SAT Based Attacks on SipHash - Department of Computer Science

More documents

Recommendations

Info

ii The project “<strong>SAT</strong> <strong>Based</strong> <strong>Attacks</strong> on SipHash” by Santhosh Kantharaju Siddappa has been examined and approved by the following Examination Committee: Prof. Alan Kaminsky Professor Project Committee Chair Prof. Stanisław P. Radziszowski Professor Prof. Hans-Peter Bischof Professor
iii Abstract <strong>SAT</strong> <strong>Based</strong> <strong>Attacks</strong> on SipHash Santhosh Kantharaju Siddappa Supervising Professor: Prof. Alan Kaminsky SipHash is a proposed pseudorandom function (PRF) that is optimized for small message inputs. It is intended to be used as a message-authentication code (MAC). It uses a 128-bit secret key to compute the tag of a message. This project uses <strong>SAT</strong> based attacks on the primitive to perform partial key recovery and compares the effectiveness of these attacks against standard brute force approach that involves trying all possible combinations for the key bits. The primitive is converted into CNF and fed to an off-the-shelf <strong>SAT</strong> solver. The solver uses clause learning and if satisfiable, returns a set of values for the missing key bits. It also reports the number of conflicts that occurred before a solution was found. This is repeated several times for varying number of missing key bits and different versions of SipHash. It is then compared to the number of attempts to retrieve the missing key bits using brute force and the results are analyzed to check the effectiveness of <strong>SAT</strong> based attacks.
Page 1: SAT Based<
Page 5 and 6: v 4 Related work . . . . . . . . .
Page 7 and 8: 1 Chapter 1 Introduction This proje
Page 9 and 10: 3 Figure 1.1: SipHash-2,4 processin
Page 11 and 12: 5 possible values for each of the l
Page 13 and 14: 7 2.1.1 CNF for AND Consider the op
Page 15 and 16: 9 2.1.4 CNF for ADD Figure 2.1: ADD
Page 17 and 18: 11 Figure 2.3: Vector before rotati
Page 19 and 20: 13 half adders. Variable space is r
Page 21 and 22: 15 for c −→ 1 to 2 for d −→
Page 23 and 24: 17 Figure 3.1: SipHash-1,0 Figure 3
Page 25 and 26: 19 3.1.2 SipHash-x,1 Figure 3.5: Si
Page 27 and 28: 21 Chapter 4 Related work B
Page 29 and 30: 23 Walk-SAT algori
Page 31 and 32: 25 on reduced versions of CubeHash
Page 33 and 34: 27 Chapter 5 Future Work SA
Page 35 and 36: 29 Bibliography [1] Jean-Philippe A
Page 37 and 38: 31 Appendix A Variable Parameters K
Page 39 and 40: 33 c Calc default polars - time: 0.
Page 41 and 42: 35 Appendix C CNF Following is a pa
Page 43 and 44: 37 Missing key bits brute force <st
Page 45: 39 Missing key bits brute force <st

SAT Based Attacks on SipHash - Department of Computer Science

Create successful ePaper yourself

Delete template?

Save as template?