SAT Based Attacks on SipHash - Department of Computer Science

More documents

Recommendations

Info

iv Contents Abstract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iii 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.1 Message Authentication Code . . . . . . . . . . . . . . . . . . . . . . . . 1 1.1.1 SipHash . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.2 Boolean Satisfiability Problem . . . . . . . . . . . . . . . . . . . . . . . . 4 1.3 <strong>SAT</strong> solver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 2 Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 2.1 Building the CNF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 2.1.1 CNF for AND . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 2.1.2 CNF for OR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 2.1.3 CNF for XOR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 2.1.4 CNF for ADD . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 2.1.5 Rotation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 2.2 Converting SipHash-c,d to CNF . . . . . . . . . . . . . . . . . . . . . . . 11 2.2.1 Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 2.2.2 Intermediate variables . . . . . . . . . . . . . . . . . . . . . . . . 12 2.2.3 Initialization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 2.2.4 SipRound . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 2.2.5 Variable parameters . . . . . . . . . . . . . . . . . . . . . . . . . . 13 2.3 Data Collected . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 3 Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 3.1 SipHash-c,d . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 3.1.1 SipHash-1,x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 3.1.2 SipHash-x,1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 3.1.3 SipHash-1,0 With More Missing Key Bits . . . . . . . . . . . . . . 19
v 4 Related work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 4.1 Cryptanalysis of Data Encryption Standard . . . . . . . . . . . . . . . . . 21 4.1.1 Logical cryptanalysis as a <strong>SAT</strong> problem . . . . . . . . . . . . . . . 22 4.1.2 <strong>SAT</strong> attacks for cryptographic key search . . . . . . . . . . . . . . 22 4.1.3 Algebraic cryptanalysis of DES . . . . . . . . . . . . . . . . . . . 23 4.2 <strong>SAT</strong> solver attacks on CubeHash . . . . . . . . . . . . . . . . . . . . . . . 23 4.3 <strong>SAT</strong> attacks on Bivium . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 5 Future Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 6 Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 A Variable Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 B Sample output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 C CNF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 D Data tables of results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Page 1 and 2: SAT Based<
Page 3: iii Abstract SAT <
Page 7 and 8: 1 Chapter 1 Introduction This proje
Page 9 and 10: 3 Figure 1.1: SipHash-2,4 processin
Page 11 and 12: 5 possible values for each of the l
Page 13 and 14: 7 2.1.1 CNF for AND Consider the op
Page 15 and 16: 9 2.1.4 CNF for ADD Figure 2.1: ADD
Page 17 and 18: 11 Figure 2.3: Vector before rotati
Page 19 and 20: 13 half adders. Variable space is r
Page 21 and 22: 15 for c −→ 1 to 2 for d −→
Page 23 and 24: 17 Figure 3.1: SipHash-1,0 Figure 3
Page 25 and 26: 19 3.1.2 SipHash-x,1 Figure 3.5: Si
Page 27 and 28: 21 Chapter 4 Related work B
Page 29 and 30: 23 Walk-SAT algori
Page 31 and 32: 25 on reduced versions of CubeHash
Page 33 and 34: 27 Chapter 5 Future Work SA
Page 35 and 36: 29 Bibliography [1] Jean-Philippe A
Page 37 and 38: 31 Appendix A Variable Parameters K
Page 39 and 40: 33 c Calc default polars - time: 0.
Page 41 and 42: 35 Appendix C CNF Following is a pa
Page 43 and 44: 37 Missing key bits brute force <st
Page 45: 39 Missing key bits brute force <st

SAT Based Attacks on SipHash - Department of Computer Science

Create successful ePaper yourself

Delete template?

Save as template?