New developments in the theory of Groebner bases and applications to formal verification

We present foundational work on standard bases over rings and on Boolean Groebner bases in the framework of Boolean functions. The research was motivated by our collaboration with electrical engineers and computer scientists on problems arising from formal verification of digital circuits. In fact, algebraic modelling of formal verification problems is developed on the word-level as well as on the bit-level. The word-level model leads to Groebner basis in the polynomial ring over Z/2n while the bit-level model leads to Boolean Groebner bases. In addition to the theoretical foundations of both approaches, the algorithms have been implemented. Using these implementations we show that special data structures and the exploitation of symmetries make Groebner bases competitive to state-of-the-art tools from formal verification but having the advantage of being systematic and more flexible.Comment: 44 pages, 8 figures, submitted to the Special Issue of the Journal of Pure and Applied Algebr

Quantum Exotic PDE's

Following the previous works on the A. Pr\'astaro's formulation of algebraic topology of quantum (super) PDE's, it is proved that a canonical Heyting algebra ({\em integral Heyting algebra}) can be associated to any quantum PDE. This is directly related to the structure of its global solutions. This allows us to recognize a new inside in the concept of quantum logic for microworlds. Furthermore, the Prastaro's geometric theory of quantum PDE's is applied to the new category of {\em quantum hypercomplex manifolds}, related to the well-known Cayley-Dickson construction for algebras. Theorems of existence for local and global solutions are obtained for (singular) PDE's in this new category of noncommutative manifolds. Finally the extension of the concept of exotic PDE's, recently introduced by A.Pr\'astaro, has been extended to quantum PDE's. Then a smooth quantum version of the quantum (generalized) Poincar\'e conjecture is given too. These results extend ones for quantum (generalized) Poincar\'e conjecture, previously given by A. Pr\'astaro.Comment: 52 page

Eliminating Variables in Boolean Equation Systems

Systems of Boolean equations of low degree arise in a natural way when analyzing block ciphers. The cipher's round functions relate the secret key to auxiliary variables that are introduced by each successive round. In algebraic cryptanalysis, the attacker attempts to solve the resulting equation system in order to extract the secret key. In this paper we study algorithms for eliminating the auxiliary variables from these systems of Boolean equations. It is known that elimination of variables in general increases the degree of the equations involved. In order to contain computational complexity and storage complexity, we present two new algorithms for performing elimination while bounding the degree at $3$, which is the lowest possible for elimination. Further we show that the new algorithms are related to the well known \emph{XL} algorithm. We apply the algorithms to a downscaled version of the LowMC cipher and to a toy cipher based on the Prince cipher, and report on experimental results pertaining to these examples.Comment: 21 pages, 3 figures, Journal pape

The Space of Solutions of Coupled XORSAT Formulae

The XOR-satisfiability (XORSAT) problem deals with a system of $n$ Boolean variables and $m$ clauses. Each clause is a linear Boolean equation (XOR) of a subset of the variables. A $K$-clause is a clause involving $K$ distinct variables. In the random $K$-XORSAT problem a formula is created by choosing $m$ $K$-clauses uniformly at random from the set of all possible clauses on $n$ variables. The set of solutions of a random formula exhibits various geometrical transitions as the ratio $\frac{m}{n}$ varies. We consider a {\em coupled} $K$-XORSAT ensemble, consisting of a chain of random XORSAT models that are spatially coupled across a finite window along the chain direction. We observe that the threshold saturation phenomenon takes place for this ensemble and we characterize various properties of the space of solutions of such coupled formulae.Comment: Submitted to ISIT 201

Circuit complexity, proof complexity, and polynomial identity testing

We introduce a new algebraic proof system, which has tight connections to (algebraic) circuit complexity. In particular, we show that any super-polynomial lower bound on any Boolean tautology in our proof system implies that the permanent does not have polynomial-size algebraic circuits (VNP is not equal to VP). As a corollary to the proof, we also show that super-polynomial lower bounds on the number of lines in Polynomial Calculus proofs (as opposed to the usual measure of number of monomials) imply the Permanent versus Determinant Conjecture. Note that, prior to our work, there was no proof system for which lower bounds on an arbitrary tautology implied any computational lower bound. Our proof system helps clarify the relationships between previous algebraic proof systems, and begins to shed light on why proof complexity lower bounds for various proof systems have been so much harder than lower bounds on the corresponding circuit classes. In doing so, we highlight the importance of polynomial identity testing (PIT) for understanding proof complexity. More specifically, we introduce certain propositional axioms satisfied by any Boolean circuit computing PIT. We use these PIT axioms to shed light on AC^0[p]-Frege lower bounds, which have been open for nearly 30 years, with no satisfactory explanation as to their apparent difficulty. We show that either: a) Proving super-polynomial lower bounds on AC^0[p]-Frege implies VNP does not have polynomial-size circuits of depth d - a notoriously open question for d at least 4 - thus explaining the difficulty of lower bounds on AC^0[p]-Frege, or b) AC^0[p]-Frege cannot efficiently prove the depth d PIT axioms, and hence we have a lower bound on AC^0[p]-Frege. Using the algebraic structure of our proof system, we propose a novel way to extend techniques from algebraic circuit complexity to prove lower bounds in proof complexity

Semiconjugate Factorizations of Higher Order Linear Difference Equations in Rings

We study linear difference equations with variable coefficients in a ring using a new nonlinear method. In a ring with identity, if the homogeneous part of the linear equation has a solution in the unit group of the ring (i.e., a unitary solution) then we show that the equation decomposes into two linear equations of lower orders. This decomposition, known as a semiconjugate factorization in the nonlinear theory, generalizes the classical operator factorization in the linear context. Sequences of ratios of consecutive terms of a unitary solution are used to obtain the semiconjugate factorization. Such sequences, known as eigensequences are well-suited to variable coefficients; for instance, they provide a natural context for the expression of the classical Poincar\'{e}-Perron Theorem. We discuss some applications to linear difference equations with periodic coefficients and also derive formulas for the general solutions of linear functional recurrences satisfied by the classical special functions such as the modified Bessel and Chebyshev.Comment: Application of nonlinear semiconjugate factorization theory to linear difference equations with variable coefficients in rings; 29 pages, containing the main theory and more than 8 examples worked out in detai

Quantum Algorithms for Boolean Equation Solving and Quantum Algebraic Attack on Cryptosystems

Decision of whether a Boolean equation system has a solution is an NPC problem and finding a solution is NP hard. In this paper, we present a quantum algorithm to decide whether a Boolean equation system FS has a solution and compute one if FS does have solutions with any given success probability. The runtime complexity of the algorithm is polynomial in the size of FS and the condition number of FS. As a consequence, we give a polynomial-time quantum algorithm for solving Boolean equation systems if their condition numbers are small, say polynomial in the size of FS. We apply our quantum algorithm for solving Boolean equations to the cryptanalysis of several important cryptosystems: the stream cipher Trivum, the block cipher AES, the hash function SHA-3/Keccak, and the multivariate public key cryptosystems, and show that they are secure under quantum algebraic attack only if the condition numbers of the corresponding equation systems are large. This leads to a new criterion for designing cryptosystems that can against the attack of quantum computers: their corresponding equation systems must have large condition numbers