Incremental QBF Solving

We consider the problem of incrementally solving a sequence of quantified Boolean formulae (QBF). Incremental solving aims at using information learned from one formula in the process of solving the next formulae in the sequence. Based on a general overview of the problem and related challenges, we present an approach to incremental QBF solving which is application-independent and hence applicable to QBF encodings of arbitrary problems. We implemented this approach in our incremental search-based QBF solver DepQBF and report on implementation details. Experimental results illustrate the potential benefits of incremental solving in QBF-based workflows.Comment: revision (camera-ready, to appear in the proceedings of CP 2014, LNCS, Springer

On QBF Proofs and Preprocessing

QBFs (quantified boolean formulas), which are a superset of propositional formulas, provide a canonical representation for PSPACE problems. To overcome the inherent complexity of QBF, significant effort has been invested in developing QBF solvers as well as the underlying proof systems. At the same time, formula preprocessing is crucial for the application of QBF solvers. This paper focuses on a missing link in currently-available technology: How to obtain a certificate (e.g. proof) for a formula that had been preprocessed before it was given to a solver? The paper targets a suite of commonly-used preprocessing techniques and shows how to reconstruct certificates for them. On the negative side, the paper discusses certain limitations of the currently-used proof systems in the light of preprocessing. The presented techniques were implemented and evaluated in the state-of-the-art QBF preprocessor bloqqer.Comment: LPAR 201

Mind the Gap - A Closer Look at the Security of Block Ciphers against Differential Cryptanalysis

Resistance against differential cryptanalysis is an important design criteria for any modern block cipher and most designs rely on finding some upper bound on probability of single differential characteristics. However, already at EUROCRYPT'91, Lai et al. comprehended that differential cryptanalysis rather uses differentials instead of single characteristics. In this paper, we consider exactly the gap between these two approaches and investigate this gap in the context of recent lightweight cryptographic primitives. This shows that for many recent designs like Midori, Skinny or Sparx one has to be careful as bounds from counting the number of active S-boxes only give an inaccurate evaluation of the best differential distinguishers. For several designs we found new differential distinguishers and show how this gap evolves. We found an 8-round differential distinguisher for Skinny-64 with a probability of 2−56.932−56.93, while the best single characteristic only suggests a probability of 2−722−72. Our approach is integrated into publicly available tools and can easily be used when developing new cryptographic primitives. Moreover, as differential cryptanalysis is critically dependent on the distribution over the keys for the probability of differentials, we provide experiments for some of these new differentials found, in order to confirm that our estimates for the probability are correct. While for Skinny-64 the distribution over the keys follows a Poisson distribution, as one would expect, we noticed that Speck-64 follows a bimodal distribution, and the distribution of Midori-64 suggests a large class of weak keys

A Bit-Vector Differential Model for the Modular Addition by a Constant

ARX algorithms are a class of symmetric-key algorithms constructed by Addition, Rotation, and XOR, which achieve the best software performances in low-end microcontrollers. To evaluate the resistance of an ARX cipher against differential cryptanalysis and its variants, the recent automated methods employ constraint satisfaction solvers, such as SMT solvers, to search for optimal characteristics. The main difficulty to formulate this search as a constraint satisfaction problem is obtaining the differential models of the non-linear operations, that is, the constraints describing the differential probability of each non-linear operation of the cipher. While an efficient bit-vector differential model was obtained for the modular addition with two variable inputs, no differential model for the modular addition by a constant has been proposed so far, preventing ARX ciphers including this operation from being evaluated with automated methods. In this paper, we present the first bit-vector differential model for the n-bit modular addition by a constant input. Our model contains O(log2(n)) basic bit-vector constraints and describes the binary logarithm of the differential probability. We also represent an SMT-based automated method to look for differential characteristics of ARX, including constant additions, and we provide an open-source tool ArxPy to find ARX differential characteristics in a fully automated way. To provide some examples, we have searched for related-key differential characteristics of TEA, XTEA, HIGHT, and LEA, obtaining better results than previous works. Our differential model and our automated tool allow cipher designers to select the best constant inputs for modular additions and cryptanalysts to evaluate the resistance of ARX ciphers against differential attacks.acceptedVersio

Hysteresis, switching and anomalous behaviour of a quartz tuning fork in superfluid 4He

We have been studying the behaviour of commercial quartz tuning forks immersed in superfluid 4He and driven at resonance. For one of the forks we have observed hysteresis and switching between linear and non-linear damping regimes at temperatures below 10 mK. We associate linear damping with pure potential flow around the prongs of the fork, and non-linear damping with the production of vortex lines in a turbulent regime. At appropriate prong velocities, we have observed metastability of both the linear and the turbulent flow states, and a region of intermittency where the flow switched back and forth between each state. For the same fork, we have also observed anomalous behaviour in the linear regime, with large excursions in both damping, resonant frequency, and the tip velocity as a function of driving force

On the Transition to Turbulence of Oscillatory Flow of Liquid Helium-4

Oscillating solid bodies have frequently been used for studying the properties of normal and superfluid helium. In particular, the transition from laminar flow to turbulence has attracted much interest recently. The purpose of this note is to review several central features of this transition in oscillatory flow, which have been inaccurately formulated in some recent work

Transition to turbulence for a quartz tuning fork in superfluid He-4

We have studied the resonance of a commercial quartz tuning fork immersed in superfluid He-4, at temperatures between 5 mK and 1 K, and at pressures between zero and 25 bar. The force-velocity curves for the tuning fork show a linear damping force at low velocities. On increasing velocity we see a transition corresponding to the appearance of extra drag due to quantized vortex lines in the superfluid. We loosely call this extra contribution "turbulent drag". The turbulent drag force, obtained after subtracting a linear damping force, is independent of pressure and temperature below 1 K, and is easily fitted by an empirical formula. The transition from linear damping (laminar flow) occurs at a well-defined critical velocity that has the same value for the pressures and temperatures that we have measured. Later experiments using the same fork in a new cell revealed different behaviour, with the velocity stepping discontinuously at the transition, somewhat similar to previous observations on vibrating wire resonators and oscillating spheres. We compare and contrast the observed behaviour of the superfluid drag and inertial forces with that measured for vibrating wires