62 research outputs found
Reversible Pebbling Game for Quantum Memory Management
Quantum memory management is becoming a pressing problem, especially given
the recent research effort to develop new and more complex quantum algorithms.
The only existing automatic method for quantum states clean-up relies on the
availability of many extra resources. In this work, we propose an automatic
tool for quantum memory management. We show how this problem exactly matches
the reversible pebbling game. Based on that, we develop a SAT-based algorithm
that returns a valid clean-up strategy, taking the limitations of the quantum
hardware into account. The developed tool empowers the designer with the
flexibility required to explore the trade-off between memory resources and
number of operations. We present three show-cases to prove the validity of our
approach. First, we apply the algorithm to straight-line programs, widely used
in cryptographic applications. Second, we perform a comparison with the
existing approach, showing an average improvement of 52.77%. Finally, we show
the advantage of using the tool when synthesizing a quantum circuit on a
constrained near-term quantum device.Comment: In Proc. Design Automation and Test in Europe (DATE 2019
Nullstellensatz Size-Degree Trade-offs from Reversible Pebbling
We establish an exactly tight relation between reversible pebblings of graphs
and Nullstellensatz refutations of pebbling formulas, showing that a graph
can be reversibly pebbled in time and space if and only if there is a
Nullstellensatz refutation of the pebbling formula over in size and
degree (independently of the field in which the Nullstellensatz refutation
is made). We use this correspondence to prove a number of strong size-degree
trade-offs for Nullstellensatz, which to the best of our knowledge are the
first such results for this proof system
From Small Space to Small Width in Resolution
In 2003, Atserias and Dalmau resolved a major open question about the
resolution proof system by establishing that the space complexity of CNF
formulas is always an upper bound on the width needed to refute them. Their
proof is beautiful but somewhat mysterious in that it relies heavily on tools
from finite model theory. We give an alternative, completely elementary proof
that works by simple syntactic manipulations of resolution refutations. As a
by-product, we develop a "black-box" technique for proving space lower bounds
via a "static" complexity measure that works against any resolution
refutation---previous techniques have been inherently adaptive. We conclude by
showing that the related question for polynomial calculus (i.e., whether space
is an upper bound on degree) seems unlikely to be resolvable by similar
methods
Nullstellensatz Size-Degree Trade-offs from Reversible Pebbling
We establish an exactly tight relation between reversible pebblings of graphs and Nullstellensatz refutations of pebbling formulas, showing that a graph G can be reversibly pebbled in time t and space s if and only if there is a Nullstellensatz refutation of the pebbling formula over G in size t+1 and degree s (independently of the field in which the Nullstellensatz refutation is made). We use this correspondence to prove a number of strong size-degree trade-offs for Nullstellensatz, which to the best of our knowledge are the first such results for this proof system
Computationally Data-Independent Memory Hard Functions
Memory hard functions (MHFs) are an important cryptographic primitive that are used to design egalitarian proofs of work and in the construction of moderately expensive key-derivation functions resistant to brute-force attacks. Broadly speaking, MHFs can be divided into two categories: data-dependent memory hard functions (dMHFs) and data-independent memory hard functions (iMHFs). iMHFs are resistant to certain side-channel attacks as the memory access pattern induced by the honest evaluation algorithm is independent of the potentially sensitive input e.g., password. While dMHFs are potentially vulnerable to side-channel attacks (the induced memory access pattern might leak useful information to a brute-force attacker), they can achieve higher cumulative memory complexity (CMC) in comparison than an iMHF. In particular, any iMHF that can be evaluated in N steps on a sequential machine has CMC at most ?((N^2 log log N)/log N). By contrast, the dMHF scrypt achieves maximal CMC ?(N^2) - though the CMC of scrypt would be reduced to just ?(N) after a side-channel attack.
In this paper, we introduce the notion of computationally data-independent memory hard functions (ciMHFs). Intuitively, we require that memory access pattern induced by the (randomized) ciMHF evaluation algorithm appears to be independent from the standpoint of a computationally bounded eavesdropping attacker - even if the attacker selects the initial input. We then ask whether it is possible to circumvent known upper bound for iMHFs and build a ciMHF with CMC ?(N^2). Surprisingly, we answer the question in the affirmative when the ciMHF evaluation algorithm is executed on a two-tiered memory architecture (RAM/Cache).
We introduce the notion of a k-restricted dynamic graph to quantify the continuum between unrestricted dMHFs (k=n) and iMHFs (k=1). For any ? > 0 we show how to construct a k-restricted dynamic graph with k=?(N^(1-?)) that provably achieves maximum cumulative pebbling cost ?(N^2). We can use k-restricted dynamic graphs to build a ciMHF provided that cache is large enough to hold k hash outputs and the dynamic graph satisfies a certain property that we call "amenable to shuffling". In particular, we prove that the induced memory access pattern is indistinguishable to a polynomial time attacker who can monitor the locations of read/write requests to RAM, but not cache. We also show that when k=o(N^(1/log log N))then any k-restricted graph with constant indegree has cumulative pebbling cost o(N^2). Our results almost completely characterize the spectrum of k-restricted dynamic graphs
Efficient pebbling for list traversal synopses
We show how to support efficient back traversal in a unidirectional list,
using small memory and with essentially no slowdown in forward steps. Using
memory for a list of size , the 'th back-step from the
farthest point reached so far takes time in the worst case, while
the overhead per forward step is at most for arbitrary small
constant . An arbitrary sequence of forward and back steps is
allowed. A full trade-off between memory usage and time per back-step is
presented: vs. and vice versa. Our algorithms are based on a
novel pebbling technique which moves pebbles on a virtual binary, or -ary,
tree that can only be traversed in a pre-order fashion. The compact data
structures used by the pebbling algorithms, called list traversal synopses,
extend to general directed graphs, and have other interesting applications,
including memory efficient hash-chain implementation. Perhaps the most
surprising application is in showing that for any program, arbitrary rollback
steps can be efficiently supported with small overhead in memory, and marginal
overhead in its ordinary execution. More concretely: Let be a program that
runs for at most steps, using memory of size . Then, at the cost of
recording the input used by the program, and increasing the memory by a factor
of to , the program can be extended to support an
arbitrary sequence of forward execution and rollback steps: the 'th rollback
step takes time in the worst case, while forward steps take O(1)
time in the worst case, and amortized time per step.Comment: 27 page
- …