269 research outputs found
Automatic Verification of Erlang-Style Concurrency
This paper presents an approach to verify safety properties of Erlang-style,
higher-order concurrent programs automatically. Inspired by Core Erlang, we
introduce Lambda-Actor, a prototypical functional language with
pattern-matching algebraic data types, augmented with process creation and
asynchronous message-passing primitives. We formalise an abstract model of
Lambda-Actor programs called Actor Communicating System (ACS) which has a
natural interpretation as a vector addition system, for which some verification
problems are decidable. We give a parametric abstract interpretation framework
for Lambda-Actor and use it to build a polytime computable, flow-based,
abstract semantics of Lambda-Actor programs, which we then use to bootstrap the
ACS construction, thus deriving a more accurate abstract model of the input
program. We have constructed Soter, a tool implementation of the verification
method, thereby obtaining the first fully-automatic, infinite-state model
checker for a core fragment of Erlang. We find that in practice our abstraction
technique is accurate enough to verify an interesting range of safety
properties. Though the ACS coverability problem is Expspace-complete, Soter can
analyse these verification problems surprisingly efficiently.Comment: 12 pages plus appendix, 4 figures, 1 table. The tool is available at
http://mjolnir.cs.ox.ac.uk/soter
Integer Vector Addition Systems with States
This paper studies reachability, coverability and inclusion problems for
Integer Vector Addition Systems with States (ZVASS) and extensions and
restrictions thereof. A ZVASS comprises a finite-state controller with a finite
number of counters ranging over the integers. Although it is folklore that
reachability in ZVASS is NP-complete, it turns out that despite their
naturalness, from a complexity point of view this class has received little
attention in the literature. We fill this gap by providing an in-depth analysis
of the computational complexity of the aforementioned decision problems. Most
interestingly, it turns out that while the addition of reset operations to
ordinary VASS leads to undecidability and Ackermann-hardness of reachability
and coverability, respectively, they can be added to ZVASS while retaining
NP-completness of both coverability and reachability.Comment: 17 pages, 2 figure
The ideal view on Rackoff's coverability technique
Rackoffâs small witness property for the coverability problem is the standard means to prove tight upper bounds in vector addition systems (VAS) and many extensions. We show how to derive the same bounds directly on the computations of the VAS instantiation of the generic backward coverability algorithm. This relies on a dual view of the algorithm using ideal decompositions of downwards-closed sets, which exhibits a key structural invariant in the VAS case. The same reasoning readily generalises to several VAS extensions
On Boundedness Problems for Pushdown Vector Addition Systems
We study pushdown vector addition systems, which are synchronized products of
pushdown automata with vector addition systems. The question of the boundedness
of the reachability set for this model can be refined into two decision
problems that ask if infinitely many counter values or stack configurations are
reachable, respectively.
Counter boundedness seems to be the more intricate problem. We show
decidability in exponential time for one-dimensional systems. The proof is via
a small witness property derived from an analysis of derivation trees of
grammar-controlled vector addition systems
Approaching the Coverability Problem Continuously
The coverability problem for Petri nets plays a central role in the
verification of concurrent shared-memory programs. However, its high
EXPSPACE-complete complexity poses a challenge when encountered in real-world
instances. In this paper, we develop a new approach to this problem which is
primarily based on applying forward coverability in continuous Petri nets as a
pruning criterion inside a backward coverability framework. A cornerstone of
our approach is the efficient encoding of a recently developed polynomial-time
algorithm for reachability in continuous Petri nets into SMT. We demonstrate
the effectiveness of our approach on standard benchmarks from the literature,
which shows that our approach decides significantly more instances than any
existing tool and is in addition often much faster, in particular on large
instances.Comment: 18 pages, 4 figure
Chosen-ciphertext security from subset sum
We construct a public-key encryption (PKE) scheme whose
security is polynomial-time equivalent to the hardness of the Subset Sum problem. Our scheme achieves the standard notion of indistinguishability against chosen-ciphertext attacks (IND-CCA) and can be used to encrypt messages of arbitrary polynomial length, improving upon a previous construction by Lyubashevsky, Palacio, and Segev (TCC 2010) which achieved only the weaker notion of semantic security (IND-CPA) and whose concrete security decreases with the length of the message being encrypted. At the core of our construction is a trapdoor technique which originates in the work of Micciancio and Peikert (Eurocrypt 2012
Forward Analysis and Model Checking for Trace Bounded WSTS
We investigate a subclass of well-structured transition systems (WSTS), the
bounded---in the sense of Ginsburg and Spanier (Trans. AMS 1964)---complete
deterministic ones, which we claim provide an adequate basis for the study of
forward analyses as developed by Finkel and Goubault-Larrecq (Logic. Meth.
Comput. Sci. 2012). Indeed, we prove that, unlike other conditions considered
previously for the termination of forward analysis, boundedness is decidable.
Boundedness turns out to be a valuable restriction for WSTS verification, as we
show that it further allows to decide all -regular properties on the
set of infinite traces of the system
Composability in quantum cryptography
In this article, we review several aspects of composability in the context of
quantum cryptography. The first part is devoted to key distribution. We discuss
the security criteria that a quantum key distribution protocol must fulfill to
allow its safe use within a larger security application (e.g., for secure
message transmission). To illustrate the practical use of composability, we
show how to generate a continuous key stream by sequentially composing rounds
of a quantum key distribution protocol. In a second part, we take a more
general point of view, which is necessary for the study of cryptographic
situations involving, for example, mutually distrustful parties. We explain the
universal composability framework and state the composition theorem which
guarantees that secure protocols can securely be composed to larger
applicationsComment: 18 pages, 2 figure
On the Coverability Problem for Pushdown Vector Addition Systems in One Dimension
International audienc
Secure Key Encapsulation Mechanism with Compact Ciphertext and Public Key from Generalized Srivastava code
Code-based public key cryptosystems have been found to be an interesting option in the area of Post-Quantum Cryptography. In this work, we present a key encapsulation mechanism (KEM) using a parity check matrix of the Generalized Srivastava code as the public key matrix. Generalized Srivastava codes are privileged with the decoding technique of Alternant codes as they belong to the family of Alternant codes. We exploit the dyadic structure of the parity check matrix to reduce the storage of the public key. Our encapsulation leads to a shorter ciphertext as compared to DAGS proposed by Banegas et al. in Journal of Mathematical Cryptology which also uses Generalized Srivastava code. Our KEM provides IND-CCA security in the random oracle model. Also, our scheme can be shown to achieve post-quantum security in the quantum random oracle model
- âŠ