Inverting Thanks to Sat Solving

The SATisfiability Problem is a core problem in mathematical logic and computing theory. The last decade progresses have led it to be a great and competitive approach to practically solve a wide range of industrial and academic problems. Thus, the current SAT solving capacity allows the propositional formalism to be an interesting alternative to tackle cryptanalysis problems. This paper deals with an original application of the SAT problem to cryptanalysis. We thus present a principle, based on a propositional modeling and solving, and provide details on logical inferences, simplifications, learning and pruning techniques used as a preprocessor with the aim of reducing the computational complexity of the SAT solving and hence weakening the associated cryptanalysis. As cryptographic hash functions are central elements in modern cryptography we choose to illustrate our approach with a dedicated attack on the second preimage of the well-known MD? hash functions. We finally validate this reverse-engineering process, thanks to a generic SAT solver achieving a weakening of the inversion of MD?. As a result, we present an improvement of the current limit of best practical attacks on step-reduced MD4 and MD5 second preimage, respectively up to 39 and 28 inverted rounds.