130 research outputs found
Cryptanalytic concept of finite automaton invertibility with finite delay
The automaton invertibility with a finite delay plays a very important role in the analysis and synthesis of finite automata cryptographic systems. The automaton cryptanalitic invertibility with a finite delay т is studied in the paper. From the cryptanalyst's point of view, this notion means the theoretical possibility for recovering, under some conditions, a prefix a of a length n in an unknown input sequence ab of an automaton from its output sequence 7 of the length n + т and perhaps an additional information such as parameters т and n, initial (q), intermediate (в) or final (t) state of the automaton or the suffix b of the length т in the input sequence. The conditions imposed on the recovering algorithm require for prefix a to be arbitrary and may require for the initial state q and suffix b to be arbitrary or existent, that is, the variable a is always bound by the universal quantifier and each of variables q and b may be bound by any of quantifiers — universal (V) or existential (3) one. The variety of information, which can be known to a cryptanalyst, provides many different types of the automaton invertibility and, respectively, many different classes of invertible automata. Thus, in the paper, an invertibility with a finite delay т of a finite automaton A is the ability of this automaton to resist recovering or, on the contrary, to allow precise determining any input word a of a length n for the output word у being the result of transforming by the automaton A in its initial state q the input word ab with the b of length т and with the known n, т, A, 7 and и C {b, q, в, t} where q and b may be arbitrary or some elements in their sets and в and t are respectively intermediate and final states of A into which A comes from q under acting of input words a and ab respectively. According to this, the automaton A is called invertible with a delay т if there exists a function f (y,u) and a triplet of quantifiers к e {Q1x1Q2X2Q3X3 : QiXi e {Vq, 3q, Va, Vb, 3b}, i = j ^ Xi = Xj} such that x [f(y,u) = a]; in this case f is called a recovering function, (к, u) — an invertibility type, к — an invertibility degree, u — an invertibility order of the automaton A and 3f K[f (y, u) = a] — an invertibility condition of type (к, u) for the automaton A. So, 208 different types of the automaton A invertibility are defined at all. The well known types of (strong) invertibility and weak invertibility described for finite automata earlier by scientists (D. A. Huffman, A. Gill, Sh. Even, A. A. Kurmit, Z. D. Dai, D. F. Ye, K. Y. Lam, R. Tao and many others) in our theory belong to types (VqVaVb, 0 ) and (VqVaVb, {q}) respectively. For every invertibility type, we have defined a class of automata with this type of invertibility and described the inclusion relation on the set of all these classes. It has turned out that the graph of this relation is the union of twenty nine lattices with thirteen of them each containing sixteen classes and sixteen lattices each containing thirteen classes. To solve the scientific problems (invertability tests, synthesis of inverse automata and so on) related to the different and concrete invertibility classes, we hope to continue these investigations
On the Complexity of the Equivalence Problem for Probabilistic Automata
Checking two probabilistic automata for equivalence has been shown to be a
key problem for efficiently establishing various behavioural and anonymity
properties of probabilistic systems. In recent experiments a randomised
equivalence test based on polynomial identity testing outperformed
deterministic algorithms. In this paper we show that polynomial identity
testing yields efficient algorithms for various generalisations of the
equivalence problem. First, we provide a randomized NC procedure that also
outputs a counterexample trace in case of inequivalence. Second, we show how to
check for equivalence two probabilistic automata with (cumulative) rewards. Our
algorithm runs in deterministic polynomial time, if the number of reward
counters is fixed. Finally we show that the equivalence problem for
probabilistic visibly pushdown automata is logspace equivalent to the
Arithmetic Circuit Identity Testing problem, which is to decide whether a
polynomial represented by an arithmetic circuit is identically zero.Comment: technical report for a FoSSaCS'12 pape
An Experiment in Ping-Pong Protocol Verification by Nondeterministic Pushdown Automata
An experiment is described that confirms the security of a well-studied class
of cryptographic protocols (Dolev-Yao intruder model) can be verified by
two-way nondeterministic pushdown automata (2NPDA). A nondeterministic pushdown
program checks whether the intersection of a regular language (the protocol to
verify) and a given Dyck language containing all canceling words is empty. If
it is not, an intruder can reveal secret messages sent between trusted users.
The verification is guaranteed to terminate in cubic time at most on a
2NPDA-simulator. The interpretive approach used in this experiment simplifies
the verification, by separating the nondeterministic pushdown logic and program
control, and makes it more predictable. We describe the interpretive approach
and the known transformational solutions, and show they share interesting
features. Also noteworthy is how abstract results from automata theory can
solve practical problems by programming language means.Comment: In Proceedings MARS/VPT 2018, arXiv:1803.0866
A side-channel attack against an automata theory based stream cipher (Logic, Language, Algebraic system and Related Areas in Computer Science)
In this paper we consider a finite automaton based stream cipher given by P. Dömösi and G. Horváth and we show its immunity in side-channel timing attack
- …