SAT Based Attacks on SipHash - Department of Computer Science
SAT Based Attacks on SipHash - Department of Computer Science
SAT Based Attacks on SipHash - Department of Computer Science
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
iii<br />
Abstract<br />
<str<strong>on</strong>g>SAT</str<strong>on</strong>g> <str<strong>on</strong>g>Based</str<strong>on</strong>g> <str<strong>on</strong>g>Attacks</str<strong>on</strong>g> <strong>on</strong> <strong>SipHash</strong><br />
Santhosh Kantharaju Siddappa<br />
Supervising Pr<strong>of</strong>essor: Pr<strong>of</strong>. Alan Kaminsky<br />
<strong>SipHash</strong> is a proposed pseudorandom functi<strong>on</strong> (PRF) that is optimized for small message<br />
inputs. It is intended to be used as a message-authenticati<strong>on</strong> code (MAC). It uses a 128-bit<br />
secret key to compute the tag <strong>of</strong> a message. This project uses <str<strong>on</strong>g>SAT</str<strong>on</strong>g> based attacks <strong>on</strong> the<br />
primitive to perform partial key recovery and compares the effectiveness <strong>of</strong> these attacks<br />
against standard brute force approach that involves trying all possible combinati<strong>on</strong>s for the<br />
key bits.<br />
The primitive is c<strong>on</strong>verted into CNF and fed to an <strong>of</strong>f-the-shelf <str<strong>on</strong>g>SAT</str<strong>on</strong>g> solver. The solver uses<br />
clause learning and if satisfiable, returns a set <strong>of</strong> values for the missing key bits. It also<br />
reports the number <strong>of</strong> c<strong>on</strong>flicts that occurred before a soluti<strong>on</strong> was found. This is repeated<br />
several times for varying number <strong>of</strong> missing key bits and different versi<strong>on</strong>s <strong>of</strong> <strong>SipHash</strong>.<br />
It is then compared to the number <strong>of</strong> attempts to retrieve the missing key bits using brute<br />
force and the results are analyzed to check the effectiveness <strong>of</strong> <str<strong>on</strong>g>SAT</str<strong>on</strong>g> based attacks.