The Complexity of Boolean Functions
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
A Fast and Verified Software Stackfor Secure Function Evaluation
Session I4: Verifying Crypto CCS’17, October 30-November 3, 2017, Dallas, TX, USA A Fast and Verified Software Stack for Secure Function Evaluation José Bacelar Almeida Manuel Barbosa Gilles Barthe INESC TEC and INESC TEC and FCUP IMDEA Software Institute, Spain Universidade do Minho, Portugal Universidade do Porto, Portugal François Dupressoir Benjamin Grégoire Vincent Laporte University of Surrey, UK Inria Sophia-Antipolis, France IMDEA Software Institute, Spain Vitor Pereira INESC TEC and FCUP Universidade do Porto, Portugal ABSTRACT as OpenSSL,1 s2n2 and Bouncy Castle,3 as well as prototyping We present a high-assurance software stack for secure function frameworks such as CHARM [1] and SCAPI [31]. More recently, a evaluation (SFE). Our stack consists of three components: i. a veri- series of groundbreaking cryptographic engineering projects have fied compiler (CircGen) that translates C programs into Boolean emerged, that aim to bring a new generation of cryptographic proto- circuits; ii. a verified implementation of Yao’s SFE protocol based on cols to real-world applications. In this new generation of protocols, garbled circuits and oblivious transfer; and iii. transparent applica- which has matured in the last two decades, secure computation tion integration and communications via FRESCO, an open-source over encrypted data stands out as one of the technologies with the framework for secure multiparty computation (MPC). CircGen is a highest potential to change the landscape of secure ITC, namely general purpose tool that builds on CompCert, a verified optimizing by improving cloud reliability and thus opening the way for new compiler for C. It can be used in arbitrary Boolean circuit-based secure cloud-based applications. -
Week 1: an Overview of Circuit Complexity 1 Welcome 2
Topics in Circuit Complexity (CS354, Fall’11) Week 1: An Overview of Circuit Complexity Lecture Notes for 9/27 and 9/29 Ryan Williams 1 Welcome The area of circuit complexity has a long history, starting in the 1940’s. It is full of open problems and frontiers that seem insurmountable, yet the literature on circuit complexity is fairly large. There is much that we do know, although it is scattered across several textbooks and academic papers. I think now is a good time to look again at circuit complexity with fresh eyes, and try to see what can be done. 2 Preliminaries An n-bit Boolean function has domain f0; 1gn and co-domain f0; 1g. At a high level, the basic question asked in circuit complexity is: given a collection of “simple functions” and a target Boolean function f, how efficiently can f be computed (on all inputs) using the simple functions? Of course, efficiency can be measured in many ways. The most natural measure is that of the “size” of computation: how many copies of these simple functions are necessary to compute f? Let B be a set of Boolean functions, which we call a basis set. The fan-in of a function g 2 B is the number of inputs that g takes. (Typical choices are fan-in 2, or unbounded fan-in, meaning that g can take any number of inputs.) We define a circuit C with n inputs and size s over a basis B, as follows. C consists of a directed acyclic graph (DAG) of s + n + 2 nodes, with n sources and one sink (the sth node in some fixed topological order on the nodes). -
Laced Boolean Functions and Subset Sum Problems in Finite Fields
Laced Boolean functions and subset sum problems in finite fields David Canright1, Sugata Gangopadhyay2 Subhamoy Maitra3, Pantelimon Stanic˘ a˘1 1 Department of Applied Mathematics, Naval Postgraduate School Monterey, CA 93943{5216, USA; fdcanright,[email protected] 2 Department of Mathematics, Indian Institute of Technology Roorkee 247667 INDIA; [email protected] 3 Applied Statistics Unit, Indian Statistical Institute 203 B. T. Road, Calcutta 700 108, INDIA; [email protected] March 13, 2011 Abstract In this paper, we investigate some algebraic and combinatorial properties of a special Boolean function on n variables, defined us- ing weighted sums in the residue ring modulo the least prime p ≥ n. We also give further evidence to a question raised by Shparlinski re- garding this function, by computing accurately the Boolean sensitivity, thus settling the question for prime number values p = n. Finally, we propose a generalization of these functions, which we call laced func- tions, and compute the weight of one such, for every value of n. Mathematics Subject Classification: 06E30,11B65,11D45,11D72 Key Words: Boolean functions; Hamming weight; Subset sum problems; residues modulo primes. 1 1 Introduction Being interested in read-once branching programs, Savicky and Zak [7] were led to the definition and investigation, from a complexity point of view, of a special Boolean function based on weighted sums in the residue ring modulo a prime p. Later on, a modification of the same function was used by Sauerhoff [6] to show that quantum read-once branching programs are exponentially more powerful than classical read-once branching programs. Shparlinski [8] used exponential sums methods to find bounds on the Fourier coefficients, and he posed several open questions, which are the motivation of this work. -
Analysis of Boolean Functions and Its Applications to Topics Such As Property Testing, Voting, Pseudorandomness, Gaussian Geometry and the Hardness of Approximation
Analysis of Boolean Functions Notes from a series of lectures by Ryan O’Donnell Guest lecture by Per Austrin Barbados Workshop on Computational Complexity February 26th – March 4th, 2012 Organized by Denis Th´erien Scribe notes by Li-Yang Tan arXiv:1205.0314v1 [cs.CC] 2 May 2012 Contents 1 Linearity testing and Arrow’s theorem 3 1.1 TheFourierexpansion ............................. 3 1.2 Blum-Luby-Rubinfeld. .. .. .. .. .. .. .. .. 7 1.3 Votingandinfluence .............................. 9 1.4 Noise stability and Arrow’s theorem . ..... 12 2 Noise stability and small set expansion 15 2.1 Sheppard’s formula and Stabρ(MAJ)...................... 15 2.2 Thenoisyhypercubegraph. 16 2.3 Bonami’slemma................................. 18 3 KKL and quasirandomness 20 3.1 Smallsetexpansion ............................... 20 3.2 Kahn-Kalai-Linial ............................... 21 3.3 Dictator versus Quasirandom tests . ..... 22 4 CSPs and hardness of approximation 26 4.1 Constraint satisfaction problems . ...... 26 4.2 Berry-Ess´een................................... 27 5 Majority Is Stablest 30 5.1 Borell’s isoperimetric inequality . ....... 30 5.2 ProofoutlineofMIST ............................. 32 5.3 Theinvarianceprinciple . 33 6 Testing dictators and UGC-hardness 37 1 Linearity testing and Arrow’s theorem Monday, 27th February 2012 Rn Open Problem [Guy86, HK92]: Let a with a 2 = 1. Prove Prx 1,1 n [ a, x • ∈ k k ∈{− } |h i| ≤ 1] 1 . ≥ 2 Open Problem (S. Srinivasan): Suppose g : 1, 1 n 2 , 1 where g(x) 2 , 1 if • {− } →± 3 ∈ 3 n x n and g(x) 1, 2 if n x n . Prove deg( f)=Ω(n). i=1 i ≥ 2 ∈ − − 3 i=1 i ≤− 2 P P In this workshop we will study the analysis of boolean functions and its applications to topics such as property testing, voting, pseudorandomness, Gaussian geometry and the hardness of approximation. -
Rigorous Cache Side Channel Mitigation Via Selective Circuit Compilation
RiCaSi: Rigorous Cache Side Channel Mitigation via Selective Circuit Compilation B Heiko Mantel, Lukas Scheidel, Thomas Schneider, Alexandra Weber( ), Christian Weinert, and Tim Weißmantel Technical University of Darmstadt, Darmstadt, Germany {mantel,weber,weissmantel}@mais.informatik.tu-darmstadt.de, {scheidel,schneider,weinert}@encrypto.cs.tu-darmstadt.de Abstract. Cache side channels constitute a persistent threat to crypto implementations. In particular, block ciphers are prone to attacks when implemented with a simple lookup-table approach. Implementing crypto as software evaluations of circuits avoids this threat but is very costly. We propose an approach that combines program analysis and circuit compilation to support the selective hardening of regular C implemen- tations against cache side channels. We implement this approach in our toolchain RiCaSi. RiCaSi avoids unnecessary complexity and overhead if it can derive sufficiently strong security guarantees for the original implementation. If necessary, RiCaSi produces a circuit-based, hardened implementation. For this, it leverages established circuit-compilation technology from the area of secure computation. A final program analysis step ensures that the hardening is, indeed, effective. 1 Introduction Cache side channels are unintended communication channels of programs. Cache- side-channel leakage might occur if a program accesses memory addresses that depend on secret information like cryptographic keys. When these secret-depen- dent memory addresses are loaded into a shared cache, an attacker might deduce the secret information based on observing the cache. Such cache side channels are particularly dangerous for implementations of block ciphers, as shown, e.g., by attacks on implementations of DES [58,67], AES [2,11,57], and Camellia [59,67,73]. -
Probabilistic Boolean Logic, Arithmetic and Architectures
PROBABILISTIC BOOLEAN LOGIC, ARITHMETIC AND ARCHITECTURES A Thesis Presented to The Academic Faculty by Lakshmi Narasimhan Barath Chakrapani In Partial Fulfillment of the Requirements for the Degree Doctor of Philosophy in the School of Computer Science, College of Computing Georgia Institute of Technology December 2008 PROBABILISTIC BOOLEAN LOGIC, ARITHMETIC AND ARCHITECTURES Approved by: Professor Krishna V. Palem, Advisor Professor Trevor Mudge School of Computer Science, College Department of Electrical Engineering of Computing and Computer Science Georgia Institute of Technology University of Michigan, Ann Arbor Professor Sung Kyu Lim Professor Sudhakar Yalamanchili School of Electrical and Computer School of Electrical and Computer Engineering Engineering Georgia Institute of Technology Georgia Institute of Technology Professor Gabriel H. Loh Date Approved: 24 March 2008 College of Computing Georgia Institute of Technology To my parents The source of my existence, inspiration and strength. iii ACKNOWLEDGEMENTS आचायातर् ्पादमादे पादं िशंयः ःवमेधया। पादं सॄचारयः पादं कालबमेणच॥ “One fourth (of knowledge) from the teacher, one fourth from self study, one fourth from fellow students and one fourth in due time” 1 Many people have played a profound role in the successful completion of this disser- tation and I first apologize to those whose help I might have failed to acknowledge. I express my sincere gratitude for everything you have done for me. I express my gratitude to Professor Krisha V. Palem, for his energy, support and guidance throughout the course of my graduate studies. Several key results per- taining to the semantic model and the properties of probabilistic Boolean logic were due to his brilliant insights. -
Privacy Preserving Computations Accelerated Using FPGA Overlays
Privacy Preserving Computations Accelerated using FPGA Overlays A Dissertation Presented by Xin Fang to The Department of Electrical and Computer Engineering in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Computer Engineering Northeastern University Boston, Massachusetts August 2017 To my family. i Contents List of Figures v List of Tables vi Acknowledgments vii Abstract of the Dissertation ix 1 Introduction 1 1.1 Garbled Circuits . 1 1.1.1 An Example: Computing Average Blood Pressure . 2 1.2 Heterogeneous Reconfigurable Computing . 3 1.3 Contributions . 3 1.4 Remainder of the Dissertation . 5 2 Background 6 2.1 Garbled Circuits . 6 2.1.1 Garbled Circuits Overview . 7 2.1.2 Garbling Phase . 8 2.1.3 Evaluation Phase . 10 2.1.4 Optimization . 11 2.2 SHA-1 Algorithm . 12 2.3 Field-Programmable Gate Array . 13 2.3.1 FPGA Architecture . 13 2.3.2 FPGA Overlays . 14 2.3.3 Heterogeneous Computing Platform using FPGAs . 16 2.3.4 ProceV Board . 17 2.4 Related Work . 17 2.4.1 Garbled Circuit Algorithm Research . 17 2.4.2 Garbled Circuit Implementation . 19 2.4.3 Garbled Circuit Acceleration . 20 ii 3 System Design Methodology 23 3.1 Garbled Circuit Generation System . 24 3.2 Software Structure . 26 3.2.1 Problem Generation . 26 3.2.2 Layer Extractor . 30 3.2.3 Problem Parser . 31 3.2.4 Host Code Generation . 32 3.3 Simulation of Garbled Circuit Generation . 33 3.3.1 FPGA Overlay Architecture . 33 3.3.2 Garbled Circuit AND Overlay Cell . -
Reaction Systems and Synchronous Digital Circuits
molecules Article Reaction Systems and Synchronous Digital Circuits Zeyi Shang 1,2,† , Sergey Verlan 2,† , Ion Petre 3,4 and Gexiang Zhang 1,∗ 1 School of Electrical Engineering, Southwest Jiaotong University, Chengdu 611756, Sichuan, China; [email protected] 2 Laboratoire d’Algorithmique, Complexité et Logique, Université Paris Est Créteil, 94010 Créteil, France; [email protected] 3 Department of Mathematics and Statistics, University of Turku, FI-20014, Turku, Finland; ion.petre@utu.fi 4 National Institute for Research and Development in Biological Sciences, 060031 Bucharest, Romania * Correspondence: [email protected] † These authors contributed equally to this work. Received: 25 March 2019; Accepted: 28 April 2019 ; Published: 21 May 2019 Abstract: A reaction system is a modeling framework for investigating the functioning of the living cell, focused on capturing cause–effect relationships in biochemical environments. Biochemical processes in this framework are seen to interact with each other by producing the ingredients enabling and/or inhibiting other reactions. They can also be influenced by the environment seen as a systematic driver of the processes through the ingredients brought into the cellular environment. In this paper, the first attempt is made to implement reaction systems in the hardware. We first show a tight relation between reaction systems and synchronous digital circuits, generally used for digital electronics design. We describe the algorithms allowing us to translate one model to the other one, while keeping the same behavior and similar size. We also develop a compiler translating a reaction systems description into hardware circuit description using field-programming gate arrays (FPGA) technology, leading to high performance, hardware-based simulations of reaction systems. -
Predicate Logic
Predicate Logic Laura Kovács Recap: Boolean Algebra and Propositional Logic 0, 1 True, False (other notation: t, f) boolean variables a ∈{0,1} atomic formulas (atoms) p∈{True,False} boolean operators ¬, ∧, ∨, fl, ñ logical connectives ¬, ∧, ∨, fl, ñ boolean functions: propositional formulas: • 0 and 1 are boolean functions; • True and False are propositional formulas; • boolean variables are boolean functions; • atomic formulas are propositional formulas; • if a is a boolean function, • if a is a propositional formula, then ¬a is a boolean function; then ¬a is a propositional formula; • if a and b are boolean functions, • if a and b are propositional formulas, then a∧b, a∨b, aflb, añb are boolean functions. then a∧b, a∨b, aflb, añb are propositional formulas. truth value of a boolean function truth value of a propositional formula (truth tables) (truth tables) Recap: Boolean Algebra and Propositional Logic 0, 1 True, False (other notation: t, f) boolean variables a ∈{0,1} atomic formulas (atoms) p∈{True,False} boolean operators ¬, ∧, ∨, fl, ñ logical connectives ¬, ∧, ∨, fl, ñ boolean functions: propositional formulas (propositions, Aussagen ): • 0 and 1 are boolean functions; • True and False are propositional formulas; • boolean variables are boolean functions; • atomic formulas are propositional formulas; • if a is a boolean function, • if a is a propositional formula, then ¬a is a boolean function; then ¬a is a propositional formula; • if a and b are boolean functions, • if a and b are propositional formulas, then a∧b, a∨b, aflb, añb are -
Satisfiability 6 the Decision Problem 7
Satisfiability Difficult Problems Dealing with SAT Implementation Klaus Sutner Carnegie Mellon University 2020/02/04 Finding Hard Problems 2 Entscheidungsproblem to the Rescue 3 The Entscheidungsproblem is solved when one knows a pro- cedure by which one can decide in a finite number of operations So where would be look for hard problems, something that is eminently whether a given logical expression is generally valid or is satis- decidable but appears to be outside of P? And, we’d like the problem to fiable. The solution of the Entscheidungsproblem is of funda- be practical, not some monster from CRT. mental importance for the theory of all fields, the theorems of which are at all capable of logical development from finitely many The Circuit Value Problem is a good indicator for the right direction: axioms. evaluating Boolean expressions is polynomial time, but relatively difficult D. Hilbert within P. So can we push CVP a little bit to force it outside of P, just a little bit? In a sense, [the Entscheidungsproblem] is the most general Say, up into EXP1? problem of mathematics. J. Herbrand Exploiting Difficulty 4 Scaling Back 5 Herbrand is right, of course. As a research project this sounds like a Taking a clue from CVP, how about asking questions about Boolean fiasco. formulae, rather than first-order? But: we can turn adversity into an asset, and use (some version of) the Probably the most natural question that comes to mind here is Entscheidungsproblem as the epitome of a hard problem. Is ϕ(x1, . , xn) a tautology? The original Entscheidungsproblem would presumable have included arbitrary first-order questions about number theory. -
SOTERIA: in Search of Efficient Neural Networks for Private Inference
SOTERIA: In Search of Efficient Neural Networks for Private Inference Anshul Aggarwal, Trevor E. Carlson, Reza Shokri, Shruti Tople National University of Singapore (NUS), Microsoft Research {anshul, trevor, reza}@comp.nus.edu.sg, [email protected] Abstract paper, we focus on private computation of inference over deep neural networks, which is the setting of machine learning-as- ML-as-a-service is gaining popularity where a cloud server a-service. Consider a server that provides a machine learning hosts a trained model and offers prediction (inference) ser- service (e.g., classification), and a client who needs to use vice to users. In this setting, our objective is to protect the the service for an inference on her data record. The server is confidentiality of both the users’ input queries as well as the not willing to share the proprietary machine learning model, model parameters at the server, with modest computation and underpinning her service, with any client. The clients are also communication overhead. Prior solutions primarily propose unwilling to share their sensitive private data with the server. fine-tuning cryptographic methods to make them efficient We consider an honest-but-curious threat model. In addition, for known fixed model architectures. The drawback with this we assume the two parties do not trust, nor include, any third line of approach is that the model itself is never designed to entity in the protocol. In this setting, our first objective is to operate with existing efficient cryptographic computations. design a secure protocol that protects the confidentiality of We observe that the network architecture, internal functions, client data as well as the prediction results against the server and parameters of a model, which are all chosen during train- who runs the computation. -
Problems and Comments on Boolean Algebras Rosen, Fifth Edition: Chapter 10; Sixth Edition: Chapter 11 Boolean Functions
Problems and Comments on Boolean Algebras Rosen, Fifth Edition: Chapter 10; Sixth Edition: Chapter 11 Boolean Functions Section 10. 1, Problems: 1, 2, 3, 4, 10, 11, 29, 36, 37 (fifth edition); Section 11.1, Problems: 1, 2, 5, 6, 12, 13, 31, 40, 41 (sixth edition) The notation ""forOR is bad and misleading. Just think that in the context of boolean functions, the author uses instead of ∨.The integers modulo 2, that is ℤ2 0,1, have an addition where 1 1 0 while 1 ∨ 1 1. AsetA is partially ordered by a binary relation ≤, if this relation is reflexive, that is a ≤ a holds for every element a ∈ S,it is transitive, that is if a ≤ b and b ≤ c hold for elements a,b,c ∈ S, then one also has that a ≤ c, and ≤ is anti-symmetric, that is a ≤ b and b ≤ a can hold for elements a,b ∈ S only if a b. The subsets of any set S are partially ordered by set inclusion. that is the power set PS,⊆ is a partially ordered set. A partial ordering on S is a total ordering if for any two elements a,b of S one has that a ≤ b or b ≤ a. The natural numbers ℕ,≤ with their ordinary ordering are totally ordered. A bounded lattice L is a partially ordered set where every finite subset has a least upper bound and a greatest lower bound.The least upper bound of the empty subset is defined as 0, it is the smallest element of L.