I found many application of MILP and CP to linear or differential on AES. Can we do the same using SAT/SMT??? Thank you.
Asked
Active
Viewed 79 times
1 Answers
2
I challenge that there are
many application of MILP and CP to linear or differential on AES
As far as I know, Mixed-Integer Linear Programming, Constraint Programming, SATisfiability and Satisfiability Modulo Theories all currently fail miserably on cryptanalysis of the full AES, or of any unbroken or passably good cryptographic algorithm. That follows from the definition of unbroken. And that's a basic design goal that's often met by even a mildly competent designer for symmetric crypto if they are erring on the safe/slow side.
Cryptanalysis of serious cryptographic algorithms is one domain that so far has resisted automation, in the sense of producing an attack from a formal description of a cryptographic primitive. The best that I know is practically useful to a degree is automated analysis of communication protocols built on top of primitives (like block ciphers), which does find attacks against some defective real-world constructions. But I think there could be progress quickly.
fgrieu
- 149,326
- 13
- 324
- 622