28 research outputs found
Evaluating the Hardness of SAT Instances Using Evolutionary Optimization Algorithms
Propositional satisfiability (SAT) solvers are deemed to be among the most efficient reasoners, which have been successfully used in a wide range of practical applications. As this contrasts the well-known NP-completeness of SAT, a number of attempts have been made in the recent past to assess the hardness of propositional formulas in conjunctive normal form (CNF). The present paper proposes a CNF formula hardness measure which is close in conceptual meaning to the one based on Backdoor set notion: in both cases some subset B of variables in a CNF formula is used to define the hardness of the formula w.r.t. this set. In contrast to the backdoor measure, the new measure does not demand the polynomial decidability of CNF formulas obtained when substituting assignments of variables from B to the original formula. To estimate this measure the paper suggests an adaptive (?,?)-approximation probabilistic algorithm. The problem of looking for the subset of variables which provides the minimal hardness value is reduced to optimization of a pseudo-Boolean black-box function. We apply evolutionary algorithms to this problem and demonstrate applicability of proposed notions and techniques to tests from several families of unsatisfiable CNF formulas
ΠΡΠ°ΠΊΠΈ ΠΈΠ· ΠΊΠ»Π°ΡΡΠ° "ΡΠ³Π°Π΄ΡΠ²Π°ΠΉ ΠΈ ΠΎΠΏΡΠ΅Π΄Π΅Π»ΡΠΉ" ΠΈ Π°Π²ΡΠΎΠΌΠ°ΡΠΈΡΠ΅ΡΠΊΠΈΠ΅ ΡΠΏΠΎΡΠΎΠ±Ρ ΠΈΡ ΠΏΠΎΡΡΡΠΎΠ΅Π½ΠΈΡ
ΠΡΠ΅Π΄ΡΡΠ°Π²Π»Π΅Π½ ΠΊΡΠ°ΡΠΊΠΈΠΉ ΠΎΠ±Π·ΠΎΡ ΠΏΠΎΠ΄Ρ
ΠΎΠ΄ΠΎΠ² ΠΊ ΠΏΠΎΡΡΡΠΎΠ΅Π½ΠΈΡ ΠΊΡΠΈΠΏΡΠΎΠ³ΡΠ°ΡΠΈΡΠ΅ΡΠΊΠΈΡ
Π°ΡΠ°ΠΊ, ΠΎΡΠ½ΠΎΡΡΡΠΈΡ
ΡΡ ΠΊ ΠΊΠ»Π°ΡΡΡ Β«ΡΠ³Π°Π΄ΡΠ²Π°ΠΉ ΠΈ ΠΎΠΏΡΠ΅Π΄Π΅Π»ΡΠΉΒ». ΠΡΠ½ΠΎΠ²Π½ΠΎΠΉ Π°ΠΊΡΠ΅Π½Ρ ΡΠ΄Π΅Π»Π°Π½ Π½Π° ΠΎΡΠ½ΠΎΡΠΈΡΠ΅Π»ΡΠ½ΠΎ Π½Π΅Π΄Π°Π²Π½ΠΈΡ
ΡΠ°Π±ΠΎΡΠ°Ρ
, Π² ΠΊΠΎΡΠΎΡΡΡ
ΠΎΠΏΠΈΡΠ°Π½Ρ Π°Π²ΡΠΎΠΌΠ°ΡΠΈΡΠ΅ΡΠΊΠΈΠ΅ ΡΠΏΠΎΡΠΎΠ±Ρ ΠΏΠΎΡΡΡΠΎΠ΅Π½ΠΈΡ ΡΠ°ΠΊΠΈΡ
Π°ΡΠ°ΠΊ Ρ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°Π½ΠΈΠ΅ΠΌ Π°Π»Π³ΠΎΡΠΈΡΠΌΠΎΠ² ΡΠ΅ΡΠ΅Π½ΠΈΡ ΠΏΡΠΎΠ±Π»Π΅ΠΌΡ Π±ΡΠ»Π΅Π²ΠΎΠΉ Π²ΡΠΏΠΎΠ»Π½ΠΈΠΌΠΎΡΡΠΈ (SAT). Π‘ ΡΡΠΎΠΉ ΡΠ΅Π»ΡΡ Π·Π°Π΄Π°ΡΠΈ ΠΏΠΎΡΡΡΠΎΠ΅Π½ΠΈΡ Π°ΡΠ°ΠΊ ΠΈΠ· ΡΠ°ΡΡΠΌΠ°ΡΡΠΈΠ²Π°Π΅ΠΌΠΎΠ³ΠΎ ΠΊΠ»Π°ΡΡΠ° ΡΡΠ°Π²ΡΡΡΡ ΠΊΠ°ΠΊ Π·Π°Π΄Π°ΡΠΈ ΠΎΠΏΡΠΈΠΌΠΈΠ·Π°ΡΠΈΠΈ Π½Π° Π±ΡΠ»Π΅Π²ΠΎΠΌ Π³ΠΈΠΏΠ΅ΡΠΊΡΠ±Π΅ ΡΠΏΠ΅ΡΠΈΠ°Π»ΡΠ½ΡΡ
ΠΎΡΠ΅Π½ΠΎΡΠ½ΡΡ
ΡΡΠ½ΠΊΡΠΈΠΉ. ΠΠ»Ρ ΡΠ΅ΡΠ΅Π½ΠΈΡ ΠΏΠΎΡΠ»Π΅Π΄Π½ΠΈΡ
ΠΈΡΠΏΠΎΠ»ΡΠ·ΡΡΡΡΡ ΠΌΠ΅ΡΠ°ΡΠ²ΡΠΈΡΡΠΈΡΠ΅ΡΠΊΠΈΠ΅ Π°Π»Π³ΠΎΡΠΈΡΠΌΡ, ΡΠΈΡΠΎΠΊΠΎ ΠΏΡΠΈΠΌΠ΅Π½ΡΠ΅ΠΌΡΠ΅ Π² Π΄ΠΈΡΠΊΡΠ΅ΡΠ½ΠΎΠΉ ΠΎΠΏΡΠΈΠΌΠΈΠ·Π°ΡΠΈΠΈ. Π ΡΠΏΠΎΠΌΡΠ½ΡΡΡΡ
ΡΠ°Π±ΠΎΡΠ°Ρ
Π²Π²Π΅Π΄Π΅Π½Ρ Π΄Π²Π° ΡΠΈΠΏΠ° ΠΎΡΠ΅Π½ΠΎΡΠ½ΡΡ
ΡΡΠ½ΠΊΡΠΈΠΉ, ΠΊΠΎΡΠΎΡΡΠ΅ ΠΌΠΎΠΆΠ½ΠΎ ΡΠ°ΡΡΠΌΠ°ΡΡΠΈΠ²Π°ΡΡ ΠΊΠ°ΠΊ ΠΊΠΎΠ½ΠΊΡΠ΅ΡΠΈΠ·Π°ΡΠΈΠΈ ΠΏΠΎΠ½ΡΡΠΈΠΉ Β«UNSAT-ΠΈΠΌΠΌΡΠ½Π½ΠΎΡΡΡΒ» ΠΈ Β«SAT-ΠΈΠΌΠΌΡΠ½Π½ΠΎΡΡΡΒ», Π½Π΅ΡΠΎΡΠΌΠ°Π»ΡΠ½ΠΎ Π²Π²Π΅Π΄ΡΠ½Π½ΡΡ
Π. ΠΡΡΡΡΠ° Π² 2012 Π³. ΠΡΠΈΠ²Π΅Π΄Π΅Π½Ρ ΠΏΡΠΈΠΌΠ΅ΡΡ ΠΏΠΎΡΡΡΠΎΠ΅Π½ΠΈΡ Π°ΡΠ°ΠΊ ΡΠΊΠ°Π·Π°Π½Π½ΠΎΠ³ΠΎ ΡΠΈΠΏΠ° Π΄Π»Ρ ΡΡΠ΄Π° Π±Π»ΠΎΡΠ½ΡΡ
ΠΈ ΠΏΠΎΡΠΎΡΠ½ΡΡ
Π°Π»Π³ΠΎΡΠΈΡΠΌΠΎΠ² ΡΠΈΡΡΠΎΠ²Π°Π½ΠΈΡ
Inverting Cryptographic Hash Functions via Cube-and-Conquer
MD4 and MD5 are seminal cryptographic hash functions proposed in early 1990s.
MD4 consists of 48 steps and produces a 128-bit hash given a message of
arbitrary finite size. MD5 is a more secure 64-step extension of MD4. Both MD4
and MD5 are vulnerable to practical collision attacks, yet it is still not
realistic to invert them, i.e. to find a message given a hash. In 2007, the
39-step version of MD4 was inverted via reducing to SAT and applying a CDCL
solver along with the so-called Dobbertin's constraints. As for MD5, in 2012
its 28-step version was inverted via a CDCL solver for one specified hash
without adding any additional constraints. In this study, Cube-and-Conquer (a
combination of CDCL and lookahead) is applied to invert step-reduced versions
of MD4 and MD5. For this purpose, two algorithms are proposed. The first one
generates inversion problems for MD4 by gradually modifying the Dobbertin's
constraints. The second algorithm tries the cubing phase of Cube-and-Conquer
with different cutoff thresholds to find the one with minimal runtime
estimation of the conquer phase. This algorithm operates in two modes: (i)
estimating the hardness of a given propositional Boolean formula; (ii)
incomplete SAT-solving of a given satisfiable propositional Boolean formula.
While the first algorithm is focused on inverting step-reduced MD4, the second
one is not area-specific and so is applicable to a variety of classes of hard
SAT instances. In this study, 40-, 41-, 42-, and 43-step MD4 are inverted for
the first time via the first algorithm and the estimating mode of the second
algorithm. 28-step MD5 is inverted for four hashes via the incomplete
SAT-solving mode of the second algorithm. For three hashes out of them this is
done for the first time.Comment: 40 pages, 11 figures. A revised submission to JAI
CDCL(Crypto) and Machine Learning based SAT Solvers for Cryptanalysis
Over the last two decades, we have seen a dramatic improvement in the efficiency of conflict-driven clause-learning Boolean satisfiability (CDCL SAT) solvers over industrial problems from a variety of applications such as verification, testing, security, and AI. The availability of such powerful general-purpose search tools as the SAT solver has led many researchers to propose SAT-based methods for cryptanalysis, including techniques for finding collisions in hash functions and breaking symmetric encryption schemes.
A feature of all of the previously proposed SAT-based cryptanalysis work is that they are \textit{blackbox}, in the sense that the cryptanalysis problem is encoded as a SAT instance and then a CDCL SAT solver is invoked to solve said instance. A weakness of this approach is that the encoding thus generated may be too large for any modern solver to solve it efficiently. Perhaps a more important weakness of this approach is that the solver is in no way specialized or tuned to solve the given instance. Finally, very little work has been done to leverage parallelism in the context of SAT-based cryptanalysis.
To address these issues, we developed a set of methods that improve on the state-of-the-art SAT-based cryptanalysis along three fronts. First, we describe an approach called \cdcl (inspired by the CDCL() paradigm) to tailor the internal subroutines of the CDCL SAT solver with domain-specific knowledge about cryptographic primitives. Specifically, we extend the propagation and conflict analysis subroutines of CDCL solvers with specialized codes that have knowledge about the cryptographic primitive being analyzed by the solver. We demonstrate the power of this framework in two cryptanalysis tasks of algebraic fault attack and differential cryptanalysis of SHA-1 and SHA-256 cryptographic hash functions. Second, we propose a machine-learning based parallel SAT solver that performs well on cryptographic problems relative to many state-of-the-art parallel SAT solvers. Finally, we use a formulation of SAT into Bayesian moment matching to address heuristic initialization problem in SAT solvers
Towards Thompson Sampling for Complex Bayesian Reasoning
Paper III, IV, and VI are not available as a part of the dissertation due to the copyright.Thompson Sampling (TS) is a state-of-art algorithm for bandit problems set in a Bayesian framework. Both the theoretical foundation and the empirical efficiency of TS is wellexplored for plain bandit problems. However, the Bayesian underpinning of TS means that TS could potentially be applied to other, more complex, problems as well, beyond the bandit problem, if suitable Bayesian structures can be found.
The objective of this thesis is the development and analysis of TS-based schemes for more complex optimization problems, founded on Bayesian reasoning. We address several complex optimization problems where the previous state-of-art relies on a relatively myopic perspective on the problem. These includes stochastic searching on the line, the Goore game, the knapsack problem, travel time estimation, and equipartitioning. Instead of employing Bayesian reasoning to obtain a solution, they rely on carefully engineered rules. In all brevity, we recast each of these optimization problems in a Bayesian framework, introducing dedicated TS based solution schemes. For all of the addressed problems, the results show that besides being more effective, the TS based approaches we introduce are also capable of solving more adverse versions of the problems, such as dealing with stochastic liars.publishedVersio