This paper introduces the XOR-OR-AND normal form (XNF) for logical formulas. It is a generalization of the well-known Conjunctive Normal Form (CNF) where literals are replaced by XORs of literals. As a first theoretic result, we show that every CNF formula is equisatisfiable to a formula in 2-XNF, i.e., a formula in XNF where each clause involves at most two XORs of literals. Subsequently, we present an algorithm which converts Boolean polynomials efficiently from their Algebraic Normal Form (ANF) to formulas in 2-XNF. Experiments with the cipher ASCON-128 show that cryptographic problems, which by design are based strongly on XOR-operations, can be represented using far fewer variables and clauses in 2-XNF than in CNF. In order to take advantage of this compact representation, new SAT solvers based on input formulas in 2-XNF need to be designed. By taking inspiration from graph-based 2-CNF SAT solving, we devise a new DPLL-based SAT solver for formulas in 2-XNF. Among others, we present advanced pre- and in-processing techniques. Finally, we give timings for random 2-XNF instances and instances related to key recovery attacks on round reduced ASCON-128, where our solver outperforms state-of-the-art alternative solving approaches.

翻译：本文提出了逻辑公式的XOR-OR-AND范式（XNF），这是对经典合取范式（CNF）的推广，其中文字被替换为文字的异或组合。作为首个理论结果，我们证明了每个CNF公式都与一个2-XNF公式（即每个子句最多包含两个文字异或组合的XNF公式）在可满足性上等价。随后，我们提出了一种将布尔多项式从代数范式（ANF）高效转换为2-XNF公式的算法。通过密码算法ASCON-128的实验表明，基于异或运算设计的密码学问题在2-XNF中所需的变量和子句数量远少于CNF表示。为利用这种紧凑表示的优势，需要设计基于2-XNF输入公式的新型SAT求解器。受基于图的2-CNF SAT求解方法启发，我们设计了一种新的基于DPLL的2-XNF公式求解器，并提出了先进的前处理与过程中处理技术。最后，我们给出了随机2-XNF实例以及针对轮数缩减版ASCON-128密钥恢复攻击相关实例的求解时间，其中我们的求解器性能优于当前最先进的替代求解方法。