Questions tagged [sat]

For questions involving/related to the Boolean satisfiability problem (SAT).

A propositional logic formula, also called Boolean expression, is built from variables, operators AND (conjunction, also denoted by ∧), OR (disjunction, ∨), NOT (negation, ¬), and parentheses. A formula is said to be satisfiable if it can be made TRUE by assigning appropriate logical values (i.e. TRUE, FALSE) to its variables. The Boolean satisfiability problem (SAT) is, given a formula, to check whether it is satisfiable. This decision problem is of central importance in many areas of computer science, including theoretical computer science, complexity theory, algorithmics, cryptography and artificial intelligence

15 questions

votes

3 answers

SAT-Based Public Key Cryptosystem

I am researching post quantum cryptography and I've stumbled upon this article which presents a PKC with an np-complete (SAT) trapdoor. I was wondering if someone could help me understand the way the encryption works. From what I understand the…

public-key post-quantum-cryptography sat

asked Jun 29 '16 at 20:03

Yuon

votes

2 answers

Determine complexity of a SAT problem

Is there a standard way to determine a complexity of the specified SAT problem? I'm researching algebraic cryptanalysis and came to solving multivariate quadratic equation systems using CryptoMiniSat. However it would be nice to evaluate a…

algebraic-attack sat

asked May 13 '12 at 19:02

rkiyanchuk

votes

1 answer

Partial known message pre-image attack on SHA-1

If the last $448$ bits of a SHA-1 block input are known and only the first $64$ bits are unknown, is it possible to do a preimage attack using SAT solvers or something else? Or do I have to brute force all $2^{64}$ possibilities? Is this a kind of…

hash sha-1 preimage-resistance sat

asked Feb 14 '19 at 15:56

Amin Habibi

votes

1 answer

Plotting Running Times of SAT solver

In the the paper "Efficient Methods for Conversion and Solution of Sparse Systems of Low-Degree Multivariate Polynomials over GF(2) via SAT-Solvers" there is a Figure that I can not understand and I need help to understand it. The authors plot the…

cryptanalysis sat

asked Jun 09 '16 at 15:00

juaninf

2,781
3
21
29

votes

1 answer

How to sequence SHA256 block circuit to obtain hash of a message comprising multiple 512 blocks?

I am trying to obtain a circuit that computes the SHA256 hash for an input message that is greater than 512 bits. I understand how the message is to be padded (we append a 1 and then some zeroes, and then the last 64 bits contain the length of the…

sha-256 sat

asked Dec 07 '17 at 18:50

MSJ

votes

1 answer

Function to polynomial equation in GF(2)

Let F(a,b,c,d,e) be a function that returns the ith bit of 0x3A5C742E, where i=a*2^4+b*2^3+c*2^2+d*2+e and i is the offset from the least significant bit. The author Page 33/200, chapter 2.3.4 states that in order to find the polynomial for the…

s-boxes algebraic-attack sat

asked Feb 05 '17 at 20:51

mapjoe

votes

1 answer

Is SAT the mathematical problem behind SHA-2 and SHA-3?

When I'm convincing non-believers that crypto is secure, I have a hard time with hash functions and the associated block ciphers. It is easy to show why RSA is hard to crack: I multiply two small primes and ask people to factorize the product. They…

hash sat

asked Nov 10 '22 at 08:25

Timur Timak

vote

1 answer

current state of 3-SAT problem?

In this paper, a quantum algorithm to solve the 3-SAT problem in linear time is presented. Is it true? Did the author make a mistake? What state-of-the-art algorithms exist for this problem?

sat quantum-computing

asked Jun 15 '19 at 16:45

OneUser

vote

1 answer

Are there any application of SAT/SMT to cryptanalysis, such as linear or differential on AES?

I found many application of MILP and CP to linear or differential on AES. Can we do the same using SAT/SMT??? Thank you.

cryptanalysis sat

asked Sep 16 '24 at 02:54

Huy By

vote

1 answer

How to use smt solvers in order to restrict the possible key search where a portion of the private key and a portion of the public key hash is known?

I’m in the following situation : I’ve a portion/first bytes of a private secp256k1 security key such as it would take minutes to fully recover it through Pollard’s Kangaroo if I had the public key. While I don’t have the public key, I do have the…

elliptic-curves discrete-logarithm preimage-resistance secp256k1 sat

asked Apr 16 '24 at 15:23

user2284570

vote

1 answer

Alzette ARX round constants

In this paper Alzette "ARX-box" is presented and on page 9 authors claim about XORing round constants: They also break additive patterns that could arise on the left branch due to the chain of modular addition it would have without said constant…

arx sat

asked Sep 07 '22 at 19:02

LightBit

1,741
14
28

votes

2 answers

How to encrypt a message using a public key?

I read that the reason why NP complete problems like SAT are not used in asymmetric cryptography is that it's hard to generate hard instances of it. Is there any other reason why? Supposing we have an algorithm that efficiently generates hard…

public-key sat

asked Jun 02 '25 at 19:14

airwin67

votes

0 answers

How to express the Boolean cardinality constraint to CNF formulas

A Boolean cardinality constraint $$\sum_{j=0}^{n-1}x_j=k,$$ where $x_j$’s are Boolean variables, and $k$ is a non-negative integer. How to express the Boolean cardinality constraint to CNF formulas?

encoding sat

asked Sep 16 '23 at 13:31

mini minions

-1

votes

1 answer

SHA-256 CNF conversion and bitcoin mining

When the tool cgen converts SHA-256 into CNF, which literals represent the input bits? For example, if we input 640 bits into the SHA-256 algorithm, then which bits will represent the nonce?

sha-256 sat

asked Apr 13 '25 at 17:40

PRAKASH CHANDRA