SAT Based Attacks on SipHash

SipHash is a proposed pseudorandom function (PRF) that is optimized for small message inputs. It is intended to be used as a message-authentication code (MAC). It uses a 128-bit secret key to compute the tag of a message. This project uses SAT based attacks on the primitive to perform partial key recovery and compares the effectiveness of these attacks against standard brute force approach that involves trying all possible combinations for the key bits. The primitive is converted into CNF and fed to an off-the-shelf SAT solver. The solver uses clause learning and if satisfiable, returns a set of values for the missing key bits. It also reports the number of conflicts that occurred before a solution was found. This is repeated several times for varying number of missing key bits and different versions of SipHash. It is then compared to the number of attempts to retrieve the missing key bits using brute force and the results are analyzed to check the effectiveness of SAT based attacks. iv Contents Abstract......................................

The Algebra Problem

The long-term goal of our research is to develop a top-down transformation-based and cost-based optimizer for object queries. Relational optimization techniques have been widely and successfully adopted. Thus, the primary task of object query optimization is to adapt relational techniques, and meanwhile to invent new techniques, to address the new features in object query languages such as method invocation, path expressions, user-defined data type, reference attributes, collection-valued attributes and multiple collection types. Previous work [GM93, H95, S98] dealt with path expressions, method invocation and user-defined data types. Multiple collection types and collection-valued attributes (CVAs), being important features, have not been investigated thoroughly regarding their impact on traditional optimization techniques. This thesis proposed an algebraic framework for object query optimization with attention paid to multiplecollection types and CVAs. In the following, we first observe the problems in building a costbased object query optimizer using the current body of knowledge. Then we present our solutions to these problems. Finally, we report the current status of this research

A random walk approach to sampling hidden databases

A large part of the data on the World Wide Web is hidden behind form-like interfaces. These interfaces interact with a hidden back-end database to provide answers to user queries. Generating a uniform random sample of this hidden database by using only the publicly available interface gives us access to the underlying data distribution. In this thesis, we propose a random walk scheme over the query space provided by the interface to sample such databases. We discuss variants where the query space is visualized as a fixed and random ordering of attributes. We also propose techniques to further improve the sample quality by using a probabilistic rejection based approach and conduct extensive experiments to illustrate the accuracy and efficiency of our techniques.\u