Providing formal assurance is a key issue in computer security. Yet, automated reasoning tools have only been used for the verification of security protocols, and never for the verification and cryptanalysis of the cryptographic algorithms on which those protocols rely. We claim that one can use (propositional) logic for encoding the lowlevel properties of state-of-the-art cryptographic algorithms and then use automated theorem proving for reasoning about them. We call this approach logical cryptanalysis. In this framework, finding a model for a formula encoding an algorithm is equivalent to finding a key with a cryptanalytic attack. Other important properties can also be captured. Moreover, SAT benchmarks based on the encoding of cryptographic algorithms optimally share features of "real world " and random problems. Here we present a case study on the U.S. Data Encryption Standard (DES) and discuss how to obtain a manageable encoding of its properties.
|
2317
|
Graph-Based Algorithms for Boolean Function Manipulation
– Bryant
- 1986
|
|
947
|
A Logic for Authentication
– Burrows, Abadi, et al.
- 1990
|
|
778
|
A computing procedure for quantification theory
– Davis, Putnam
- 1960
|
|
494
|
Applied Cryptography: Protocols, Algorithms and Source Code in C
– Schneier
- 1995
|
|
458
|
Breaking and Fixing the Needham-Schroeder Public-Key Protocol using FDR
– Lowe
- 1996
|
|
404
|
Communications theory of secrecy system
– Shannon
- 1949
|
|
329
|
The inductive approach to verifying cryptographic protocols
– Paulson
- 1998
|
|
313
|
Differential Cryptanalysis of DES-like Cryptosystems
– Biham, Shamir
- 1990
|
|
307
|
A machine program for theorem-proving
– Davis, Logemann, et al.
- 1962
|
|
290
|
Prudent engineering practice for cryptographic protocols
– Abadi, Needham
- 1996
|
|
211
|
Automated Analysis of Cryptographic Protocols Using Murphi
– Mitchell, Mitchell, et al.
- 1997
|
|
200
|
The RC5 encryption algorithm
– Rivest
- 1995
|
|
158
|
Using csp look-back techniques to solve realworl sat instances
– Bayardo, Shrag
- 1997
|
|
142
|
Proving properties of security protocols by induction
– Paulson
- 1997
|
|
122
|
Experimental Results on the Crossover Point in Random 3SAT
– Crawford, Auton
- 1996
|
|
108
|
An algorithm to evaluate quantified boolean formulae and its experimental evaluation
– Cadoli, Schaerf, et al.
|
|
106
|
Knowledge compilation and theory approximation
– Selman, Kautz
- 1996
|
|
92
|
The first experimental cryptanalysis of the Data Encryption Standard
– Matsui
- 1994
|
|
84
|
An efficient propositional prover
– SATO
- 1997
|
|
82
|
D.G.: Finding hard instances of the satisfiability problem: a survey
– Cook, Mitchell
- 1997
|
|
76
|
Generating hard satisfiability problems
– Selman, Mitchell, et al.
- 1996
|
|
72
|
Cryptanalysis Method for DES cipher
– Linear
- 1994
|
|
71
|
Programming satan’s computer
– Anderson, Needham
- 1995
|
|
64
|
Problem structure in the presence of perturbations
– Gomes, Selman
- 1997
|
|
54
|
Resolution for quantified boolean formulas
– Büning, Karpinski, et al.
- 1995
|
|
49
|
Cryptographic Protocols
– DeMillo, Lynch, et al.
- 1982
|
|
39
|
Heavy-tailed distributions in combinatorial search
– Gomes, Selman, et al.
- 1997
|
|
36
|
Some Cryptographic Techniques for MachinetoMachine Communications,” Pr o ceedingsf
– Feistel, Notz, et al.
- 1975
|
|
32
|
An Efficient Algorithm for Unit Propagation
– Zhang, Stickel
- 1996
|
|
26
|
The IJCAR ATP system competition
– Sutcliffe, Suttner, et al.
|
|
19
|
Experimental results on the crossover point
– Crawford, Auton
- 1996
|
|
15
|
DES Is Not a Group
– Campbell, Wiener
|
|
13
|
An Improvement of Davies' Attack on DES
– Biham, Biryukov
- 1997
|
|
13
|
Stalmarck's algorithm as a HOL derived rule
– Harrison
- 1996
|
|
13
|
Multiple valued minimization for PLA optimization
– Rudell, Sangiovanni-Vincentelli
- 1987
|
|
12
|
Qn the Cryptanalysis of Rotor Machines and Substitution-Permutation Networks
– Andelman, Reeds
- 1982
|
|
12
|
Experimental analysis of the computational cost of evaluating quantified Boolean formulae
– Cadoli, Giovanardi, et al.
- 1997
|
|
8
|
An attack on a recurive authentication protocol. a cautionary tale
– Ryan, Schneider
- 1998
|
|
7
|
Cliques, coloring, and satisfiability: Second DIMACS implementation challenge
– Johnson, Trick
- 1996
|
|
5
|
encryption standard. Federal Information Processing Standards
– Data
- 1997
|
|
4
|
Programming Satan’s computer,’ in Computer science today (Ed. van
– Anderson, Needham
- 1995
|
|
3
|
Validazione e benchmarking dei BDD per la criptanalisi del data encryption standard. Master's thesis, Facolt`a di Ingegneria, Univ. di Roma I "La Sapienza
– Ascione
- 1999
|
|
3
|
key search project information
– DES
- 1998
|
|
3
|
emerging market economy forum (EMEF): Report of the ministerial workshop on cryptography policy. OLIS SG/EMEF/ICCP(98)1, Organization for Economic Co-operation and Development
– OECD
- 1998
|
|
3
|
Differential cryptanalisis of DES-like cryptosystems
– Biham, Shamir
- 1991
|
|
3
|
Is the Data Encryption Standard a group? (preliminary abstract
– Kaliski, Rivest, et al.
- 1985
|
|
3
|
A new challenge for automated reasoning: Verification and cryptanalysis of cryptographic algorithms
– Marraro, Massacci
- 1999
|
|
3
|
Settelment Systems, and the Group of Computer Experts of the central banks of the Group of Ten countries
– Payment
- 1996
|
|
3
|
Ten challenges in propositional resoning and search
– Selman, Kautz, et al.
- 1997
|
|
2
|
Espresso 1OCTTOOLS
– Rudell
- 1988
|
