![]() ![]() As a first step in this direction, we design various conversions from sets of clauses to sets of Boolean polynomials, and vice versa, such that solutions and models are preserved via the conversions. Namely, we fuse the XOR reasoning from algebraic solvers with the light, efficient design of SAT solvers. The ultimate goal is to combine the strength of different solvers into one. In the second part of the thesis, we deal with connecting solvers based on algebra and logic. In particular, we describe in detail the Border Basis Algorithm and discuss its specialized version for Boolean polynomials called the Boolean Border Basis Algorithm. We focus mainly on DPLL-based SAT solving and techniques that are related to border bases and Gröbner bases. In this first part, we recall some theory and basic techniques for algebraic and logic solving. This disseration is divided into three parts. This doctoral thesis is dedicated to studying solvers that are based on logic and algebra separately as well as integrating them into one such that the combined solvers become more powerful tools for cryptanalysis. Thus one can analyze the security of cryptosystems by applying standard solving methods from computer algebra and SAT solving. In fact, many problems coming from cryptanalysis, such as algebraic fault attacks, can be rephrased as solving a set of Boolean polynomials or as deciding the satisfiability of a propositional logic formula. We also conducted an AFA for the SHACAL-2 block cipher and an AFA for the SHA-256 compression function, enabling almost universal forgery of the chopMD-MAC function.Īlgebraic solving of polynomial systems and satisfiability of propositional logic formulas are not two completely separate research areas, as it may appear at first sight. As a result, we found that one can recover the whole of an unknown input of the SHA-256 compression function by injecting an average of only 18 faults on average. In our work, we conducted computer experiments for various fault-injection conditions in the AFA for the SHA-256 compression function. They also presented an almost universal forgery attack on HMAC-SHA-256 using this result. They showed that one could recover the whole of an unknown input of the SHA-256 compression function by injecting 65 faults and analyzing the outputs under normal and fault injection conditions. proposed an algebraic fault analysis (AFA) for the SHA-256 compression function in 2014. Thus, the security of their hardware implementations is an important research topic. Our algebraic fault analysis is generic, automatic and can be applied to other ARX-based primitives.Ĭryptographic hash functions play an essential role in various aspects of cryptography, such as message authentication codes, pseudorandom number generation, digital signatures, and so on. Moreover, based on the attack on SHA-256 compression function, an almost universal forgery attack on HMAC-SHA-256 is presented. The simulation of the new attack needs about 65 fault injections to recover the chaining value and the input message block with about 200 seconds on average. During the attack, an automatic tool STP is exploited, which constructs binary expressions for the word-based operations in SHA-256 compression function and then invokes a SAT solver to solve the equations. In this paper, an efficient algebraic fault attack on SHA-256 compression function is proposed under the word-oriented random fault model. Although the differential fault attack on SHA-1compression function has been proposed, it seems hard to be directly adapted to SHA-256. The cryptographic hash function SHA-256 is one member of the SHA-2 hash family, which was proposed in 2000 and was standardized by NIST in 2002 as a successor of SHA-1. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |