Results 1  10
of
46
Taming the curse of dimensionality: Discrete integration by hashing and optimization
 In ICML (To appear
, 2013
"... Integration is affected by the curse of dimensionality and quickly becomes intractable as the dimensionality of the problem grows. We propose a randomized algorithm that, with high probability, gives a constantfactor approximation of a general discrete integral defined over an exponentially large s ..."
Abstract

Cited by 15 (5 self)
 Add to MetaCart
(Show Context)
Integration is affected by the curse of dimensionality and quickly becomes intractable as the dimensionality of the problem grows. We propose a randomized algorithm that, with high probability, gives a constantfactor approximation of a general discrete integral defined over an exponentially large set. This algorithm relies on solving only a small number of instances of a discrete combinatorial optimization problem subject to randomly generated parity constraints used as a hash function. As an application, we demonstrate that with a small number of MAP queries we can efficiently approximate the partition function of discrete graphical models, which can in turn be used, for instance, for marginal computation or model selection. 1.
Synthesizing shortest linear straightline programs over GF(2) using SAT
 In Proc. SAT ’10, volume 6175 of LNCS
, 2010
"... Abstract. Nontrivial linear straightline programs over the Galois field of two elements occur frequently in applications such as encryption or highperformance computing. Finding the shortest linear straightline program for a given set of linear forms is known to be MaxSNPcomplete, i.e., there i ..."
Abstract

Cited by 9 (1 self)
 Add to MetaCart
(Show Context)
Abstract. Nontrivial linear straightline programs over the Galois field of two elements occur frequently in applications such as encryption or highperformance computing. Finding the shortest linear straightline program for a given set of linear forms is known to be MaxSNPcomplete, i.e., there is no ǫapproximation for the problem unless P = NP. This paper presents a nonapproximative approach for finding the shortest linear straightline program. In other words, we show how to search for a circuit of XOR gates with the minimal number of such gates. The approach is based on a reduction of the associated decision problem (“Is there a program of length k?”) to satisfiability of propositional logic. Using modern SAT solvers, optimal solutions to interesting problem instances can be obtained. 1
Security margin evaluation of SHA3 contest finalists through SATbased attacks (Extension)
"... (NIST) announced a public contest aiming at the selection of a new standard for a cryptographic hash function. In this paper, the security margin of five SHA3 finalists is evaluated with an assumption that attacks launched on finalists should be practically verified. A method of attacks applied is ..."
Abstract

Cited by 9 (5 self)
 Add to MetaCart
(Show Context)
(NIST) announced a public contest aiming at the selection of a new standard for a cryptographic hash function. In this paper, the security margin of five SHA3 finalists is evaluated with an assumption that attacks launched on finalists should be practically verified. A method of attacks applied is called logical cryptanalysis where the original task is expressed as a SATisfiability problem instance. A new toolkit is used to simplify the most arduous stages of this type of cryptanalysis and helps to mount the attacks in a uniform way. In the context of SATbased attacks, it has been shown that all the finalists have substantially bigger security margin than the current standards SHA256 and SHA1. Two other metrics, software performance and hardware efficiency are combined with security results to provide a more comprehensive picture of the SHA3 finalists. Keywords: cryptographic hash algorithm, SHA3 competition, algebraic cryptanalysis, logical cryptanalysis, SATisfiability solvers
Applications of sat solvers to aes key recovery from decayed key schedule images
 In Emerging Security Information Systems and Technologies (SECURWARE), 2010 Fourth International Conference on
, 2010
"... Abstract—Cold boot attack is a side channel attack which exploits the data remanence property of random access memory (RAM) to retrieve its contents which remain readable shortly after its power has been removed. Given the nature of the cold boot attack, only a corrupted image of the memory contents ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
(Show Context)
Abstract—Cold boot attack is a side channel attack which exploits the data remanence property of random access memory (RAM) to retrieve its contents which remain readable shortly after its power has been removed. Given the nature of the cold boot attack, only a corrupted image of the memory contents will be available to the attacker. In this paper, we investigate the use of an offtheshelf SAT solver, CryptoMinSat, to improve the key recovery of the AES128 key schedules from its corresponding decayed memory images. By exploiting the asymmetric decay of the memory images and the redundancy of key material inherent in the AES key schedule, rectifying the faults in the corrupted memory images of the AES128 key schedule is formulated as a Boolean satisfiability problem which can be solved efficiently for relatively very large decay factors. Our experimental results show that this approach improves upon the previously known results. KeywordsAES; Coldboot attacks; decayed memory; SAT solvers
Embed and Project: Discrete Sampling with Universal Hashing
"... We consider the problem of sampling from a probability distribution defined over a highdimensional discrete set, specified for instance by a graphical model. We propose a sampling algorithm, called PAWS, based on embedding the set into a higherdimensional space which is then randomly projected usi ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
We consider the problem of sampling from a probability distribution defined over a highdimensional discrete set, specified for instance by a graphical model. We propose a sampling algorithm, called PAWS, based on embedding the set into a higherdimensional space which is then randomly projected using universal hash functions to a lowerdimensional subspace and explored using combinatorial search methods. Our scheme can leverage fast combinatorial optimization tools as a blackbox and, unlike MCMC methods, samples produced are guaranteed to be within an (arbitrarily small) constant factor of the true probability distribution. We demonstrate that by using stateoftheart combinatorial search tools, PAWS can efficiently sample from Ising grids with strong interactions and from software verification instances, while MCMC and variational methods fail in both cases. 1
Enhanced gaussian elimination in DPLLbased SAT solvers
 In Pragmatics of SAT
, 2010
"... When cryptographical problems are treated in SAT solvers, they often contain large set of XOR constraints. Treating these XOR constraints through onthefly Gaussian elimination during solving has been shown to be a viable approach by Soos et al. We describe various enhancements to this scheme which ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
(Show Context)
When cryptographical problems are treated in SAT solvers, they often contain large set of XOR constraints. Treating these XOR constraints through onthefly Gaussian elimination during solving has been shown to be a viable approach by Soos et al. We describe various enhancements to this scheme which increase the performance and mostly eliminate the need for manual tuning of parameters. With these enhancements, we were able achieve speedups of up to 29 % on the Bivium and up to 45 % on the Trivium ciphers, contrary to the 15 % speedup achieved by the original scheme. 1
Exploiting the incomplete diffusion feature: A specialized analytical sidechannel attack against the aes and its application to microcontroller implementations
 IEEE Transactions on Information Forensics and Security
"... Abstract—Algebraic sidechannel attack (ASCA) is a typical technique that relies on a general solver to solve the equations of a cipher and its sidechannel leaks. It falls under analytical sidechannel attack and can recover the entire key at once. Many ASCAs are proposed against the AES, and utili ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
Abstract—Algebraic sidechannel attack (ASCA) is a typical technique that relies on a general solver to solve the equations of a cipher and its sidechannel leaks. It falls under analytical sidechannel attack and can recover the entire key at once. Many ASCAs are proposed against the AES, and utilize the Gröbner basisbased, SATbased or optimizerbased solver. The advantage of the general solver approach is its generic feature, which can be easily applied to different cryptographic algorithms. The disadvantage is that it is difficult to take into account the specialized properties of the targeted cryptographic algorithms. The results vary depending on what type of solver is used, and the time complexity is quite high when considering the errortolerant attack scenarios. Thus, we were motivated to find a new approach that would lessen the influence of the general solver and reduce the time complexity of ASCA. This paper proposes a new analytical sidechannel attack on AES by exploiting the incomplete diffusion feature in one AES round.
SAS+ Planning as Satisfiability
"... Planning as satisfiability is a principal approach to planning with many eminent advantages. The existing planning as satisfiability techniques usually use encodings compiled from STRIPS. We introduce a novel SAT encoding scheme (SASE) based on the SAS+ formalism. The new scheme exploits the structu ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
(Show Context)
Planning as satisfiability is a principal approach to planning with many eminent advantages. The existing planning as satisfiability techniques usually use encodings compiled from STRIPS. We introduce a novel SAT encoding scheme (SASE) based on the SAS+ formalism. The new scheme exploits the structural information in SAS+, resulting in an encoding that is both more compact and efficient for planning. We prove the correctness of the new encoding by establishing an isomorphism between the solution plans of SASE and that of STRIPS based encodings. We further analyze the transition variables newly introduced in SASE to explain why it accommodates modern SAT solving algorithms and improves performance. We give empirical statistical results to support our analysis. We also develop a number of techniques to further reduce the encoding size of SASE, and conduct experimental studies to show the strength of each individual technique. Finally, we report extensive experimental results to demonstrate significant improvements of SASE over the stateoftheart STRIPS based encoding schemes in terms of both time and memory efficiency. 1.
Algebraic Precomputations in Differential Cryptanalysis
"... Algebraic cryptanalysis is a general tool which permits one to assess the security of a wide range of cryptographic schemes. Algebraic techniques have been successfully applied against a number of multivariate schemes and stream ciphers. Yet, their feasibility against block ciphers remains the sour ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
(Show Context)
Algebraic cryptanalysis is a general tool which permits one to assess the security of a wide range of cryptographic schemes. Algebraic techniques have been successfully applied against a number of multivariate schemes and stream ciphers. Yet, their feasibility against block ciphers remains the source of much speculation. At FSE 2009 Albrecht and Cid proposed to combine differential cryptanalysis with algebraic attacks against block ciphers. The proposed attacks required Gröbner basis computations during the online phase of the attack. In this work we take a different approach and only perform Gröbner basis computations in a precomputation (or offline) phase. In other words, we study how we can improve “classical” differential cryptanalysis using algebraic tools. We apply our techniques against the block ciphers Present and Ktantan32.