Abstract:
MD4 was one of the first cryptographic hash functions. Due to some structural features, its compression function is vulnerable to collision attacks and, to a lesser degree, to preimage attacks. Key investigations in this area were carried out by Hans Dobbertin. In particular, he proposed special constraints that made it possible to invert the first 32 steps of the MD4 compression function. Later, these constraints were encoded to SAT and helped to invert up to 43 steps of this compression function. We analyze the influence of Dobbertin's constraints on such SAT-based preimage attacks and propose a new runtime estimation for inverting the 44-step MD4 compression function.
Fulltext:
PDF file (574 kB)