SlideShare a Scribd company logo

Hes2011

M
matesos

The document discusses using SAT solvers to break proprietary ciphers. SAT solvers use a Boolean logic approach to solve cryptographic problems by converting them into conjunctive normal form (CNF) and then attempting to satisfy all clauses. As an example, a toy cipher is broken by modeling it as a SAT problem and allowing the solver to search for a solution through guessing variable assignments. Commercial ciphers can also be reverse engineered and tested against using CryptoMiniSat, a free software SAT solver designed for cryptanalysis.

1 of 9
Download to read offline
Breaking Industrial Ciphers at a Whim MATE SOOS PRESENTATION AT HES’11
Story line 1 HiTag2: reverse-engineered proprietary cipher 2 Analytic tools are needed to investigate them 3 CryptoMiniSat: free software tool to test ciphers (and to break them) 2
Philips HiTag2 Cipher For access control: cars, army buildings Proprietary: reverse-engineered by Karsten Nohl and Sean O’Neil Feedback linear(!), filter non-linear 3
SAT Solvers Input: CNF, an “and of or-s’ (x1 ∨ ¬x3) ∧ (¬x2 ∨ x3) ∧ (x1 ∨ x2) Crypto-problem needs conversion Uses DPLL(ϕ) algorithm 1 If (formula ϕ trivial) return SAT/UNSAT 2 ret ← DPLL(ϕ with v ← true) 3 If (ret = SAT) return SAT 4 ret ← DPLL(ϕ with v ← false) 5 If (ret = SAT) return SAT 6 return UNSAT 4
Toy Example (¬x1 ∨ ¬x2 ∨ x3) ∧ (¬x1 ∨ x2) ∧ (¬x1 ∨ ¬x2) Clause 1 Clause 2 Clause 3 1 Guess: x1 = True 2 Clause 2: x2 = True 3 Clause 3: impossible! Reverse guess. 4 x1 = False 5 Good, everything is satisfied! 5
Example Search Tree BEGIN - s[60] guess - s[104] guess s[104] **115 s[63] **121 s[74] **123 s[103] **125 s[79] **126 - s[103] guess s[103] **99 s[79] **107 s[74] **111 s[63] **113 s[78] **114 - s[102] guess - s[100] **95 s[63] **97 s[79] **98 - s[101] guess s[100] **87 s[79] **91 s[63] **93 s[74] **94 - s[100] guess - s[99] guess s[99] **79 s[74] **83 s[63] **85 s[79] **86 - s[98] guess s[96] **72 s[63] **75 s[79] **77 s[74] **78 - s[97] guess - s[96] guess - s[95] guess - s[79] **68 s[63] **70 s[74] **71 - s[94] guess - s[93] guess - s[92] guess - s[91] guess - s[90] guess - s[89] guess - s[88] guess - s[87] guess - s[86] guess - s[85] guess - s[84] guess s[79] **64 s[74] **66 s[65] **67 - s[83] guess - s[82] guess - s[81] guess - s[80] guess - s[79] guess - s[78] guess s[78] **60 s[63] **62 s[65] **63 - s[77] guess s[77] **58 s[74] **59 - s[76] guess s[76] **57 s[63] calc_s[28] - s[65] calc_s[17] s[72] calc_s[30] s[74] calc_s[93] - s[62] calc_s[2] - s[75] calc_s[100] - s[61] calc_s[80] s[76] s[77] s[78] s[102] s[79] s[100] s[60] s[93] calc_s[102] - s[63] calc_s[28] s[65] calc_s[17] - s[72] calc_s[30] s[74] calc_s[93] s[77] s[78] s[79] s[60] s[93] s[102] s[100] calc_s[31] - s[74] guess - s[72] calc_s[31] s[65] calc_s[30] - s[63] calc_s[93] s[74] - s[77] s[79] s[78] s[93] s[60] calc_s[17] s[72] calc_s[31] - s[65] calc_s[30] - s[63] calc_s[93] s[75] calc_s[99] s[76] calc_s[28] s[78] s[79] s[60] s[103] s[99] s[93] s[102] s[100] calc_s[103] - s[63] guess s[74] **61 s[76] calc_s[28] - s[74] guess - s[72] calc_s[31] - s[75] calc_s[103] - s[65] calc_s[30] s[74] s[63] s[99] s[60] - s[78] s[79] s[103] calc_s[99] s[72] calc_s[31] s[75] calc_s[103] s[65] calc_s[30] s[64] calc_s[4] s[62] calc_s[96] s[61] calc_s[80] s[77] calc_s[93] s[63] s[79] - s[78] s[93] s[60] s[99] s[103] calc_s[17] - s[76] calc_s[28] - s[65] guess - s[72] calc_s[30] - s[77] calc_s[17] s[62] calc_s[2] - s[74] calc_s[31] - s[64] calc_s[104] s[75] calc_s[96] s[65] - s[78] s[79] s[85] - s[63] s[96] s[104] s[60] calc_s[85] s[72] calc_s[30] s[77] calc_s[17] - s[62] calc_s[2] s[74] calc_s[31] s[79] s[85] s[60] s[93] s[96] s[104] s[99] s[103] s[102] s[100] calc_s[93] - s[74] guess s[63] **65 s[72] calc_s[31] - s[63] guess s[76] calc_s[28] s[75] calc_s[100] s[78] calc_s[103] - s[65] calc_s[99] s[64] calc_s[4] s[63] s[74] s[60] - s[79] s[99] s[103] s[100] calc_s[3] - s[76] calc_s[28] - s[75] calc_s[100] - s[78] calc_s[103] - s[65] calc_s[99] s[64] calc_s[4] s[62] calc_s[96] s[77] calc_s[17] s[74] - s[79] s[60] s[96] s[99] s[103] s[100] calc_s[2] - s[72] calc_s[31] - s[65] guess s[78] calc_s[30] - s[75] calc_s[99] s[76] calc_s[100] - s[64] calc_s[4] - s[63] calc_s[28] - s[68] calc_s[10] s[77] calc_s[104] s[65] - s[74] s[60] - s[79] s[100] s[99] calc_s[3] - s[78] calc_s[30] - s[75] calc_s[99] s[76] calc_s[100] s[64] calc_s[4] - s[63] calc_s[28] - s[79] s[96] s[103] s[100] s[99] s[60] calc_s[103] - s[63] guess s[74] **69 s[76] calc_s[28] - s[74] guess - s[78] **61 - s[72] calc_s[31] - s[75] calc_s[100] s[93] **60 s[65] calc_s[30] s[74] s[63] s[60] s[79] s[103] s[100] s[99] calc_s[103] s[72] calc_s[31] s[75] calc_s[100] s[62] calc_s[96] s[78] calc_s[103] - s[68] calc_s[27] - s[77] calc_s[102] - s[65] calc_s[2] s[61] calc_s[19] s[63] s[96] s[102] s[103] s[60] s[100] s[99] calc_s[7] - s[76] calc_s[28] - s[74] guess - s[72] calc_s[31] s[75] calc_s[100] s[62] calc_s[96] - s[78] calc_s[103] - s[68] calc_s[27] - s[77] calc_s[102] s[74] - s[63] s[60] s[79] s[103] s[96] s[100] calc_s[8] s[72] calc_s[31] - s[75] calc_s[100] s[62] calc_s[96] - s[78] calc_s[103] s[68] calc_s[27] - s[77] calc_s[102] s[65] calc_s[2] s[61] calc_s[19] s[96] s[99] s[102] s[103] s[100] s[60] calc_s[20] - s[63] guess s[74] **73 s[79] **74 s[76] calc_s[28] - s[74] guess - s[79] **65 s[74] s[63] s[60] s[103] s[100] s[99] **69 - s[79] guess s[72] calc_s[31] s[75] calc_s[100] - s[62] calc_s[96] s[78] calc_s[103] s[68] calc_s[27] s[77] calc_s[102] - s[65] calc_s[2] - s[61] calc_s[19] s[79] - s[74] s[60] s[63] s[102] s[103] - s[96] s[100] calc_s[7] s[65] **67 - s[72] calc_s[31] - s[75] calc_s[100] - s[78] calc_s[30] s[77] calc_s[17] s[62] calc_s[2] s[64] calc_s[4] s[63] s[99] s[100] s[60] s[102] s[103] calc_s[23] - s[76] calc_s[28] s[74] **76 - s[79] guess - s[74] guess - s[72] calc_s[31] s[75] calc_s[100] - s[62] calc_s[96] - s[78] calc_s[103] s[68] calc_s[27] s[77] calc_s[102] s[74] s[79] - s[63] s[60] s[103] - s[96] s[100] calc_s[8] s[72] calc_s[31] - s[75] calc_s[100] - s[62] calc_s[96] - s[78] calc_s[103] - s[68] calc_s[27] s[77] calc_s[102] s[65] calc_s[2] - s[61] calc_s[19] s[79] - s[63] s[60] s[102] s[103] - s[96] s[100] calc_s[20] - s[74] guess s[72] calc_s[31] - s[75] calc_s[100] - s[62] calc_s[96] - s[78] calc_s[103] - s[68] calc_s[27] - s[77] calc_s[102] s[74] - s[63] s[60] - s[79] s[103] - s[96] s[100] calc_s[8] s[65] **67 - s[72] calc_s[31] s[75] calc_s[100] - s[78] calc_s[30] s[99] s[100] s[60] s[103] s[102] calc_s[99] - s[74] guess s[63] **81 s[79] **82 - s[63] guess s[79] **80 s[76] calc_s[28] - s[79] guess - s[72] calc_s[31] - s[75] calc_s[100] s[78] calc_s[103] - s[65] calc_s[30] - s[64] calc_s[3] s[77] calc_s[17] s[62] calc_s[2] s[79] s[63] s[60] s[74] s[103] s[100] calc_s[4] s[72] calc_s[31] s[75] calc_s[100] s[78] calc_s[103] s[65] calc_s[30] - s[64] calc_s[3] s[77] calc_s[17] - s[62] calc_s[2] s[63] s[74] s[60] s[103] s[100] calc_s[23] - s[76] calc_s[28] - s[79] guess - s[96] **76 s[79] s[74] s[60] s[103] s[100] **71 - s[96] **78 s[72] calc_s[31] - s[75] calc_s[100] s[62] calc_s[96] - s[78] calc_s[103] s[68] calc_s[27] s[77] calc_s[102] s[74] s[100] s[103] s[60] calc_s[8] - s[63] guess s[79] **84 s[76] calc_s[28] - s[79] guess - s[96] **74 s[72] calc_s[31] s[75] calc_s[100] s[62] calc_s[96] s[78] calc_s[103] - s[68] calc_s[27] - s[77] calc_s[102] - s[65] calc_s[2] s[61] calc_s[19] s[79] s[63] s[60] s[102] s[103] s[100] calc_s[7] - s[72] calc_s[31] - s[75] calc_s[100] s[78] calc_s[103] - s[65] calc_s[30] s[63] s[100] s[103] s[60] s[102] calc_s[99] - s[76] calc_s[28] - s[79] guess - s[96] **77 s[72] calc_s[31] - s[75] calc_s[100] s[62] calc_s[96] - s[78] calc_s[103] s[68] calc_s[27] - s[77] calc_s[102] s[65] calc_s[2] s[61] calc_s[19] s[79] s[100] s[102] s[103] s[60] calc_s[20] - s[72] calc_s[31] s[75] calc_s[100] - s[78] calc_s[103] s[65] calc_s[30] - s[64] calc_s[3] - s[77] calc_s[17] s[62] calc_s[2] s[100] s[102] s[103] s[60] calc_s[4] - s[79] guess s[63] **89 s[74] **90 - s[63] guess s[74] **88 s[76] calc_s[28] - s[74] guess - s[72] calc_s[31] s[75] calc_s[100] - s[78] calc_s[103] s[65] calc_s[30] - s[64] calc_s[3] - s[99] calc_s[99] - s[77] calc_s[17] s[62] calc_s[2] s[74] s[63] s[79] s[60] s[103] - s[100] calc_s[4] s[72] calc_s[31] - s[75] calc_s[100] - s[78] calc_s[103] - s[65] calc_s[30] s[64] calc_s[3] s[99] calc_s[99] s[77] calc_s[17] - s[62] calc_s[2] s[63] s[79] s[60] s[103] - s[100] calc_s[23] - s[76] calc_s[28] - s[74] guess - s[72] calc_s[31] - s[75] calc_s[100] s[78] calc_s[103] - s[65] calc_s[30] s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] s[62] calc_s[2] s[74] s[79] s[60] s[103] - s[100] calc_s[4] s[72] calc_s[31] s[75] calc_s[100] s[78] calc_s[103] s[65] calc_s[30] - s[64] calc_s[3] - s[99] calc_s[99] s[77] calc_s[17] - s[62] calc_s[2] s[79] - s[100] s[103] s[60] calc_s[23] - s[63] guess s[74] **92 s[76] calc_s[28] - s[74] guess s[72] calc_s[31] - s[75] calc_s[100] - s[78] calc_s[103] - s[65] calc_s[30] - s[64] calc_s[3] - s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] s[68] calc_s[10] s[74] s[63] s[60] s[103] - s[100] calc_s[24] - s[72] calc_s[31] s[75] calc_s[100] - s[78] calc_s[103] s[65] calc_s[30] s[64] calc_s[3] s[99] calc_s[99] s[77] calc_s[17] s[62] calc_s[2] s[63] - s[100] s[103] s[60] calc_s[4] - s[76] calc_s[28] - s[74] guess s[72] calc_s[31] s[75] calc_s[100] s[78] calc_s[103] s[65] calc_s[30] s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] - s[68] calc_s[10] s[74] - s[100] s[103] s[60] calc_s[24] - s[72] calc_s[31] - s[75] calc_s[100] s[78] calc_s[103] - s[65] calc_s[30] - s[64] calc_s[3] - s[99] calc_s[99] s[77] calc_s[17] s[62] calc_s[2] - s[100] s[103] s[60] calc_s[4] s[74] **83 s[79] **96 s[102] **87 - s[63] guess s[76] calc_s[28] - s[79] guess s[72] calc_s[31] s[75] calc_s[100] s[78] calc_s[103] s[65] calc_s[30] s[64] calc_s[3] - s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] s[68] calc_s[10] s[79] s[63] s[104] s[60] s[103] calc_s[104] - s[72] calc_s[31] - s[75] calc_s[100] s[78] calc_s[103] - s[65] calc_s[30] s[64] calc_s[3] s[99] **67 s[63] s[103] s[60] s[104] calc_s[99] - s[76] calc_s[28] - s[79] guess s[72] calc_s[31] - s[75] calc_s[100] - s[78] calc_s[103] - s[65] calc_s[30] - s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] - s[68] calc_s[10] s[79] s[103] s[60] s[104] calc_s[104] - s[72] calc_s[31] s[75] calc_s[100] - s[78] calc_s[103] s[65] calc_s[30] - s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] s[62] calc_s[2] s[103] s[104] s[60] calc_s[4] - s[79] guess s[63] **103 s[74] **105 s[78] **106 - s[63] guess s[74] **101 s[78] **102 s[76] calc_s[28] s[75] **100 - s[74] guess - s[72] calc_s[31] - s[100] guess - s[75] calc_s[100] - s[78] calc_s[103] s[65] calc_s[30] s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] s[62] calc_s[2] s[75] s[74] s[79] s[63] s[60] - s[103] calc_s[4] s[100] calc_s[100] s[78] calc_s[103] - s[65] calc_s[30] s[64] calc_s[3] - s[99] calc_s[99] s[77] calc_s[17] s[62] calc_s[2] s[74] s[63] s[79] s[60] - s[103] calc_s[4] s[72] calc_s[31] - s[78] guess - s[65] calc_s[30] s[75] calc_s[103] - s[64] calc_s[3] - s[99] calc_s[99] s[77] calc_s[17] - s[62] calc_s[2] - s[100] calc_s[100] - s[68] calc_s[10] s[78] s[63] s[104] s[79] s[60] calc_s[104] s[65] calc_s[30] - s[75] calc_s[103] - s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] s[63] s[79] s[60] s[104] calc_s[23] - s[76] calc_s[28] s[78] **104 - s[74] guess - s[72] calc_s[31] - s[78] guess s[65] calc_s[30] - s[75] calc_s[103] - s[64] calc_s[3] s[99] calc_s[99] s[77] calc_s[17] s[62] calc_s[2] s[78] s[74] s[79] - s[63] s[60] - s[103] calc_s[4] - s[65] calc_s[30] s[75] calc_s[103] - s[64] calc_s[3] - s[99] calc_s[99] - s[77] calc_s[17] s[62] calc_s[2] s[74] s[79] s[60] - s[63] - s[103] calc_s[4] s[72] calc_s[31] - s[78] guess - s[65] calc_s[30] s[75] calc_s[103] s[64] calc_s[3] - s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] s[78] - s[63] s[60] s[79] - s[103] calc_s[23] s[65] calc_s[30] - s[75] calc_s[103] s[64] calc_s[3] s[99] calc_s[99] s[77] calc_s[17] - s[62] calc_s[2] - s[100] calc_s[100] s[68] calc_s[10] s[79] s[104] s[60] calc_s[104] - s[74] guess s[63] **109 s[78] **110 s[72] calc_s[31] s[78] **108 - s[63] guess s[76] calc_s[28] - s[78] guess - s[65] calc_s[30] s[75] calc_s[103] s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] s[78] s[63] s[60] - s[79] s[74] - s[103] calc_s[23] s[65] calc_s[30] - s[75] calc_s[103] s[64] calc_s[3] - s[99] calc_s[99] s[77] calc_s[17] - s[62] calc_s[2] s[100] calc_s[100] - s[68] calc_s[10] s[63] s[74] - s[79] s[60] - s[103] calc_s[24] - s[76] calc_s[28] - s[78] guess - s[65] calc_s[30] s[75] calc_s[103] - s[64] calc_s[3] s[99] calc_s[99] s[77] calc_s[17] - s[62] calc_s[2] s[100] calc_s[100] s[68] calc_s[10] s[78] s[74] - s[79] s[60] - s[103] calc_s[24] s[65] calc_s[30] - s[75] calc_s[103] - s[64] calc_s[3] - s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] s[74] - s[79] s[60] - s[103] calc_s[23] - s[72] calc_s[31] s[78] **112 - s[63] guess s[76] calc_s[28] - s[78] guess s[65] calc_s[30] - s[75] calc_s[103] - s[64] calc_s[3] - s[99] calc_s[99] s[77] calc_s[17] s[62] calc_s[2] s[78] s[63] - s[79] s[60] - s[103] calc_s[4] - s[65] calc_s[30] s[75] calc_s[103] - s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] s[62] calc_s[2] s[63] - s[79] s[60] - s[103] calc_s[4] - s[76] calc_s[28] - s[78] guess s[65] calc_s[30] - s[75] calc_s[103] s[64] calc_s[3] - s[99] calc_s[99] - s[77] calc_s[17] s[62] calc_s[2] s[78] - s[79] s[60] - s[103] calc_s[4] - s[65] calc_s[30] s[75] calc_s[103] s[64] calc_s[3] s[99] calc_s[99] s[77] calc_s[17] s[62] calc_s[2] s[104] s[60] calc_s[4] - s[63] guess s[74] **117 s[103] **119 s[78] **120 s[76] calc_s[28] s[103] **116 - s[74] guess - s[79] guess - s[103] **101 - s[72] calc_s[31] - s[100] **95 s[102] **85 s[103] s[74] s[60] s[63] **81 - s[79] **113 s[74] s[63] s[60] **101 - s[103] guess s[79] **118 - s[100] **95 s[102] **85 - s[79] guess s[72] calc_s[31] s[75] calc_s[100] s[78] calc_s[103] s[65] calc_s[30] s[64] calc_s[3] - s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] s[68] calc_s[10] s[79] s[103] s[60] s[63] calc_s[24] - s[72] calc_s[31] - s[75] calc_s[100] s[78] calc_s[103] - s[65] calc_s[30] s[64] calc_s[3] s[99] **67 s[103] s[63] s[60] calc_s[99] - s[79] **113 s[72] calc_s[31] - s[78] guess - s[65] calc_s[30] s[75] calc_s[103] - s[64] calc_s[3] - s[99] calc_s[99] s[77] calc_s[17] - s[62] calc_s[2] - s[100] calc_s[100] - s[68] calc_s[10] s[78] s[63] s[60] calc_s[24] s[65] calc_s[30] - s[75] calc_s[103] - s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] s[63] s[60] calc_s[23] - s[76] calc_s[28] s[103] **122 - s[74] guess - s[103] guess - s[100] **95 s[102] **87 s[103] s[74] s[60] **83 - s[79] **111 s[74] s[60] **105 - s[103] guess s[79] **124 - s[100] **95 s[102] **87 - s[79] guess s[72] calc_s[31] - s[75] calc_s[100] - s[78] calc_s[103] - s[65] calc_s[30] - s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] - s[68] calc_s[10] s[79] s[103] s[60] calc_s[24] - s[72] calc_s[31] s[75] calc_s[100] - s[78] calc_s[103] s[65] calc_s[30] - s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] s[62] calc_s[2] s[103] s[60] calc_s[4] - s[79] guess s[78] **106 s[72] calc_s[31] s[65] calc_s[30] - s[75] calc_s[103] s[64] calc_s[3] s[99] calc_s[99] s[77] calc_s[17] - s[62] calc_s[2] - s[100] calc_s[100] s[68] calc_s[10] s[79] s[60] calc_s[24] s[78] **114 - s[72] calc_s[31] - s[65] calc_s[30] s[75] calc_s[103] s[64] calc_s[3] s[99] calc_s[99] s[77] calc_s[17] s[62] calc_s[2] s[60] calc_s[4] node66 s[60] learnt unit clause s[74] learnt unit clause - s[74] guess s[103] **134 s[63] **138 s[79] **140 s[78] **141 - s[103] guess s[63] **130 s[79] **132 s[78] **133 - s[63] guess s[79] **128 s[78] **129 s[76] calc_s[28] s[78] **127 - s[79] guess s[72] calc_s[31] - s[78] guess - s[65] calc_s[30] - s[75] calc_s[103] - s[64] calc_s[3] - s[99] calc_s[99] s[77] calc_s[17] s[62] calc_s[2] s[78] s[79] s[63] s[74] s[103] calc_s[23] s[65] calc_s[30] s[75] calc_s[103] - s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] s[62] calc_s[2] s[100] calc_s[100] s[68] calc_s[10] s[85] calc_s[85] s[79] s[63] s[74] s[103] calc_s[25] - s[72] calc_s[31] - s[78] guess s[65] calc_s[30] s[75] calc_s[103] - s[64] calc_s[3] - s[99] calc_s[99] s[77] calc_s[17] - s[62] calc_s[2] s[78] s[63] s[74] s[103] calc_s[4] - s[65] calc_s[30] - s[75] calc_s[103] - s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] s[63] s[103] s[74] calc_s[4] - s[76] calc_s[28] s[78] **131 - s[79] guess s[72] calc_s[31] - s[78] guess - s[65] calc_s[30] - s[75] calc_s[103] s[64] calc_s[3] - s[99] calc_s[99] - s[77] calc_s[17] s[62] calc_s[2] s[100] calc_s[100] - s[68] calc_s[10] s[85] calc_s[85] s[78] s[79] s[74] s[103] calc_s[25] s[65] calc_s[30] s[75] calc_s[103] s[64] calc_s[3] s[99] calc_s[99] s[77] calc_s[17] s[62] calc_s[2] s[79] s[103] s[74] calc_s[23] - s[72] calc_s[31] - s[86] guess - s[78] guess s[65] calc_s[30] s[75] calc_s[103] s[64] calc_s[3] - s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] s[78] s[103] s[74] calc_s[4] - s[65] calc_s[30] - s[75] calc_s[103] s[64] calc_s[3] s[99] calc_s[99] s[77] calc_s[17] - s[62] calc_s[2] s[103] s[74] calc_s[4] - s[63] guess s[79] **136 s[78] **137 s[76] calc_s[28] s[78] **135 - s[79] guess s[72] calc_s[31] - s[78] guess - s[65] calc_s[30] s[75] calc_s[103] s[64] calc_s[3] s[99] calc_s[99] s[77] calc_s[17] s[62] calc_s[2] s[100] calc_s[100] - s[68] calc_s[10] s[85] calc_s[85] s[78] s[79] s[74] s[63] calc_s[25] s[65] calc_s[30] - s[75] calc_s[103] s[64] calc_s[3] - s[99] calc_s[99] - s[77] calc_s[17] s[62] calc_s[2] s[79] s[63] s[74] calc_s[23] - s[72] calc_s[31] - s[78] guess s[65] calc_s[30] - s[75] calc_s[103] s[64] calc_s[3] s[99] calc_s[99] s[77] calc_s[17] - s[62] calc_s[2] s[78] s[63] s[74] calc_s[4] - s[65] calc_s[30] s[75] calc_s[103] s[64] calc_s[3] - s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] s[63] s[74] calc_s[4] - s[76] calc_s[28] s[78] **139 - s[79] guess s[72] calc_s[31] - s[78] guess - s[65] calc_s[30] s[75] calc_s[103] - s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] s[62] calc_s[2] s[78] s[79] s[74] calc_s[23] s[65] calc_s[30] - s[75] calc_s[103] - s[64] calc_s[3] - s[99] calc_s[99] s[77] calc_s[17] s[62] calc_s[2] s[100] calc_s[100] s[68] calc_s[10] s[85] calc_s[85] s[79] s[74] calc_s[25] - s[72] calc_s[31] - s[78] guess s[65] calc_s[30] - s[75] calc_s[103] - s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] s[78] s[74] calc_s[4] - s[65] calc_s[30] s[75] calc_s[103] - s[64] calc_s[3] - s[99] calc_s[99] s[77] calc_s[17] - s[62] calc_s[2] s[74] calc_s[4] - s[103] guess s[63] **145 s[79] **147 s[78] **148 - s[63] guess s[79] **143 s[78] **144 s[76] calc_s[28] s[78] **142 - s[79] guess - s[72] calc_s[31] - s[78] guess s[65] calc_s[30] s[75] calc_s[103] s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] s[78] s[79] s[63] s[103] calc_s[4] - s[65] calc_s[30] - s[75] calc_s[103] s[64] calc_s[3] - s[99] calc_s[99] s[77] calc_s[17] - s[62] calc_s[2] s[79] s[63] s[103] calc_s[4] s[72] calc_s[31] - s[78] guess - s[65] calc_s[30] - s[75] calc_s[103] s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] s[62] calc_s[2] - s[100] calc_s[100] s[68] calc_s[10] - s[85] calc_s[85] s[78] s[63] s[103] calc_s[16] s[65] calc_s[30] s[75] calc_s[103] s[64] calc_s[3] - s[99] calc_s[99] s[77] calc_s[17] s[62] calc_s[2] s[63] s[103] calc_s[23] - s[76] calc_s[28] s[78] **146 - s[79] guess - s[72] calc_s[31] - s[78] guess s[65] calc_s[30] s[75] calc_s[103] - s[64] calc_s[3] s[99] calc_s[99] s[77] calc_s[17] - s[62] calc_s[2] s[78] s[79] s[103] calc_s[4] - s[65] calc_s[30] - s[75] calc_s[103] - s[64] calc_s[3] - s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] s[79] s[103] calc_s[4] s[72] calc_s[31] - s[78] guess - s[65] calc_s[30] - s[75] calc_s[103] - s[64] calc_s[3] s[99] calc_s[99] s[77] calc_s[17] s[62] calc_s[2] s[78] s[103] calc_s[23] s[65] calc_s[30] s[75] calc_s[103] - s[64] calc_s[3] - s[99] calc_s[99] - s[77] calc_s[17] s[62] calc_s[2] - s[100] calc_s[100] - s[68] calc_s[10] - s[85] calc_s[85] - s[92] calc_s[92] - s[61] calc_s[18] s[93] calc_s[93] - s[104] calc_s[104] - s[83] calc_s[83] s[87] calc_s[87] s[96] calc_s[96] - s[102] calc_s[102] s[81] calc_s[81] s[97] calc_s[97] - s[90] calc_s[90] - s[98] calc_s[98] - s[82] calc_s[82] - s[88] calc_s[88] - s[84] calc_s[84] - s[101] calc_s[101] s[80] calc_s[80] - s[94] calc_s[94] - s[95] calc_s[95] s[89] calc_s[89] - s[91] calc_s[91] - s[86] calc_s[86] MODEL First conflict Solution Found Backtrack Guess until conflict Start 6
CryptoMiniSat SAT solver that excels at cryptography General purpose: won SAT Race’10 0 1000 2000 3000 4000 5000 6000 80 100 120 140 160 180 200 220 240 Time(s) No. solved instances from SAT Comp’09 MiniSat 2.2 lingeling PrecoSat465 CryptoMiniSat SAT Comp’11 Collaborative: GPL, mailing list, regular releases 7
Demo 1 Generate HiTag2 problem: Grain-of-Salt tool 2 Solve it using CryptoMiniSat 3 Analyse results: ≈ 2 days to break 8
Conclusion SAT solvers are powerful tools to break weak cryptography CryptoMiniSat, a leading SAT solver, is waiting for your contribution Weak ciphers like HiTag2 should not be used in high-value applications 9

Recommended

Cepa andaluza by paco de lucia
Cepa andaluza by paco de luciaCepa andaluza by paco de lucia
Cepa andaluza by paco de lucia
Juan Luis Menares, Arquitecto
 
Assertividade texto 01 folha
Assertividade texto 01 folhaAssertividade texto 01 folha
Assertividade texto 01 folha
Aldo Bianco
 
Social media strategy project 1
Social media strategy project 1Social media strategy project 1
Social media strategy project 1
University of Florida
 
Digital library futures_milan_25_aug
Digital library futures_milan_25_augDigital library futures_milan_25_aug
Digital library futures_milan_25_aug
Anna Maria Tammaro
 
Catalog Enrichment for RDA - Adding relationship designators (in Koha) [text]
Catalog Enrichment for RDA - Adding relationship designators (in Koha) [text]Catalog Enrichment for RDA - Adding relationship designators (in Koha) [text]
Catalog Enrichment for RDA - Adding relationship designators (in Koha) [text]
Stefano Bargioni
 
Oficina: Modelagem de Negócio - iDelta
Oficina: Modelagem de Negócio - iDeltaOficina: Modelagem de Negócio - iDelta
Oficina: Modelagem de Negócio - iDelta
Paulo César Coutinho
 
Slides aula 1 introdução ao empreendedorismo rev.sam
Slides aula 1 introdução ao empreendedorismo rev.samSlides aula 1 introdução ao empreendedorismo rev.sam
Slides aula 1 introdução ao empreendedorismo rev.sam
Girlany Rino
 
Slides aula 9 plano de marketing rev.sam
Slides aula 9 plano de marketing rev.samSlides aula 9 plano de marketing rev.sam
Slides aula 9 plano de marketing rev.sam
Girlany Rino
 

Recommended

Cepa andaluza by paco de lucia
Cepa andaluza by paco de luciaCepa andaluza by paco de lucia
Cepa andaluza by paco de lucia
Juan Luis Menares, Arquitecto
 
Assertividade texto 01 folha
Assertividade texto 01 folhaAssertividade texto 01 folha
Assertividade texto 01 folha
Aldo Bianco
 
Social media strategy project 1
Social media strategy project 1Social media strategy project 1
Social media strategy project 1
University of Florida
 
Digital library futures_milan_25_aug
Digital library futures_milan_25_augDigital library futures_milan_25_aug
Digital library futures_milan_25_aug
Anna Maria Tammaro
 
Catalog Enrichment for RDA - Adding relationship designators (in Koha) [text]
Catalog Enrichment for RDA - Adding relationship designators (in Koha) [text]Catalog Enrichment for RDA - Adding relationship designators (in Koha) [text]
Catalog Enrichment for RDA - Adding relationship designators (in Koha) [text]
Stefano Bargioni
 
Oficina: Modelagem de Negócio - iDelta
Oficina: Modelagem de Negócio - iDeltaOficina: Modelagem de Negócio - iDelta
Oficina: Modelagem de Negócio - iDelta
Paulo César Coutinho
 
Slides aula 1 introdução ao empreendedorismo rev.sam
Slides aula 1 introdução ao empreendedorismo rev.samSlides aula 1 introdução ao empreendedorismo rev.sam
Slides aula 1 introdução ao empreendedorismo rev.sam
Girlany Rino
 
Slides aula 9 plano de marketing rev.sam
Slides aula 9 plano de marketing rev.samSlides aula 9 plano de marketing rev.sam
Slides aula 9 plano de marketing rev.sam
Girlany Rino
 
Rkf
RkfRkf
Rkf
faintcardy
 
Statistics & Decision Science for Agile - A Guided Tour
Statistics & Decision Science for Agile - A Guided TourStatistics & Decision Science for Agile - A Guided Tour
Statistics & Decision Science for Agile - A Guided Tour
Sanjaya K Saxena
 
Algebra and Trigonometry 9th Edition Larson Solutions Manual
Algebra and Trigonometry 9th Edition Larson Solutions ManualAlgebra and Trigonometry 9th Edition Larson Solutions Manual
Algebra and Trigonometry 9th Edition Larson Solutions Manual
kejeqadaqo
 
Arna Friend Controls II Final
Arna Friend Controls II FinalArna Friend Controls II Final
Arna Friend Controls II Final
Arna Friend
 
Data Smashing
Data SmashingData Smashing
Data Smashing
Ishanu Chattopadhyay
 
Likelihood approximation with parallel hierarchical matrices for large spatia...
Likelihood approximation with parallel hierarchical matrices for large spatia...Likelihood approximation with parallel hierarchical matrices for large spatia...
Likelihood approximation with parallel hierarchical matrices for large spatia...
Alexander Litvinenko
 
Poster litvinenko genton_ying_hpcsaudi17
Poster litvinenko genton_ying_hpcsaudi17Poster litvinenko genton_ying_hpcsaudi17
Poster litvinenko genton_ying_hpcsaudi17
Alexander Litvinenko
 
Game theory
Game theoryGame theory
Game theory
sairajch10
 
Selective codes
Selective codesSelective codes
Selective codes
Siva Gopal
 
Test s velocity_15_5_4
Test s velocity_15_5_4Test s velocity_15_5_4
Test s velocity_15_5_4
Kunihiko Saito
 
Rabotna tetratka 5 odd
Rabotna tetratka 5 oddRabotna tetratka 5 odd
Rabotna tetratka 5 odd
Mira Trajkoska
 
C PROGRAMS - SARASWATHI RAMALINGAM
C PROGRAMS - SARASWATHI RAMALINGAMC PROGRAMS - SARASWATHI RAMALINGAM
C PROGRAMS - SARASWATHI RAMALINGAM
SaraswathiRamalingam
 
LCS35
LCS35LCS35
LCS35
XequeMateShannon
 
論文紹介 Hyperkernel: Push-Button Verification of an OS Kernel (SOSP’17)
論文紹介 Hyperkernel: Push-Button Verification of an OS Kernel (SOSP’17)論文紹介 Hyperkernel: Push-Button Verification of an OS Kernel (SOSP’17)
論文紹介 Hyperkernel: Push-Button Verification of an OS Kernel (SOSP’17)
mmisono
 
PVS-Studio team experience: checking various open source projects, or mistake...
PVS-Studio team experience: checking various open source projects, or mistake...PVS-Studio team experience: checking various open source projects, or mistake...
PVS-Studio team experience: checking various open source projects, or mistake...
Andrey Karpov
 
Sequential Learning in the Position-Based Model
Sequential Learning in the Position-Based ModelSequential Learning in the Position-Based Model
Sequential Learning in the Position-Based Model
recsysfr
 
DSP LAB COMPLETE CODES.docx
DSP LAB COMPLETE CODES.docxDSP LAB COMPLETE CODES.docx
DSP LAB COMPLETE CODES.docx
MUMAR57
 
Ernest f. haeussler, richard s. paul y richard j. wood. matemáticas para admi...
Ernest f. haeussler, richard s. paul y richard j. wood. matemáticas para admi...Ernest f. haeussler, richard s. paul y richard j. wood. matemáticas para admi...
Ernest f. haeussler, richard s. paul y richard j. wood. matemáticas para admi...
Jhonatan Minchán
 
Solucionario de matemáticas para administación y economia
Solucionario de matemáticas para administación y economiaSolucionario de matemáticas para administación y economia
Solucionario de matemáticas para administación y economia
Luis Perez Anampa
 
31350052 introductory-mathematical-analysis-textbook-solution-manual
31350052 introductory-mathematical-analysis-textbook-solution-manual31350052 introductory-mathematical-analysis-textbook-solution-manual
31350052 introductory-mathematical-analysis-textbook-solution-manual
Mahrukh Khalid
 

More Related Content

Similar to Hes2011

Rkf
RkfRkf
Rkf
faintcardy
 
Statistics & Decision Science for Agile - A Guided Tour
Statistics & Decision Science for Agile - A Guided TourStatistics & Decision Science for Agile - A Guided Tour
Statistics & Decision Science for Agile - A Guided Tour
Sanjaya K Saxena
 
Algebra and Trigonometry 9th Edition Larson Solutions Manual
Algebra and Trigonometry 9th Edition Larson Solutions ManualAlgebra and Trigonometry 9th Edition Larson Solutions Manual
Algebra and Trigonometry 9th Edition Larson Solutions Manual
kejeqadaqo
 
Arna Friend Controls II Final
Arna Friend Controls II FinalArna Friend Controls II Final
Arna Friend Controls II Final
Arna Friend
 
Data Smashing
Data SmashingData Smashing
Data Smashing
Ishanu Chattopadhyay
 
Likelihood approximation with parallel hierarchical matrices for large spatia...
Likelihood approximation with parallel hierarchical matrices for large spatia...Likelihood approximation with parallel hierarchical matrices for large spatia...
Likelihood approximation with parallel hierarchical matrices for large spatia...
Alexander Litvinenko
 
Poster litvinenko genton_ying_hpcsaudi17
Poster litvinenko genton_ying_hpcsaudi17Poster litvinenko genton_ying_hpcsaudi17
Poster litvinenko genton_ying_hpcsaudi17
Alexander Litvinenko
 
Game theory
Game theoryGame theory
Game theory
sairajch10
 
Selective codes
Selective codesSelective codes
Selective codes
Siva Gopal
 
Test s velocity_15_5_4
Test s velocity_15_5_4Test s velocity_15_5_4
Test s velocity_15_5_4
Kunihiko Saito
 
Rabotna tetratka 5 odd
Rabotna tetratka 5 oddRabotna tetratka 5 odd
Rabotna tetratka 5 odd
Mira Trajkoska
 
C PROGRAMS - SARASWATHI RAMALINGAM
C PROGRAMS - SARASWATHI RAMALINGAMC PROGRAMS - SARASWATHI RAMALINGAM
C PROGRAMS - SARASWATHI RAMALINGAM
SaraswathiRamalingam
 
LCS35
LCS35LCS35
LCS35
XequeMateShannon
 
論文紹介 Hyperkernel: Push-Button Verification of an OS Kernel (SOSP’17)
論文紹介 Hyperkernel: Push-Button Verification of an OS Kernel (SOSP’17)論文紹介 Hyperkernel: Push-Button Verification of an OS Kernel (SOSP’17)
論文紹介 Hyperkernel: Push-Button Verification of an OS Kernel (SOSP’17)
mmisono
 
PVS-Studio team experience: checking various open source projects, or mistake...
PVS-Studio team experience: checking various open source projects, or mistake...PVS-Studio team experience: checking various open source projects, or mistake...
PVS-Studio team experience: checking various open source projects, or mistake...
Andrey Karpov
 
Sequential Learning in the Position-Based Model
Sequential Learning in the Position-Based ModelSequential Learning in the Position-Based Model
Sequential Learning in the Position-Based Model
recsysfr
 
DSP LAB COMPLETE CODES.docx
DSP LAB COMPLETE CODES.docxDSP LAB COMPLETE CODES.docx
DSP LAB COMPLETE CODES.docx
MUMAR57
 
Ernest f. haeussler, richard s. paul y richard j. wood. matemáticas para admi...
Ernest f. haeussler, richard s. paul y richard j. wood. matemáticas para admi...Ernest f. haeussler, richard s. paul y richard j. wood. matemáticas para admi...
Ernest f. haeussler, richard s. paul y richard j. wood. matemáticas para admi...
Jhonatan Minchán
 
Solucionario de matemáticas para administación y economia
Solucionario de matemáticas para administación y economiaSolucionario de matemáticas para administación y economia
Solucionario de matemáticas para administación y economia
Luis Perez Anampa
 
31350052 introductory-mathematical-analysis-textbook-solution-manual
31350052 introductory-mathematical-analysis-textbook-solution-manual31350052 introductory-mathematical-analysis-textbook-solution-manual
31350052 introductory-mathematical-analysis-textbook-solution-manual
Mahrukh Khalid
 

Similar to Hes2011 (20)

Rkf
RkfRkf
Rkf
 
Statistics & Decision Science for Agile - A Guided Tour
Statistics & Decision Science for Agile - A Guided TourStatistics & Decision Science for Agile - A Guided Tour
Statistics & Decision Science for Agile - A Guided Tour
 
Algebra and Trigonometry 9th Edition Larson Solutions Manual
Algebra and Trigonometry 9th Edition Larson Solutions ManualAlgebra and Trigonometry 9th Edition Larson Solutions Manual
Algebra and Trigonometry 9th Edition Larson Solutions Manual
 
Arna Friend Controls II Final
Arna Friend Controls II FinalArna Friend Controls II Final
Arna Friend Controls II Final
 
Data Smashing
Data SmashingData Smashing
Data Smashing
 
Likelihood approximation with parallel hierarchical matrices for large spatia...
Likelihood approximation with parallel hierarchical matrices for large spatia...Likelihood approximation with parallel hierarchical matrices for large spatia...
Likelihood approximation with parallel hierarchical matrices for large spatia...
 
Poster litvinenko genton_ying_hpcsaudi17
Poster litvinenko genton_ying_hpcsaudi17Poster litvinenko genton_ying_hpcsaudi17
Poster litvinenko genton_ying_hpcsaudi17
 
Game theory
Game theoryGame theory
Game theory
 
Selective codes
Selective codesSelective codes
Selective codes
 
Test s velocity_15_5_4
Test s velocity_15_5_4Test s velocity_15_5_4
Test s velocity_15_5_4
 
Rabotna tetratka 5 odd
Rabotna tetratka 5 oddRabotna tetratka 5 odd
Rabotna tetratka 5 odd
 
C PROGRAMS - SARASWATHI RAMALINGAM
C PROGRAMS - SARASWATHI RAMALINGAMC PROGRAMS - SARASWATHI RAMALINGAM
C PROGRAMS - SARASWATHI RAMALINGAM
 
LCS35
LCS35LCS35
LCS35
 
論文紹介 Hyperkernel: Push-Button Verification of an OS Kernel (SOSP’17)
論文紹介 Hyperkernel: Push-Button Verification of an OS Kernel (SOSP’17)論文紹介 Hyperkernel: Push-Button Verification of an OS Kernel (SOSP’17)
論文紹介 Hyperkernel: Push-Button Verification of an OS Kernel (SOSP’17)
 
PVS-Studio team experience: checking various open source projects, or mistake...
PVS-Studio team experience: checking various open source projects, or mistake...PVS-Studio team experience: checking various open source projects, or mistake...
PVS-Studio team experience: checking various open source projects, or mistake...
 
Sequential Learning in the Position-Based Model
Sequential Learning in the Position-Based ModelSequential Learning in the Position-Based Model
Sequential Learning in the Position-Based Model
 
DSP LAB COMPLETE CODES.docx
DSP LAB COMPLETE CODES.docxDSP LAB COMPLETE CODES.docx
DSP LAB COMPLETE CODES.docx
 
Ernest f. haeussler, richard s. paul y richard j. wood. matemáticas para admi...
Ernest f. haeussler, richard s. paul y richard j. wood. matemáticas para admi...Ernest f. haeussler, richard s. paul y richard j. wood. matemáticas para admi...
Ernest f. haeussler, richard s. paul y richard j. wood. matemáticas para admi...
 
Solucionario de matemáticas para administación y economia
Solucionario de matemáticas para administación y economiaSolucionario de matemáticas para administación y economia
Solucionario de matemáticas para administación y economia
 
31350052 introductory-mathematical-analysis-textbook-solution-manual
31350052 introductory-mathematical-analysis-textbook-solution-manual31350052 introductory-mathematical-analysis-textbook-solution-manual
31350052 introductory-mathematical-analysis-textbook-solution-manual
 

Hes2011

  • 1. Breaking Industrial Ciphers at a Whim MATE SOOS PRESENTATION AT HES’11
  • 2. Story line 1 HiTag2: reverse-engineered proprietary cipher 2 Analytic tools are needed to investigate them 3 CryptoMiniSat: free software tool to test ciphers (and to break them) 2
  • 3. Philips HiTag2 Cipher For access control: cars, army buildings Proprietary: reverse-engineered by Karsten Nohl and Sean O’Neil Feedback linear(!), filter non-linear 3
  • 4. SAT Solvers Input: CNF, an “and of or-s’ (x1 ∨ ¬x3) ∧ (¬x2 ∨ x3) ∧ (x1 ∨ x2) Crypto-problem needs conversion Uses DPLL(ϕ) algorithm 1 If (formula ϕ trivial) return SAT/UNSAT 2 ret ← DPLL(ϕ with v ← true) 3 If (ret = SAT) return SAT 4 ret ← DPLL(ϕ with v ← false) 5 If (ret = SAT) return SAT 6 return UNSAT 4
  • 5. Toy Example (¬x1 ∨ ¬x2 ∨ x3) ∧ (¬x1 ∨ x2) ∧ (¬x1 ∨ ¬x2) Clause 1 Clause 2 Clause 3 1 Guess: x1 = True 2 Clause 2: x2 = True 3 Clause 3: impossible! Reverse guess. 4 x1 = False 5 Good, everything is satisfied! 5
  • 6. Example Search Tree BEGIN - s[60] guess - s[104] guess s[104] **115 s[63] **121 s[74] **123 s[103] **125 s[79] **126 - s[103] guess s[103] **99 s[79] **107 s[74] **111 s[63] **113 s[78] **114 - s[102] guess - s[100] **95 s[63] **97 s[79] **98 - s[101] guess s[100] **87 s[79] **91 s[63] **93 s[74] **94 - s[100] guess - s[99] guess s[99] **79 s[74] **83 s[63] **85 s[79] **86 - s[98] guess s[96] **72 s[63] **75 s[79] **77 s[74] **78 - s[97] guess - s[96] guess - s[95] guess - s[79] **68 s[63] **70 s[74] **71 - s[94] guess - s[93] guess - s[92] guess - s[91] guess - s[90] guess - s[89] guess - s[88] guess - s[87] guess - s[86] guess - s[85] guess - s[84] guess s[79] **64 s[74] **66 s[65] **67 - s[83] guess - s[82] guess - s[81] guess - s[80] guess - s[79] guess - s[78] guess s[78] **60 s[63] **62 s[65] **63 - s[77] guess s[77] **58 s[74] **59 - s[76] guess s[76] **57 s[63] calc_s[28] - s[65] calc_s[17] s[72] calc_s[30] s[74] calc_s[93] - s[62] calc_s[2] - s[75] calc_s[100] - s[61] calc_s[80] s[76] s[77] s[78] s[102] s[79] s[100] s[60] s[93] calc_s[102] - s[63] calc_s[28] s[65] calc_s[17] - s[72] calc_s[30] s[74] calc_s[93] s[77] s[78] s[79] s[60] s[93] s[102] s[100] calc_s[31] - s[74] guess - s[72] calc_s[31] s[65] calc_s[30] - s[63] calc_s[93] s[74] - s[77] s[79] s[78] s[93] s[60] calc_s[17] s[72] calc_s[31] - s[65] calc_s[30] - s[63] calc_s[93] s[75] calc_s[99] s[76] calc_s[28] s[78] s[79] s[60] s[103] s[99] s[93] s[102] s[100] calc_s[103] - s[63] guess s[74] **61 s[76] calc_s[28] - s[74] guess - s[72] calc_s[31] - s[75] calc_s[103] - s[65] calc_s[30] s[74] s[63] s[99] s[60] - s[78] s[79] s[103] calc_s[99] s[72] calc_s[31] s[75] calc_s[103] s[65] calc_s[30] s[64] calc_s[4] s[62] calc_s[96] s[61] calc_s[80] s[77] calc_s[93] s[63] s[79] - s[78] s[93] s[60] s[99] s[103] calc_s[17] - s[76] calc_s[28] - s[65] guess - s[72] calc_s[30] - s[77] calc_s[17] s[62] calc_s[2] - s[74] calc_s[31] - s[64] calc_s[104] s[75] calc_s[96] s[65] - s[78] s[79] s[85] - s[63] s[96] s[104] s[60] calc_s[85] s[72] calc_s[30] s[77] calc_s[17] - s[62] calc_s[2] s[74] calc_s[31] s[79] s[85] s[60] s[93] s[96] s[104] s[99] s[103] s[102] s[100] calc_s[93] - s[74] guess s[63] **65 s[72] calc_s[31] - s[63] guess s[76] calc_s[28] s[75] calc_s[100] s[78] calc_s[103] - s[65] calc_s[99] s[64] calc_s[4] s[63] s[74] s[60] - s[79] s[99] s[103] s[100] calc_s[3] - s[76] calc_s[28] - s[75] calc_s[100] - s[78] calc_s[103] - s[65] calc_s[99] s[64] calc_s[4] s[62] calc_s[96] s[77] calc_s[17] s[74] - s[79] s[60] s[96] s[99] s[103] s[100] calc_s[2] - s[72] calc_s[31] - s[65] guess s[78] calc_s[30] - s[75] calc_s[99] s[76] calc_s[100] - s[64] calc_s[4] - s[63] calc_s[28] - s[68] calc_s[10] s[77] calc_s[104] s[65] - s[74] s[60] - s[79] s[100] s[99] calc_s[3] - s[78] calc_s[30] - s[75] calc_s[99] s[76] calc_s[100] s[64] calc_s[4] - s[63] calc_s[28] - s[79] s[96] s[103] s[100] s[99] s[60] calc_s[103] - s[63] guess s[74] **69 s[76] calc_s[28] - s[74] guess - s[78] **61 - s[72] calc_s[31] - s[75] calc_s[100] s[93] **60 s[65] calc_s[30] s[74] s[63] s[60] s[79] s[103] s[100] s[99] calc_s[103] s[72] calc_s[31] s[75] calc_s[100] s[62] calc_s[96] s[78] calc_s[103] - s[68] calc_s[27] - s[77] calc_s[102] - s[65] calc_s[2] s[61] calc_s[19] s[63] s[96] s[102] s[103] s[60] s[100] s[99] calc_s[7] - s[76] calc_s[28] - s[74] guess - s[72] calc_s[31] s[75] calc_s[100] s[62] calc_s[96] - s[78] calc_s[103] - s[68] calc_s[27] - s[77] calc_s[102] s[74] - s[63] s[60] s[79] s[103] s[96] s[100] calc_s[8] s[72] calc_s[31] - s[75] calc_s[100] s[62] calc_s[96] - s[78] calc_s[103] s[68] calc_s[27] - s[77] calc_s[102] s[65] calc_s[2] s[61] calc_s[19] s[96] s[99] s[102] s[103] s[100] s[60] calc_s[20] - s[63] guess s[74] **73 s[79] **74 s[76] calc_s[28] - s[74] guess - s[79] **65 s[74] s[63] s[60] s[103] s[100] s[99] **69 - s[79] guess s[72] calc_s[31] s[75] calc_s[100] - s[62] calc_s[96] s[78] calc_s[103] s[68] calc_s[27] s[77] calc_s[102] - s[65] calc_s[2] - s[61] calc_s[19] s[79] - s[74] s[60] s[63] s[102] s[103] - s[96] s[100] calc_s[7] s[65] **67 - s[72] calc_s[31] - s[75] calc_s[100] - s[78] calc_s[30] s[77] calc_s[17] s[62] calc_s[2] s[64] calc_s[4] s[63] s[99] s[100] s[60] s[102] s[103] calc_s[23] - s[76] calc_s[28] s[74] **76 - s[79] guess - s[74] guess - s[72] calc_s[31] s[75] calc_s[100] - s[62] calc_s[96] - s[78] calc_s[103] s[68] calc_s[27] s[77] calc_s[102] s[74] s[79] - s[63] s[60] s[103] - s[96] s[100] calc_s[8] s[72] calc_s[31] - s[75] calc_s[100] - s[62] calc_s[96] - s[78] calc_s[103] - s[68] calc_s[27] s[77] calc_s[102] s[65] calc_s[2] - s[61] calc_s[19] s[79] - s[63] s[60] s[102] s[103] - s[96] s[100] calc_s[20] - s[74] guess s[72] calc_s[31] - s[75] calc_s[100] - s[62] calc_s[96] - s[78] calc_s[103] - s[68] calc_s[27] - s[77] calc_s[102] s[74] - s[63] s[60] - s[79] s[103] - s[96] s[100] calc_s[8] s[65] **67 - s[72] calc_s[31] s[75] calc_s[100] - s[78] calc_s[30] s[99] s[100] s[60] s[103] s[102] calc_s[99] - s[74] guess s[63] **81 s[79] **82 - s[63] guess s[79] **80 s[76] calc_s[28] - s[79] guess - s[72] calc_s[31] - s[75] calc_s[100] s[78] calc_s[103] - s[65] calc_s[30] - s[64] calc_s[3] s[77] calc_s[17] s[62] calc_s[2] s[79] s[63] s[60] s[74] s[103] s[100] calc_s[4] s[72] calc_s[31] s[75] calc_s[100] s[78] calc_s[103] s[65] calc_s[30] - s[64] calc_s[3] s[77] calc_s[17] - s[62] calc_s[2] s[63] s[74] s[60] s[103] s[100] calc_s[23] - s[76] calc_s[28] - s[79] guess - s[96] **76 s[79] s[74] s[60] s[103] s[100] **71 - s[96] **78 s[72] calc_s[31] - s[75] calc_s[100] s[62] calc_s[96] - s[78] calc_s[103] s[68] calc_s[27] s[77] calc_s[102] s[74] s[100] s[103] s[60] calc_s[8] - s[63] guess s[79] **84 s[76] calc_s[28] - s[79] guess - s[96] **74 s[72] calc_s[31] s[75] calc_s[100] s[62] calc_s[96] s[78] calc_s[103] - s[68] calc_s[27] - s[77] calc_s[102] - s[65] calc_s[2] s[61] calc_s[19] s[79] s[63] s[60] s[102] s[103] s[100] calc_s[7] - s[72] calc_s[31] - s[75] calc_s[100] s[78] calc_s[103] - s[65] calc_s[30] s[63] s[100] s[103] s[60] s[102] calc_s[99] - s[76] calc_s[28] - s[79] guess - s[96] **77 s[72] calc_s[31] - s[75] calc_s[100] s[62] calc_s[96] - s[78] calc_s[103] s[68] calc_s[27] - s[77] calc_s[102] s[65] calc_s[2] s[61] calc_s[19] s[79] s[100] s[102] s[103] s[60] calc_s[20] - s[72] calc_s[31] s[75] calc_s[100] - s[78] calc_s[103] s[65] calc_s[30] - s[64] calc_s[3] - s[77] calc_s[17] s[62] calc_s[2] s[100] s[102] s[103] s[60] calc_s[4] - s[79] guess s[63] **89 s[74] **90 - s[63] guess s[74] **88 s[76] calc_s[28] - s[74] guess - s[72] calc_s[31] s[75] calc_s[100] - s[78] calc_s[103] s[65] calc_s[30] - s[64] calc_s[3] - s[99] calc_s[99] - s[77] calc_s[17] s[62] calc_s[2] s[74] s[63] s[79] s[60] s[103] - s[100] calc_s[4] s[72] calc_s[31] - s[75] calc_s[100] - s[78] calc_s[103] - s[65] calc_s[30] s[64] calc_s[3] s[99] calc_s[99] s[77] calc_s[17] - s[62] calc_s[2] s[63] s[79] s[60] s[103] - s[100] calc_s[23] - s[76] calc_s[28] - s[74] guess - s[72] calc_s[31] - s[75] calc_s[100] s[78] calc_s[103] - s[65] calc_s[30] s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] s[62] calc_s[2] s[74] s[79] s[60] s[103] - s[100] calc_s[4] s[72] calc_s[31] s[75] calc_s[100] s[78] calc_s[103] s[65] calc_s[30] - s[64] calc_s[3] - s[99] calc_s[99] s[77] calc_s[17] - s[62] calc_s[2] s[79] - s[100] s[103] s[60] calc_s[23] - s[63] guess s[74] **92 s[76] calc_s[28] - s[74] guess s[72] calc_s[31] - s[75] calc_s[100] - s[78] calc_s[103] - s[65] calc_s[30] - s[64] calc_s[3] - s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] s[68] calc_s[10] s[74] s[63] s[60] s[103] - s[100] calc_s[24] - s[72] calc_s[31] s[75] calc_s[100] - s[78] calc_s[103] s[65] calc_s[30] s[64] calc_s[3] s[99] calc_s[99] s[77] calc_s[17] s[62] calc_s[2] s[63] - s[100] s[103] s[60] calc_s[4] - s[76] calc_s[28] - s[74] guess s[72] calc_s[31] s[75] calc_s[100] s[78] calc_s[103] s[65] calc_s[30] s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] - s[68] calc_s[10] s[74] - s[100] s[103] s[60] calc_s[24] - s[72] calc_s[31] - s[75] calc_s[100] s[78] calc_s[103] - s[65] calc_s[30] - s[64] calc_s[3] - s[99] calc_s[99] s[77] calc_s[17] s[62] calc_s[2] - s[100] s[103] s[60] calc_s[4] s[74] **83 s[79] **96 s[102] **87 - s[63] guess s[76] calc_s[28] - s[79] guess s[72] calc_s[31] s[75] calc_s[100] s[78] calc_s[103] s[65] calc_s[30] s[64] calc_s[3] - s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] s[68] calc_s[10] s[79] s[63] s[104] s[60] s[103] calc_s[104] - s[72] calc_s[31] - s[75] calc_s[100] s[78] calc_s[103] - s[65] calc_s[30] s[64] calc_s[3] s[99] **67 s[63] s[103] s[60] s[104] calc_s[99] - s[76] calc_s[28] - s[79] guess s[72] calc_s[31] - s[75] calc_s[100] - s[78] calc_s[103] - s[65] calc_s[30] - s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] - s[68] calc_s[10] s[79] s[103] s[60] s[104] calc_s[104] - s[72] calc_s[31] s[75] calc_s[100] - s[78] calc_s[103] s[65] calc_s[30] - s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] s[62] calc_s[2] s[103] s[104] s[60] calc_s[4] - s[79] guess s[63] **103 s[74] **105 s[78] **106 - s[63] guess s[74] **101 s[78] **102 s[76] calc_s[28] s[75] **100 - s[74] guess - s[72] calc_s[31] - s[100] guess - s[75] calc_s[100] - s[78] calc_s[103] s[65] calc_s[30] s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] s[62] calc_s[2] s[75] s[74] s[79] s[63] s[60] - s[103] calc_s[4] s[100] calc_s[100] s[78] calc_s[103] - s[65] calc_s[30] s[64] calc_s[3] - s[99] calc_s[99] s[77] calc_s[17] s[62] calc_s[2] s[74] s[63] s[79] s[60] - s[103] calc_s[4] s[72] calc_s[31] - s[78] guess - s[65] calc_s[30] s[75] calc_s[103] - s[64] calc_s[3] - s[99] calc_s[99] s[77] calc_s[17] - s[62] calc_s[2] - s[100] calc_s[100] - s[68] calc_s[10] s[78] s[63] s[104] s[79] s[60] calc_s[104] s[65] calc_s[30] - s[75] calc_s[103] - s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] s[63] s[79] s[60] s[104] calc_s[23] - s[76] calc_s[28] s[78] **104 - s[74] guess - s[72] calc_s[31] - s[78] guess s[65] calc_s[30] - s[75] calc_s[103] - s[64] calc_s[3] s[99] calc_s[99] s[77] calc_s[17] s[62] calc_s[2] s[78] s[74] s[79] - s[63] s[60] - s[103] calc_s[4] - s[65] calc_s[30] s[75] calc_s[103] - s[64] calc_s[3] - s[99] calc_s[99] - s[77] calc_s[17] s[62] calc_s[2] s[74] s[79] s[60] - s[63] - s[103] calc_s[4] s[72] calc_s[31] - s[78] guess - s[65] calc_s[30] s[75] calc_s[103] s[64] calc_s[3] - s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] s[78] - s[63] s[60] s[79] - s[103] calc_s[23] s[65] calc_s[30] - s[75] calc_s[103] s[64] calc_s[3] s[99] calc_s[99] s[77] calc_s[17] - s[62] calc_s[2] - s[100] calc_s[100] s[68] calc_s[10] s[79] s[104] s[60] calc_s[104] - s[74] guess s[63] **109 s[78] **110 s[72] calc_s[31] s[78] **108 - s[63] guess s[76] calc_s[28] - s[78] guess - s[65] calc_s[30] s[75] calc_s[103] s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] s[78] s[63] s[60] - s[79] s[74] - s[103] calc_s[23] s[65] calc_s[30] - s[75] calc_s[103] s[64] calc_s[3] - s[99] calc_s[99] s[77] calc_s[17] - s[62] calc_s[2] s[100] calc_s[100] - s[68] calc_s[10] s[63] s[74] - s[79] s[60] - s[103] calc_s[24] - s[76] calc_s[28] - s[78] guess - s[65] calc_s[30] s[75] calc_s[103] - s[64] calc_s[3] s[99] calc_s[99] s[77] calc_s[17] - s[62] calc_s[2] s[100] calc_s[100] s[68] calc_s[10] s[78] s[74] - s[79] s[60] - s[103] calc_s[24] s[65] calc_s[30] - s[75] calc_s[103] - s[64] calc_s[3] - s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] s[74] - s[79] s[60] - s[103] calc_s[23] - s[72] calc_s[31] s[78] **112 - s[63] guess s[76] calc_s[28] - s[78] guess s[65] calc_s[30] - s[75] calc_s[103] - s[64] calc_s[3] - s[99] calc_s[99] s[77] calc_s[17] s[62] calc_s[2] s[78] s[63] - s[79] s[60] - s[103] calc_s[4] - s[65] calc_s[30] s[75] calc_s[103] - s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] s[62] calc_s[2] s[63] - s[79] s[60] - s[103] calc_s[4] - s[76] calc_s[28] - s[78] guess s[65] calc_s[30] - s[75] calc_s[103] s[64] calc_s[3] - s[99] calc_s[99] - s[77] calc_s[17] s[62] calc_s[2] s[78] - s[79] s[60] - s[103] calc_s[4] - s[65] calc_s[30] s[75] calc_s[103] s[64] calc_s[3] s[99] calc_s[99] s[77] calc_s[17] s[62] calc_s[2] s[104] s[60] calc_s[4] - s[63] guess s[74] **117 s[103] **119 s[78] **120 s[76] calc_s[28] s[103] **116 - s[74] guess - s[79] guess - s[103] **101 - s[72] calc_s[31] - s[100] **95 s[102] **85 s[103] s[74] s[60] s[63] **81 - s[79] **113 s[74] s[63] s[60] **101 - s[103] guess s[79] **118 - s[100] **95 s[102] **85 - s[79] guess s[72] calc_s[31] s[75] calc_s[100] s[78] calc_s[103] s[65] calc_s[30] s[64] calc_s[3] - s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] s[68] calc_s[10] s[79] s[103] s[60] s[63] calc_s[24] - s[72] calc_s[31] - s[75] calc_s[100] s[78] calc_s[103] - s[65] calc_s[30] s[64] calc_s[3] s[99] **67 s[103] s[63] s[60] calc_s[99] - s[79] **113 s[72] calc_s[31] - s[78] guess - s[65] calc_s[30] s[75] calc_s[103] - s[64] calc_s[3] - s[99] calc_s[99] s[77] calc_s[17] - s[62] calc_s[2] - s[100] calc_s[100] - s[68] calc_s[10] s[78] s[63] s[60] calc_s[24] s[65] calc_s[30] - s[75] calc_s[103] - s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] s[63] s[60] calc_s[23] - s[76] calc_s[28] s[103] **122 - s[74] guess - s[103] guess - s[100] **95 s[102] **87 s[103] s[74] s[60] **83 - s[79] **111 s[74] s[60] **105 - s[103] guess s[79] **124 - s[100] **95 s[102] **87 - s[79] guess s[72] calc_s[31] - s[75] calc_s[100] - s[78] calc_s[103] - s[65] calc_s[30] - s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] - s[68] calc_s[10] s[79] s[103] s[60] calc_s[24] - s[72] calc_s[31] s[75] calc_s[100] - s[78] calc_s[103] s[65] calc_s[30] - s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] s[62] calc_s[2] s[103] s[60] calc_s[4] - s[79] guess s[78] **106 s[72] calc_s[31] s[65] calc_s[30] - s[75] calc_s[103] s[64] calc_s[3] s[99] calc_s[99] s[77] calc_s[17] - s[62] calc_s[2] - s[100] calc_s[100] s[68] calc_s[10] s[79] s[60] calc_s[24] s[78] **114 - s[72] calc_s[31] - s[65] calc_s[30] s[75] calc_s[103] s[64] calc_s[3] s[99] calc_s[99] s[77] calc_s[17] s[62] calc_s[2] s[60] calc_s[4] node66 s[60] learnt unit clause s[74] learnt unit clause - s[74] guess s[103] **134 s[63] **138 s[79] **140 s[78] **141 - s[103] guess s[63] **130 s[79] **132 s[78] **133 - s[63] guess s[79] **128 s[78] **129 s[76] calc_s[28] s[78] **127 - s[79] guess s[72] calc_s[31] - s[78] guess - s[65] calc_s[30] - s[75] calc_s[103] - s[64] calc_s[3] - s[99] calc_s[99] s[77] calc_s[17] s[62] calc_s[2] s[78] s[79] s[63] s[74] s[103] calc_s[23] s[65] calc_s[30] s[75] calc_s[103] - s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] s[62] calc_s[2] s[100] calc_s[100] s[68] calc_s[10] s[85] calc_s[85] s[79] s[63] s[74] s[103] calc_s[25] - s[72] calc_s[31] - s[78] guess s[65] calc_s[30] s[75] calc_s[103] - s[64] calc_s[3] - s[99] calc_s[99] s[77] calc_s[17] - s[62] calc_s[2] s[78] s[63] s[74] s[103] calc_s[4] - s[65] calc_s[30] - s[75] calc_s[103] - s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] s[63] s[103] s[74] calc_s[4] - s[76] calc_s[28] s[78] **131 - s[79] guess s[72] calc_s[31] - s[78] guess - s[65] calc_s[30] - s[75] calc_s[103] s[64] calc_s[3] - s[99] calc_s[99] - s[77] calc_s[17] s[62] calc_s[2] s[100] calc_s[100] - s[68] calc_s[10] s[85] calc_s[85] s[78] s[79] s[74] s[103] calc_s[25] s[65] calc_s[30] s[75] calc_s[103] s[64] calc_s[3] s[99] calc_s[99] s[77] calc_s[17] s[62] calc_s[2] s[79] s[103] s[74] calc_s[23] - s[72] calc_s[31] - s[86] guess - s[78] guess s[65] calc_s[30] s[75] calc_s[103] s[64] calc_s[3] - s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] s[78] s[103] s[74] calc_s[4] - s[65] calc_s[30] - s[75] calc_s[103] s[64] calc_s[3] s[99] calc_s[99] s[77] calc_s[17] - s[62] calc_s[2] s[103] s[74] calc_s[4] - s[63] guess s[79] **136 s[78] **137 s[76] calc_s[28] s[78] **135 - s[79] guess s[72] calc_s[31] - s[78] guess - s[65] calc_s[30] s[75] calc_s[103] s[64] calc_s[3] s[99] calc_s[99] s[77] calc_s[17] s[62] calc_s[2] s[100] calc_s[100] - s[68] calc_s[10] s[85] calc_s[85] s[78] s[79] s[74] s[63] calc_s[25] s[65] calc_s[30] - s[75] calc_s[103] s[64] calc_s[3] - s[99] calc_s[99] - s[77] calc_s[17] s[62] calc_s[2] s[79] s[63] s[74] calc_s[23] - s[72] calc_s[31] - s[78] guess s[65] calc_s[30] - s[75] calc_s[103] s[64] calc_s[3] s[99] calc_s[99] s[77] calc_s[17] - s[62] calc_s[2] s[78] s[63] s[74] calc_s[4] - s[65] calc_s[30] s[75] calc_s[103] s[64] calc_s[3] - s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] s[63] s[74] calc_s[4] - s[76] calc_s[28] s[78] **139 - s[79] guess s[72] calc_s[31] - s[78] guess - s[65] calc_s[30] s[75] calc_s[103] - s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] s[62] calc_s[2] s[78] s[79] s[74] calc_s[23] s[65] calc_s[30] - s[75] calc_s[103] - s[64] calc_s[3] - s[99] calc_s[99] s[77] calc_s[17] s[62] calc_s[2] s[100] calc_s[100] s[68] calc_s[10] s[85] calc_s[85] s[79] s[74] calc_s[25] - s[72] calc_s[31] - s[78] guess s[65] calc_s[30] - s[75] calc_s[103] - s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] s[78] s[74] calc_s[4] - s[65] calc_s[30] s[75] calc_s[103] - s[64] calc_s[3] - s[99] calc_s[99] s[77] calc_s[17] - s[62] calc_s[2] s[74] calc_s[4] - s[103] guess s[63] **145 s[79] **147 s[78] **148 - s[63] guess s[79] **143 s[78] **144 s[76] calc_s[28] s[78] **142 - s[79] guess - s[72] calc_s[31] - s[78] guess s[65] calc_s[30] s[75] calc_s[103] s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] s[78] s[79] s[63] s[103] calc_s[4] - s[65] calc_s[30] - s[75] calc_s[103] s[64] calc_s[3] - s[99] calc_s[99] s[77] calc_s[17] - s[62] calc_s[2] s[79] s[63] s[103] calc_s[4] s[72] calc_s[31] - s[78] guess - s[65] calc_s[30] - s[75] calc_s[103] s[64] calc_s[3] s[99] calc_s[99] - s[77] calc_s[17] s[62] calc_s[2] - s[100] calc_s[100] s[68] calc_s[10] - s[85] calc_s[85] s[78] s[63] s[103] calc_s[16] s[65] calc_s[30] s[75] calc_s[103] s[64] calc_s[3] - s[99] calc_s[99] s[77] calc_s[17] s[62] calc_s[2] s[63] s[103] calc_s[23] - s[76] calc_s[28] s[78] **146 - s[79] guess - s[72] calc_s[31] - s[78] guess s[65] calc_s[30] s[75] calc_s[103] - s[64] calc_s[3] s[99] calc_s[99] s[77] calc_s[17] - s[62] calc_s[2] s[78] s[79] s[103] calc_s[4] - s[65] calc_s[30] - s[75] calc_s[103] - s[64] calc_s[3] - s[99] calc_s[99] - s[77] calc_s[17] - s[62] calc_s[2] s[79] s[103] calc_s[4] s[72] calc_s[31] - s[78] guess - s[65] calc_s[30] - s[75] calc_s[103] - s[64] calc_s[3] s[99] calc_s[99] s[77] calc_s[17] s[62] calc_s[2] s[78] s[103] calc_s[23] s[65] calc_s[30] s[75] calc_s[103] - s[64] calc_s[3] - s[99] calc_s[99] - s[77] calc_s[17] s[62] calc_s[2] - s[100] calc_s[100] - s[68] calc_s[10] - s[85] calc_s[85] - s[92] calc_s[92] - s[61] calc_s[18] s[93] calc_s[93] - s[104] calc_s[104] - s[83] calc_s[83] s[87] calc_s[87] s[96] calc_s[96] - s[102] calc_s[102] s[81] calc_s[81] s[97] calc_s[97] - s[90] calc_s[90] - s[98] calc_s[98] - s[82] calc_s[82] - s[88] calc_s[88] - s[84] calc_s[84] - s[101] calc_s[101] s[80] calc_s[80] - s[94] calc_s[94] - s[95] calc_s[95] s[89] calc_s[89] - s[91] calc_s[91] - s[86] calc_s[86] MODEL First conflict Solution Found Backtrack Guess until conflict Start 6
  • 7. CryptoMiniSat SAT solver that excels at cryptography General purpose: won SAT Race’10 0 1000 2000 3000 4000 5000 6000 80 100 120 140 160 180 200 220 240 Time(s) No. solved instances from SAT Comp’09 MiniSat 2.2 lingeling PrecoSat465 CryptoMiniSat SAT Comp’11 Collaborative: GPL, mailing list, regular releases 7
  • 8. Demo 1 Generate HiTag2 problem: Grain-of-Salt tool 2 Solve it using CryptoMiniSat 3 Analyse results: ≈ 2 days to break 8
  • 9. Conclusion SAT solvers are powerful tools to break weak cryptography CryptoMiniSat, a leading SAT solver, is waiting for your contribution Weak ciphers like HiTag2 should not be used in high-value applications 9