Strong Extension-Free Proof Systems

We introduce proof systems for propositional logic that admit short proofs of hard formulas as well as the succinct expression of most techniques used by modern SAT solvers. Our proof systems allow the derivation of clauses that are not necessarily implied, but which are redundant in the sense that their addition preserves satisfiability. To guarantee that these added clauses are redundant, we consider various efficiently decidable redundancy criteria which we obtain by first characterizing clause redundancy in terms of a semantic implication relationship and then restricting this relationship so that it becomes decidable in polynomial time. As the restricted implication relation is based on unit propagation—a core technique of SAT solvers—it allows efficient proof checking too. The resulting proof systems are surprisingly strong, even without the introduction of new variables—a key feature of short proofs presented in the proof-complexity literature. We demonstrate the strength of our proof systems on the famous pigeon hole formulas by providing short clausal proofs without new variables

Unsatisfiability proofs for distributed clause-sharing SAT solvers

Distributed clause-sharing SAT solvers can solve problems up to one hundred times faster than sequential SAT solvers by sharing derived information among multiple sequential solvers working on the same problem. Unlike sequential solvers, however, distributed solvers have not been able to produce proofs of unsatisfiability in a scalable manner, which has limited their use in critical applications. In this paper, we present a method to produce unsatisfiability proofs for distributed SAT solvers by combining the partial proofs produced by each sequential solver into a single, linear proof. Our approach is more scalable and general than previous explorations for parallel clause-sharing solvers, allowing use on distributed solvers without shared memory. We propose a simple sequential algorithm as well as a fully distributed algorithm for proof composition. Our empirical evaluation shows that for large-scale distributed solvers (100 nodes of 16 cores each), our distributed approach allows reliable proof composition and checking with reasonable overhead. We analyze the overhead and discuss how and where future efforts may further improve performance

On Transforming Answer-Set Programs Towards Natural-Language Representations

Abweichender Titel laut Übersetzung der Verfasserin/des VerfassersZsfassung in dt. SpracheAnswer-set programming is a logic-programming formalism which has proven to be exceptionally well-suited for knowledge representation, reasoning, and solving complex search problems. Its fully declarative nature together with its simple and clear syntax allow for the formulation of compact problem specifications. While many answer-set programs may be relatively easy to understand for a programmer, their meaning may be rather hard to grasp for persons without a background in logic programming. Since many real world problems from various domains can be formulated within answer-set programming, it would be useful to translate answer-set programs into a form which is easier to understand and closer to natural language. In this thesis, we introduce some results which should help making such a translation possible. First, we analyse the structure of a given program: Most answer-set programs follow the so-called generate-define-test paradigm. Within this paradigm, a program is seen to consist of three different parts, called generate, define, and test. We introduce a formal definition of these three parts and develop an algorithm which classifies the rules of a given program accordingly. For the implementation of this algorithm, we make use of techniques from meta-programming, meaning that we write a logic program which operates on other logic programs. Following this, we also discuss how the rules of a program should be ordered before they are translated into some form of natural language. A straightforward translation of program rules into a form of natural language may yield rather clumsy results in general. One reason for this is that many real-world programs use more than one rule to define something which a human would explain within a single sentence. We thus introduce a generalisation of the well-known partial evaluation transformation which helps us to transform a given program into another program that is easier to translate. An important requirement for such a transformation is that it preserves equivalence, i.e., that it does not change the meaning of the original program. To this end, we use a notion of equivalence called relativised uniform equivalence which is stronger than ordinary equivalence but weaker than uniform equivalence. As a key result, we prove that our transformation preserves relativised uniform equivalence, which yields the straightforward corollary that it preserves ordinary equivalence over the answer-set semantics too.9

QRAT Polynomially Simulates \forall-Exp+Res

The proof system \forall-Exp+Res formally captures expansion-based solving of quantified Boolean formulas (QBFs) whereas the QRAT proof system captures QBF preprocessing. From previous work it is known that certain families of formulas have short proofs in QRAT, but not in \forall-Exp+Res. However, it was not known if the two proof systems were incomparable (i.e., if there also existed formulas with short \forall-Exp+Res proofs but without short QRAT proofs), or if QRAT polynomially simulates \forall-Exp+Res. We close this gap of the QBF proof-complexity landscape by presenting a polynomial simulation of \forall-Exp+Res in QRAT

A Formal Analysis of IEEE 802.11’s WPA2: Countering the Kracks Caused by Cracking the Counters

The IEEE 802.11 WPA2 protocol is widely used across the globe to protect network connections. The protocol, which is specified on more than three-thousand pages and has received various patches over the years, is extremely complex and therefore hard to analyze. In particular, it involves various mechanisms that interact with each other in subtle ways, which offers little hope for modular reasoning. Perhaps because of this, there exists no formal or cryptographic argument that shows that the patches to the core protocol indeed prevent the corresponding attacks, such as, e.g., the notorious KRACK attacks from 2017. In this work, we address this situation and present an extensive formal analysis of the WPA2 protocol design. Our model is the first that is detailed enough to detect the KRACK attacks; it includes mechanisms such as the four-way handshake, the group-key handshake, WNM sleep mode, the data-confidentiality protocol, and their complex interactions. Our analysis provides the first security argument, in any formalism, that the patched WPA2 protocol meets its claimed security guarantees in the face of complex modern attacks

Local Redundancy in SAT: Generalizations of Blocked Clauses

Clause-elimination procedures that simplify formulas in conjunctive normal form play an important role in modern SAT solving. Before or during the actual solving process, such procedures identify and remove clauses that are irrelevant to the solving result. These simplifications usually rely on so-called redundancy properties that characterize cases in which the removal of a clause does not affect the satisfiability status of a formula. One particularly successful redundancy property is that of blocked clauses, because it generalizes several other redundancy properties. To find out whether a clause is blocked---and therefore redundant---one only needs to consider its resolution environment, i.e., the clauses with which it can be resolved. For this reason, we say that the redundancy property of blocked clauses is local. In this paper, we show that there exist local redundancy properties that are even more general than blocked clauses. We present a semantic notion of blocking and prove that it constitutes the most general local redundancy property. We furthermore introduce the syntax-based notions of set-blocking and super-blocking, and show that the latter coincides with our semantic blocking notion. In addition, we show how semantic blocking can be alternatively characterized via Davis and Putnam's rule for eliminating atomic formulas. Finally, we perform a detailed complexity analysis and relate our novel redundancy properties to prominent redundancy properties from the literature

Super-Blocked Clauses

The final publication is available via https://doi.org/10.1007/978-3-319-40229-1_5.In theory and practice of modern SAT solving, clause-elimination procedures are essential for simplifying formulas in conjunctive normal form (CNF). Such procedures identify redundant clauses and faithfully remove them, either before solving in a preprocessing phase or during solving, resulting in a considerable speed up of the SAT solver. A wide number of effective clause-elimination procedures is based on the clause-redundancy property called blocked clauses. For checking if a clause C is blocked in a formula F, only those clauses of F that are resolvable with C have to be considered. Hence, the blocked-clauses redundancy property can be said to be local. In this paper, we argue that the established definitions of blocked clauses are not in their most general form. We introduce more powerful generalizations, called set-blocked clauses and super-blocked clauses, respectively. Both can still be checked locally, and for the latter it can even be shown that it is the most general local redundancy property. Furthermore, we relate these new notions to existing clause-redundancy properties and give a detailed complexity analysis.Austrian Science Funds (FWF

Local Redundancy in SAT: Generalizations of Blocked Clauses

Clause-elimination procedures that simplify formulas in conjunctive normalform play an important role in modern SAT solving. Before or during the actualsolving process, such procedures identify and remove clauses that areirrelevant to the solving result. These simplifications usually rely onso-called redundancy properties that characterize cases in which the removal ofa clause does not affect the satisfiability status of a formula. Oneparticularly successful redundancy property is that of blocked clauses, becauseit generalizes several other redundancy properties. To find out whether aclause is blocked---and therefore redundant---one only needs to consider itsresolution environment, i.e., the clauses with which it can be resolved. Forthis reason, we say that the redundancy property of blocked clauses is local.In this paper, we show that there exist local redundancy properties that areeven more general than blocked clauses. We present a semantic notion ofblocking and prove that it constitutes the most general local redundancyproperty. We furthermore introduce the syntax-based notions of set-blocking andsuper-blocking, and show that the latter coincides with our semantic blockingnotion. In addition, we show how semantic blocking can be alternativelycharacterized via Davis and Putnam's rule for eliminating atomic formulas.Finally, we perform a detailed complexity analysis and relate our novelredundancy properties to prominent redundancy properties from the literature

Migrating Solver State

We present approaches to store and restore the state of a SAT solver, allowing us to migrate the state between different compute resources, or even between different solvers. This can be used in many ways, e.g., to improve the fault tolerance of solvers, to schedule SAT problems on a restricted number of cores, or to use dedicated preprocessing tools for inprocessing. We identify a minimum viable subset of the solver state to migrate such that the loss of performance is small. We then present and implement two different approaches to state migration: one approach stores the state at the end of a solver run whereas the other approach stores the state continuously as part of the proof trace. We show that our approaches enable the generation of correct models and valid unsatisfiability proofs. Experimental results confirm that the overhead is reasonable and that in several cases solver performance actually improves

Clone Detection in Secure Messaging: Improving Post-Compromise Security in Practice

We investigate whether modern messaging apps achieve the strong post-compromise security guarantees offered by their underlying protocols. In particular, we perform a black-box experiment in which a user becomes the victim of a clone attack; in this attack,the user’s full state (including identity keys) is compromised by an attacker who clones their device and then later attempts to impersonate them, using the app through its user interface.Our attack should be prevented by protocols that offer post-compromise security, and thus, by all apps that are based on Signal’s double-ratchet algorithm (for instance, the Signal app, WhatsApp,and Facebook Secret Conversations). Our experiments reveal that this is not the case: most deployed messaging apps fall far short of the security that their underlying mechanisms suggest. We conjecture that this security gap is a result of many apps trading security for usability, by tolerating certain forms of desynchronization. We show that the tolerance of desynchronization necessarily leads to loss of post-compromise security in the strict sense, but we also show that more security can be retained than is currently offered in practice. Concretely, we present a modified version of the double-ratchet algorithm that tolerates forms of desynchronization while still being able to detect cloning activity.Moreover, we formally analyze our algorithm using the Tamarin prover to show that it achieves the desired security properties