SAT Based Attacks on SipHash

Abstract

SipHash is a proposed pseudorandom function (PRF) that is optimized for small message inputs. It is intended to be used as a message-authentication code (MAC). It uses a 128-bit secret key to compute the tag of a message. This project uses SAT based attacks on the primitive to perform partial key recovery and compares the effectiveness of these attacks against standard brute force approach that involves trying all possible combinations for the key bits. The primitive is converted into CNF and fed to an off-the-shelf SAT solver. The solver uses clause learning and if satisfiable, returns a set of values for the missing key bits. It also reports the number of conflicts that occurred before a solution was found. This is repeated several times for varying number of missing key bits and different versions of SipHash. It is then compared to the number of attempts to retrieve the missing key bits using brute force and the results are analyzed to check the effectiveness of SAT based attacks. iv Contents Abstract......................................