How to fake an RSA signature by encoding modular root finding as a SAT problem

Authors:
Claudia Fiorini;Enrico Martinelli;Fabio Massacci
Affiliations:
Dipartimento di Informatica e Sistemistica, Universita di Roma I, Italy;Dipartimento di Ingegneria dell'Informazione, Universita di Siena, Italy;Dipartimento di Ingegneria dell'Informazione, Universita di Siena, Italy
Venue:
Discrete Applied Mathematics - The renesse issue on satisfiability
Year:
2003

Citing 24
Cited 4

How not to lie with statistics: the correct way to summarize benchmark results

Communications of the ACM - The MIT Press scientific computation series
Graph-Based Algorithms for Boolean Function Manipulation

IEEE Transactions on Computers
Solving simultaneous modular equations of low degree

SIAM Journal on Computing - Special issue on cryptography
A VLSI Modulo m Multiplier

IEEE Transactions on Computers
A course in computational algebraic number theory

A course in computational algebraic number theory
Applied cryptography (2nd ed.): protocols, algorithms, and source code in C

Applied cryptography (2nd ed.): protocols, algorithms, and source code in C
Generating hard satisfiability problems

Artificial Intelligence - Special volume on frontiers in problem solving: phase transitions and complexity
Experimental results on the crossover point in random 3-SAT

Artificial Intelligence - Special volume on frontiers in problem solving: phase transitions and complexity
A Computing Procedure for Quantification Theory

Journal of the ACM (JACM)
New Efficient Structure for a Modular Multiplier for RNS

IEEE Transactions on Computers
A method for obtaining digital signatures and public-key cryptosystems

Communications of the ACM
A machine program for theorem-proving

Communications of the ACM
Cryptography: Theory and Practice

Cryptography: Theory and Practice
Number Theory for Computing

Number Theory for Computing
Logic programs with stable model semantics as a constraint programming paradigm

Annals of Mathematics and Artificial Intelligence
The Propositional Formula Checker HeerHugo

Journal of Automated Reasoning
Logical Cryptanalysis as a SAT Problem

Journal of Automated Reasoning
Systolic Modular Multiplication

IEEE Transactions on Computers
An RNS Montgomery Modular Multiplication Algorithm

IEEE Transactions on Computers
Smodels - An Implementation of the Stable Model and Well-Founded Semantics for Normal LP

LPNMR '97 Proceedings of the 4th International Conference on Logic Programming and Nonmonotonic Reasoning
Stålmarck's Algorithm as a HOL Derived Rule

TPHOLs '96 Proceedings of the 9th International Conference on Theorem Proving in Higher Order Logics
Integrating Equivalency Reasoning into Davis-Putnam Procedure

Proceedings of the Seventeenth National Conference on Artificial Intelligence and Twelfth Conference on Innovative Applications of Artificial Intelligence
Ten challenges in propositional reasoning and search

IJCAI'97 Proceedings of the 15th international joint conference on Artifical intelligence - Volume 1
A two-phase algorithm for solving a class of hard satisfiability problemsfn1fn1Supported by the Dutch Organization for Scientific Research (NWO) under grant SION 612-33-001.

Operations Research Letters

Encoding Basic Arithmetic Operations for SAT-Solvers

Proceedings of the 2010 conference on Artificial Intelligence Research and Development: Proceedings of the 13th International Conference of the Catalan Association for Artificial Intelligence
Protecting data privacy through hard-to-reverse negative databases

ISC'06 Proceedings of the 9th international conference on Information Security
Applications of SAT solvers to cryptanalysis of hash functions

SAT'06 Proceedings of the 9th international conference on Theory and Applications of Satisfiability Testing
Security margin evaluation of SHA-3 contest finalists through SAT-Based attacks

CISIM'12 Proceedings of the 11th IFIP TC 8 international conference on Computer Information Systems and Industrial Management

Quantified Score

Hi-index	0.00

Visualization

Abstract

Logical cryptanalysis has been introduced by Massacci and Marraro as a general framework for encoding properties of crypto-algorithms into SAT problems, with the aim of generating SAT benchmarks that are controllable and that share the properties of real-world problems and randomly generated problems.In this paper, spurred by the proposal of Cook and Mitchell to encode the factorization of large integers as a SAT problem, we propose the SAT encoding of another aspect of RSA, namely finding (i.e. faking) an RSA signature for a given message without factoring the modulus.Given a small public exponent e, a modulus n and a message m, we can generate a SAT formula whose models correspond to the eth roots of m modulo n, without encoding the factorization of n or other functions that can be used to factor n. Our encoding can be used to either generate solved instances for SAT or both satisfiable and unsatisfiable instances.We report the experimental results of three solvers, HeerHugo by Groote and Warners, eqsatz by Li, and smodels by Niemela and Simmons, discuss their performances and compare them with standard methods based on factoring.