Paper 2026/353

Dual-Syncopation Meet-in-the-Middle Attacks: New Results on SHA-2 and MD5

Jian Guo, Nanyang Technological University
Haoran Li, Institute of Information Engineering, CAS
Meicheng Liu, Institute of Information Engineering, CAS
Shichang Wang, Nanyang Technological University
Tianyu Zhang, Nanyang Technological University
Abstract

In this paper, we introduce a novel framework for meet-in-the-middle (MITM) attacks on ARX designs, termed \textit{dual-syncopation} MITM attack, which formalizes a compact, rule-based language for tracking deterministic and non-deterministic information for two independent propagations through ARX operations. The language provides an uniform abstraction for previous techniques, e.g., initial structure, partial matching, partial-fixing, and naturally supports automation. With the language, we additionally encode new technical insights that is not covered in literature and build an efficient automatic search tool for MITM attacks on ARX designs that can be fully optimized within hours. As a result, we obtain the first preimage attacks on 46- and 47-step SHA-256, extending the previous record of 45 steps by two steps. For SHA-512, we present the first preimage attack on 51 steps, extending the prior record of 50 steps by one step. In addition, we provide a collection of improved preimage attacks on 43-, 44-, and 45-step SHA-256; 46-, 47-, 48-, 49-, and 50-step SHA-512; as well as full-step MD5. The proposed attacks can be converted to free-start collision attacks with the technique proposed by Li, Isobe, and Shibutani at FSE 2012. Our results mark the first improvements on theoretical attacks on SHA-2 in a decade and push the boundary of cryptanalysis of ARX designs.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
A major revision of an IACR publication in EUROCRYPT 2026
Keywords
SHA-2MD5Preimage AttackMITMDual-Syncopation
Contact author(s)
guojian @ ntu edu sg
lihaoran @ iie ac cn
liumeicheng @ iie ac cn
shichang wang @ ntu edu sg
tianyu005 @ e ntu edu sg
History
2026-02-23: approved
2026-02-22: received
See all versions
Short URL
https://ia.cr/2026/353
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2026/353,
      author = {Jian Guo and Haoran Li and Meicheng Liu and Shichang Wang and Tianyu Zhang},
      title = {Dual-Syncopation Meet-in-the-Middle Attacks: New Results on {SHA}-2 and {MD5}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2026/353},
      year = {2026},
      url = {https://eprint.iacr.org/2026/353}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.