1.

Abadi, M. and Needham, R.: Prudent engineering practice for cryptographic protocols, *IEEE Trans. Software Engng.*
**22**(1) (1996), 6–15.

2.

Anderson, R. and Needham, R.: Programming Satan's computer, in *Computer Science Today-Recent Trends and Developments*, Lecture Notes in Comput. Sci. 1000, Springer-Verlag, 1996, pp. 426–440.

3.

Andleman, D. and Reeds, J.: On the cryptanalysis of rotor machines and substitution-permutations networks, *IEEE Trans. Inform. Theory*
**28**(4) (1982), 578–584.

4.

Ascione, M.: Validazione e benchmarking dei BDD per la criptanalisi del data encryption standard, Master's thesis, Facoltà di Ingegneria, Univ. di Roma I “La Sapienza”, March 1999. In Italian.

5.

Bayardo, R. and Schrag, R.: Using CSP look-back techniques to solve real-world SAT instances, in *Proc. of the 14th Nat.* (*US*) *Conf. on Artificial Intelligence* (*AAAI-97*), AAAI Press/The MIT Press, 1997, pp. 203–208.

6.

Biham, E. and Biryukov, A.: An improvement of Davies' attack on DES, in *Advances in Cryptology-Eurocrypt 94*, Lecture Notes in Comput. Sci., Springer-Verlag, 1994.

7.

Biham, E. and Shamir, A.: Differential cryptanalysis of DES-like cryptosystems, *J. Cryptology*
**4**(1) (1991), 3–72.

8.

Bryant, R.: Graph-based algorithms for Boolean function manipulation, *IEEE Trans. Computers*
**35**(8) (1986), 677–691.

9.

Büning, H., Karpinski, M. and Flögel, A.: Resolution for quantified Boolean formulas, *Inform. Comput.*
**117**(1) (1995), 12–18.

10.

Burrows, M., Abadi, M. and Needham, R.: A logic for authentication, *ACM Trans. Comput. Systems*
**8**(1) (1990), 18–36.

11.

Cadoli, M., Giovanardi, A. and Schaerf, M.: An algorithm to evaluate quantified Boolean formulae, in *Proc. of the 15th* (*US*) *Nat. Conf. on Artificial Intelligence* (*AAAI-98*), AAAI Press/The MIT Press, 1998, pp. 262–267.

12.

Campbell, K. and Weiner, M.: DES is not a group, in *Proc. of Advances in Cryptography* (*CRYPTO-92*), Lecture Notes in Comput. Sci., Springer-Verlag, 1992, pp. 512–520.

13.

Claesen, L. (ed.): *Formal VLSI Correctness Verification: VLSI Design Methods*, Vol. II, Elsevier Science Publishers, North-Holland, 1990.

14.

Cook, S. and Mitchel, D.: Finding hard instances of the satisfiability problem: A survey, in *Satisfiability Problem: Theory and Applications*, Vol. 35, DIMACS Series in Discrete Math. Theoret. Comput. Sci. Amer. Math. Soc., 1997, pp. 1–17.

15.

Crawford, J. and Auton, L.: Experimental results on the crossover point in random 3SAT, *Artif. Intell.*
**81**(1–2) (1996), 31–57.

16.

Cryptography Research Inc. DES key search project information, Technical report, Cryptography Research Inc., 1998. Available on the web at http://www.cryptography.com/des/.

17.

Davis, M., Longemann, G. and Loveland, D.: A machine program for theorem-proving, *Comm. ACM*
**5**(7) (1962), 394–397.

18.

Davis, M. and Putnam, H.: A computing procedure for quantificational theory, *J. ACM*
**7**(3) (1960), 201–215.

19.

De Millo, R., Lynch, L. and Merrit, M.: Cryptographic protocols, in *Proc. of the 14th ACM SIGACT Symposium on Theory of Computing* (*STOC-82*), 1982, pp. 383–400.

20.

Feistel, H., Notz, W. and Smith, L.: Some cryptographic techniques for machine-to-machine data communication, *Proc. of the IEEE*
**63**(11) (1975), 1545–1554.

21.

Gomes, C. and Selman, B.: Problem structure in the presence of perturbation, in *Proc. of the 14th Nat.* (*US*) *Conf. on Artificial Intelligence* (*AAAI-97*), AAAI Press/The MIT Press, 1997.

22.

Gomes, C., Selman, B. and Crato, N.: Heavy-tailed distributions in combinatorial search, in *Third Internal. Conf. on Principles and Practice of Constraint Programming* (*CP-97*), Lecture Notes in Comput. Sci. 1330, Springer-Verlag, 1997, pp. 121–135.

23.

Group of Experts on Information Security and Privacy. Inventory of controls on cryptography technologies, OLIS DSTI/ICCP/REG(98)4/REV3, Organization for Economic Co-operation and Development, Paris, Sep. 1998.

24.

Harrison, J.: Stalmarck's algorithm as a HOL derived rule, in *Proc. of the 9th Internal. Conf. on Theorem Proving in Higher Order Logics* (*TPHOLs*'96), Lecture Notes in Comput. Sci. 1125, Springer-Verlag, 1996, pp. 221–234.

25.

Johnson, D. and Trick, M. (eds): *Cliques, Coloring, Satisfiability: The Second DIMACS Implementation Challenge*, AMS Series in Discrete Math. and Theoret. Comput. Sci. 26, Amer. Math. Soc., 1996.

26.

Kaliski, B., Rivest, R. and Sherman, A.: Is the Data Encryption Standard a group? (preliminary abstract), in *Advances in Cryptology-Eurocrypt 85*, Lecture Notes in Comput. Sci. 219, Springer-Verlag, 1985, pp. 81–95.

27.

Liberatore, P.: Algorithms and experiments on finding minimal models, Technical Report 09–99, Dipartimento di Informatica e Sistemistica, Università di Roma “La Sapienza”, 1999.

28.

Lowe, G.: Breaking and fixing the Needham-Schroeder public-key protocol using CSP and FDR, in *Tools and Algorithms for the Construction and Analysis of Systems*, Lecture Notes in Comput. Sci. 1055, Springer-Verlag, 1996, pp. 147–166.

29.

Marraro, L.: Analisi crittografica del DES mediante logica booleana, Master's thesis, Facolta di Ingegneria, Univ. di Roma I “La Sapienza”, December 1998. In Italian.

30.

Marraro, L. and Massacci, F.: A new challenge for automated reasoning: Verification and cryptanalysis of cryptographic algorithms, Technical Report 05–99, Dipartimento di Informatica e Sistemistica, Università di Roma “La Sapienza”, 1999.

31.

Massacci, F.: Using walk-SAT and rel-SAT for cryptographic key search, in *Proc. of the 16th Internat. Joint Conf. on Artificial Intelligence* (*IJCAI-99*), Morgan Kaufmann, 1999, pp. 290–295.

32.

Matsui, M.: The first experimental cryptanalysis of the Data Encryption Standard, in *Proc. of Advances in Cryptography* (*CRYPTO-94*), Lecture Notes in Comput. Sci. 839, Springer-Verlag, 1994, pp. 1–11.

33.

Matsui, M.: Linear cryptanalysis method for DES cipher, in *Advances in Cryptology-Ewocrypt 93*, Lecture Notes in Comput. Sci. 765, Springer-Verlag, 1994, pp. 368–397.

34.

Mitchell, J., Mitchell, M. and Stern, U.: Automated analysis of cryptographic protocols using Murphi, in *Proc. of the 16th IEEE Symposium on Security and Privacy*, IEEE Computer Society Press, 1997, pp. 141–151.

35.

Organization for Economic Co-operation and Development OECD emerging market economy forum (EMEF): Report of the ministerial workshop on cryptography policy, OLIS SG/EMEF/ICCP(98)1, Organization for Economic Co-operation and Development, Paris, Feb. 1998.

36.

National Institute of Standards and Technology. Data encryption standard. Federal Information Processing Standards Publications FIPS PUB 46–2, National (U.S.) Bureau of Standards, Dec. 1997. Supersedes FIPS PUB 46–1 of Jan. 1988.

37.

National Institute of Standards and Technology. Request for comments on candidate algorithms for the advanced encryption standard (AES), (U.S.) Federal Register 63(177), September 1998.

38.

Committee on Payment, Settlement Systems, and the Group of Computer Experts of the central banks of the Group of Ten countries, Security of Electronic Money, Banks for International Settlements, Basle, August 1996.

39.

Paulson, L.: The inductive approach to verifying cryptographic protocols, *J. Comput. Security* (1998).

40.

Rivest, R.: The RC5 encryption algorithm, in *Proc. of the Fast Software Encryption Workshop* (*FSE-95*), Lecture Notes in Comput. Sci. 1008, Springer-Veriag, 1995, pp. 86–96.

41.

Rudell, R.: Espresso 1OCTTOOLS, January 1988.

42.

Rudell, R. and Sangiovanni-Vincentelli, A.: Multiple valued minimization for PLA optimization, *IEEE Trans. Comput. Aided Design.*
**6**(5) (1987), 727–750.

43.

Ryan, P. and Schneider, S.: An attack on a recurive authentication protocol: A cautionary tale, *Inform. Process. Lett.*
**65**(15) (1998), 7–16.

44.

Schaefer, T.: The complexity of satisfiability problems, in *Proc. of the 10th ACM Symposium on Theory of Computing* (*STOC-78*), ACM Press and Addison Wesley, 1978, pp. 216–226.

45.

Schneier, B.: *Applied Cryptography: Protocols, Algorithms, and Source Code in C*, Wiley, 1994.

46.

Selman, B. and Kautz, H.: Knowledge compilation and theory approximation, *J. ACM*
**43**(2) (1996), 193–224.

47.

Selman, B., Kautz, H. and McAllester, D.: Ten challenges in propositional resoning and search, in *Proc. of the 15th Internat. Joint Conf. on Artificial Intelligence* (*IJCAI-97*), Morgan Kaufmann, Los Altos, 1997.

48.

Selman, B., Mitchell, D. and Levesque, H.: Generating hard satisfiability problems, *Artif. Intell.*
**81**(1–2) (1996), 17–29.

49.

Shannon, C.: Communication theory of secrecy systems, *Bell System Technical J.*
**28** (1949), 656–715.

50.

Suttner, C. and Sutcliffe, G.: The CADE-14 ATP system competition, *J. Automated Reasoning*
**21**(1) (1998), 99–134.

51.

Zhang, H.: SATO: An efficient propositional prover, in *Proc. of the 14th Internat. Conf. on Automated Deduction* (*CADE-97*), Lecture Notes in Comput. Sci., 1997.

52.

Zhang, H.: Personal communication, Nov. 1998.

53.

Zhang, H. and Stickel, M.: An efficient algorithm for unit-propagation, in *Proc. of the 4th Internat. Symposium on AI and Mathematics*, 1996.