# Algebraic attacks using SAT-solvers

@inproceedings{Jovanovic2010AlgebraicAU, title={Algebraic attacks using SAT-solvers}, author={Philipp Jovanovic and Martin Kreuzer}, booktitle={Groups Complex. Cryptol.}, year={2010} }

Abstract Algebraic attacks lead to the task of solving polynomial systems over 𝔽2. We study recent suggestions of using SAT-solvers for this task. In particular, we develop several strategies for converting the polynomial system to a set of CNF clauses. This generalizes the approach in [Bard, Courtois, Jefferson, Cryptology ePrint Archive 2007, 2007]. Moreover, we provide a novel way of transforming a system over 𝔽2 e to a (larger) system over 𝔽2. Finally, the efficiency of these methods is…

## Topics from this paper

## 30 Citations

Algebraic Attacks Using IP-Solvers

- Computer ScienceCASC
- 2013

A new technique and several strategies for converting the polynomial system to a set of linear equalities and inequalities are developed and generalized.

CDCL(Crypto) and Machine Learning based SAT Solvers for Cryptanalysis

- Computer Science
- 2020

An approach called CDCL(Crypto) is described to tailor the internal subroutines of the CDCL SAT solver with domain-specific knowledge about cryptographic primitives, and a formulation of SAT into Bayesian moment matching to address heuristic initialization problem in SAT solvers is used.

Use of SAT Solvers in Cryptanalysis

- 2016

SAT solvers are a universal tool for finding solutions to boolean satisfiability problems. In the past they have also been used for cryptographic problems, such as finding preimages for hash…

Integrating Algebraic and SAT Solvers

- Computer ScienceMACIS
- 2017

This work describes an automatic framework integrating the two solving techniques and exchanging newly found information between them and presents some initial experiments indicating the efficiency of this combination.

Applications of SAT Solvers in Cryptanalysis: Finding Weak Keys and Preimages

- Mathematics, Computer ScienceJ. Satisf. Boolean Model. Comput.
- 2014

An efficient, generic and automated method for generating SAT instances encoding a wide range of cryptographic computations is introduced and this method can be used to automate the first step of algebraic attacks, i.e. the generation of a system ofgebraic equations.

Towards a better understanding of hardness

- 2011

Of fundamental importance for SAT solving is the translation to CNF. One of the basic tasks is to find metrics for determining what are “good” translations, i.e., what makes the resulting SAT problem…

Towards a better understanding of representing problems as SAT problems

- 2011

Of fundamental importance for SAT solving is the translation to CNF. One of the basic tasks is to find metrics for determining what are “good” translations, i.e., what makes the resulting SAT problem…

Towards a better understanding of SAT translations

- 2011

Of fundamental importance for SAT solving is the translation to CNF. One of the basic tasks is to find metrics for determining what are “good” translations, i.e., what makes the resulting SAT problem…

An Algebraic Fault Attack on the LED Block Cipher

- Computer ScienceIACR Cryptol. ePrint Arch.
- 2012

An attack on block ciphers is proposed where techniques derived from algebraic and fault based cryptanalysis are combined to mount a new, successful attack on the version of LED that uses a 64-bit secret key, requiring only a single fault injection.

Towards mixed structural-functional models for algebraic fault attacks on ciphers

- Computer Science2017 IEEE 2nd International Verification and Security Workshop (IVSW)
- 2017

It is shown that structural models obtained from a circuit implementation of the analyzed cipher can lead to more efficient attacks than the functional models used in literature.

## References

SHOWING 1-10 OF 23 REFERENCES

Strategies on Algebraic Attacks Using SAT Solvers

- Computer Science2008 The 9th International Conference for Young Computer Scientists
- 2008

This paper designs an automatic tool for algebraic attacks ATAA to give some benchmark analyses and empirical observations based on a stream cipher series named Bivium-n and proposes and summarizes common strategies for SAT solvers.

Extending SAT Solvers to Cryptographic Problems

- Computer ScienceSAT
- 2009

A new approach to solving cryptographic problems by adapting both the problem description and the solver synchronously instead of tweaking just one of them is presented, which was able to solve a well-researched stream cipher 26 times faster than was previously possible.

Logical Cryptanalysis as a SAT Problem

- Mathematics, Computer ScienceJournal of Automated Reasoning
- 2004

It is claimed that one can feasibly encode the low-level properties of state-of-the-art cryptographic algorithms as SAT problems and then use efficient automated theorem-proving systems and SAT-solvers for reasoning about them, and call this approach logical cryptanalysis.

Algebraic Attacks Galore!

- Computer ScienceGroups Complex. Cryptol.
- 2009

This is the first in a two-part survey of current techniques in algebraic cryptanalysis, discussing a number of individual methods and introducing attacks based on integer programming techniques and try them in some concrete cases.

Efficient Methods for Conversion and Solution of Sparse Systems of Low-Degree Multivariate Polynomials over GF(2) via SAT-Solvers

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2007

Methods for efficiently converting systems of low-degree sparse multivariate equations into a conjunctive normal form satisfiability (CNF-SAT) problem, for which excellent heuristic algorithms have been developed in recent years are studied.

Algebraic Cryptanalysis

- Computer Science
- 2009

Algebraic Cryptanalysis bridges the gap between a course in cryptography, and being able to read the cryptanalytic literature, with a survey of the methods used in practice, including SAT-solvers and the methods of Nicolas Courtois.

How Fast can be Algebraic Attacks on Block Ciphers ?

- Computer ScienceIACR Cryptol. ePrint Arch.
- 2006

A specification of a new block cipher that can be called the Courtois Toy Cipher, which is quite simple, and yet very much like any other known block cipher, that should evidently be secure against all known attack methods.

Small Scale Variants of the AES

- Computer ScienceFSE
- 2005

Some preliminary results and insights when using off-the-shelf computational algebra techniques to solve the systems of equations arising from these small scale variants of the AES are provided.

Algebraic Cryptanalysis of the Data Encryption Standard

- Computer ScienceIMACC
- 2007

It is demonstrated that in this paper, several interesting attacks on a real-life "industrial" block cipher can be found, and one of the attacks is the fastest known algebraic attack on 6 rounds of DES, which is quite interesting in itself.

The Design of Rijndael: AES - The Advanced Encryption Standard

- Computer Science
- 2002

The underlying mathematics and the wide trail strategy as the basic design idea are explained in detail and the basics of differential and linear cryptanalysis are reworked.