Automatic Search of Meet-in-the-Middle Preimage Attacks on AES-like Hashing

The Meet-in-the-Middle (MITM) preimage attack is highly effective in breaking the resistance of many hash functions, including but not limited to full MD5, HAVAL, and Tiger, reduced SHA-0/1/2. It was also shown be a threat functions built on block ciphers like AES by Sasaki 2011. Recently, such attacks hashing modes evolved from merely using freedom choosing internal state exploiting message state. However, detecting especially those variants difficult. In previous works, search space configurations limited, that manual analysis practical, which results sub-optimal solutions. this paper, we remove artificial limitations formulate essential ideas construction well-defined ways, translate problem searching for best into optimization problems under constraints Mixed-Integer-Linear-Programming (MILP) models. MILP models capture large solution valid attacks; objectives are with minimized computational complexity. With off-the-shelf solver, it efficient exhaustively. As result, obtain first against (5-round) an extended (5.5-round) version Haraka-512 v2, 8-round AES-128 modes, as well improved covering more rounds Haraka-256 v2 other members Rijndael modes.