Go to OpenReview Archive homepageInverting 43-step MD4 via Cube-and-Conquer
Abstract: MD4 is a prominent cryptographic hash function
proposed in 1990. The full version consists of 48
steps and produces a hash of size 128 bits given
a message of an arbitrary finite size. In 2007, its
truncated 39-step version was inverted via reduc-
ing to SAT and applying a CDCL solver. Since that
time, several attempts have been made but the 40-
step version still remains unbroken. In this study,
40-, 41-, 42-, and 43-step versions of MD4 are
successfully inverted. The problems are reduced
to SAT and solved via the Cube-and-Conquer ap-
proach. Two algorithms are proposed for this pur-
pose. The first one generates inversion problems
for MD4 by adding special constraints. The second
one is aimed at finding a proper threshold for the
cubing phase of Cube-and-Conquer. While the first
algorithm is focused on inverting MD4 and simi-
lar cryptographic hash functions, the second one is
not area specific and so is applicable to a variety of
classes of hard SAT instances.
Loading