# Logical Cryptanalysis as a SAT Problem

@article{Massacci2004LogicalCA, title={Logical Cryptanalysis as a SAT Problem}, author={Fabio Massacci and Laura Marraro}, journal={Journal of Automated Reasoning}, year={2004}, volume={24}, pages={165-203} }

Cryptographic algorithms play a key role in computer security and the formal analysis of their robustness is of utmost importance. Yet, logic and automated reasoning tools are seldom used in the analysis of a cipher, and thus one cannot often get the desired formal assurance that the cipher is free from unwanted properties that may weaken its strength.In this paper, we claim that one can feasibly encode the low-level properties of state-of-the-art cryptographic algorithms as SAT problems and…

## 139 Citations

### Complete SAT based Cryptanalysis of RC5 Cipher

- Computer Science, Mathematics
- 2020

This article presents a wide analysis and new experimental results of SATbased, direct cryptanalysis of the RC5 cipher, that uses logical encoding and uses SAT-solvers for checking the satisfiability of the Boolean formulas.

### Applications of SAT Solvers in Cryptanalysis: Finding Weak Keys and Preimages

- Computer Science, MathematicsJ. Satisf. Boolean Model. Comput.
- 2014

An efficient, generic and automated method for generating SAT instances encoding a wide range of cryptographic computations is introduced and this method can be used to automate the first step of algebraic attacks, i.e. the generation of a system ofgebraic equations.

### Extending SAT Solvers to Cryptographic Problems

- Computer Science, MathematicsSAT
- 2009

A new approach to solving cryptographic problems by adapting both the problem description and the solver synchronously instead of tweaking just one of them is presented, which was able to solve a well-researched stream cipher 26 times faster than was previously possible.

### An efficient SAT-based algorithm for finding short cycles in cryptographic algorithms

- Computer Science, Mathematics2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)
- 2018

The presented algorithm can handle cryptographic algorithms with very large state spaces, including important ciphers such as Trivium and Grain-128, and is found to contain short cycles whose existence, to the best knowledge, was previously unknown.

### Use of SAT Solvers in Cryptanalysis

- Computer Science, Mathematics
- 2016

This work creates a modeling library that allows simple creation of SAT instances and creates models for several cryptographic hash functions, which are evaluated on various SAT solvers, optimizations and heuristics.

### Satisfiability-based Framework for Enabling Side-channel Attacks on Cryptographic Software

- Computer Science, MathematicsProceedings of the Design Automation & Test in Europe Conference
- 2006

A new framework for performing side-channel attacks is proposed by formulating the analysis phase as a search problem that can be solved using modern Boolean analysis techniques such as satisfiability solvers, which can substantially enhance the scope of side- channel attacks.

### On Finding Short Cycles in Cryptographic Algorithms

- Computer Science, Mathematics
- 2017

It is shown how short cycles in the state space of a cryptographic algorithm can be used to mount a fault attack on its implementation which results in a full secret key recovery and shows these ciphers have short cycles whose existence, to the best knowledge, was previously unknown.

### Logical Reasoning to Detect Weaknesses About SHA-1 and MD4/5

- Computer ScienceIACR Cryptol. ePrint Arch.
- 2014

The logical cryptanalysis principle is presented, a weakness based on the use of round constants to detect probabilistic relations as implications or equivalences between certain variables is presented and a practical framework to exploit these weaknesses through the inversions of reduced-step versions of MD4, MD5, SHA-0 and SHA-1 is presented.

### Inverting Thanks to SAT Solving - An Application on Reduced-step MD*

- Computer Science, MathematicsSECRYPT
- 2012

A principle is presented, based on a propositional modeling and solving, and details on logical inferences, simplifications, learning and pruning techniques used as a preprocessor with the aim of reducing the computational complexity of the SAT solving and hence weakening the associated cryptanalysis.

### Proving Functional Equivalence of Two AES Implementations Using Bounded Model Checking

- Computer Science, Mathematics2009 International Conference on Software Testing Verification and Validation
- 2009

This case study tackles the problem of proving the functional equivalence of two implementations of the AES crypto-algorithm using automatic bounded model checking techniques, and could semi-automatically prove equivalences of the first three rounds ofThe AES encryption routines.

## References

SHOWING 1-10 OF 60 REFERENCES

### A New Challenge for Automated Reasoning: Veriication and Cryptanalysis of Cryptographic Algorithms

- Computer Science
- 1999

This paper advocates that it is possible to use logic to encode the low-level properties of state-of-the-art cryptographic algorithms and then use automated theorem proving for reasoning about them and calls this approach logical cryptanalysis.

### Using Walk-SAT and Rel-Sat for Cryptographic Key Search

- Computer ScienceIJCAI
- 1999

Two state-of-the-art AI search algorithms have been tested on the encoding of the Data Encryption Standard, to see whether they are up the task, and what lesson can be learned from the analysis on this benchmark to improve SAT solvers are discussed.

### The Inductive Approach to Verifying Cryptographic Protocols

- Computer Science, MathematicsJ. Comput. Secur.
- 1998

Informal arguments that cryptographic protocols are secure can be made rigorous using inductive definitions. The approach is based on ordinary predicate calculus and copes with infinite-state…

### A logic of authentication

- Computer ScienceProceedings of the Royal Society of London. A. Mathematical and Physical Sciences
- 1989

This paper shows how various protocols differ subtly with respect to the required initial assumptions of the participants and their final beliefs, and explains the formalism used, and gives examples of its application to protocols from the literature.

### Is the data encryption standard a group

- Computer Science, Mathematics
- 1986

Using a combination of software and special-purpose hardware, the cycling test is applied to the Data Encryption Standard and shows, with a high degree of confidence, that DES is not a group.

### A Computing Procedure for Quantification Theory

- MathematicsJACM
- 1960

In the present paper, a uniform proof procedure for quantification theory is given which is feasible for use with some rather complicated formulas and which does not ordinarily lead to exponentiation.

### Automated Analysis of Cryptographic Protocols Using Mur '

- Computer Science
- 1997

The feasibility of the Mur' approach is illustrated by analyzing the Needham-Schroeder protocol,ding a known bug in a few seconds of computation time, and analyzing variants of Kerberos and the faulty TMN protocol used in another comparative study.

### The First Experimental Cryptanalysis of the Data Encryption Standard

- Computer ScienceCRYPTO
- 1994

An improved version of linear cryptanalysis is described and its application to the first, successful computer experiment in breaking the full 16-round DES with high success probability if 243 random plaintexts and their ciphertexts are available.

### Automated analysis of cryptographic protocols using Mur/spl phi/

- Computer ScienceProceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097)
- 1997

The efficiency of Mur/spl phi/ allows us to examine multiple terms of relatively short protocols, giving us the ability to detect replay attacks, or errors resulting from confusion between independent execution of a protocol by independent parties.

### Programming Satan's Computer

- Computer ScienceComputer Science Today
- 1995

The task is to program a computer which gives answers which are subtly and maliciously wrong at the most inconvenient possible moment.