting 43-Step MD4 via Cube-and-Conquer." International Joint Conference on Artificial Intelligence, 2022. doi:10.24963/IJCAI.2022/263Markdown
[Zaikin. "Inverting 43-Step MD4 via Cube-and-Conquer." International Joint Conference on Artificial Intelligence, 2022.](https://mlanthology.org/ijcai/2022/zaikin2022ijcai-inverting/) doi:10.24963/IJCAI.2022/263BibTeX
@inproceedings{zaikin2022ijcai-inverting,
title = {{Inverting 43-Step MD4 via Cube-and-Conquer}},
author = {Zaikin, Oleg},
booktitle = {International Joint Conference on Artificial Intelligence},
year = {2022},
pages = {1894-1900},
doi = {10.24963/IJCAI.2022/263},
url = {https://mlanthology.org/ijcai/2022/zaikin2022ijcai-inverting/}
}