A SAT-based preimage analysis of reduced Keccak hash functions

Abstract In this paper, we present a preimage attack on reduced versions of Keccak hash functions. We use our recently developed toolkit CryptLogVer for generating the conjunctive normal form, CNF, which is passed to the SAT solver PrecoSAT. We found preimages for some reduced versions of the function and showed that full Keccak function has a comfortable security margin against this kind of attack.

[1]  Xiaoyun Wang,et al.  Finding Collisions in the Full SHA-1 , 2005, CRYPTO.

[2]  Hilary Putnam,et al.  A Computing Procedure for Quantification Theory , 1960, JACM.

[3]  Parag K. Lala Principles of Modern Digital Design , 2007 .

[4]  Ilya Mironov,et al.  Applications of SAT Solvers to Cryptanalysis of Hash Functions , 2006, SAT.

[5]  Predrag Janicic,et al.  Logical Analysis of Hash Functions , 2005, FroCoS.

[6]  David G. Mitchell,et al.  Finding hard instances of the satisfiability problem: A survey , 1996, Satisfiability Problem: Theory and Applications.

[7]  Adi Shamir,et al.  New Attacks on Keccak-224 and Keccak-256 , 2012, FSE.

[8]  Marian Srebrny,et al.  SAT as a Programming Environment for Linear Algebra and Cryptanalysis , 2008, ISAIM.

[9]  Josef Pieprzyk,et al.  Cryptanalysis of Block Ciphers with Overdefined Systems of Equations , 2002, ASIACRYPT.

[10]  Fabio Massacci,et al.  How to fake an RSA signature by encoding modular root finding as a SAT problem , 2003, Discret. Appl. Math..

[11]  Stephen A. Cook,et al.  The complexity of theorem-proving procedures , 1971, STOC.

[12]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[13]  Donald W. Loveland,et al.  A machine program for theorem-proving , 2011, CACM.

[14]  Claude Castelluccia,et al.  Extending SAT Solvers to Cryptographic Problems , 2009, SAT.

[15]  Gregory V. Bard,et al.  Algebraic Cryptanalysis of the Data Encryption Standard , 2007, IMACC.

[16]  Ronald L. Rivest The MD 6 hash function A proposal to NIST for SHA-3 , 2008 .

[17]  Joel Lathrop Cube attacks on cryptographic hash functions , 2009 .

[18]  María Naya-Plasencia,et al.  Practical Analysis of Reduced-Round Keccak , 2011, INDOCRYPT.

[19]  Fabio Massacci,et al.  Using Walk-SAT and Rel-Sat for Cryptographic Key Search , 1999, IJCAI.