105 research outputs found
Recommended from our members
Invertibility Conditions for Floating-Point Formulae
Automated reasoning procedures are essential for a number of applications that involve bit-exact floating-point computations. This paper presents conditions that characterize when a variable in a floating-point constraint has a solution, which we call invertibility conditions. We describe a novel workflow that combines human interaction and a syntax-guided synthesis (SyGuS) solver that was used for discovering these conditions. We verify our conditions for several floating-point formats. One implication of this result is that a fragment of floating-point arithmetic admits compact quantifier elimination. We implement our invertibility conditions in a prototype extension of our solver CVC4, showing their usefulness for solving quantified constraints over floating-points
On QBF Proofs and Preprocessing
QBFs (quantified boolean formulas), which are a superset of propositional
formulas, provide a canonical representation for PSPACE problems. To overcome
the inherent complexity of QBF, significant effort has been invested in
developing QBF solvers as well as the underlying proof systems. At the same
time, formula preprocessing is crucial for the application of QBF solvers. This
paper focuses on a missing link in currently-available technology: How to
obtain a certificate (e.g. proof) for a formula that had been preprocessed
before it was given to a solver? The paper targets a suite of commonly-used
preprocessing techniques and shows how to reconstruct certificates for them. On
the negative side, the paper discusses certain limitations of the
currently-used proof systems in the light of preprocessing. The presented
techniques were implemented and evaluated in the state-of-the-art QBF
preprocessor bloqqer.Comment: LPAR 201
SAT-Based Synthesis Methods for Safety Specs
Automatic synthesis of hardware components from declarative specifications is
an ambitious endeavor in computer aided design. Existing synthesis algorithms
are often implemented with Binary Decision Diagrams (BDDs), inheriting their
scalability limitations. Instead of BDDs, we propose several new methods to
synthesize finite-state systems from safety specifications using decision
procedures for the satisfiability of quantified and unquantified Boolean
formulas (SAT-, QBF- and EPR-solvers). The presented approaches are based on
computational learning, templates, or reduction to first-order logic. We also
present an efficient parallelization, and optimizations to utilize reachability
information and incremental solving. Finally, we compare all methods in an
extensive case study. Our new methods outperform BDDs and other existing work
on some classes of benchmarks, and our parallelization achieves a super-linear
speedup. This is an extended version of [5], featuring an additional appendix.Comment: Extended version of a paper at VMCAI'1
Incremental QBF Solving
We consider the problem of incrementally solving a sequence of quantified
Boolean formulae (QBF). Incremental solving aims at using information learned
from one formula in the process of solving the next formulae in the sequence.
Based on a general overview of the problem and related challenges, we present
an approach to incremental QBF solving which is application-independent and
hence applicable to QBF encodings of arbitrary problems. We implemented this
approach in our incremental search-based QBF solver DepQBF and report on
implementation details. Experimental results illustrate the potential benefits
of incremental solving in QBF-based workflows.Comment: revision (camera-ready, to appear in the proceedings of CP 2014,
LNCS, Springer
DepQBF 6.0: A Search-Based QBF Solver Beyond Traditional QCDCL
We present the latest major release version 6.0 of the quantified Boolean
formula (QBF) solver DepQBF, which is based on QCDCL. QCDCL is an extension of
the conflict-driven clause learning (CDCL) paradigm implemented in state of the
art propositional satisfiability (SAT) solvers. The Q-resolution calculus
(QRES) is a QBF proof system which underlies QCDCL. QCDCL solvers can produce
QRES proofs of QBFs in prenex conjunctive normal form (PCNF) as a byproduct of
the solving process. In contrast to traditional QCDCL based on QRES, DepQBF 6.0
implements a variant of QCDCL which is based on a generalization of QRES. This
generalization is due to a set of additional axioms and leaves the original
Q-resolution rules unchanged. The generalization of QRES enables QCDCL to
potentially produce exponentially shorter proofs than the traditional variant.
We present an overview of the features implemented in DepQBF and report on
experimental results which demonstrate the effectiveness of generalized QRES in
QCDCL.Comment: 12 pages + appendix; to appear in the proceedings of CADE-26, LNCS,
Springer, 201
The Frequency Dependence of Critical-velocity Behavior in Oscillatory Flow of Superfluid Helium-4 Through a 2-micrometer by 2-micrometer Aperture in a Thin Foil
The critical-velocity behavior of oscillatory superfluid Helium-4 flow
through a 2-micrometer by 2-micrometer aperture in a 0.1-micrometer-thick foil
has been studied from 0.36 K to 2.10 K at frequencies from less than 50 Hz up
to above 1880 Hz. The pressure remained less than 0.5 bar. In early runs during
which the frequency remained below 400 Hz, the critical velocity was a
nearly-linearly decreasing function of increasing temperature throughout the
region of temperature studied. In runs at the lowest frequencies, isolated 2 Pi
phase slips could be observed at the onset of dissipation. In runs with
frequencies higher than 400 Hz, downward curvature was observed in the decrease
of critical velocity with increasing temperature. In addition, above 500 Hz an
alteration in supercritical behavior was seen at the lower temperatures,
involving the appearance of large energy-loss events. These irregular events
typically lasted a few tens of half-cycles of oscillation and could involve
hundreds of times more energy loss than would have occurred in a single
complete 2 Pi phase slip at maximum flow. The temperatures at which this
altered behavior was observed rose with frequency, from ~ 0.6 K and below, at
500 Hz, to ~ 1.0 K and below, at 1880 Hz.Comment: 35 pages, 13 figures, prequel to cond-mat/050203
Mind the Gap - A Closer Look at the Security of Block Ciphers against Differential Cryptanalysis
Resistance against differential cryptanalysis is an important design criteria for any modern block cipher and most designs rely on finding some upper bound on probability of single differential characteristics. However, already at EUROCRYPT'91, Lai et al. comprehended that differential cryptanalysis rather uses differentials instead of single characteristics.
In this paper, we consider exactly the gap between these two approaches and investigate this gap in the context of recent lightweight cryptographic primitives. This shows that for many recent designs like Midori, Skinny or Sparx one has to be careful as bounds from counting the number of active S-boxes only give an inaccurate evaluation of the best differential distinguishers. For several designs we found new differential distinguishers and show how this gap evolves. We found an 8-round differential distinguisher for Skinny-64 with a probability of 2−56.932−56.93, while the best single characteristic only suggests a probability of 2−722−72. Our approach is integrated into publicly available tools and can easily be used when developing new cryptographic primitives.
Moreover, as differential cryptanalysis is critically dependent on the distribution over the keys for the probability of differentials, we provide experiments for some of these new differentials found, in order to confirm that our estimates for the probability are correct. While for Skinny-64 the distribution over the keys follows a Poisson distribution, as one would expect, we noticed that Speck-64 follows a bimodal distribution, and the distribution of Midori-64 suggests a large class of weak keys
A Bit-Vector Differential Model for the Modular Addition by a Constant
ARX algorithms are a class of symmetric-key algorithms constructed by Addition, Rotation, and XOR, which achieve the best software performances in low-end microcontrollers. To evaluate the resistance of an ARX cipher against differential cryptanalysis and its variants, the recent automated methods employ constraint satisfaction solvers, such as SMT solvers, to search for optimal characteristics. The main difficulty to formulate this search as a constraint satisfaction problem is obtaining the differential models of the non-linear operations, that is, the constraints describing the differential probability of each non-linear operation of the cipher. While an efficient bit-vector differential model was obtained for the modular addition with two variable inputs, no differential model for the modular addition by a constant has been proposed so far, preventing ARX ciphers including this operation from being evaluated with automated methods.
In this paper, we present the first bit-vector differential model for the n-bit modular addition by a constant input. Our model contains O(log2(n)) basic bit-vector constraints and describes the binary logarithm of the differential probability. We also represent an SMT-based automated method to look for differential characteristics of ARX, including constant additions, and we provide an open-source tool ArxPy to find ARX differential characteristics in a fully automated way. To provide some examples, we have searched for related-key differential characteristics of TEA, XTEA, HIGHT, and LEA, obtaining better results than previous works. Our differential model and our automated tool allow cipher designers to select the best constant inputs for modular additions and cryptanalysts to evaluate the resistance of ARX ciphers against differential attacks.acceptedVersio
- …