Diseño de un sistema genérico de Solvers para el modelado y razonamiento en herramientas de ingeniería de líneas de productos

Las líneas de productos (PL, por sus siglas en inglés) constituyen entidades complejas, y para gestionar proyectos basados en esta metodología, se requieren herramientas que simplifiquen la enorme complejidad de configurar cientos de productos compuestos por miles de componentes. Para abordar estas dificultades, se han desarrollado diversas herramientas destinadas a la implementación de líneas de producto. En la ingeniería de líneas de productos (PLE, por sus siglas en inglés), es común que ciertos casos de uso de estas herramientas requieran diferentes representaciones matemáticas que permitan evaluar los modelos que describen la línea de productos de diversas maneras. Uno de los principales desafíos en la PLE es habilitar un conjunto de herramientas lo suficientemente amplio como para modelar diferentes expresiones de modelos de PLE. En este documento, exploramos una propuesta que permite añadir componentes para el razonamiento acerca de las propiedades de varios modelos de líneas de productos. Investigamos operaciones de razonamiento que no son tradicionales en la literatura de PLE. Además, examinamos cómo desarrollar un conjunto de procesos y artefactos de código que faciliten la creación de diferentes representaciones de los modelos y permitan razonar con diversas herramientas

ON EQUIVALENCY REASONING FOR CONFLICT DRIVEN CLAUSE LEARNING SATISFIABILITY SOLVERS

Satisfiability problem or SAT is the problem of deciding whether a Boolean function evaluates to true for at least one of the assignments in its domain. The satisfiability problem is the first problem to be proved NP-complete. Therefore, the problems in NP can be encoded into SAT instances. Many hard real world problems can be solved when encoded efficiently into SAT instances. These facts give SAT an important place in both theoretical and practical computer science. In this thesis we address the problem of integrating a special class of equivalency reasoning techniques, the strongly connected components or SCC based reasoning, into the class of conflict driven clause learning or CDCL SAT solvers. Because of the complications that arise from integrating the equivalency reasoning in CDCL SAT solvers, to our knowledge, there has been no CDCL solver which has applied SCC based equivalency reasoning dynamically during the search. We propose a method to overcome these complications. The method is integrated into a prominent satisfiability solver: MiniSat. The equivalency enhanced MiniSat, Eq-MiniSat, is used to explore the advantages and disadvantages of the equivalency reasoning in conflict clause learning satisfiability solvers. Different implementation approaches for Eq-MiniSat are discussed. The experimental results on 16 families of instances shows that equivalency reasoning does not have noticeable effects for the instances in one family. The equivalency reasoning enables Eq-MiniSat to outperform MiniSat on eight classes of instances. For the remaining seven families, MiniSat outperforms Eq- MiniSat. The experimental results for random instances demonstrate that almost in all cases the number of branchings for Eq-Minisat is smaller than Minisat

Cryptanalysis and Secure Implementation of Modern Cryptographic Algorithms

Cryptanalytic attacks can be divided into two classes: pure mathematical attacks and Side Channel Attacks (SCAs). Pure mathematical attacks are traditional cryptanalytic techniques that rely on known or chosen input-output pairs of the cryptographic function and exploit the inner structure of the cipher to reveal the secret key information. On the other hand, in SCAs, it is assumed that attackers have some access to the cryptographic device and can gain some information from its physical implementation. Cold-boot attack is a SCA which exploits the data remanence property of Random Access Memory (RAM) to retrieve its content which remains readable shortly after its power has been removed. Fault analysis is another example of SCAs in which the attacker is assumed to be able to induce faults in the cryptographic device and observe the faulty output. Then, by careful inspection of faulty outputs, the attacker recovers the secret information, such as secret inner state or secret key. Scan-based Design-For-Test (DFT) is a widely deployed technique for testing hardware chips. Scan-based SCAs exploit the information obtained by analyzing the scanned data in order to retrieve secret information from cryptographic hardware devices that are designed with this testability feature. In the first part of this work, we investigate the use of an off-the-shelf SAT solver, CryptoMinSat, to improve the key recovery of the Advance Encryption Standard (AES-128) key schedules from its corresponding decayed memory images which can be obtained using cold-boot attacks. We also present a fault analysis on both NTRUEncrypt and NTRUSign cryptosystems. For this specific original instantiation of the NTRU encryption system with parameters $(N,p,q)$, our attack succeeds with probability $\approx 1-\frac{1}{p}$ and when the number of faulted coefficients is upper bounded by $t$, it requires $O((pN)^t)$ polynomial inversions in $\mathbb Z/p\mathbb Z[x]/(x^{N}-1)$. We also investigate several techniques to strengthen hardware implementations of NTRUEncrypt against this class of attacks. For NTRUSign with parameters ($N$, $q=p^l$, $\mathcal{B}$, \emph{standard}, $\mathcal{N}$), when the attacker is able to skip the norm-bound signature checking step, our attack needs one fault to succeed with probability $\approx 1-\frac{1}{p}$ and requires $O((qN)^t)$ steps when the number of faulted polynomial coefficients is upper bounded by $t$. The attack is also applicable to NTRUSign utilizing the \emph{transpose} NTRU lattice but it requires double the number of fault injections. Different countermeasures against the proposed attack are also investigated. Furthermore, we present a scan-based SCA on NTRUEncrypt hardware implementations that employ scan-based DFT techniques. Our attack determines the scan chain structure of the polynomial multiplication circuits used in the decryption algorithm which allows the cryptanalyst to efficiently retrieve the secret key. Several key agreement schemes based on matrices were recently proposed. For example, \'{A}lvarez \emph{et al.} proposed a scheme in which the secret key is obtained by multiplying powers of block upper triangular matrices whose elements are defined over $\mathbb{Z}_p$. Climent \emph{et al.} identified the elements of the endomorphisms ring $End(\mathbb{Z}_p \times \mathbb{Z}_{p^2})$ with elements in a set, $E_p$, of matrices of size $2\times 2$, whose elements in the first row belong to $\mathbb{Z}_{p}$ and the elements in the second row belong to $\mathbb{Z}_{p^2}$. Keith Salvin presented a key exchange protocol using matrices in the general linear group, $GL(r,\mathbb{Z}_n)$, where $n$ is the product of two distinct large primes. The system is fully specified in the US patent number 7346162 issued in 2008. In the second part of this work, we present mathematical cryptanalytic attacks against these three schemes and show that they can be easily broken for all practical choices of their security parameters