Where's Crypto?: Automated Identification and Classification of Proprietary Cryptographic Primitives in Binary Code

The continuing use of proprietary cryptography in embedded systems across many industry verticals, from physical access control systems and telecommunications to machine-to-machine authentication, presents a significant obstacle to black-box security-evaluation efforts. In-depth security analysis requires locating and classifying the algorithm in often very large binary images, thus rendering manual inspection, even when aided by heuristics, time consuming. In this paper, we present a novel approach to automate the identification and classification of (proprietary) cryptographic primitives within binary code. Our approach is based on Data Flow Graph (DFG) isomorphism, previously proposed by Lestringant et al. Unfortunately, their DFG isomorphism approach is limited to known primitives only, and relies on heuristics for selecting code fragments for analysis. By combining the said approach with symbolic execution, we overcome all limitations of their work, and are able to extend the analysis into the domain of unknown, proprietary cryptographic primitives. To demonstrate that our proposal is practical, we develop various signatures, each targeted at a distinct class of cryptographic primitives, and present experimental evaluations for each of them on a set of binaries, both publicly available (and thus providing reproducible results), and proprietary ones. Lastly, we provide a free and open-source implementation of our approach, called Where's Crypto?, in the form of a plug-in for the popular IDA disassembler.Comment: A proof-of-concept implementation can be found at https://github.com/wheres-crypto/wheres-crypt

The Minimal Modal Interpretation of Quantum Theory

We introduce a realist, unextravagant interpretation of quantum theory that builds on the existing physical structure of the theory and allows experiments to have definite outcomes, but leaves the theory's basic dynamical content essentially intact. Much as classical systems have specific states that evolve along definite trajectories through configuration spaces, the traditional formulation of quantum theory asserts that closed quantum systems have specific states that evolve unitarily along definite trajectories through Hilbert spaces, and our interpretation extends this intuitive picture of states and Hilbert-space trajectories to the case of open quantum systems as well. We provide independent justification for the partial-trace operation for density matrices, reformulate wave-function collapse in terms of an underlying interpolating dynamics, derive the Born rule from deeper principles, resolve several open questions regarding ontological stability and dynamics, address a number of familiar no-go theorems, and argue that our interpretation is ultimately compatible with Lorentz invariance. Along the way, we also investigate a number of unexplored features of quantum theory, including an interesting geometrical structure---which we call subsystem space---that we believe merits further study. We include an appendix that briefly reviews the traditional Copenhagen interpretation and the measurement problem of quantum theory, as well as the instrumentalist approach and a collection of foundational theorems not otherwise discussed in the main text.Comment: 73 pages + references, 9 figures; cosmetic changes, added figure, updated references, generalized conditional probabilities with attendant changes to the sections on the EPR-Bohm thought experiment and Lorentz invariance; for a concise summary, see the companion letter at arXiv:1405.675

Definable equivalence relations and zeta functions of groups

We prove that the theory of the $p$-adics ${\mathbb Q}_p$ admits elimination of imaginaries provided we add a sort for ${\rm GL}_n({\mathbb Q}_p)/{\rm GL}_n({\mathbb Z}_p)$ for each $n$. We also prove that the elimination of imaginaries is uniform in $p$. Using $p$-adic and motivic integration, we deduce the uniform rationality of certain formal zeta functions arising from definable equivalence relations. This also yields analogous results for definable equivalence relations over local fields of positive characteristic. The appendix contains an alternative proof, using cell decomposition, of the rationality (for fixed $p$) of these formal zeta functions that extends to the subanalytic context. As an application, we prove rationality and uniformity results for zeta functions obtained by counting twist isomorphism classes of irreducible representations of finitely generated nilpotent groups; these are analogous to similar results of Grunewald, Segal and Smith and of du Sautoy and Grunewald for subgroup zeta functions of finitely generated nilpotent groups.Comment: 89 pages. Various corrections and changes. To appear in J. Eur. Math. So

Exponential Networks and Representations of Quivers

We study the geometric description of BPS states in supersymmetric theories with eight supercharges in terms of geodesic networks on suitable spectral curves. We lift and extend several constructions of Gaiotto-Moore-Neitzke from gauge theory to local Calabi-Yau threefolds and related models. The differential is multi-valued on the covering curve and features a new type of logarithmic singularity in order to account for D0-branes and non-compact D4-branes, respectively. We describe local rules for the three-way junctions of BPS trajectories relative to a particular framing of the curve. We reproduce BPS quivers of local geometries and illustrate the wall-crossing of finite-mass bound states in several new examples. We describe first steps toward understanding the spectrum of framed BPS states in terms of such "exponential networks."Comment: 82 pages, 60 figures, typos fixe

The Minimal Modal Interpretation of Quantum Theory

We introduce a realist, unextravagant interpretation of quantum theory that builds on the existing physical structure of the theory and allows experiments to have definite outcomes but leaves the theory’s basic dynamical content essentially intact. Much as classical systems have specific states that evolve along definite trajectories through configuration spaces, the traditional formulation of quantum theory permits assuming that closed quantum systems have specific states that evolve unitarily along definite trajectories through Hilbert spaces, and our interpretation extends this intuitive picture of states and Hilbert-space trajectories to the more realistic case of open quantum systems despite the generic development of entanglement. We provide independent justification for the partial-trace operation for density matrices, reformulate wave-function collapse in terms of an underlying interpolating dynamics, derive the Born rule from deeper principles, resolve several open questions regarding ontological stability and dynamics, address a number of familiar no-go theorems, and argue that our interpretation is ultimately compatible with Lorentz invariance. Along the way, we also investigate a number of unexplored features of quantum theory, including an interesting geometrical structure—which we call subsystem space—that we believe merits further study. We conclude with a summary, a list of criteria for future work on quantum foundations, and further research directions. We include an appendix that briefly reviews the traditional Copenhagen interpretation and the measurement problem of quantum theory, as well as the instrumentalist approach and a collection of foundational theorems not otherwise discussed in the main text