3,225 research outputs found
CDCL(Crypto) and Machine Learning based SAT Solvers for Cryptanalysis
Over the last two decades, we have seen a dramatic improvement in the efficiency of conflict-driven clause-learning Boolean satisfiability (CDCL SAT) solvers over industrial problems from a variety of applications such as verification, testing, security, and AI. The availability of such powerful general-purpose search tools as the SAT solver has led many researchers to propose SAT-based methods for cryptanalysis, including techniques for finding collisions in hash functions and breaking symmetric encryption schemes.
A feature of all of the previously proposed SAT-based cryptanalysis work is that they are \textit{blackbox}, in the sense that the cryptanalysis problem is encoded as a SAT instance and then a CDCL SAT solver is invoked to solve said instance. A weakness of this approach is that the encoding thus generated may be too large for any modern solver to solve it efficiently. Perhaps a more important weakness of this approach is that the solver is in no way specialized or tuned to solve the given instance. Finally, very little work has been done to leverage parallelism in the context of SAT-based cryptanalysis.
To address these issues, we developed a set of methods that improve on the state-of-the-art SAT-based cryptanalysis along three fronts. First, we describe an approach called \cdcl (inspired by the CDCL() paradigm) to tailor the internal subroutines of the CDCL SAT solver with domain-specific knowledge about cryptographic primitives. Specifically, we extend the propagation and conflict analysis subroutines of CDCL solvers with specialized codes that have knowledge about the cryptographic primitive being analyzed by the solver. We demonstrate the power of this framework in two cryptanalysis tasks of algebraic fault attack and differential cryptanalysis of SHA-1 and SHA-256 cryptographic hash functions. Second, we propose a machine-learning based parallel SAT solver that performs well on cryptographic problems relative to many state-of-the-art parallel SAT solvers. Finally, we use a formulation of SAT into Bayesian moment matching to address heuristic initialization problem in SAT solvers
Balancing Scalability and Uniformity in SAT Witness Generator
Constrained-random simulation is the predominant approach used in the
industry for functional verification of complex digital designs. The
effectiveness of this approach depends on two key factors: the quality of
constraints used to generate test vectors, and the randomness of solutions
generated from a given set of constraints. In this paper, we focus on the
second problem, and present an algorithm that significantly improves the
state-of-the-art of (almost-)uniform generation of solutions of large Boolean
constraints. Our algorithm provides strong theoretical guarantees on the
uniformity of generated solutions and scales to problems involving hundreds of
thousands of variables.Comment: This is a full version of DAC 2014 pape
Closing the Gap Between Short and Long XORs for Model Counting
Many recent algorithms for approximate model counting are based on a
reduction to combinatorial searches over random subsets of the space defined by
parity or XOR constraints. Long parity constraints (involving many variables)
provide strong theoretical guarantees but are computationally difficult. Short
parity constraints are easier to solve but have weaker statistical properties.
It is currently not known how long these parity constraints need to be. We
close the gap by providing matching necessary and sufficient conditions on the
required asymptotic length of the parity constraints. Further, we provide a new
family of lower bounds and the first non-trivial upper bounds on the model
count that are valid for arbitrarily short XORs. We empirically demonstrate the
effectiveness of these bounds on model counting benchmarks and in a
Satisfiability Modulo Theory (SMT) application motivated by the analysis of
contingency tables in statistics.Comment: The 30th Association for the Advancement of Artificial Intelligence
(AAAI-16) Conferenc
Average-Case Complexity
We survey the average-case complexity of problems in NP.
We discuss various notions of good-on-average algorithms, and present
completeness results due to Impagliazzo and Levin. Such completeness results
establish the fact that if a certain specific (but somewhat artificial) NP
problem is easy-on-average with respect to the uniform distribution, then all
problems in NP are easy-on-average with respect to all samplable distributions.
Applying the theory to natural distributional problems remain an outstanding
open question. We review some natural distributional problems whose
average-case complexity is of particular interest and that do not yet fit into
this theory.
A major open question whether the existence of hard-on-average problems in NP
can be based on the PNP assumption or on related worst-case assumptions.
We review negative results showing that certain proof techniques cannot prove
such a result. While the relation between worst-case and average-case
complexity for general NP problems remains open, there has been progress in
understanding the relation between different ``degrees'' of average-case
complexity. We discuss some of these ``hardness amplification'' results
- …