Applications of SAT Solvers in Cryptanalysis: Finding Weak Keys and Preimages

Lafitte, Frédéric; Nakahara, Jorge; Heule, Dirk Van

doi:10.3233/sat190099

Cited by 20 publications

(15 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This idea supplements other classic methods of cryptanalysis [5,6,13,20,21]. In the literature can be still found new papers devoted to this topic [7,10,11,16,17,18,19,22,24].…”

Section: Introductionmentioning

confidence: 68%

Complete SAT based Cryptanalysis of RC5 Cipher

Sobon¹,

Kurkowski

Stachowiak

2020

J. inf. organ. sci. (Online)

View full text Add to dashboard Cite

Keeping the proper security level of ciphers used in communication networks is today a very important problem. Cryptanalysts ensure a constant need for improvement complexity and ciphers' security by trying to break them. Sometimes they do not instantly try to break the strongest version of the cipher, but they are looking for weaknesses by splitting it and independently checking all algorithm components. Often cryptanalysts also attempt to break cipher by using its weaker version or configuration. There are plenty of mechanisms and approaches to cryptanalysis to solve those challenges. One of them is SAT-based method, that uses logical encoding. In this article, we present our wide analysis and new experimental results of SAT-based, direct cryptanalysis of the RC5 cipher. To perform such actions on the given cipher, we initially create a propositional logical formula, that describes and represents the entire RC5 algorithm. The second step is to randomly generate key and plaintext. Then we determine the ciphertext. In the last step of our computations, we use SAT-solvers. They are particularly designed tools for checking the satisfiability of the Boolean formulas. In our research, we make cryptanalysis of RC5 cipher in the case with plaintext and ciphertext. To get the best result, we compared many SAT-solvers and choose several. Some of them were relatively old, but still very efficient and some were modern and popular.

show abstract

“…This idea supplements other classic methods of cryptanalysis [5,6,13,20,21]. In the literature can be still found new papers devoted to this topic [7,10,11,16,17,18,19,22,24].…”

Section: Introductionmentioning

confidence: 68%

Complete SAT based Cryptanalysis of RC5 Cipher

Sobon¹,

Kurkowski

Stachowiak

2020

J. inf. organ. sci. (Online)

View full text Add to dashboard Cite

show abstract

“…CryptoSAT has already been used in order to (i) find weak keys in idea variants [29], (ii) prove that similar weak keys do not exist in other variants [29], (iii) verify potential flaws of the stream cipher ZUC that are due to its implementation [23]. These results show that CRYPTOSAT is a valuable tool for cryptanalysts, designers, and implementors, respectively.…”

Section: Discussionmentioning

confidence: 86%

CryptoSAT: a tool for SAT‐based cryptanalysis

Lafitte

2018

IET Information Security

Self Cite

View full text Add to dashboard Cite

“…In algebraic cryptanalysis, one attack method is to model a cipher along with its inputs and outputs as a SAT problem. This can be used to find, for example, weak keys in block ciphers or preimages in hash functions (Lafitte et al, 2014). SAT problems are typically expressed in conjunctive normal form (CNF) and logic circuits can quickly be converted into CNF using the Tseytin transform (Knuth, 2015).…”

Section: Statement Of Needmentioning

confidence: 99%

“…Thus, an efficient logic gate representation of an S-box can be transformed into an efficient CNF representation. CNF representations can in turn be transformed into a system of equations in GF(2) (Lafitte et al, 2014).…”

Section: Statement Of Needmentioning

confidence: 99%

sboxgates: A program for finding low gate count implementations of S-boxes

Dansarie¹

2021

JOSS

View full text Add to dashboard Cite

S-boxes are often the only nonlinear components in modern block ciphers. They are commonly selected to comply with very specific criteria in order to make a cipher secure against, for example, linear and differential attacks. An M × N S-box can be thought of as a lookup table that relates an M -bit input value to an N -bit output value, or as a set of N boolean functions of M variables (Schneier, 1996).Although cipher specifications generally describe S-boxes using their lookup tables, they can also be described as boolean functions or logic gate circuits. sboxgates, which is presented here, finds equivalent logic gate circuits for S-boxes, given their lookup table specification. Generated circuits are output in a human-readable XML format. The software can convert the output files into C or CUDA (a parallel computing platform for Nvidia GPUs) source code. The generated circuits can also be converted to the DOT graph description language for visualization with Graphviz (Ellson et al., 2002).

show abstract

Applications of SAT Solvers in Cryptanalysis: Finding Weak Keys and Preimages

Cited by 20 publications

References 23 publications

Complete SAT based Cryptanalysis of RC5 Cipher

Complete SAT based Cryptanalysis of RC5 Cipher

CryptoSAT: a tool for SAT‐based cryptanalysis

sboxgates: A program for finding low gate count implementations of S-boxes

Contact Info

Product

Resources

About