# Algebraic attacks using SAT-solvers

@inproceedings{Jovanovic2010AlgebraicAU, title={Algebraic attacks using SAT-solvers}, author={Philipp Jovanovic and Martin Kreuzer}, booktitle={Groups Complex. Cryptol.}, year={2010} }

Abstract Algebraic attacks lead to the task of solving polynomial systems over 𝔽2. We study recent suggestions of using SAT-solvers for this task. In particular, we develop several strategies for converting the polynomial system to a set of CNF clauses. This generalizes the approach in [Bard, Courtois, Jefferson, Cryptology ePrint Archive 2007, 2007]. Moreover, we provide a novel way of transforming a system over 𝔽2 e to a (larger) system over 𝔽2. Finally, the efficiency of these methods is…

## 31 Citations

Algebraic Attacks Using IP-Solvers

- Computer Science, MathematicsCASC
- 2013

A new technique and several strategies for converting the polynomial system to a set of linear equalities and inequalities are developed and generalized.

CDCL(Crypto) and Machine Learning based SAT Solvers for Cryptanalysis

- Computer Science, Mathematics
- 2020

An approach called CDCL(Crypto) is described to tailor the internal subroutines of the CDCL SAT solver with domain-specific knowledge about cryptographic primitives, and a formulation of SAT into Bayesian moment matching to address heuristic initialization problem in SAT solvers is used.

Use of SAT Solvers in Cryptanalysis

- Computer Science, Mathematics
- 2016

This work creates a modeling library that allows simple creation of SAT instances and creates models for several cryptographic hash functions, which are evaluated on various SAT solvers, optimizations and heuristics.

Integrating Algebraic and SAT Solvers

- Computer Science, MathematicsMACIS
- 2017

This work describes an automatic framework integrating the two solving techniques and exchanging newly found information between them and presents some initial experiments indicating the efficiency of this combination.

Applications of SAT Solvers in Cryptanalysis: Finding Weak Keys and Preimages

- Computer Science, MathematicsJ. Satisf. Boolean Model. Comput.
- 2014

An efficient, generic and automated method for generating SAT instances encoding a wide range of cryptographic computations is introduced and this method can be used to automate the first step of algebraic attacks, i.e. the generation of a system ofgebraic equations.

Towards a better understanding of hardness

- Computer Science
- 2011

A new measure hd(F), the “hardness”, is introduced, for formulas F in conjunctive normal form (i.e., clause-sets), and it is proposed that the task of solving a SAT problem efficiently is captured by constructing a representation of the underlying boolean function which is of low hardness.

Towards a better understanding of representing problems as SAT problems

- Computer Science
- 2011

A new measure hd(F), the “hardness”, is introduced, for formulas F in conjunctive normal form (i.e., clause-sets), and it is presented the SAT representation hypothesis: the task of solving a SAT problem efficiently is captured by constructing a representation of the underlying boolean function which is of low hardness.

Converting Symmetric Cryptography to SAT Problems Using Model Checking Tools

- Computer Science, MathematicsAnais do XX Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais (SBSeg 2020)
- 2020

This work presents a technique to quickly translate symmetric cryptography into SAT problems using Bounded Model Checking (BMC) tools, converting the RC4 and AES algorithms into a SAT problem.

Towards a better understanding of SAT translations

- Computer Science, Mathematics
- 2011

A new measure hd(F), the “hardness”, is introduced, for formulas F in conjunctive normal form (i.e., clause-sets), and it is presented the SAT representation hypothesis: the task of solving a SAT problem efficiently is captured by constructing a representation of the underlying boolean function which is of low hardness.

An Algebraic Fault Attack on the LED Block Cipher

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2012

An attack on block ciphers is proposed where techniques derived from algebraic and fault based cryptanalysis are combined to mount a new, successful attack on the version of LED that uses a 64-bit secret key, requiring only a single fault injection.

## References

SHOWING 1-10 OF 23 REFERENCES

Strategies on Algebraic Attacks Using SAT Solvers

- Computer Science, Mathematics2008 The 9th International Conference for Young Computer Scientists
- 2008

This paper designs an automatic tool for algebraic attacks ATAA to give some benchmark analyses and empirical observations based on a stream cipher series named Bivium-n and proposes and summarizes common strategies for SAT solvers.

Extending SAT Solvers to Cryptographic Problems

- Computer Science, MathematicsSAT
- 2009

A new approach to solving cryptographic problems by adapting both the problem description and the solver synchronously instead of tweaking just one of them is presented, which was able to solve a well-researched stream cipher 26 times faster than was previously possible.

Logical Cryptanalysis as a SAT Problem

- Computer ScienceJournal of Automated Reasoning
- 2004

It is claimed that one can feasibly encode the low-level properties of state-of-the-art cryptographic algorithms as SAT problems and then use efficient automated theorem-proving systems and SAT-solvers for reasoning about them, and call this approach logical cryptanalysis.

Algebraic Attacks Galore!

- Computer Science, MathematicsGroups Complex. Cryptol.
- 2009

This is the first in a two-part survey of current techniques in algebraic cryptanalysis, discussing a number of individual methods and introducing attacks based on integer programming techniques and try them in some concrete cases.

Efficient Methods for Conversion and Solution of Sparse Systems of Low-Degree Multivariate Polynomials over GF(2) via SAT-Solvers

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2007

Methods for efficiently converting systems of low-degree sparse multivariate equations into a conjunctive normal form satisfiability (CNF-SAT) problem, for which excellent heuristic algorithms have been developed in recent years are studied.

Algebraic Cryptanalysis

- Computer Science, Mathematics
- 2009

Algebraic Cryptanalysis bridges the gap between a course in cryptography, and being able to read the cryptanalytic literature, with a survey of the methods used in practice, including SAT-solvers and the methods of Nicolas Courtois.

How Fast can be Algebraic Attacks on Block Ciphers ?

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2006

A specification of a new block cipher that can be called the Courtois Toy Cipher, which is quite simple, and yet very much like any other known block cipher, that should evidently be secure against all known attack methods.

Small Scale Variants of the AES

- Mathematics, Computer ScienceFSE
- 2005

Some preliminary results and insights when using off-the-shelf computational algebra techniques to solve the systems of equations arising from these small scale variants of the AES are provided.

Algebraic Cryptanalysis of the Data Encryption Standard

- Computer Science, MathematicsIMACC
- 2007

It is demonstrated that in this paper, several interesting attacks on a real-life "industrial" block cipher can be found, and one of the attacks is the fastest known algebraic attack on 6 rounds of DES, which is quite interesting in itself.

The Design of Rijndael: AES - The Advanced Encryption Standard

- Computer Science
- 2002

The underlying mathematics and the wide trail strategy as the basic design idea are explained in detail and the basics of differential and linear cryptanalysis are reworked.