On Termination of Integer Linear Loops

A fundamental problem in program verification concerns the termination of simple linear loops of the form x := u ; while Bx >= b do {x := Ax + a} where x is a vector of variables, u, a, and c are integer vectors, and A and B are integer matrices. Assuming the matrix A is diagonalisable, we give a decision procedure for the problem of whether, for all initial integer vectors u, such a loop terminates. The correctness of our algorithm relies on sophisticated tools from algebraic and analytic number theory, Diophantine geometry, and real algebraic geometry. To the best of our knowledge, this is the first substantial advance on a 10-year-old open problem of Tiwari (2004) and Braverman (2006).Comment: Accepted to SODA1

Studies on error linear complexity measures for multisequences

Ph.DDOCTOR OF PHILOSOPH

Computing the interleaving distance is NP-hard

We show that computing the interleaving distance between two multi-graded persistence modules is NP-hard. More precisely, we show that deciding whether two modules are $1$-interleaved is NP-complete, already for bigraded, interval decomposable modules. Our proof is based on previous work showing that a constrained matrix invertibility problem can be reduced to the interleaving distance computation of a special type of persistence modules. We show that this matrix invertibility problem is NP-complete. We also give a slight improvement of the above reduction, showing that also the approximation of the interleaving distance is NP-hard for any approximation factor smaller than $3$. Additionally, we obtain corresponding hardness results for the case that the modules are indecomposable, and in the setting of one-sided stability. Furthermore, we show that checking for injections (resp. surjections) between persistence modules is NP-hard. In conjunction with earlier results from computational algebra this gives a complete characterization of the computational complexity of one-sided stability. Lastly, we show that it is in general NP-hard to approximate distances induced by noise systems within a factor of 2.Comment: 25 pages. Several expository improvements and minor corrections. Also added a section on noise system

Spectral features of matrix-sequences, GLT, symbol, and application in preconditioning Krylov methods, image deblurring, and multigrid algorithms.

The final purpose of any scientific discipline can be regarded as the solution of real-world problems. With this aim, a mathematical modeling of the considered phenomenon is often compulsory. Closed-form solutions of the arising functional equations are usually not available and numerical discretization techniques are required. In this setting, the discretization of an infinite-dimensional linear equation via some linear approximation method, leads to a sequence of linear systems of increasing dimension whose coefficient matrices could inherit a structure from the continuous problem. For instance, the numerical approximation by local methods of constant or nonconstant coefficients systems of Partial Differential Equations (PDEs) over multidimensional domains, gives rise to multilevel block Toeplitz or to Generalized Locally Toeplitz (GLT) sequences, respectively. In the context of structured matrices, the convergence properties of iterative methods, like multigrid or preconditioned Krylov techniques, are strictly related to the notion of symbol, a function whose role relies in describing the asymptotical distribution of the spectrum. This thesis can be seen as a byproduct of the combined use of powerful tools like symbol, spectral distribution, and GLT, when dealing with the numerical solution of structured linear systems. We approach such an issue both from a theoretical and practical viewpoint. On the one hand, we enlarge some known spectral distribution tools by proving the eigenvalue distribution of matrix-sequences obtained as combination of some algebraic operations on multilevel block Toeplitz matrices. On the other hand, we take advantage of the obtained results for designing efficient preconditioning techniques. Moreover, we focus on the numerical solution of structured linear systems coming from the following applications: image deblurring, fractional diffusion equations, and coupled PDEs. A spectral analysis of the arising structured sequences allows us either to study the convergence and predict the behavior of preconditioned Krylov and multigrid methods applied to the coefficient matrices, or to design effective preconditioners and multigrid solvers for the associated linear systems

Spectral features of matrix-sequences, GLT, symbol, and application in preconditioning Krylov methods, image deblurring, and multigrid algorithms.

The final purpose of any scientific discipline can be regarded as the solution of real-world problems. With this aim, a mathematical modeling of the considered phenomenon is often compulsory. Closed-form solutions of the arising functional equations are usually not available and numerical discretization techniques are required. In this setting, the discretization of an infinite-dimensional linear equation via some linear approximation method, leads to a sequence of linear systems of increasing dimension whose coefficient matrices could inherit a structure from the continuous problem. For instance, the numerical approximation by local methods of constant or nonconstant coefficients systems of Partial Differential Equations (PDEs) over multidimensional domains, gives rise to multilevel block Toeplitz or to Generalized Locally Toeplitz (GLT) sequences, respectively. In the context of structured matrices, the convergence properties of iterative methods, like multigrid or preconditioned Krylov techniques, are strictly related to the notion of symbol, a function whose role relies in describing the asymptotical distribution of the spectrum. This thesis can be seen as a byproduct of the combined use of powerful tools like symbol, spectral distribution, and GLT, when dealing with the numerical solution of structured linear systems. We approach such an issue both from a theoretical and practical viewpoint. On the one hand, we enlarge some known spectral distribution tools by proving the eigenvalue distribution of matrix-sequences obtained as combination of some algebraic operations on multilevel block Toeplitz matrices. On the other hand, we take advantage of the obtained results for designing efficient preconditioning techniques. Moreover, we focus on the numerical solution of structured linear systems coming from the following applications: image deblurring, fractional diffusion equations, and coupled PDEs. A spectral analysis of the arising structured sequences allows us either to study the convergence and predict the behavior of preconditioned Krylov and multigrid methods applied to the coefficient matrices, or to design effective preconditioners and multigrid solvers for the associated linear systems

Algebraic attacks on certain stream ciphers

To encrypt data streams of arbitrary lengths, keystream generators are used in modern cryptography which transform a secret initial value, called the key, into a long sequence of seemingly random bits. Many designs are based on linear feedback shift registers (LFSRs), which can be constructed in such a way that the output stream has optimal statistical and periodical properties and which can be efficiently implemented in hardware. Particularly prominent is a certain class of LFSR-based keystream generators, called (ι,m)-combiners or simply combiners. The maybe most famous example is the E0 keystream generator deployed in the Bluetooth standard for encryption. To evaluate the combiner’s security, cryptographers adopted an adversary model where the design and some parts of the input and output are known. An attack is a method to derive the key using the given knowledge. In the last decades, several kinds of attacks against LFSR-based keystream generators have been developed. In 2002 a new kind of attacks came up, named ”algebraic attacks”. The basic idea is to model the knowledge by a system of equation whose solution is the secret key. For several existing combiners, algebraic attacks represent the fastest theoretical attacks publicly known so far. This thesis discusses algebraic attacks against combiners. After providing the required mathematical fundament and a background on combiners, we describe algebraic attacks and explore the two main steps (generating the system of equations and computing the solution) in detail. The efficiency of algebraic attacks is closely connected to the degree of the equations. Thus, we examine the existence of low-degree equations in several situations and discuss multiple design principles to thwart their existence. Furthermore, we investigate ”fast algebraic attacks”, an extension of algebraic attacks.To encrypt data streams of arbitrary lengths, keystream generators are used in modern cryptography which transform a secret initial value, called the key, into a long sequence of seemingly random bits. Many designs are based on linear feedback shift registers (LFSRs), which can be constructed in such a way that the output stream has optimal statistical and periodical properties and which can be efficiently implemented in hardware. Particularly prominent is a certain class of LFSR-based keystream generators, called (ι,m)-combiners or simply combiners. The maybe most famous example is the E0 keystream generator deployed in the Bluetooth standard for encryption. To evaluate the combiner’s security, cryptographers adopted an adversary model where the design and some parts of the input and output are known. An attack is a method to derive the key using the given knowledge. In the last decades, several kinds of attacks against LFSR-based keystream generators have been developed. In 2002 a new kind of attacks came up, named ”algebraic attacks”. The basic idea is to model the knowledge by a system of equation whose solution is the secret key. For several existing combiners, algebraic attacks represent the fastest theoretical attacks publicly known so far. This thesis discusses algebraic attacks against combiners. After providing the required mathematical fundament and a background on combiners, we describe algebraic attacks and explore the two main steps (generating the system of equations and computing the solution) in detail. The efficiency of algebraic attacks is closely connected to the degree of the equations. Thus, we examine the existence of low-degree equations in several situations and discuss multiple design principles to thwart their existence. Furthermore, we investigate ”fast algebraic attacks”, an extension of algebraic attacks