DOCSLIB.ORG

Boolean Satisfiability with Transitivity Constraints

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Boolean Satisfiability with Transitivity Constraints Boolean Satisfiability with Transitivity Constraints RANDAL E. BRYANT MIROSLAV N. VELEV Carnegie Mellon University ¢¡¤£¦¥¨§ © ¡¦¨ §¥ ¡¥ ¥¨!¡"§#© $ ©&%'( ! *),+ ¥¨( !¡¦-/. ¡¦ ¡© 0 ( ©¡12¢¥3 ¡¤+ ¥¨+'¥¨© ¥¨§4! ¨ ( !¡¦©+ +'¡" § 5# §67¥¨ -0 !,8 ¡¦§ £¦¥ ¡,:©&);-<-<¡1 £¨=' § © >¡¨=3( §4&)6 ¡¦!$ ¥¨§?¥">¡¦A@B¡¦!¡1C ©9$ -<¡¦§©EDGF£9H¥I ¡¦© ¡KJ&LEM N¨OQP7R¨S'N¨MT ( !¡¦©"=VUEWYX Z =T[¥¨A\^]`_badce]f@6=g¡1h + ¡¦©© ¡¦©b. ¡1 ;¡"¥¨G§;¥G ;¡ ¡¦!$ ¥¨§< ¥¨! ©('¡1*.i¡¦¡¦§:¡¦!¡¦-<¡¦§©_j§ Ac4Dk;¡ © l^ ©m ¥¡¦ ;¡"% § K© $ ©&7) § 5A© © 5¨§ -<¡¦§m ¥A8 © $ X qr qEX s¤t X s>u 4$!© ¥©9$ ©% ¡"©n!!49§ © *)<£¦¥¨§ ©& §©n¥E>¡¦I ¡G ¡¦!$ ¥¨§4!'¨ (;!¡"©o[¡¨D 5 D=;Up U Up = ¥¨ ¥¤+ ¥E>¡i4$§ ¥¤©0 £9<©© 5¨§ -<¡¦§>j¡¦h ©©EDmv¥¨! ; § 5G ©j©9$ ©%'(; ! *)w+ ¥¨( !¡¦-x © ;¡%4§ !4§ ^-<¥¨©& y<£¦0 ! ©¡¦+6 §#¥¨0 G ;¡"£¦ © ¥¨§#+ ¥£¦¡¦ 0 ¡A[¥¨<!¥¨5¨ £¥I¡¦z04! *)e. 60 § §> ¡¦ +; ¡1 ¡¦ #70 § £1 ¥¨§ ©EDkn © + ¥ £¦¡¦ 0 ¡G[¥¨-<© ¡£¦¥¨ ¡¤¥¥¨0;n¥¥¨!V[¥¨>¡¦ {) § 5^+ +'¡¦! § ¡¦ :-< £¦¥¨+ ¥£¦¡"©© ¥¨©ED k3¥,0 ©¡A,£¦¥¨§>>¡¦§ ¥¨§4!m¥ ¥¨!¡"§6©9$ ©%4( ! *)#£9;¡"£ l¨¡""='.i¡w0;5¨-<¡"§>b ¡A© ¡1G¥m£¦!0 © ¡¦©¡¦h + ¡"©© § 5 8 . |£¦!0 © ¡¦©,¡1h;+ ¡¦© © §;5? ¡# § © *)|£"¥¨§;©9 §> ©"D} ¢¡6£¦¥¨§ © ¡¦,-<¡1 ;¥ ©^¥~¡¦ 0 £¦¡# ;¡ ©9$ §0 -w('¡¦n¥© 0 £9:£¦!0 © ¡¦©(4© ¡¦ #¥¨§K ¡¤©+4 ©¡¤© 0 £10 ¡¤¥ ¡¤ ¡¦!$ ¥¨§4!g ( !¡¦©ED u k3¥0 ©¡¤b ¡¦ ¡¦ < §4&)<b¡¦£¦ © ¥¨§,b 5¨ -<©oQGiGb© =>.i¡© ¥".4$i7¥¨I©¥¨-<¡©¡1 ©2j=> ¡GGiG ¡¦+ ¡¦© ¡¦§ $ ¥¨§w¥ ¡I9§ © *)¤£¦¥¨§ ©& §©m ©3¡¦h +'¥¨§ ¡¦§ ! © "¡j[¥¨!!>+'¥¨© © ( !¡m ( !¡m¥¨ ¡¦ § 5¨©ED I)?£"¥¨§;© ¡¦ §;56¥¨§ ! )? ¥¨©¡:¡"!$ ¥¨§4! ( !¡¦© 4$w¥ £¦£¦0 ^ §¢ ;¡#GiG ¡¦+ ¡"©¡¦§ $ ¥¨§¥b8 = ©9$ ¥¨0 ,¡1h;+'¡¦ -<¡¦§> ©,© ¥E. 4$K.i¡#£"§}¡" ! )|£¦¥¨§ © 0 £1e§Gib¡"+; ¡¦© ¡¦§>9$ ¥¨§¥¤ ¡6 ¡¦!¡1¨§> 9§ © *)K£"¥¨§;©9 §> ©b§ : 0;©©¥¨! >¡G ¡¤£¦¥¨§ ©& § ¡¦ #©9$ ©%4( ! *)K+ ¥¨( !¡¦-#D Categories and Subject Descriptors: F.4.1 [Mathematical Logic and Formal Languages]: Mathematical Logic— Mechanical theorem proving ¡¦§ ¡¦9!Vk3¡¦-<©Eb!5¨¥¨ ;-<©E=>I¡¦ %4£"$ ¥¨§ b ; ¥¨§ !nG¡¦)¢ ¢¥¨ ©§ m 9©¡¦©E^4¥¨-,!m>¡¦ % £E$ ¥¨§g=I¥ ¥¨!¡"§© $ ©&%'( ! *)>=mb¡¦£¦ © ¥¨§+ ¥ £¦¡1C 0 ¡¦© 1. INTRODUCTION Consider the following variant of the Boolean satisfiability problem. We are given a Boolean formula sat over a set of variables . A subset symbolically encodes a reflexive, symmetric, and transitive binary relation over elements. Each of these rela- :¡ f¢ tional variables, 4& , where , expresses whether or not the relation holds between elements and . Typically, will be “sparse,” containing much fewer than the ª ¤£¥¤ ¦E§'¨ ~© possible variables. Note that when & for some value of and of , this does not imply that the relation does not hold between elements and . It simply indicates This research was supported by the Semiconductor Research Corporation, Contract 00-DC-068. Authors’ addresses: R. E. Bryant, Computer Science Department, Carnegie Mellon University, Pittsburgh, PA 15213; M. N. Velev, Electrical and Computer Engineering Department, Carnegie Mellon University, Pitts- burgh, PA 15213. Permission to make digital/hard copy of all or part of this material without fee for personal or classroom use provided that the copies are not made or distributed for profit or commercial advantage, the ACM copyright/server notice, the title of the publication, and its date appear, and notice is given that copying is by permission of the ACM, Inc. To copy otherwise, to republish, to post on servers, or to redistribute to lists requires prior specific permission and/or a fee. « c 2001 ACM 1529-3785/2001/0700-0001 $5.00 ACM Transactions on Computational Logic, Vol. V, No. N, August 2001, Pages 1–22. 2 R. E. Bryant and M. N. Velev that sat does not directly depend on the relation between elements and . A transitivity constraint is a formula of the form ¡ ¡ ¡ ¡ £¢ ¥¤§¦©¨ ¥¤> ¥ §¦©¨ ¨ ¥ ¦ ¢ ¥¦ ¢ (1) ¡ & d $ ! £Yb¦ ¦ where & equals when and equals when . Let denote the set of all transitivity constraints that can be formed from the relational variables. Our E&%('*)!+-, task is to find an assignment "$# that satisfies sat, as well as every constraint T£Y¦ in ! . Goel et al. [1998] have shown this problem is NP-hard, even when sat is given as an Ordered Binary Decision Diagram (OBDD) [Bryant 1986]. Normally, Boolean satisfiability is trivial given an OBDD representation of a formula. We are motivated to solve this problem as part of a tool for verifying pipelined micro- processors [Velev and Bryant 1999]. This tool proves that the microprocessor has behavior equivalent to that of an unpipelined, reference implementation for all possible instruction sequences. The operations of the datapaths in both processor models are abstracted as a set of uninterpreted functions and uninterpreted predicates operating on symbolic data. The verifier uses the symbolic flushing technique developed by Burch and Dill [1994]. The ma- jor computational task is to decide the validity of a formula ver in a logic of equality with uninterpreted functions [Bryant et al. 1999; Bryant and Velev 2001]. Our decision proce- dure transforms ver first by replacing all function application terms with terms over a set T/{f 0, of domain variables ' . Similarly, all predicate applications are replaced by formulas over a set of newly-generated propositional variables. The result is a formula 21 . 435.; ver containing equations of the form , where . Each of these equations is then encoded by introducing a relational variable & , similar to the method proposed by Goel et al. [1998]. The result of the translation is a propositional formula 6 1 £ ¦ 87:9 ver expressing the verification condition over both the relational variables and the 6 1 ; <7=9b£&1 ¦ propositional variables appearing in ver. Let sat denote ver , the complement of the formula expressing the translated verification condition. To capture the transitivity .T>3?.; .;@3 .BA .'©3?.BA of equality, e.g., that ¨ , we have transitivity constraints of the ¡ ¡ ¡ ¦¨ E AC¦D & AC¦ form Y . Finding a satisfying assignment to sat that also satisfies the transitivity constraints will give us a counterexample to the original verification condition ver. On the other hand, if we can prove that there are no such assignments, then we have proved that ver is universally valid. We consider three methods to generate a Boolean formula trans that encodes the tran- sitivity constraints. The direct method enumerates the set of chord-free cycles in the undi- ª + V¦ '& rected graph having an edge £Y for each relational variable . This method avoids introducing additional relational variables but can lead to a formula of exponential size. The dense method uses relational variables Y for all possible values of and such that x . We can then axiomatize transitivity by forming constraints ¡ ¡ ¡ F ¦8¨ $ AC¦E & AC¦ of the form & for all distinct values of , , and . This will yield a formula that is cubic in . The sparse method augments with additional relational vari- HG ables to form a set of variables , such that the resulting graph is chordal [Rose 1970]. ¡ ¡ ¡ ¦I¨ E A¦E & AC¦ We then only require transitivity constraints of the form Y such that ª ¡ ¡ ¡ +E +E G ¦ E AC¦ & AC¦ Y . The sparse method will generate a formula no larger than the dense method, and often it does much better. To use a conventional Boolean Satisfiability (SAT) procedure to solve our constrained satisfiability problem, we run the checker over a set of clauses encoding both sat and trans. A version of the FGRASP SAT checker [Marques-Silva 1999] was able to com- ACM Transactions on Computational Logic, Vol. V, No. N, August 2001. Boolean Satisfiability with Transitivity Constraints 3 Table I. Microprocessor Verification Benchmarks. Benchmarks with suffix “t” were modified to require enforcing transitivity. Circuit Domain Propositional Equations Variables Variables 1 DLX-C 13 42 27 1 DLX-C-t 13 42 37 2 DLX-CA 25 58 118 2 DLX-CA-t 25 58 137 2 DLX-CC 25 70 124 2 DLX-CC-t 25 70 143 100 Buggy min. 22 56 89 2 DLX-CC avg. 25 69 124 max. 25 77 132 plete all of our benchmarks, although the run times increase significantly when transitivity constraints are enforced. When using Ordered Binary Decision Diagrams to evaluate satisfiability, we could gen- erate OBDD representations of sat and trans and use the APPLY algorithm [Bryant 1986] to compute an OBDD representation of their conjunction. From this OBDD, finding satis- fying solutions would be trivial. We show that this approach will not be feasible in general, because the OBDD representation of trans can be intractable. That is, for some sets of relational variables, the OBDD representation of the transitivity constraint formula trans will be of exponential size regardless of the variable ordering. The NP-completeness re- sult of Goel, et al. shows that the OBDD representation of trans may be of exponential size using the ordering previously selected for representing sat as an OBDD. This leaves open the possibility that there could be some other variable ordering that would yield ef- ficient OBDD representations of both sat and trans. Our result shows that transitivity constraints can be intrinsically intractable to represent with OBDDs, independent of the structure of sat. We present experimental results on the complexity of constructing OBDDs for the tran- sitivity constraints that arise in actual microprocessor verification. Our results show that the OBDDs can indeed be quite large. We consider two techniques to avoid constructing the OBDD representation of all transitivity constraints. The first of these, proposed by Goel et al. [1998], generates implicants
Load more

Recommended publications
  • Studies on Enumeration of Acyclic Substructures in Graphs and Hypergraphs (グラフや超グラフに含まれる非巡回部分構造の列挙に関する研究)
    CORE Metadata, citation and similar papers at core.ac.uk Provided by Hokkaido University Collection of Scholarly and Academic Papers Studies on Enumeration of Acyclic Substructures in Graphs and Hypergraphs (グラフや超グラフに含まれる非巡回部分構造の列挙に関する研究) Kunihiro Wasa February 2016 Division of Computer Science Graduate School of Information Science and Technology Hokkaido University Abstract Recently, due to the improvement of the performance of computers, we can easily ob- tain a vast amount of data defined by graphs or hypergraphs. However, it is difficult to look over all the data by mortal powers. Moreover, it is impossible for us to extract useful knowledge or regularities hidden in the data. Thus, we address to overcome this situation by using computational techniques such as data mining and machine learning for the data. However, we still confront a matter that needs to be dealt with the expo- nentially many substructures in input data. That is, we have to consider the following problem: given an input graph or hypergraph and a constraint, output all substruc- tures belonging to the input and satisfying the constraint without duplicates. In this thesis, we focus on this kind of problems and address to develop efficient enumeration algorithms for them. Since 1950's, substructure enumeration problems are widely studied. In 1975, Read and Tarjan proposed enumeration algorithms that list spanning trees, paths, and cycles for evaluating the electrical networks and studying program flow. Moreover, due to the demands from application area, enumeration algorithms for cliques, subtrees, and subpaths are applied to data mining and machine learning. In addition, enumeration problems have been focused on due to not only the viewpoint of application but also of the theoretical interest.
    [Show full text]
  • Enumeration of Maximal Cliques from an Uncertain Graph
    1 Enumeration of Maximal Cliques from an Uncertain Graph Arko Provo Mukherjee #1, Pan Xu ∗2, Srikanta Tirthapura #3 # Department of Electrical and Computer Engineering, Iowa State University, Ames, IA, USA Coover Hall, Ames, IA, USA 1 [email protected] 3 [email protected] ∗ Department of Computer Science, University of Maryland A.V. Williams Building, College Park, MD, USA 2 [email protected] Abstract—We consider the enumeration of dense substructures (maximal cliques) from an uncertain graph. For parameter 0 < α < 1, we define the notion of an α-maximal clique in an uncertain graph. We present matching upper and lower bounds on the number of α-maximal cliques possible within a (uncertain) graph. We present an algorithm to enumerate α-maximal cliques whose worst-case runtime is near-optimal, and an experimental evaluation showing the practical utility of the algorithm. Index Terms—Graph Mining, Uncertain Graph, Maximal Clique, Dense Substructure F 1 INTRODUCTION of the most basic problems in graph mining, and has been applied in many settings, including in finding overlapping Large datasets often contain information that is uncertain communities from social networks [14, 17, 18, 19], finding in nature. For example, given people A and B, it may not overlapping multiple protein complexes [20], analysis of be possible to definitively assert a relation of the form “A email networks [21] and other problems in bioinformat- knows B” using available information. Our confidence in ics [22, 23, 24]. such relations are commonly quantified using probability, and we say that the relation exists with a probability of p, for While the notion of a dense substructure and methods some value p determined from the available information.
    [Show full text]
  • Matroid Enumeration for Incidence Geometry
    Discrete Comput Geom (2012) 47:17–43 DOI 10.1007/s00454-011-9388-y Matroid Enumeration for Incidence Geometry Yoshitake Matsumoto · Sonoko Moriyama · Hiroshi Imai · David Bremner Received: 30 August 2009 / Revised: 25 October 2011 / Accepted: 4 November 2011 / Published online: 30 November 2011 © Springer Science+Business Media, LLC 2011 Abstract Matroids are combinatorial abstractions for point configurations and hy- perplane arrangements, which are fundamental objects in discrete geometry. Matroids merely encode incidence information of geometric configurations such as collinear- ity or coplanarity, but they are still enough to describe many problems in discrete geometry, which are called incidence problems. We investigate two kinds of inci- dence problem, the points–lines–planes conjecture and the so-called Sylvester–Gallai type problems derived from the Sylvester–Gallai theorem, by developing a new algo- rithm for the enumeration of non-isomorphic matroids. We confirm the conjectures of Welsh–Seymour on ≤11 points in R3 and that of Motzkin on ≤12 lines in R2, extend- ing previous results. With respect to matroids, this algorithm succeeds to enumerate a complete list of the isomorph-free rank 4 matroids on 10 elements. When geometric configurations corresponding to specific matroids are of interest in some incidence problems, they should be analyzed on oriented matroids. Using an encoding of ori- ented matroid axioms as a boolean satisfiability (SAT) problem, we also enumerate oriented matroids from the matroids of rank 3 on n ≤ 12 elements and rank 4 on n ≤ 9 elements. We further list several new minimal non-orientable matroids. Y. Matsumoto · H. Imai Graduate School of Information Science and Technology, University of Tokyo, Tokyo, Japan Y.
    [Show full text]
  • Implementation Issues of Clique Enumeration Algorithm
    05 Progress in Informatics, No. 9, pp.25–30, (2012) 25 Special issue: Theoretical computer science and discrete mathematics Research Paper Implementation issues of clique enumeration algorithm Takeaki UNO1 1National Institute of Informatics ABSTRACT A clique is a subgraph in which any two vertices are connected. Clique represents a densely connected structure in the graph, thus used to capture the local related elements such as clus- tering, frequent patterns, community mining, and so on. In these applications, enumeration of cliques rather than optimization is frequently used. Recent applications have large scale very sparse graphs, thus efficient implementations for clique enumeration is necessary. In this paper, we describe the algorithm techniques (not coding techniques) for obtaining effi- cient clique enumeration implementations. KEYWORDS maximal clique, enumeration, community mining, cluster mining, polynomial time, reverse search 1 Introduction A maximum clique is hard to find in the sense of time A graph is an object, composed of vertices, and edges complexity, since the problem is NP-hard. Finding a such that each edge connects two vertices. The fol- maximal clique is easy, and can be done in O(Δ2) time lowing is an example of a graph, composed of vertices where Δ is the maximum degree of the graph. Cliques 0, 1, 2, 3, 4, 5 and edges connecting 0 and 1, 1 and 2, 0 can be considered as representatives of dense substruc- and 3, 1 and 3, 1 and 4, 3 and 4. tures of the graphs to be analyzed, the clique enumera- tion has many applications in real-world problems, such as cluster enumeration, community mining, classifica- 0 12 tion, and so on.
    [Show full text]
  • Parametrised Enumeration
    Parametrised Enumeration Arne Meier Februar 2020 color guide (the dark blue is the same with the Gottfried Wilhelm Leibnizuniversity Universität logo) Hannover c: 100 m: 70 Institut für y: 0 k: 0 Theoretische c: 35 m: 0 y: 10 Informatik k: 0 c: 0 m: 0 y: 0 k: 35 Fakultät für Elektrotechnik und Informatik Institut für Theoretische Informatik Fachgebiet TheoretischeWednesday, February 18, 15 Informatik Habilitationsschrift Parametrised Enumeration Arne Meier geboren am 6. Mai 1982 in Hannover Februar 2020 Gutachter Till Tantau Institut für Theoretische Informatik Universität zu Lübeck Gutachter Stefan Woltran Institut für Logic and Computation 192-02 Technische Universität Wien Arne Meier Parametrised Enumeration Habilitationsschrift, Datum der Annahme: 20.11.2019 Gutachter: Till Tantau, Stefan Woltran Gottfried Wilhelm Leibniz Universität Hannover Fachgebiet Theoretische Informatik Institut für Theoretische Informatik Fakultät für Elektrotechnik und Informatik Appelstrasse 4 30167 Hannover Dieses Werk ist lizenziert unter einer Creative Commons “Namensnennung-Nicht kommerziell 3.0 Deutschland” Lizenz. Für Julia, Jonas Heinrich und Leonie Anna. Ihr seid mein größtes Glück auf Erden. Danke für eure Geduld, euer Verständnis und eure Unterstützung. Euer Rückhalt bedeutet mir sehr viel. ♥ If I had an hour to solve a problem, I’d spend 55 minutes thinking about the problem and 5 min- “ utes thinking about solutions. ” — Albert Einstein Abstract In this thesis, we develop a framework of parametrised enumeration complexity. At first, we provide the reader with preliminary notions such as machine models and complexity classes besides proving them to be well-chosen. Then, we study the interplay and the landscape of these classes and present connections to classical enumeration classes.
    [Show full text]
  • Enumeration Algorithms for Conjunctive Queries with Projection
    Enumeration Algorithms for Conjunctive Queries with Projection Shaleen Deep ! Department of Computer Sciences, University of Wisconsin-Madison, Madison, Wisconsin, USA Xiao Hu ! Department of Computer Sciences, Duke University, Durham, North Carolina, USA Paraschos Koutris ! Department of Computer Sciences, University of Wisconsin-Madison, Madison, Wisconsin, USA Abstract We investigate the enumeration of query results for an important subset of CQs with projections, namely star and path queries. The task is to design data structures and algorithms that allow for efficient enumeration with delay guarantees after a preprocessing phase. Our main contribution isa series of results based on the idea of interleaving precomputed output with further join processing to maintain delay guarantees, which maybe of independent interest. In particular, for star queries, we design combinatorial algorithms that provide instance-specific delay guarantees in linear preprocessing time. These algorithms improve upon the currently best known results. Further, we show how existing results can be improved upon by using fast matrix multiplication. We also present new results involving tradeoff between preprocessing time and delay guarantees for enumeration ofpath queries that contain projections. CQs with projection where the join attribute is projected away is equivalent to boolean matrix multiplication. Our results can therefore also be interpreted as sparse, output-sensitive matrix multiplication with delay guarantees. 2012 ACM Subject Classification Theory of computation → Database theory Keywords and phrases Query result enumeration, joins Digital Object Identifier 10.4230/LIPIcs.ICDT.2021.3 Funding This research was supported in part by National Science Foundation grants CRII-1850348 and III-1910014 Acknowledgements We would like to thank the anonymous reviewers for their careful reading and valuable comments that contributed greatly in improving the manuscript.
    [Show full text]
  • Using Binary Decision Diagrams to Enumerate Inductive Logic Programming Solutions
    Using Binary Decision Diagrams to Enumerate Inductive Logic Programming Solutions Hikaru Shindo1, Masaaki Nishino2, and Akihiro Yamamoto1 1 Graduate School of Informatics, Kyoto University, Kyoto, Japan [email protected] 2 NTT Communication Science Laboratories, NTT Corporation, Kyoto, Japan Abstract. This paper proposes a method for efficiently enumerating all solutions of a given ILP problem. Inductive Logic Programming (ILP) is a machine learning technique that assumes that all data, background knowledge, and hypotheses can be represented by first-order logic. The solution of an ILP problem is called a hypothesis. Most ILP studies pro- pose methods that find only one hypothesis per problem. In contrast, the proposed method uses Binary Decision Diagrams (BDDs) to enumerate all hypotheses of a given ILP problem. A BDD yields a very compact graph representation of a Boolean function. Once all hypotheses are enu- merated, the user can select the preferred hypothesis or compare the hy- potheses using an evaluation function. We propose an efficient recursive algorithm for constructing a BDD that represents the set of all hypothe- ses. In addition, we propose an efficient method to get the best hypothesis given an evaluation function. We empirically show the practicality of our approach on ILP problems using real data. Keywords: Inductive Logic Programming · Binary Decision Diagram. 1 Introduction This paper proposes a method that can efficiently enumerate all solutions of a given ILP problem. Inductive Logic Programming (ILP) is a machine learning technique that assuming that each datum, background knowledge, and hypothe- sis can be represented by first-order logic. Our work is based on the foundation of ILP established by Plotkin [17] and Shapiro [21]: inductive inference with clausal logic.
    [Show full text]
  • An Optimal Key Enumeration Algorithm and Its Application to Side-Channel Attacks
    An Optimal Key Enumeration Algorithm and its Application to Side-Channel Attacks Nicolas Veyrat-Charvillon?, Beno^ıtG´erard??, Mathieu Renauld???, Fran¸cois-Xavier Standaerty UCL Crypto Group, Universit´ecatholique de Louvain. Place du Levant 3, B-1348, Louvain-la-Neuve, Belgium. Abstract. Methods for enumerating cryptographic keys based on par- tial information obtained on key bytes are important tools in crypt- analysis. This paper discusses two contributions related to the practical application and algorithmic improvement of such tools. On the one hand, we observe that modern computing platforms al- low performing very large amounts of cryptanalytic operations, approx- imately reaching 250 to 260 block cipher encryptions. As a result, cryp- tographic key sizes for such ciphers typically range between 80 and 128 bits. By contrast, the evaluation of leaking devices is generally based on distinguishers with very limited computational cost, such as Kocher's Differential Power Analysis. We bridge the gap between these cryptana- lytic contexts and show that giving side-channel adversaries some com- puting power has major consequences for the security of leaking devices. For this purpose, we first propose a Bayesian extension of non-profiled side-channel attacks that allows us to rate key candidates in function of their respective probabilities. Next, we investigate the impact of key enumeration taking advantage of this Bayesian formulation, and quantify the resulting reduction in the data complexity of the attacks. On the other hand, we observe that statistical cryptanalyses usually try to reduce the number and size of lists corresponding to partial informa- tion on key bytes, in order to limit the time and memory complexity of the key enumeration.
    [Show full text]
  • Measuring the Complexity of Join Enumeration in Query Optimization Kiyoshi Ono I, Guy M
    Measuring the Complexity of Join Enumeration in Query Optimization Kiyoshi Ono I, Guy M. Lehman IRM Almaden Research Center KS5/80 I, 650 Harry Road San ,Josc, CA 95120 A b&act Introduction Since relational database management systems typically A query optimizer in a relational DRMS translates support only diadic join operators as primitive opera- non-procedural queries into a pr0cedura.l plan for ex- tions, a query optimizer must choose the “best” sc- ecution, typically hy generating many alternative plans, quence of two-way joins to achieve the N-way join of estimating the execution cost of each, and choosing tables requested by a query. The computational com- the plan having the lowest estimated cost. Increasing plexity of this optimization process is dominated by this set offeasilile plans that it evaluates improves the the number of such possible sequences that must bc chances - but dots not guarantee! - that it will find evaluated by the optimizer. This paper describes and a bcttct plan, while increasing the (compile-time) cost measures the performance of the Starburst join enu- for it to optimize the query. A major challenge in the merator, which can parameterically adjust for each design of a query optimizer is to ensure that the set of query the space of join sequences that arc evaluated feasible plans contains cflicient plans without making by the optimizer to allow or disallow (I) composite the :set too big to he gcncratcd practically. tables (i.e., tables that are themselves the result of a join) as the inner operand of a join and (2) joins between two tables having no join predicate linking them (i.e., Cartesian products).
    [Show full text]
  • On Solving Optimization Problems Using Boolean Satisfiability
    Proceeding of the First International Conference on Modeling, Simulation and Applied Optimization, Sharjah, U.A.E. February 1-3, 2005 ON SOLVING OPTIMIZATION PROBLEMS USING BOOLEAN SATISFIABILITY Fadi A. Aloul American University of Sharjah Department of Computer Engineering P.O. Box 26666, Sharjah, UAE [email protected] ABSTRACT SAT solvers require that the problem be represented in CNF form. The last few years have seen significant advances in Boolean sat- While this is applicable to some Engineering tasks, it poses a sig- isfiability (SAT) solving. This has lead to the successful deploy- nificant obstacle to many others. In particular to tasks that need to ment of SAT solvers in a wide range of problems in Engineering express “counting constraints” which impose a lower or upper and Computer Science. In general, most SAT solvers are applied to bound on a certain number of objects. Expressing such constraints Boolean decision problems that are expressed in conjunctive nor- in CNF cannot be efficiently done. Recently, SAT solvers were ex- mal form (CNF). While this input format is applicable to some en- tended to handle pseudo-Boolean (PB) constraints which can easi- gineering tasks, it poses a significant obstacle to others. One of the ly represent “counting constraints” [5, 6, 10, 16, 27]. PB main advances in SAT is generalizing SAT solvers to handle stron- constraints are more expressive and can replace an exponential ger representation of constraints. Specifically, pseudo-Boolean number of CNF constraints [5]. Besides expressing Boolean deci- (PB) constraints which are efficient in representing counting con- sion problems, a key advantage of using PB constraints is the abil- straints and can replace an exponential number of CNF constraints.
    [Show full text]
  • Enumerating Geometric and Combinatorial Objects by Reverse Search
    Enumerating geometric and combinatorial objects by reverse search Shin-ichi Tanigawa RIMS, Kyoto University November 10, 2011 1 Reverse search 1.1 How to design an enumeration algorithm Let V be a finite set V with n = jV j. We shall consider the problem of enumerating a family O of subsets of V which have a specified combinatorial structure. For example, V = f1; 2; : : : ; ng and O is the set of all permutations, or V is an edge set of a graph and O is a family of (edge sets of) spanning trees in the graph. Below we list the procedure for enumerating O by reverse search. Step 1: Define a connected search graph on O. Step 1.1: Define a flip operation, • that is, a (simple) operation which generates a new object o1 2 O from the current object o2 2 O. E.g., swap operations on permutations; diagonal flips on triangulations. • A flip operation is called a k-flip if the symmetric difference between o1 and o2 is at most 2k. Step 1.2: Define the search graph G = (O;E) • where vertices are corresponding to the objects and o1 and o2 are adjacent iff they can be converted to each other by a single flip. Step 1.3: Prove G is connected. Step 2: Define a search tree in G. Step 2.1: Define a unique root of G and the parent for each non-root node of G. • The parent should be defined by using only the local information. • The function which returns a parent is called a parent function.
    [Show full text]
  • Generalizing Boolean Satisfiability II
    Journal of Artificial Intelligence Research 22 (2004) 481-534 Submitted 08/04; published 12/04 Generalizing Boolean Satisfiability II: Theory Heidi E. Dixon [email protected] On Time Systems, Inc. 1850 Millrace, Suite 1 Eugene, OR 97403 USA Matthew L. Ginsberg [email protected] On Time Systems, Inc. 1850 Millrace, Suite 1 Eugene, OR 97403 USA Eugene M. Luks [email protected] Computer and Information Science University of Oregon Eugene, OR 97403 USA Andrew J. Parkes [email protected] CIRL 1269 University of Oregon Eugene, OR 97403 USA Abstract This is the second of three planned papers describing zap, a satisfiability engine that substantially generalizes existing tools while retaining the performance characteristics of modern high performance solvers. The fundamental idea underlying zap is that many problems passed to such engines contain rich internal structure that is obscured by the Boolean representation used; our goal is to define a representation in which this structure is apparent and can easily be exploited to improve computational performance. This paper presents the theoretical basis for the ideas underlying zap, arguing that existing ideas in this area exploit a single, recurring structure in that multiple database axioms can be obtained by operating on a single axiom using a subgroup of the group of permutations on the literals in the problem. We argue that the group structure precisely captures the general structure at which earlier approaches hinted, and give numerous examples of its use. We go on to extend the Davis-Putnam-Logemann-Loveland inference procedure to this broader setting, and show that earlier computational improvements are either subsumed or left intact by the new method.
    [Show full text]