Uploaded bymatesos
216 views

Hes2011

The document discusses using SAT solvers to break proprietary ciphers. SAT solvers use a Boolean logic approach to solve cryptographic problems by converting them into conjunctive normal form (CNF) and then attempting to satisfy all clauses. As an example, a toy cipher is broken by modeling it as a SAT problem and allowing the solver to search for a solution through guessing variable assignments. Commercial ciphers can also be reverse engineered and tested against using CryptoMiniSat, a free software SAT solver designed for cryptanalysis.

Embed presentation

Download to read offline
Breaking Industrial Ciphers at a Whim MATE SOOS PRESENTATION AT HES’11
Story line 1 HiTag2: reverse-engineered proprietary cipher 2 Analytic tools are needed to investigate them 3 CryptoMiniSat: free software tool to test ciphers (and to break them) 2
Philips HiTag2 Cipher For access control: cars, army buildings Proprietary: reverse-engineered by Karsten Nohl and Sean O’Neil Feedback linear(!), filter non-linear 3
SAT Solvers Input: CNF, an “and of or-s’ (x1 ∨ ¬x3) ∧ (¬x2 ∨ x3) ∧ (x1 ∨ x2) Crypto-problem needs conversion Uses DPLL(ϕ) algorithm 1 If (formula ϕ trivial) return SAT/UNSAT 2 ret ← DPLL(ϕ with v ← true) 3 If (ret = SAT) return SAT 4 ret ← DPLL(ϕ with v ← false) 5 If (ret = SAT) return SAT 6 return UNSAT 4
Toy Example (¬x1 ∨ ¬x2 ∨ x3) ∧ (¬x1 ∨ x2) ∧ (¬x1 ∨ ¬x2) Clause 1 Clause 2 Clause 3 1 Guess: x1 = True 2 Clause 2: x2 = True 3 Clause 3: impossible! Reverse guess. 4 x1 = False 5 Good, everything is satisfied! 5
Example Search Tree BEGIN - s[60] guess - s[104] guess s[104] **115 s[63] **121 s[74] **123 s[103] **125 s[79] **126 - s[103] guess s[103] **99 s[79] **107 s[74] **111 s[63] **113 s[78] **114 - s[102] guess - s[100] **95 s[63] **97 s[79] **98 - s[101] guess s[100] **87 s[79] **91 s[63] **93 s[74] **94 - s[100] guess - s[99] guess s[99] **79 s[74] **83 s[63] **85 s[79] **86 - s[98] guess s[96] **72 s[63] **75 s[79] **77 s[74] **78 - s[97] guess - s[96] guess - s[95] guess - s[79] **68 s[63] **70 s[74] **71 - s[94] guess - s[93] guess - s[92] guess - s[91] guess - s[90] guess - s[89] guess - s[88] guess - s[87] guess - s[86] guess - s[85] guess - s[84] guess s[79] **64 s[74] **66 s[65] **67 - s[83] guess - s[82] guess - s[81] guess - s[80] guess - s[79] guess - s[78] guess s[78] **60 s[63] **62 s[65] **63 - s[77] guess s[77] **58 s[74] **59 - s[76] guess s[76] **57 s[63] calc_s[28] - s[65] calc_s[17] s[72] calc_s[30] s[74] calc_s[93] - s[62] calc_s[2] - s[75] calc_s[100] - s[61] calc_s[80] s[76] s[77] s[78] s[102] s[79] s[100] s[60] s[93] calc_s[102] - s[63] calc_s[28] s[65] calc_s[17] - s[72] calc_s[30] s[74] calc_s[93] s[77] s[78] s[79] s[60] s[93] s[102] s[100] calc_s[31] - s[74] guess - s[72] calc_s[31] s[65] calc_s[30] - s[63] calc_s[93] s[74] - s[77] s[79] s[78] s[93] s[60] calc_s[17] s[72] calc_s[31] - s[65] calc_s[30] - s[63] calc_s[93] s[75] calc_s[99] s[76] calc_s[28] s[78] s[79] s[60] s[103] s[99] s[93] s[102] s[100] calc_s[103] - s[63] guess s[74] **61 s[76] calc_s[28] - s[74] guess - s[72] calc_s[31] - s[75] calc_s[103] - s[65] calc_s[30] s[74] s[63] s[99] s[60] - s[78] s[79] s[103] calc_s[99] s[72] calc_s[31] s[75] calc_s[103] s[65] calc_s[30] s[64] calc_s[4] s[62] calc_s[96] s[61] calc_s[80] s[77] calc_s[93] s[63] s[79] - s[78] s[93] s[60] s[99] s[103] calc_s[17] - s[76] calc_s[28] - s[65] guess - s[72] calc_s[30] - s[77] calc_s[17] s[62] calc_s[2] - s[74] calc_s[31] - s[64] calc_s[104] s[75] calc_s[96] s[65] - s[78] s[79] s[85] - s[63] s[96] s[104] s[60] calc_s[85] s[72] calc_s[30] s[77] calc_s[17] - s[62] calc_s[2] s[74] calc_s[31] s[79] s[85] s[60] s[93] s[96] s[104] s[99] s[103] s[102] s[100] calc_s[93] - s[74] guess s[63] **65 s[72] calc_s[31] - s[63] guess s[76] calc_s[28] s[75] calc_s[100] s[78] calc_s[103] - s[65] calc_s[99] s[64] calc_s[4] s[63] s[74] s[60] - s[79] s[99] s[103] s[100] calc_s[3] - s[76] calc_s[28] - s[75] calc_s[100] - s[78] calc_s[103] - s[65] calc_s[99] s[64] calc_s[4] s[62] calc_s[96] s[77] calc_s[17] s[74] - s[79] s[60] s[96] s[99] s[103] s[100] calc_s[2] - s[72] calc_s[31] - s[65] guess s[78] calc_s[30] - s[75] calc_s[99] s[76] calc_s[100] - s[64] calc_s[4] - s[63] calc_s[28] - s[68] calc_s[10] s[77] calc_s[104] s[65] - s[74] s[60] - s[79] s[100] s[99] calc_s[3] - s[78] calc_s[30] - s[75] calc_s[99] s[76] calc_s[100] s[64] calc_s[4] - s[63] calc_s[28] - s[79] s[96] s[103] s[100] s[99] s[60] calc_s[103] - s[63] guess s[74] **69 s[76] calc_s[28] - s[74] guess - s[78] **61 - s[72] calc_s[31] - s[75] calc_s[100] s[93] **60 s[65] calc_s[30] s[74] s[63] s[60] s[79] s[103] s[100] s[99] calc_s[103] s[72] calc_s[31] s[75] calc_s[100] s[62] calc_s[96] s[78] calc_s[103] - s[68] calc_s[27] - s[77] calc_s[102] - s[65] calc_s[2] s[61] calc_s[19] s[63] s[96] s[102] s[103] s[60] s[100] s[99] calc_s[7] - s[76] calc_s[28] - s[74] guess - s[72] calc_s[31] s[75] calc_s[100] s[62] calc_s[96] - s[78] calc_s[103] - s[68] calc_s[27] - s[77] calc_s[102] s[74] - s[63] s[60] s[79] s[103] s[96] s[100] calc_s[8] s[72] calc_s[31] - s[75] calc_s[100] s[62] calc_s[96] - s[78] calc_s[103] s[68] calc_s[27] - s[77] calc_s[102] s[65] calc_s[2] s[61] calc_s[19] s[96] s[99] s[102] s[103] s[100] s[60] calc_s[20] - s[63] guess s[74] **73 s[79] **74 s[76] calc_s[28] - s[74] guess - s[79] **65 s[74] s[63] s[60] s[103] s[100] s[99] **69 - s[79] guess s[72] calc_s[31] s[75] calc_s[100] - s[62] calc_s[96] s[78] calc_s[103] s[68] calc_s[27] s[77] calc_s[102] - s[65] calc_s[2] - s[61] calc_s[19] s[79] - s[74] s[60] s[63] s[102] s[103] - s[96] s[100] calc_s[7] s[65] **67 - s[72] calc_s[31] - s[75] calc_s[100] - s[78] calc_s[30] s[77] calc_s[17] s[62] calc_s[2] s[64] calc_s[4] s[63] s[99] s[100] s[60] s[102] s[103] calc_s[23] - s[76] calc_s[28] s[74] **76 - s[79] guess - s[74] guess - s[72] calc_s[31] s[75] calc_s[100] - s[62] calc_s[96] - s[78] calc_s[103] s[68] calc_s[27] s[77] calc_s[102] s[74] s[79] - s[63] s[60] s[103] - s[96] s[100] calc_s[8] s[72] calc_s[31] - s[75] calc_s[100] - s[62] calc_s[96] - s[78] calc_s[103] - s[68] calc_s[27] s[77] calc_s[102] s[65] calc_s[2] - s[61] calc_s[19] s[79] - s[63] s[60] s[102] s[103] - s[96] s[100] calc_s[20] - s[74] guess s[72] calc_s[31] - s[75] calc_s[100] - s[62] calc_s[96] - s[78] calc_s[103] - s[68] calc_s[27] - s[77] calc_s[102] s[74] - s[63] s[60] - s[79] s[103] - s[96] s[100] calc_s[8] s[65] **67 - s[72] calc_s[31] s[75] calc_s[100] - s[78] calc_s[30] s[99] s[100] s[60] s[103] s[102] calc_s[99] - s[74] guess s[63] **81 s[79] **82 - s[63] guess s[79] **80 s[76] calc_s[28] - s[79] guess - s[72] calc_s[31] - s[75] calc_s[100] s[78] calc_s[103] - s[65] calc_s[30] - s[64] calc_s[3] s[77] calc_s[17] s[62] calc_s[2] s[79] s[63] s[60] s[74] s[103] s[100] calc_s[4] s[72] calc_s[31] s[75] calc_s[100] s[78] calc_s[103] s[65] calc_s[30] - s[64] calc_s[3] s[77] calc_s[17] - s[62] calc_s[2] s[63] s[74] s[60] s[103] s[100] calc_s[23] - s[76] calc_s[28] - s[79] guess - s[96] **76 s[79] s[74] s[60] s[103] s[100] **71 - s[96] **78 s[72] calc_s[31] - s[75] calc_s[100] s[62] calc_s[96] - s[78] calc_s[103] s[68] calc_s[27] s[77] calc_s[102] s[74] s[100] s[103] s[60] calc_s[8] - s[63] guess s[79] **84 s[76] calc_s[28] - s[79] guess - s[96] **74 s[72] calc_s[31] s[75] calc_s[100] s[62] calc_s[96] s[78] calc_s[103] - s[68] calc_s[27] - s[77] calc_s[102] - s[65] calc_s[2] s[61] calc_s[19] s[79] s[63] s[60] s[102] s[103] s[100] calc_s[7] - s[72] calc_s[31] - s[75] calc_s[100] s[78] calc_s[103] - s[65] calc_s[30] s[63] s[100] s[103] s[60] s[102] calc_s[99] - s[76] calc_s[28] - s[79] guess - s[96] **77 s[72] calc_s[31] - s[75] calc_s[100] s[62] calc_s[96] - s[78] calc_s[103] s[68] calc_s[27] - s[77] calc_s[102] s[65] calc_s[2] s[61] calc_s[19] s[79] s[100] s[102] s[103] s[60] calc_s[20] - s[72] calc_s[31] s[75] calc_s[100] - s[78] calc_s[103] s[65] calc_s[30] - s[64] calc_s[3] - s[77] calc_s[17] s[62] calc_s[2] s[100] s[102] s[103] s[60] calc_s[4] - s[79] guess s[63] **89 s[74] **90 - s[63] guess s[74] **88 s[76] calc_s[28] - s[74] guess - s[72] calc_s[31] s[75] calc_s[100] - s[78] calc_s[103] s[65] calc_s[30] - s[64] calc_s[3] - s[99] calc_s[99] - s[77] calc_s[17] s[62] calc_s[2] s[74] s[63] s[79] s[60] s[103] - s[100] calc_s[4] s[72] calc_s[31] - s[75] calc_s[100] - s[78] calc_s[103] - s[65] calc_s[30] s[64] calc_s[3] s[99] calc_s[99] s[77] calc_s[17] - s[62] calc_s[2] s[63] s[79] s[60] s[103] - s[100] calc_s[23] - s[76] calc_s[28] - s[74] guess - s[72] calc_s[31] - s[75] calc_s[100] s[78] calc_s[103] - s[65] calc_s[30] s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] s[62] calc_s[2] s[74] s[79] s[60] s[103] - s[100] calc_s[4] s[72] calc_s[31] s[75] calc_s[100] s[78] calc_s[103] s[65] calc_s[30] - s[64] calc_s[3] - s[99] calc_s[99] s[77] calc_s[17] - s[62] calc_s[2] s[79] - s[100] s[103] s[60] calc_s[23] - s[63] guess s[74] **92 s[76] calc_s[28] - s[74] guess s[72] calc_s[31] - s[75] calc_s[100] - s[78] calc_s[103] - s[65] calc_s[30] - s[64] calc_s[3] - s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] s[68] calc_s[10] s[74] s[63] s[60] s[103] - s[100] calc_s[24] - s[72] calc_s[31] s[75] calc_s[100] - s[78] calc_s[103] s[65] calc_s[30] s[64] calc_s[3] s[99] calc_s[99] s[77] calc_s[17] s[62] calc_s[2] s[63] - s[100] s[103] s[60] calc_s[4] - s[76] calc_s[28] - s[74] guess s[72] calc_s[31] s[75] calc_s[100] s[78] calc_s[103] s[65] calc_s[30] s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] - s[68] calc_s[10] s[74] - s[100] s[103] s[60] calc_s[24] - s[72] calc_s[31] - s[75] calc_s[100] s[78] calc_s[103] - s[65] calc_s[30] - s[64] calc_s[3] - s[99] calc_s[99] s[77] calc_s[17] s[62] calc_s[2] - s[100] s[103] s[60] calc_s[4] s[74] **83 s[79] **96 s[102] **87 - s[63] guess s[76] calc_s[28] - s[79] guess s[72] calc_s[31] s[75] calc_s[100] s[78] calc_s[103] s[65] calc_s[30] s[64] calc_s[3] - s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] s[68] calc_s[10] s[79] s[63] s[104] s[60] s[103] calc_s[104] - s[72] calc_s[31] - s[75] calc_s[100] s[78] calc_s[103] - s[65] calc_s[30] s[64] calc_s[3] s[99] **67 s[63] s[103] s[60] s[104] calc_s[99] - s[76] calc_s[28] - s[79] guess s[72] calc_s[31] - s[75] calc_s[100] - s[78] calc_s[103] - s[65] calc_s[30] - s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] - s[68] calc_s[10] s[79] s[103] s[60] s[104] calc_s[104] - s[72] calc_s[31] s[75] calc_s[100] - s[78] calc_s[103] s[65] calc_s[30] - s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] s[62] calc_s[2] s[103] s[104] s[60] calc_s[4] - s[79] guess s[63] **103 s[74] **105 s[78] **106 - s[63] guess s[74] **101 s[78] **102 s[76] calc_s[28] s[75] **100 - s[74] guess - s[72] calc_s[31] - s[100] guess - s[75] calc_s[100] - s[78] calc_s[103] s[65] calc_s[30] s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] s[62] calc_s[2] s[75] s[74] s[79] s[63] s[60] - s[103] calc_s[4] s[100] calc_s[100] s[78] calc_s[103] - s[65] calc_s[30] s[64] calc_s[3] - s[99] calc_s[99] s[77] calc_s[17] s[62] calc_s[2] s[74] s[63] s[79] s[60] - s[103] calc_s[4] s[72] calc_s[31] - s[78] guess - s[65] calc_s[30] s[75] calc_s[103] - s[64] calc_s[3] - s[99] calc_s[99] s[77] calc_s[17] - s[62] calc_s[2] - s[100] calc_s[100] - s[68] calc_s[10] s[78] s[63] s[104] s[79] s[60] calc_s[104] s[65] calc_s[30] - s[75] calc_s[103] - s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] s[63] s[79] s[60] s[104] calc_s[23] - s[76] calc_s[28] s[78] **104 - s[74] guess - s[72] calc_s[31] - s[78] guess s[65] calc_s[30] - s[75] calc_s[103] - s[64] calc_s[3] s[99] calc_s[99] s[77] calc_s[17] s[62] calc_s[2] s[78] s[74] s[79] - s[63] s[60] - s[103] calc_s[4] - s[65] calc_s[30] s[75] calc_s[103] - s[64] calc_s[3] - s[99] calc_s[99] - s[77] calc_s[17] s[62] calc_s[2] s[74] s[79] s[60] - s[63] - s[103] calc_s[4] s[72] calc_s[31] - s[78] guess - s[65] calc_s[30] s[75] calc_s[103] s[64] calc_s[3] - s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] s[78] - s[63] s[60] s[79] - s[103] calc_s[23] s[65] calc_s[30] - s[75] calc_s[103] s[64] calc_s[3] s[99] calc_s[99] s[77] calc_s[17] - s[62] calc_s[2] - s[100] calc_s[100] s[68] calc_s[10] s[79] s[104] s[60] calc_s[104] - s[74] guess s[63] **109 s[78] **110 s[72] calc_s[31] s[78] **108 - s[63] guess s[76] calc_s[28] - s[78] guess - s[65] calc_s[30] s[75] calc_s[103] s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] s[78] s[63] s[60] - s[79] s[74] - s[103] calc_s[23] s[65] calc_s[30] - s[75] calc_s[103] s[64] calc_s[3] - s[99] calc_s[99] s[77] calc_s[17] - s[62] calc_s[2] s[100] calc_s[100] - s[68] calc_s[10] s[63] s[74] - s[79] s[60] - s[103] calc_s[24] - s[76] calc_s[28] - s[78] guess - s[65] calc_s[30] s[75] calc_s[103] - s[64] calc_s[3] s[99] calc_s[99] s[77] calc_s[17] - s[62] calc_s[2] s[100] calc_s[100] s[68] calc_s[10] s[78] s[74] - s[79] s[60] - s[103] calc_s[24] s[65] calc_s[30] - s[75] calc_s[103] - s[64] calc_s[3] - s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] s[74] - s[79] s[60] - s[103] calc_s[23] - s[72] calc_s[31] s[78] **112 - s[63] guess s[76] calc_s[28] - s[78] guess s[65] calc_s[30] - s[75] calc_s[103] - s[64] calc_s[3] - s[99] calc_s[99] s[77] calc_s[17] s[62] calc_s[2] s[78] s[63] - s[79] s[60] - s[103] calc_s[4] - s[65] calc_s[30] s[75] calc_s[103] - s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] s[62] calc_s[2] s[63] - s[79] s[60] - s[103] calc_s[4] - s[76] calc_s[28] - s[78] guess s[65] calc_s[30] - s[75] calc_s[103] s[64] calc_s[3] - s[99] calc_s[99] - s[77] calc_s[17] s[62] calc_s[2] s[78] - s[79] s[60] - s[103] calc_s[4] - s[65] calc_s[30] s[75] calc_s[103] s[64] calc_s[3] s[99] calc_s[99] s[77] calc_s[17] s[62] calc_s[2] s[104] s[60] calc_s[4] - s[63] guess s[74] **117 s[103] **119 s[78] **120 s[76] calc_s[28] s[103] **116 - s[74] guess - s[79] guess - s[103] **101 - s[72] calc_s[31] - s[100] **95 s[102] **85 s[103] s[74] s[60] s[63] **81 - s[79] **113 s[74] s[63] s[60] **101 - s[103] guess s[79] **118 - s[100] **95 s[102] **85 - s[79] guess s[72] calc_s[31] s[75] calc_s[100] s[78] calc_s[103] s[65] calc_s[30] s[64] calc_s[3] - s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] s[68] calc_s[10] s[79] s[103] s[60] s[63] calc_s[24] - s[72] calc_s[31] - s[75] calc_s[100] s[78] calc_s[103] - s[65] calc_s[30] s[64] calc_s[3] s[99] **67 s[103] s[63] s[60] calc_s[99] - s[79] **113 s[72] calc_s[31] - s[78] guess - s[65] calc_s[30] s[75] calc_s[103] - s[64] calc_s[3] - s[99] calc_s[99] s[77] calc_s[17] - s[62] calc_s[2] - s[100] calc_s[100] - s[68] calc_s[10] s[78] s[63] s[60] calc_s[24] s[65] calc_s[30] - s[75] calc_s[103] - s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] s[63] s[60] calc_s[23] - s[76] calc_s[28] s[103] **122 - s[74] guess - s[103] guess - s[100] **95 s[102] **87 s[103] s[74] s[60] **83 - s[79] **111 s[74] s[60] **105 - s[103] guess s[79] **124 - s[100] **95 s[102] **87 - s[79] guess s[72] calc_s[31] - s[75] calc_s[100] - s[78] calc_s[103] - s[65] calc_s[30] - s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] - s[68] calc_s[10] s[79] s[103] s[60] calc_s[24] - s[72] calc_s[31] s[75] calc_s[100] - s[78] calc_s[103] s[65] calc_s[30] - s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] s[62] calc_s[2] s[103] s[60] calc_s[4] - s[79] guess s[78] **106 s[72] calc_s[31] s[65] calc_s[30] - s[75] calc_s[103] s[64] calc_s[3] s[99] calc_s[99] s[77] calc_s[17] - s[62] calc_s[2] - s[100] calc_s[100] s[68] calc_s[10] s[79] s[60] calc_s[24] s[78] **114 - s[72] calc_s[31] - s[65] calc_s[30] s[75] calc_s[103] s[64] calc_s[3] s[99] calc_s[99] s[77] calc_s[17] s[62] calc_s[2] s[60] calc_s[4] node66 s[60] learnt unit clause s[74] learnt unit clause - s[74] guess s[103] **134 s[63] **138 s[79] **140 s[78] **141 - s[103] guess s[63] **130 s[79] **132 s[78] **133 - s[63] guess s[79] **128 s[78] **129 s[76] calc_s[28] s[78] **127 - s[79] guess s[72] calc_s[31] - s[78] guess - s[65] calc_s[30] - s[75] calc_s[103] - s[64] calc_s[3] - s[99] calc_s[99] s[77] calc_s[17] s[62] calc_s[2] s[78] s[79] s[63] s[74] s[103] calc_s[23] s[65] calc_s[30] s[75] calc_s[103] - s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] s[62] calc_s[2] s[100] calc_s[100] s[68] calc_s[10] s[85] calc_s[85] s[79] s[63] s[74] s[103] calc_s[25] - s[72] calc_s[31] - s[78] guess s[65] calc_s[30] s[75] calc_s[103] - s[64] calc_s[3] - s[99] calc_s[99] s[77] calc_s[17] - s[62] calc_s[2] s[78] s[63] s[74] s[103] calc_s[4] - s[65] calc_s[30] - s[75] calc_s[103] - s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] s[63] s[103] s[74] calc_s[4] - s[76] calc_s[28] s[78] **131 - s[79] guess s[72] calc_s[31] - s[78] guess - s[65] calc_s[30] - s[75] calc_s[103] s[64] calc_s[3] - s[99] calc_s[99] - s[77] calc_s[17] s[62] calc_s[2] s[100] calc_s[100] - s[68] calc_s[10] s[85] calc_s[85] s[78] s[79] s[74] s[103] calc_s[25] s[65] calc_s[30] s[75] calc_s[103] s[64] calc_s[3] s[99] calc_s[99] s[77] calc_s[17] s[62] calc_s[2] s[79] s[103] s[74] calc_s[23] - s[72] calc_s[31] - s[86] guess - s[78] guess s[65] calc_s[30] s[75] calc_s[103] s[64] calc_s[3] - s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] s[78] s[103] s[74] calc_s[4] - s[65] calc_s[30] - s[75] calc_s[103] s[64] calc_s[3] s[99] calc_s[99] s[77] calc_s[17] - s[62] calc_s[2] s[103] s[74] calc_s[4] - s[63] guess s[79] **136 s[78] **137 s[76] calc_s[28] s[78] **135 - s[79] guess s[72] calc_s[31] - s[78] guess - s[65] calc_s[30] s[75] calc_s[103] s[64] calc_s[3] s[99] calc_s[99] s[77] calc_s[17] s[62] calc_s[2] s[100] calc_s[100] - s[68] calc_s[10] s[85] calc_s[85] s[78] s[79] s[74] s[63] calc_s[25] s[65] calc_s[30] - s[75] calc_s[103] s[64] calc_s[3] - s[99] calc_s[99] - s[77] calc_s[17] s[62] calc_s[2] s[79] s[63] s[74] calc_s[23] - s[72] calc_s[31] - s[78] guess s[65] calc_s[30] - s[75] calc_s[103] s[64] calc_s[3] s[99] calc_s[99] s[77] calc_s[17] - s[62] calc_s[2] s[78] s[63] s[74] calc_s[4] - s[65] calc_s[30] s[75] calc_s[103] s[64] calc_s[3] - s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] s[63] s[74] calc_s[4] - s[76] calc_s[28] s[78] **139 - s[79] guess s[72] calc_s[31] - s[78] guess - s[65] calc_s[30] s[75] calc_s[103] - s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] s[62] calc_s[2] s[78] s[79] s[74] calc_s[23] s[65] calc_s[30] - s[75] calc_s[103] - s[64] calc_s[3] - s[99] calc_s[99] s[77] calc_s[17] s[62] calc_s[2] s[100] calc_s[100] s[68] calc_s[10] s[85] calc_s[85] s[79] s[74] calc_s[25] - s[72] calc_s[31] - s[78] guess s[65] calc_s[30] - s[75] calc_s[103] - s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] s[78] s[74] calc_s[4] - s[65] calc_s[30] s[75] calc_s[103] - s[64] calc_s[3] - s[99] calc_s[99] s[77] calc_s[17] - s[62] calc_s[2] s[74] calc_s[4] - s[103] guess s[63] **145 s[79] **147 s[78] **148 - s[63] guess s[79] **143 s[78] **144 s[76] calc_s[28] s[78] **142 - s[79] guess - s[72] calc_s[31] - s[78] guess s[65] calc_s[30] s[75] calc_s[103] s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] s[78] s[79] s[63] s[103] calc_s[4] - s[65] calc_s[30] - s[75] calc_s[103] s[64] calc_s[3] - s[99] calc_s[99] s[77] calc_s[17] - s[62] calc_s[2] s[79] s[63] s[103] calc_s[4] s[72] calc_s[31] - s[78] guess - s[65] calc_s[30] - s[75] calc_s[103] s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] s[62] calc_s[2] - s[100] calc_s[100] s[68] calc_s[10] - s[85] calc_s[85] s[78] s[63] s[103] calc_s[16] s[65] calc_s[30] s[75] calc_s[103] s[64] calc_s[3] - s[99] calc_s[99] s[77] calc_s[17] s[62] calc_s[2] s[63] s[103] calc_s[23] - s[76] calc_s[28] s[78] **146 - s[79] guess - s[72] calc_s[31] - s[78] guess s[65] calc_s[30] s[75] calc_s[103] - s[64] calc_s[3] s[99] calc_s[99] s[77] calc_s[17] - s[62] calc_s[2] s[78] s[79] s[103] calc_s[4] - s[65] calc_s[30] - s[75] calc_s[103] - s[64] calc_s[3] - s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] s[79] s[103] calc_s[4] s[72] calc_s[31] - s[78] guess - s[65] calc_s[30] - s[75] calc_s[103] - s[64] calc_s[3] s[99] calc_s[99] s[77] calc_s[17] s[62] calc_s[2] s[78] s[103] calc_s[23] s[65] calc_s[30] s[75] calc_s[103] - s[64] calc_s[3] - s[99] calc_s[99] - s[77] calc_s[17] s[62] calc_s[2] - s[100] calc_s[100] - s[68] calc_s[10] - s[85] calc_s[85] - s[92] calc_s[92] - s[61] calc_s[18] s[93] calc_s[93] - s[104] calc_s[104] - s[83] calc_s[83] s[87] calc_s[87] s[96] calc_s[96] - s[102] calc_s[102] s[81] calc_s[81] s[97] calc_s[97] - s[90] calc_s[90] - s[98] calc_s[98] - s[82] calc_s[82] - s[88] calc_s[88] - s[84] calc_s[84] - s[101] calc_s[101] s[80] calc_s[80] - s[94] calc_s[94] - s[95] calc_s[95] s[89] calc_s[89] - s[91] calc_s[91] - s[86] calc_s[86] MODEL First conflict Solution Found Backtrack Guess until conflict Start 6
CryptoMiniSat SAT solver that excels at cryptography General purpose: won SAT Race’10 0 1000 2000 3000 4000 5000 6000 80 100 120 140 160 180 200 220 240 Time(s) No. solved instances from SAT Comp’09 MiniSat 2.2 lingeling PrecoSat465 CryptoMiniSat SAT Comp’11 Collaborative: GPL, mailing list, regular releases 7
Demo 1 Generate HiTag2 problem: Grain-of-Salt tool 2 Solve it using CryptoMiniSat 3 Analyse results: ≈ 2 days to break 8
Conclusion SAT solvers are powerful tools to break weak cryptography CryptoMiniSat, a leading SAT solver, is waiting for your contribution Weak ciphers like HiTag2 should not be used in high-value applications 9

More Related Content

PDF
Cepa andaluza by paco de lucia
byJuan Luis Menares, Arquitecto
 
DOC
Assertividade texto 01 folha
byAldo Bianco
 
PDF
Social media strategy project 1
byUniversity of Florida
 
PDF
Digital library futures_milan_25_aug
byAnna Maria Tammaro
 
PDF
Catalog Enrichment for RDA - Adding relationship designators (in Koha) [text]
byStefano Bargioni
 
PDF
Oficina: Modelagem de Negócio - iDelta
byPaulo César Coutinho
 
PDF
Slides aula 1 introdução ao empreendedorismo rev.sam
byGirlany Rino
 
PDF
Slides aula 9 plano de marketing rev.sam
byGirlany Rino
 
Cepa andaluza by paco de lucia
byJuan Luis Menares, Arquitecto
 
Assertividade texto 01 folha
byAldo Bianco
 
Social media strategy project 1
byUniversity of Florida
 
Digital library futures_milan_25_aug
byAnna Maria Tammaro
 
Catalog Enrichment for RDA - Adding relationship designators (in Koha) [text]
byStefano Bargioni
 
Oficina: Modelagem de Negócio - iDelta
byPaulo César Coutinho
 
Slides aula 1 introdução ao empreendedorismo rev.sam
byGirlany Rino
 
Slides aula 9 plano de marketing rev.sam
byGirlany Rino
 

Similar to Hes2011

PPTX
Abductive learning of quantized stochastic processes
byIshanu Chattopadhyay
 
PDF
defense
byQing Dou
 
PDF
Writing a SAT solver as a hobby project
byMasahiro Sakai
 
PDF
Aaron Bedra - Effective Software Security Teams
bycentralohioissa
 
KEY
Verification with LoLA: 2 The LoLA Input Language
byUniversität Rostock
 
PDF
Exploring the Cryptol Toolset
byUlisses Costa
 
PDF
CS4200 2019 | Lecture 5 | Transformation by Term Rewriting
byEelco Visser
 
PDF
Declare Your Language: Transformation by Strategic Term Rewriting
byEelco Visser
 
PPTX
slides for Digital Logic and Number Systems
bylove4shiv
 
PPTX
Ip 5 discrete mathematics
byMark Simon
 
PPTX
NumericalAlgebraic Calculations, updated.pptx
byfarhanshaukat821
 
PPTX
Discrete Math IP4 - Automata Theory
byMark Simon
 
PDF
Towards a General Approach for Symbolic Model-Checker Prototyping
byEdmundo López Bóbeda
 
PDF
Discrete Mathematics S. Lipschutz, M. Lipson And V. H. Patil
bywidespreadpromotion
 
DOCX
Artificial intelligence - python
bySunjid Hasan
 
PPT
Ch10
bykinnarshah8888
 
PDF
Compiler Construction | Lecture 5 | Transformation by Term Rewriting
byEelco Visser
 
PPTX
Reliable multimedia transmission under noisy condition
byShahrukh Ali Khan
 
PDF
Dynamic Semantics
byEelco Visser
 
PDF
Math for programmers
bymustafa sarac
 
Abductive learning of quantized stochastic processes
byIshanu Chattopadhyay
 
defense
byQing Dou
 
Writing a SAT solver as a hobby project
byMasahiro Sakai
 
Aaron Bedra - Effective Software Security Teams
bycentralohioissa
 
Verification with LoLA: 2 The LoLA Input Language
byUniversität Rostock
 
Exploring the Cryptol Toolset
byUlisses Costa
 
CS4200 2019 | Lecture 5 | Transformation by Term Rewriting
byEelco Visser
 
Declare Your Language: Transformation by Strategic Term Rewriting
byEelco Visser
 
slides for Digital Logic and Number Systems
bylove4shiv
 
Ip 5 discrete mathematics
byMark Simon
 
NumericalAlgebraic Calculations, updated.pptx
byfarhanshaukat821
 
Discrete Math IP4 - Automata Theory
byMark Simon
 
Towards a General Approach for Symbolic Model-Checker Prototyping
byEdmundo López Bóbeda
 
Discrete Mathematics S. Lipschutz, M. Lipson And V. H. Patil
bywidespreadpromotion
 
Artificial intelligence - python
bySunjid Hasan
 
Ch10
bykinnarshah8888
 
Compiler Construction | Lecture 5 | Transformation by Term Rewriting
byEelco Visser
 
Reliable multimedia transmission under noisy condition
byShahrukh Ali Khan
 
Dynamic Semantics
byEelco Visser
 
Math for programmers
bymustafa sarac
 

Hes2011

  • 1.
    Breaking Industrial Ciphersat a Whim MATE SOOS PRESENTATION AT HES’11
  • 2.
    Story line 1 HiTag2:reverse-engineered proprietary cipher 2 Analytic tools are needed to investigate them 3 CryptoMiniSat: free software tool to test ciphers (and to break them) 2
  • 3.
    Philips HiTag2 Cipher Foraccess control: cars, army buildings Proprietary: reverse-engineered by Karsten Nohl and Sean O’Neil Feedback linear(!), filter non-linear 3
  • 4.
    SAT Solvers Input: CNF,an “and of or-s’ (x1 ∨ ¬x3) ∧ (¬x2 ∨ x3) ∧ (x1 ∨ x2) Crypto-problem needs conversion Uses DPLL(ϕ) algorithm 1 If (formula ϕ trivial) return SAT/UNSAT 2 ret ← DPLL(ϕ with v ← true) 3 If (ret = SAT) return SAT 4 ret ← DPLL(ϕ with v ← false) 5 If (ret = SAT) return SAT 6 return UNSAT 4
  • 5.
    Toy Example (¬x1 ∨¬x2 ∨ x3) ∧ (¬x1 ∨ x2) ∧ (¬x1 ∨ ¬x2) Clause 1 Clause 2 Clause 3 1 Guess: x1 = True 2 Clause 2: x2 = True 3 Clause 3: impossible! Reverse guess. 4 x1 = False 5 Good, everything is satisfied! 5
  • 6.
    Example Search Tree BEGIN -s[60] guess - s[104] guess s[104] **115 s[63] **121 s[74] **123 s[103] **125 s[79] **126 - s[103] guess s[103] **99 s[79] **107 s[74] **111 s[63] **113 s[78] **114 - s[102] guess - s[100] **95 s[63] **97 s[79] **98 - s[101] guess s[100] **87 s[79] **91 s[63] **93 s[74] **94 - s[100] guess - s[99] guess s[99] **79 s[74] **83 s[63] **85 s[79] **86 - s[98] guess s[96] **72 s[63] **75 s[79] **77 s[74] **78 - s[97] guess - s[96] guess - s[95] guess - s[79] **68 s[63] **70 s[74] **71 - s[94] guess - s[93] guess - s[92] guess - s[91] guess - s[90] guess - s[89] guess - s[88] guess - s[87] guess - s[86] guess - s[85] guess - s[84] guess s[79] **64 s[74] **66 s[65] **67 - s[83] guess - s[82] guess - s[81] guess - s[80] guess - s[79] guess - s[78] guess s[78] **60 s[63] **62 s[65] **63 - s[77] guess s[77] **58 s[74] **59 - s[76] guess s[76] **57 s[63] calc_s[28] - s[65] calc_s[17] s[72] calc_s[30] s[74] calc_s[93] - s[62] calc_s[2] - s[75] calc_s[100] - s[61] calc_s[80] s[76] s[77] s[78] s[102] s[79] s[100] s[60] s[93] calc_s[102] - s[63] calc_s[28] s[65] calc_s[17] - s[72] calc_s[30] s[74] calc_s[93] s[77] s[78] s[79] s[60] s[93] s[102] s[100] calc_s[31] - s[74] guess - s[72] calc_s[31] s[65] calc_s[30] - s[63] calc_s[93] s[74] - s[77] s[79] s[78] s[93] s[60] calc_s[17] s[72] calc_s[31] - s[65] calc_s[30] - s[63] calc_s[93] s[75] calc_s[99] s[76] calc_s[28] s[78] s[79] s[60] s[103] s[99] s[93] s[102] s[100] calc_s[103] - s[63] guess s[74] **61 s[76] calc_s[28] - s[74] guess - s[72] calc_s[31] - s[75] calc_s[103] - s[65] calc_s[30] s[74] s[63] s[99] s[60] - s[78] s[79] s[103] calc_s[99] s[72] calc_s[31] s[75] calc_s[103] s[65] calc_s[30] s[64] calc_s[4] s[62] calc_s[96] s[61] calc_s[80] s[77] calc_s[93] s[63] s[79] - s[78] s[93] s[60] s[99] s[103] calc_s[17] - s[76] calc_s[28] - s[65] guess - s[72] calc_s[30] - s[77] calc_s[17] s[62] calc_s[2] - s[74] calc_s[31] - s[64] calc_s[104] s[75] calc_s[96] s[65] - s[78] s[79] s[85] - s[63] s[96] s[104] s[60] calc_s[85] s[72] calc_s[30] s[77] calc_s[17] - s[62] calc_s[2] s[74] calc_s[31] s[79] s[85] s[60] s[93] s[96] s[104] s[99] s[103] s[102] s[100] calc_s[93] - s[74] guess s[63] **65 s[72] calc_s[31] - s[63] guess s[76] calc_s[28] s[75] calc_s[100] s[78] calc_s[103] - s[65] calc_s[99] s[64] calc_s[4] s[63] s[74] s[60] - s[79] s[99] s[103] s[100] calc_s[3] - s[76] calc_s[28] - s[75] calc_s[100] - s[78] calc_s[103] - s[65] calc_s[99] s[64] calc_s[4] s[62] calc_s[96] s[77] calc_s[17] s[74] - s[79] s[60] s[96] s[99] s[103] s[100] calc_s[2] - s[72] calc_s[31] - s[65] guess s[78] calc_s[30] - s[75] calc_s[99] s[76] calc_s[100] - s[64] calc_s[4] - s[63] calc_s[28] - s[68] calc_s[10] s[77] calc_s[104] s[65] - s[74] s[60] - s[79] s[100] s[99] calc_s[3] - s[78] calc_s[30] - s[75] calc_s[99] s[76] calc_s[100] s[64] calc_s[4] - s[63] calc_s[28] - s[79] s[96] s[103] s[100] s[99] s[60] calc_s[103] - s[63] guess s[74] **69 s[76] calc_s[28] - s[74] guess - s[78] **61 - s[72] calc_s[31] - s[75] calc_s[100] s[93] **60 s[65] calc_s[30] s[74] s[63] s[60] s[79] s[103] s[100] s[99] calc_s[103] s[72] calc_s[31] s[75] calc_s[100] s[62] calc_s[96] s[78] calc_s[103] - s[68] calc_s[27] - s[77] calc_s[102] - s[65] calc_s[2] s[61] calc_s[19] s[63] s[96] s[102] s[103] s[60] s[100] s[99] calc_s[7] - s[76] calc_s[28] - s[74] guess - s[72] calc_s[31] s[75] calc_s[100] s[62] calc_s[96] - s[78] calc_s[103] - s[68] calc_s[27] - s[77] calc_s[102] s[74] - s[63] s[60] s[79] s[103] s[96] s[100] calc_s[8] s[72] calc_s[31] - s[75] calc_s[100] s[62] calc_s[96] - s[78] calc_s[103] s[68] calc_s[27] - s[77] calc_s[102] s[65] calc_s[2] s[61] calc_s[19] s[96] s[99] s[102] s[103] s[100] s[60] calc_s[20] - s[63] guess s[74] **73 s[79] **74 s[76] calc_s[28] - s[74] guess - s[79] **65 s[74] s[63] s[60] s[103] s[100] s[99] **69 - s[79] guess s[72] calc_s[31] s[75] calc_s[100] - s[62] calc_s[96] s[78] calc_s[103] s[68] calc_s[27] s[77] calc_s[102] - s[65] calc_s[2] - s[61] calc_s[19] s[79] - s[74] s[60] s[63] s[102] s[103] - s[96] s[100] calc_s[7] s[65] **67 - s[72] calc_s[31] - s[75] calc_s[100] - s[78] calc_s[30] s[77] calc_s[17] s[62] calc_s[2] s[64] calc_s[4] s[63] s[99] s[100] s[60] s[102] s[103] calc_s[23] - s[76] calc_s[28] s[74] **76 - s[79] guess - s[74] guess - s[72] calc_s[31] s[75] calc_s[100] - s[62] calc_s[96] - s[78] calc_s[103] s[68] calc_s[27] s[77] calc_s[102] s[74] s[79] - s[63] s[60] s[103] - s[96] s[100] calc_s[8] s[72] calc_s[31] - s[75] calc_s[100] - s[62] calc_s[96] - s[78] calc_s[103] - s[68] calc_s[27] s[77] calc_s[102] s[65] calc_s[2] - s[61] calc_s[19] s[79] - s[63] s[60] s[102] s[103] - s[96] s[100] calc_s[20] - s[74] guess s[72] calc_s[31] - s[75] calc_s[100] - s[62] calc_s[96] - s[78] calc_s[103] - s[68] calc_s[27] - s[77] calc_s[102] s[74] - s[63] s[60] - s[79] s[103] - s[96] s[100] calc_s[8] s[65] **67 - s[72] calc_s[31] s[75] calc_s[100] - s[78] calc_s[30] s[99] s[100] s[60] s[103] s[102] calc_s[99] - s[74] guess s[63] **81 s[79] **82 - s[63] guess s[79] **80 s[76] calc_s[28] - s[79] guess - s[72] calc_s[31] - s[75] calc_s[100] s[78] calc_s[103] - s[65] calc_s[30] - s[64] calc_s[3] s[77] calc_s[17] s[62] calc_s[2] s[79] s[63] s[60] s[74] s[103] s[100] calc_s[4] s[72] calc_s[31] s[75] calc_s[100] s[78] calc_s[103] s[65] calc_s[30] - s[64] calc_s[3] s[77] calc_s[17] - s[62] calc_s[2] s[63] s[74] s[60] s[103] s[100] calc_s[23] - s[76] calc_s[28] - s[79] guess - s[96] **76 s[79] s[74] s[60] s[103] s[100] **71 - s[96] **78 s[72] calc_s[31] - s[75] calc_s[100] s[62] calc_s[96] - s[78] calc_s[103] s[68] calc_s[27] s[77] calc_s[102] s[74] s[100] s[103] s[60] calc_s[8] - s[63] guess s[79] **84 s[76] calc_s[28] - s[79] guess - s[96] **74 s[72] calc_s[31] s[75] calc_s[100] s[62] calc_s[96] s[78] calc_s[103] - s[68] calc_s[27] - s[77] calc_s[102] - s[65] calc_s[2] s[61] calc_s[19] s[79] s[63] s[60] s[102] s[103] s[100] calc_s[7] - s[72] calc_s[31] - s[75] calc_s[100] s[78] calc_s[103] - s[65] calc_s[30] s[63] s[100] s[103] s[60] s[102] calc_s[99] - s[76] calc_s[28] - s[79] guess - s[96] **77 s[72] calc_s[31] - s[75] calc_s[100] s[62] calc_s[96] - s[78] calc_s[103] s[68] calc_s[27] - s[77] calc_s[102] s[65] calc_s[2] s[61] calc_s[19] s[79] s[100] s[102] s[103] s[60] calc_s[20] - s[72] calc_s[31] s[75] calc_s[100] - s[78] calc_s[103] s[65] calc_s[30] - s[64] calc_s[3] - s[77] calc_s[17] s[62] calc_s[2] s[100] s[102] s[103] s[60] calc_s[4] - s[79] guess s[63] **89 s[74] **90 - s[63] guess s[74] **88 s[76] calc_s[28] - s[74] guess - s[72] calc_s[31] s[75] calc_s[100] - s[78] calc_s[103] s[65] calc_s[30] - s[64] calc_s[3] - s[99] calc_s[99] - s[77] calc_s[17] s[62] calc_s[2] s[74] s[63] s[79] s[60] s[103] - s[100] calc_s[4] s[72] calc_s[31] - s[75] calc_s[100] - s[78] calc_s[103] - s[65] calc_s[30] s[64] calc_s[3] s[99] calc_s[99] s[77] calc_s[17] - s[62] calc_s[2] s[63] s[79] s[60] s[103] - s[100] calc_s[23] - s[76] calc_s[28] - s[74] guess - s[72] calc_s[31] - s[75] calc_s[100] s[78] calc_s[103] - s[65] calc_s[30] s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] s[62] calc_s[2] s[74] s[79] s[60] s[103] - s[100] calc_s[4] s[72] calc_s[31] s[75] calc_s[100] s[78] calc_s[103] s[65] calc_s[30] - s[64] calc_s[3] - s[99] calc_s[99] s[77] calc_s[17] - s[62] calc_s[2] s[79] - s[100] s[103] s[60] calc_s[23] - s[63] guess s[74] **92 s[76] calc_s[28] - s[74] guess s[72] calc_s[31] - s[75] calc_s[100] - s[78] calc_s[103] - s[65] calc_s[30] - s[64] calc_s[3] - s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] s[68] calc_s[10] s[74] s[63] s[60] s[103] - s[100] calc_s[24] - s[72] calc_s[31] s[75] calc_s[100] - s[78] calc_s[103] s[65] calc_s[30] s[64] calc_s[3] s[99] calc_s[99] s[77] calc_s[17] s[62] calc_s[2] s[63] - s[100] s[103] s[60] calc_s[4] - s[76] calc_s[28] - s[74] guess s[72] calc_s[31] s[75] calc_s[100] s[78] calc_s[103] s[65] calc_s[30] s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] - s[68] calc_s[10] s[74] - s[100] s[103] s[60] calc_s[24] - s[72] calc_s[31] - s[75] calc_s[100] s[78] calc_s[103] - s[65] calc_s[30] - s[64] calc_s[3] - s[99] calc_s[99] s[77] calc_s[17] s[62] calc_s[2] - s[100] s[103] s[60] calc_s[4] s[74] **83 s[79] **96 s[102] **87 - s[63] guess s[76] calc_s[28] - s[79] guess s[72] calc_s[31] s[75] calc_s[100] s[78] calc_s[103] s[65] calc_s[30] s[64] calc_s[3] - s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] s[68] calc_s[10] s[79] s[63] s[104] s[60] s[103] calc_s[104] - s[72] calc_s[31] - s[75] calc_s[100] s[78] calc_s[103] - s[65] calc_s[30] s[64] calc_s[3] s[99] **67 s[63] s[103] s[60] s[104] calc_s[99] - s[76] calc_s[28] - s[79] guess s[72] calc_s[31] - s[75] calc_s[100] - s[78] calc_s[103] - s[65] calc_s[30] - s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] - s[68] calc_s[10] s[79] s[103] s[60] s[104] calc_s[104] - s[72] calc_s[31] s[75] calc_s[100] - s[78] calc_s[103] s[65] calc_s[30] - s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] s[62] calc_s[2] s[103] s[104] s[60] calc_s[4] - s[79] guess s[63] **103 s[74] **105 s[78] **106 - s[63] guess s[74] **101 s[78] **102 s[76] calc_s[28] s[75] **100 - s[74] guess - s[72] calc_s[31] - s[100] guess - s[75] calc_s[100] - s[78] calc_s[103] s[65] calc_s[30] s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] s[62] calc_s[2] s[75] s[74] s[79] s[63] s[60] - s[103] calc_s[4] s[100] calc_s[100] s[78] calc_s[103] - s[65] calc_s[30] s[64] calc_s[3] - s[99] calc_s[99] s[77] calc_s[17] s[62] calc_s[2] s[74] s[63] s[79] s[60] - s[103] calc_s[4] s[72] calc_s[31] - s[78] guess - s[65] calc_s[30] s[75] calc_s[103] - s[64] calc_s[3] - s[99] calc_s[99] s[77] calc_s[17] - s[62] calc_s[2] - s[100] calc_s[100] - s[68] calc_s[10] s[78] s[63] s[104] s[79] s[60] calc_s[104] s[65] calc_s[30] - s[75] calc_s[103] - s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] s[63] s[79] s[60] s[104] calc_s[23] - s[76] calc_s[28] s[78] **104 - s[74] guess - s[72] calc_s[31] - s[78] guess s[65] calc_s[30] - s[75] calc_s[103] - s[64] calc_s[3] s[99] calc_s[99] s[77] calc_s[17] s[62] calc_s[2] s[78] s[74] s[79] - s[63] s[60] - s[103] calc_s[4] - s[65] calc_s[30] s[75] calc_s[103] - s[64] calc_s[3] - s[99] calc_s[99] - s[77] calc_s[17] s[62] calc_s[2] s[74] s[79] s[60] - s[63] - s[103] calc_s[4] s[72] calc_s[31] - s[78] guess - s[65] calc_s[30] s[75] calc_s[103] s[64] calc_s[3] - s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] s[78] - s[63] s[60] s[79] - s[103] calc_s[23] s[65] calc_s[30] - s[75] calc_s[103] s[64] calc_s[3] s[99] calc_s[99] s[77] calc_s[17] - s[62] calc_s[2] - s[100] calc_s[100] s[68] calc_s[10] s[79] s[104] s[60] calc_s[104] - s[74] guess s[63] **109 s[78] **110 s[72] calc_s[31] s[78] **108 - s[63] guess s[76] calc_s[28] - s[78] guess - s[65] calc_s[30] s[75] calc_s[103] s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] s[78] s[63] s[60] - s[79] s[74] - s[103] calc_s[23] s[65] calc_s[30] - s[75] calc_s[103] s[64] calc_s[3] - s[99] calc_s[99] s[77] calc_s[17] - s[62] calc_s[2] s[100] calc_s[100] - s[68] calc_s[10] s[63] s[74] - s[79] s[60] - s[103] calc_s[24] - s[76] calc_s[28] - s[78] guess - s[65] calc_s[30] s[75] calc_s[103] - s[64] calc_s[3] s[99] calc_s[99] s[77] calc_s[17] - s[62] calc_s[2] s[100] calc_s[100] s[68] calc_s[10] s[78] s[74] - s[79] s[60] - s[103] calc_s[24] s[65] calc_s[30] - s[75] calc_s[103] - s[64] calc_s[3] - s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] s[74] - s[79] s[60] - s[103] calc_s[23] - s[72] calc_s[31] s[78] **112 - s[63] guess s[76] calc_s[28] - s[78] guess s[65] calc_s[30] - s[75] calc_s[103] - s[64] calc_s[3] - s[99] calc_s[99] s[77] calc_s[17] s[62] calc_s[2] s[78] s[63] - s[79] s[60] - s[103] calc_s[4] - s[65] calc_s[30] s[75] calc_s[103] - s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] s[62] calc_s[2] s[63] - s[79] s[60] - s[103] calc_s[4] - s[76] calc_s[28] - s[78] guess s[65] calc_s[30] - s[75] calc_s[103] s[64] calc_s[3] - s[99] calc_s[99] - s[77] calc_s[17] s[62] calc_s[2] s[78] - s[79] s[60] - s[103] calc_s[4] - s[65] calc_s[30] s[75] calc_s[103] s[64] calc_s[3] s[99] calc_s[99] s[77] calc_s[17] s[62] calc_s[2] s[104] s[60] calc_s[4] - s[63] guess s[74] **117 s[103] **119 s[78] **120 s[76] calc_s[28] s[103] **116 - s[74] guess - s[79] guess - s[103] **101 - s[72] calc_s[31] - s[100] **95 s[102] **85 s[103] s[74] s[60] s[63] **81 - s[79] **113 s[74] s[63] s[60] **101 - s[103] guess s[79] **118 - s[100] **95 s[102] **85 - s[79] guess s[72] calc_s[31] s[75] calc_s[100] s[78] calc_s[103] s[65] calc_s[30] s[64] calc_s[3] - s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] s[68] calc_s[10] s[79] s[103] s[60] s[63] calc_s[24] - s[72] calc_s[31] - s[75] calc_s[100] s[78] calc_s[103] - s[65] calc_s[30] s[64] calc_s[3] s[99] **67 s[103] s[63] s[60] calc_s[99] - s[79] **113 s[72] calc_s[31] - s[78] guess - s[65] calc_s[30] s[75] calc_s[103] - s[64] calc_s[3] - s[99] calc_s[99] s[77] calc_s[17] - s[62] calc_s[2] - s[100] calc_s[100] - s[68] calc_s[10] s[78] s[63] s[60] calc_s[24] s[65] calc_s[30] - s[75] calc_s[103] - s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] s[63] s[60] calc_s[23] - s[76] calc_s[28] s[103] **122 - s[74] guess - s[103] guess - s[100] **95 s[102] **87 s[103] s[74] s[60] **83 - s[79] **111 s[74] s[60] **105 - s[103] guess s[79] **124 - s[100] **95 s[102] **87 - s[79] guess s[72] calc_s[31] - s[75] calc_s[100] - s[78] calc_s[103] - s[65] calc_s[30] - s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] - s[68] calc_s[10] s[79] s[103] s[60] calc_s[24] - s[72] calc_s[31] s[75] calc_s[100] - s[78] calc_s[103] s[65] calc_s[30] - s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] s[62] calc_s[2] s[103] s[60] calc_s[4] - s[79] guess s[78] **106 s[72] calc_s[31] s[65] calc_s[30] - s[75] calc_s[103] s[64] calc_s[3] s[99] calc_s[99] s[77] calc_s[17] - s[62] calc_s[2] - s[100] calc_s[100] s[68] calc_s[10] s[79] s[60] calc_s[24] s[78] **114 - s[72] calc_s[31] - s[65] calc_s[30] s[75] calc_s[103] s[64] calc_s[3] s[99] calc_s[99] s[77] calc_s[17] s[62] calc_s[2] s[60] calc_s[4] node66 s[60] learnt unit clause s[74] learnt unit clause - s[74] guess s[103] **134 s[63] **138 s[79] **140 s[78] **141 - s[103] guess s[63] **130 s[79] **132 s[78] **133 - s[63] guess s[79] **128 s[78] **129 s[76] calc_s[28] s[78] **127 - s[79] guess s[72] calc_s[31] - s[78] guess - s[65] calc_s[30] - s[75] calc_s[103] - s[64] calc_s[3] - s[99] calc_s[99] s[77] calc_s[17] s[62] calc_s[2] s[78] s[79] s[63] s[74] s[103] calc_s[23] s[65] calc_s[30] s[75] calc_s[103] - s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] s[62] calc_s[2] s[100] calc_s[100] s[68] calc_s[10] s[85] calc_s[85] s[79] s[63] s[74] s[103] calc_s[25] - s[72] calc_s[31] - s[78] guess s[65] calc_s[30] s[75] calc_s[103] - s[64] calc_s[3] - s[99] calc_s[99] s[77] calc_s[17] - s[62] calc_s[2] s[78] s[63] s[74] s[103] calc_s[4] - s[65] calc_s[30] - s[75] calc_s[103] - s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] s[63] s[103] s[74] calc_s[4] - s[76] calc_s[28] s[78] **131 - s[79] guess s[72] calc_s[31] - s[78] guess - s[65] calc_s[30] - s[75] calc_s[103] s[64] calc_s[3] - s[99] calc_s[99] - s[77] calc_s[17] s[62] calc_s[2] s[100] calc_s[100] - s[68] calc_s[10] s[85] calc_s[85] s[78] s[79] s[74] s[103] calc_s[25] s[65] calc_s[30] s[75] calc_s[103] s[64] calc_s[3] s[99] calc_s[99] s[77] calc_s[17] s[62] calc_s[2] s[79] s[103] s[74] calc_s[23] - s[72] calc_s[31] - s[86] guess - s[78] guess s[65] calc_s[30] s[75] calc_s[103] s[64] calc_s[3] - s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] s[78] s[103] s[74] calc_s[4] - s[65] calc_s[30] - s[75] calc_s[103] s[64] calc_s[3] s[99] calc_s[99] s[77] calc_s[17] - s[62] calc_s[2] s[103] s[74] calc_s[4] - s[63] guess s[79] **136 s[78] **137 s[76] calc_s[28] s[78] **135 - s[79] guess s[72] calc_s[31] - s[78] guess - s[65] calc_s[30] s[75] calc_s[103] s[64] calc_s[3] s[99] calc_s[99] s[77] calc_s[17] s[62] calc_s[2] s[100] calc_s[100] - s[68] calc_s[10] s[85] calc_s[85] s[78] s[79] s[74] s[63] calc_s[25] s[65] calc_s[30] - s[75] calc_s[103] s[64] calc_s[3] - s[99] calc_s[99] - s[77] calc_s[17] s[62] calc_s[2] s[79] s[63] s[74] calc_s[23] - s[72] calc_s[31] - s[78] guess s[65] calc_s[30] - s[75] calc_s[103] s[64] calc_s[3] s[99] calc_s[99] s[77] calc_s[17] - s[62] calc_s[2] s[78] s[63] s[74] calc_s[4] - s[65] calc_s[30] s[75] calc_s[103] s[64] calc_s[3] - s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] s[63] s[74] calc_s[4] - s[76] calc_s[28] s[78] **139 - s[79] guess s[72] calc_s[31] - s[78] guess - s[65] calc_s[30] s[75] calc_s[103] - s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] s[62] calc_s[2] s[78] s[79] s[74] calc_s[23] s[65] calc_s[30] - s[75] calc_s[103] - s[64] calc_s[3] - s[99] calc_s[99] s[77] calc_s[17] s[62] calc_s[2] s[100] calc_s[100] s[68] calc_s[10] s[85] calc_s[85] s[79] s[74] calc_s[25] - s[72] calc_s[31] - s[78] guess s[65] calc_s[30] - s[75] calc_s[103] - s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] s[78] s[74] calc_s[4] - s[65] calc_s[30] s[75] calc_s[103] - s[64] calc_s[3] - s[99] calc_s[99] s[77] calc_s[17] - s[62] calc_s[2] s[74] calc_s[4] - s[103] guess s[63] **145 s[79] **147 s[78] **148 - s[63] guess s[79] **143 s[78] **144 s[76] calc_s[28] s[78] **142 - s[79] guess - s[72] calc_s[31] - s[78] guess s[65] calc_s[30] s[75] calc_s[103] s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] s[78] s[79] s[63] s[103] calc_s[4] - s[65] calc_s[30] - s[75] calc_s[103] s[64] calc_s[3] - s[99] calc_s[99] s[77] calc_s[17] - s[62] calc_s[2] s[79] s[63] s[103] calc_s[4] s[72] calc_s[31] - s[78] guess - s[65] calc_s[30] - s[75] calc_s[103] s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] s[62] calc_s[2] - s[100] calc_s[100] s[68] calc_s[10] - s[85] calc_s[85] s[78] s[63] s[103] calc_s[16] s[65] calc_s[30] s[75] calc_s[103] s[64] calc_s[3] - s[99] calc_s[99] s[77] calc_s[17] s[62] calc_s[2] s[63] s[103] calc_s[23] - s[76] calc_s[28] s[78] **146 - s[79] guess - s[72] calc_s[31] - s[78] guess s[65] calc_s[30] s[75] calc_s[103] - s[64] calc_s[3] s[99] calc_s[99] s[77] calc_s[17] - s[62] calc_s[2] s[78] s[79] s[103] calc_s[4] - s[65] calc_s[30] - s[75] calc_s[103] - s[64] calc_s[3] - s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] s[79] s[103] calc_s[4] s[72] calc_s[31] - s[78] guess - s[65] calc_s[30] - s[75] calc_s[103] - s[64] calc_s[3] s[99] calc_s[99] s[77] calc_s[17] s[62] calc_s[2] s[78] s[103] calc_s[23] s[65] calc_s[30] s[75] calc_s[103] - s[64] calc_s[3] - s[99] calc_s[99] - s[77] calc_s[17] s[62] calc_s[2] - s[100] calc_s[100] - s[68] calc_s[10] - s[85] calc_s[85] - s[92] calc_s[92] - s[61] calc_s[18] s[93] calc_s[93] - s[104] calc_s[104] - s[83] calc_s[83] s[87] calc_s[87] s[96] calc_s[96] - s[102] calc_s[102] s[81] calc_s[81] s[97] calc_s[97] - s[90] calc_s[90] - s[98] calc_s[98] - s[82] calc_s[82] - s[88] calc_s[88] - s[84] calc_s[84] - s[101] calc_s[101] s[80] calc_s[80] - s[94] calc_s[94] - s[95] calc_s[95] s[89] calc_s[89] - s[91] calc_s[91] - s[86] calc_s[86] MODEL First conflict Solution Found Backtrack Guess until conflict Start 6
  • 7.
    CryptoMiniSat SAT solver thatexcels at cryptography General purpose: won SAT Race’10 0 1000 2000 3000 4000 5000 6000 80 100 120 140 160 180 200 220 240 Time(s) No. solved instances from SAT Comp’09 MiniSat 2.2 lingeling PrecoSat465 CryptoMiniSat SAT Comp’11 Collaborative: GPL, mailing list, regular releases 7
  • 8.
    Demo 1 Generate HiTag2problem: Grain-of-Salt tool 2 Solve it using CryptoMiniSat 3 Analyse results: ≈ 2 days to break 8
  • 9.
    Conclusion SAT solvers arepowerful tools to break weak cryptography CryptoMiniSat, a leading SAT solver, is waiting for your contribution Weak ciphers like HiTag2 should not be used in high-value applications 9