alliance-support '1998
Efficiency of Bop


Sandy Harris (sandy.harris@sympatico.ca)
Sat, 10 Oct 1998 23:48:57 -0400

I'm looking at bop as a tool I may want to use, but for an unusual application which leads to some questions. In particular, can you tell me anything about how the tool's performance & resource requirements vary with problem size? My goal is cracking ciphers. A typical modern block cipher encrypts 64-bit blocks using a 128-bit key. It can be written as 64 ghastly boolean equations for output bits in terms of input & key. Then if we know N input/output block pairs, all encrypted with the same key, we get 64N eqn's. All inputs & outputs are known, so there's only 128 unknowns, the key. Is that soluble for any real cipher & reasonable N? What I need is software that'll solve large messy systems of boolean eqn's efficiently. I'm reasonably certain that's not practical in the general case, but it seems worth exploring. So I'd want to feed bop a VHDL description of the cipher, derived from published C source & Oxford's C-to-VHDL translator, plus some known plaintext/ciphertext pairs, & let it reduce the monster to the constant key. For one cipher I'd like to attack, the authors have a published claim that it can be implemented in 14,000 gates. So with a number of input pairs I'd expect to be dealing with a system of eqn's equivalent to a few 100,000 or a few million gates, but known to be reducable to a 128-bit constant. If bop's resource requirements go up quickly with problem size, this attack is going to be horribly infeasible. I'd like to know that in advance rather than working to discover it. What can you tell me? -- Sandy Harris sandy.harris@sympatico.ca Help secure the Internet: http://www.cygnus.com/~gnu/swan.html

 



Alliance Web Site © 1997, 2002 ASIM/LIP6/UPMC, page maintained by Czo [Olivier Sirol] , last updated on 22 March 2001.