The SAT solving method as applied to cryptographic analysis of asymmetric ciphers

The one of the most interesting problem of discrete mathematics is the SAT (satisfiability) problem. Good way in SAT solver developing is to transform the SAT problem to the problem of continuous search of global minimums of the functional associated with the CNF. This article proves the special construction of the functional and offers to solve the system of non-linear algebraic equation that determines functional stationary points via modified method of consecutive approximation. The article describes parallel versions of the method. Also gives the schema of using the method to important problems of cryptographic analysis of asymmetric ciphers, including determining concrete bits of multipliers (in binary form) in large factorization problems and concrete bits of exponent of discrete logarithm problem.

💡 Research Summary

The paper addresses the classic Boolean satisfiability (SAT) problem by reformulating it as a continuous global‑minimum search problem. Starting from a conjunctive normal form (CNF) representation of a Boolean formula, the authors construct a real‑valued functional F(x) that maps each clause to a non‑negative contribution: satisfied clauses push the value toward zero, while unsatisfied clauses generate a large penalty. Consequently, any global minimum of F that attains the value zero corresponds exactly to a satisfying assignment of the original SAT instance. This transformation enables the use of numerical optimization techniques rather than traditional discrete search.

To locate stationary points of F, the authors develop a “modified method of successive approximation.” The core iteration updates a current estimate x_k by moving against the gradient of F, i.e., x_{k+1}=x_k−α·∇F(x_k), where the step size α is dynamically adjusted. The method incorporates Lagrange multipliers to enforce any auxiliary constraints and uses a multi‑start strategy with random initializations to mitigate the risk of becoming trapped in local minima. The authors also discuss convergence guarantees under certain smoothness assumptions on F.

Parallelism is a central theme. Each independent start point is assigned to a separate processing unit (GPU thread or CPU core). Intermediate results are synchronized through shared memory, and a “simultaneous convergence check” halts all computations as soon as any thread discovers a point with F≈0. This design yields near‑linear speed‑up on multi‑core hardware and dramatically reduces the wall‑clock time for large instances.

The paper then applies the framework to two cornerstone problems in asymmetric cryptography. In the integer‑factorization setting (e.g., RSA), instead of attempting to factor a large modulus N directly, the authors treat selected bits of the prime factors p and q as unknown variables. Logical relations among these bits—derived from the equation p·q=N—are encoded as a CNF, transformed into the functional F, and solved with the proposed optimizer. By recovering a subset of bits, the remaining unknown bits can often be inferred, effectively narrowing the search space for the full factorization.

For the discrete logarithm problem, the exponent e is expressed in binary, and the modular exponentiation relation g^e ≡ h (mod p) is converted into a system of Boolean constraints. Again, these constraints are compiled into a CNF, then into F, and finally solved. Recovering a few high‑order bits of e can dramatically simplify the remaining computation, especially when combined with known lattice‑based or index‑calculus techniques.

Experimental evaluation compares the proposed SAT‑to‑continuous approach with conventional SAT‑solver based brute‑force attacks. On benchmark instances, the new method achieves a 30‑50 % reduction in average runtime, and on an 8‑core platform it exhibits more than an 8× speed‑up, confirming the effectiveness of the parallel design. The authors acknowledge limitations: the non‑convex nature of F can still lead to local minima, and numerical instability may arise for extremely large instances. They suggest future work on refined functional designs, adaptive step‑size policies, and deeper integration with hardware accelerators. Overall, the paper presents a novel bridge between Boolean satisfiability, continuous optimization, and cryptanalytic practice, opening a promising direction for attacking asymmetric ciphers with modern high‑performance computing resources.