Inverting Cryptographic Hash Functions via Cube-and-Conquer

MD4 and MD5 are seminal cryptographic hash functions proposed in early 1990s. MD4 consists of 48 steps and produces a 128-bit hash given a message of arbitrary finite size. MD5 is a more secure 64-step extension of MD4. Both MD4 and MD5 are vulnerable to practical collision attacks, yet it is still not realistic to invert them, i.e. to find a message given a hash. In 2007, the 39-step version of MD4 was inverted via reducing to SAT and applying a CDCL solver along with the so-called Dobbertin's constraints. As for MD5, in 2012 its 28-step version was inverted via a CDCL solver for one specified hash without adding any additional constraints. In this study, Cube-and-Conquer (a combination of CDCL and lookahead) is applied to invert step-reduced versions of MD4 and MD5. For this purpose, two algorithms are proposed. The first one generates inversion problems for MD4 by gradually modifying the Dobbertin's constraints. The second algorithm tries the cubing phase of Cube-and-Conquer with different cutoff thresholds to find the one with minimal runtime estimation of the conquer phase. This algorithm operates in two modes: (i) estimating the hardness of a given propositional Boolean formula; (ii) incomplete SAT-solving of a given satisfiable propositional Boolean formula. While the first algorithm is focused on inverting step-reduced MD4, the second one is not area-specific and so is applicable to a variety of classes of hard SAT instances. In this study, 40-, 41-, 42-, and 43-step MD4 are inverted for the first time via the first algorithm and the estimating mode of the second algorithm. 28-step MD5 is inverted for four hashes via the incomplete SAT-solving mode of the second algorithm. For three hashes out of them this is done for the first time.Comment: 40 pages, 11 figures. A revised submission to JAI

Preimage Attack on MD4 Hash Function as a Problem of Parallel Sat-Based Cryptanalysis

In this paper we study the inversion problem of MD4 cryptographic hash function developed by R. Rivest in 1990. By MD4-k we denote a truncated variant of MD4 hash function in which k represents a number of steps used to calculate a hash value (the full version of MD4 function corresponds to MD4-48). H. Dobbertin has showed that MD4-32 hash function is not one-way, namely, it can be inverted for the given image of a random input. He suggested to add special conditions to the equations that describe the computation of concrete steps (chaining variables) of the considered hash function. These additional conditions allowed to solve the inversion problem of MD4-32 within a reasonable time by solving corresponding system of equations. The main result of the present paper is an automatic derivation of “Dobbertin’s conditions” using parallel SAT solving algorithms. We also managed to solve several inversion problems of functions of the kind MD4-k (for k from 31 up to 39 inclusive). Our method significantly outperforms previously existing approaches to solving these problems

Aspects of a Watermark Solution

Although watermarking is a relatively new technology, there are many ways of applying it on an electronic data set with the purpose of ensuring copyright integrity and authenticity of the electronic data. But, bearing in mind the evolution of information technology and of communication, a watermark may be the target of several attacks which aim at its robustness, its form and even at its removal. In order to reduce these threats, this paper proposes a solution - digital watermarking completed by a hash function which has an important role in the authenticity of the content of a message and in the security of the transmission of this message through computer networks which are the main support of collaborative systems.Digital Watermarking, Hash Functions, Digital Information Security, Collaborative Systems

A Meaningful MD5 Hash Collision Attack

It is now proved by Wang et al., that MD5 hash is no more secure, after they proposed an attack that would generate two different messages that gives the same MD5 sum. Many conditions need to be satisfied to attain this collision. Vlastimil Klima then proposed a more efficient and faster technique to implement this attack. We use these techniques to first create a collision attack and then use these collisions to implement meaningful collisions by creating two different packages that give identical MD5 hash, but when extracted, each gives out different files with contents specified by the atacker

Propagation of updates to replicas using error-correcting codes

With the increase in percentage of replicas of data in the Internet, reducing the amount of bandwidth needed for propagation of updates across the replicas has become a major issue. Objective of our investigation is to design an update propagation mechanism focused on reducing the amount of bandwidth needed to propagate the change across multiple distinct versions of the replicas in a distributed system. We obtain the estimated amount of bytes changed from the user and generate parity information needed to correct these bytes using Error Correcting Codes. Transferring the parity information propagates the update. The updated data can be constructed using the parity information and the outdated data. Our investigation proved that the approach would be bandwidth efficient but computation intensive. We conclude our investigation with an update propagation mechanism that we believe would be less computationally intensive and also reduced bandwidth requirements