fitness comparison by statistical testing in construction
play

Fitness Comparison by Statistical Testing in Construction of - PowerPoint PPT Presentation

Mar 08, 2023 •270 likes •715 views

Fitness Comparison by Statistical Testing in Construction of SAT-Based Guess-and-Determine Cryptographic Attacks Artem Pavlenko, Maxim Buzdalov, Vladimir Ulyantsev GECCO 2019, July 16 Symmetric cryptography Alice wants to send a secret

  1. Fitness Comparison by Statistical Testing in Construction of SAT-Based Guess-and-Determine Cryptographic Attacks Artem Pavlenko, Maxim Buzdalov, Vladimir Ulyantsev GECCO 2019, July 16

  2. Symmetric cryptography Alice wants to send a secret Plaintext 0 0 1 0 1 1 1 0 message to Bob. To do that, she generates a Keystream � Then she applies bitwise XOR. 1 0 0 1 1 0 1 1 random sequence. Initial state Keystream The keystreams should be identical Ciphertext 1 0 1 1 0 1 0 1 1 1 1 0 0 generator and have no regularity. Bob also generates the same and also applies bitwise XOR Keystream 1 0 0 1 1 0 1 1 � random sequence. . . to recover the message. Plaintext 0 0 1 0 1 1 1 0 1 / 13

  3. Symmetric cryptography Alice wants to send a secret Plaintext 0 0 1 0 1 1 1 0 message to Bob. To do that, she generates a Keystream � Then she applies bitwise XOR. 1 0 0 1 1 0 1 1 random sequence. Initial state Keystream The keystreams should be identical Ciphertext 1 0 1 1 0 1 0 1 1 1 1 0 0 generator and have no regularity. Bob also generates the same and also applies bitwise XOR Keystream 1 0 0 1 1 0 1 1 � random sequence. . . to recover the message. Plaintext 0 0 1 0 1 1 1 0 1 / 13

  4. Symmetric cryptography Alice wants to send a secret Plaintext 0 0 1 0 1 1 1 0 message to Bob. To do that, she generates a Keystream � Then she applies bitwise XOR. 1 0 0 1 1 0 1 1 random sequence. Initial state Keystream The keystreams should be identical Ciphertext 1 0 1 1 0 1 0 1 1 1 1 0 0 generator and have no regularity. Bob also generates the same and also applies bitwise XOR Keystream 1 0 0 1 1 0 1 1 � random sequence. . . to recover the message. Plaintext 0 0 1 0 1 1 1 0 1 / 13

  5. Symmetric cryptography Alice wants to send a secret Plaintext 0 0 1 0 1 1 1 0 message to Bob. To do that, she generates a Keystream � Then she applies bitwise XOR. 1 0 0 1 1 0 1 1 random sequence. Initial state Keystream The keystreams should be identical Ciphertext 1 0 1 1 0 1 0 1 1 1 1 0 0 generator and have no regularity. Bob also generates the same and also applies bitwise XOR Keystream 1 0 0 1 1 0 1 1 � random sequence. . . to recover the message. Plaintext 0 0 1 0 1 1 1 0 1 / 13

  6. Symmetric cryptography Alice wants to send a secret Plaintext 0 0 1 0 1 1 1 0 message to Bob. To do that, she generates a Keystream � Then she applies bitwise XOR. 1 0 0 1 1 0 1 1 random sequence. Initial state Keystream The keystreams should be identical Ciphertext 1 0 1 1 0 1 0 1 1 1 1 0 0 generator and have no regularity. Bob also generates the same and also applies bitwise XOR Keystream 1 0 0 1 1 0 1 1 � random sequence. . . to recover the message. Plaintext 0 0 1 0 1 1 1 0 1 / 13

  7. Symmetric cryptography Alice wants to send a secret Plaintext 0 0 1 0 1 1 1 0 message to Bob. To do that, she generates a Keystream � Then she applies bitwise XOR. 1 0 0 1 1 0 1 1 random sequence. Initial state Keystream The keystreams should be identical Ciphertext 1 0 1 1 0 1 0 1 1 1 1 0 0 generator and have no regularity. Bob also generates the same and also applies bitwise XOR Keystream 1 0 0 1 1 0 1 1 � random sequence. . . to recover the message. Plaintext 0 0 1 0 1 1 1 0 1 / 13

  8. Symmetric cryptography Alice wants to send a secret Plaintext 0 0 1 0 1 1 1 0 message to Bob. To do that, she generates a Keystream � Then she applies bitwise XOR. 1 0 0 1 1 0 1 1 random sequence. Initial state Keystream The keystreams should be identical Ciphertext 1 0 1 1 0 1 0 1 1 1 1 0 0 generator and have no regularity. Bob also generates the same and also applies bitwise XOR Keystream 1 0 0 1 1 0 1 1 � random sequence. . . to recover the message. Plaintext 0 0 1 0 1 1 1 0 1 / 13

  9. Attack on the keystream generator Part of plaintext 0 0 1 0 1 Eve has eavesdropped matching She applies bitwise XOR to reveal Part of ciphertext � 1 0 1 1 0 parts of plaintext and ciphertext. a part of keystream. Initial state Keystream Part of keystream 1 0 0 1 1 ? ? ? ? ? generator Generator is known. Eve needs to restore initial state, so that the rest of the transmission is cracked. 2 / 13

  10. Attack on the keystream generator Part of plaintext 0 0 1 0 1 Eve has eavesdropped matching She applies bitwise XOR to reveal Part of ciphertext � 1 0 1 1 0 parts of plaintext and ciphertext. a part of keystream. Initial state Keystream Part of keystream 1 0 0 1 1 ? ? ? ? ? generator Generator is known. Eve needs to restore initial state, so that the rest of the transmission is cracked. 2 / 13

  11. Attack on the keystream generator Part of plaintext 0 0 1 0 1 Eve has eavesdropped matching She applies bitwise XOR to reveal Part of ciphertext � 1 0 1 1 0 parts of plaintext and ciphertext. a part of keystream. Initial state Keystream Part of keystream 1 0 0 1 1 ? ? ? ? ? generator Generator is known. Eve needs to restore initial state, so that the rest of the transmission is cracked. 2 / 13

  12. Attack on the keystream generator Part of plaintext 0 0 1 0 1 Eve has eavesdropped matching She applies bitwise XOR to reveal Part of ciphertext � 1 0 1 1 0 parts of plaintext and ciphertext. a part of keystream. Initial state Keystream Part of keystream 1 0 0 1 1 ? ? ? ? ? generator Generator is known. Eve needs to restore initial state, so that the rest of the transmission is cracked. 2 / 13

  13. Example of a keystream generator: Trivium-64 3 / 13

  14. Algebraic cryptoanalysis Produced keystream Initial state Keystream z 0 z 1 z 2 z 3 z 4 x 0 x 1 x 2 x 3 x 4 generator SAT formula generator, y i – auxiliary variables f ( x 0 , . . . , x n , y 0 , . . . , y m , z 0 , . . . , z k ) = true Actual keystream Cracked state SAT 1 0 0 1 1 1 1 1 0 0 solver 4 / 13

  15. Algebraic cryptoanalysis Produced keystream Initial state Keystream z 0 z 1 z 2 z 3 z 4 x 0 x 1 x 2 x 3 x 4 generator SAT formula generator, y i – auxiliary variables f ( x 0 , . . . , x n , y 0 , . . . , y m , z 0 , . . . , z k ) = true Actual keystream Cracked state SAT 1 0 0 1 1 1 1 1 0 0 solver 4 / 13

  16. Algebraic cryptoanalysis Produced keystream Initial state Keystream z 0 z 1 z 2 z 3 z 4 x 0 x 1 x 2 x 3 x 4 generator SAT formula generator, y i – auxiliary variables f ( x 0 , . . . , x n , y 0 , . . . , y m , z 0 , . . . , z k ) = true Actual keystream Cracked state SAT 1 0 0 1 1 1 1 1 0 0 solver 4 / 13

  17. Guess-and-determine attacks Standard way to solve SAT problems ◮ Take the formula ◮ Pass it to the SAT solver 5 / 13

  18. Guess-and-determine attacks Standard way to solve SAT problems ◮ Take the formula ◮ Pass it to the SAT solver A possible alternative when solving hard SAT problems ◮ Choose a subset B of the formula’s variables – the guessed bit set ◮ Iterate over all 2 | B | combinations of their values ◮ For each combination: ◮ Take the formula, substitute these variables with their values ◮ Pass it to the SAT solver ◮ If solution found, terminate 5 / 13

  19. Guess-and-determine attacks Standard way to solve SAT problems ◮ Take the formula ◮ Pass it to the SAT solver A possible alternative when solving hard SAT problems ◮ Choose a subset B of the formula’s variables – the guessed bit set ◮ Iterate over all 2 | B | combinations of their values ◮ For each combination: ◮ Take the formula, substitute these variables with their values ◮ Pass it to the SAT solver ◮ If solution found, terminate ◮ Sometimes this is faster. In cryptanalysis, it happens quite often 5 / 13

  20. Attack time of a guess-and-determine attack Several definitions possible. We use the following: ◮ Assume the keystream is infinite ◮ Set a time limit T for an attempt to solve one piece ◮ Found a solution within T → congratulations! ◮ Did not manage to find → continue with the next piece ◮ Let p be the (very small) probability that we find a solution: ◮ Expected time of an attack: T / p ◮ Time with 95% of confidence: ≈ 3 T / p 6 / 13

  21. Attack time of a guess-and-determine attack Several definitions possible. We use the following: ◮ Assume the keystream is infinite ◮ Set a time limit T for an attempt to solve one piece ◮ Found a solution within T → congratulations! ◮ Did not manage to find → continue with the next piece ◮ Let p be the (very small) probability that we find a solution: ◮ Expected time of an attack: T / p ◮ Time with 95% of confidence: ≈ 3 T / p What is a good time of an attack? ◮ Any non-trivial result is important ◮ Example: “SHA-1 collisions now 2 52 ” ◮ A hint of a weakness → move to non-compromised ciphers until too late! 6 / 13

  22. How to measure the attack time Direct measurement? ◮ Well, possible, but it will take way too long 7 / 13

  23. How to measure the attack time Direct measurement? ◮ Well, possible, but it will take way too long Clever indirect measurement ◮ A Monte-Carlo technique 7 / 13

  24. How to measure the attack time Direct measurement? ◮ Well, possible, but it will take way too long Clever indirect measurement ◮ A Monte-Carlo technique ◮ Generate a random initial state 7 / 13

  25. How to measure the attack time Direct measurement? ◮ Well, possible, but it will take way too long Clever indirect measurement ◮ A Monte-Carlo technique ◮ Generate a random initial state ◮ Compute the keystream of the needed length 7 / 13

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

W3: Individual Fitness Fitness Exercise Testing Pyschology Exercise Benchmark Sociology

W3: Individual Fitness Fitness Exercise Testing Pyschology Exercise Benchmark Sociology

W3: Individual Fitness Fitness Exercise Testing Pyschology Exercise Benchmark Sociology Asessments Healthy Fitness Zone AGENDA A1. Introduction to Fitness A2. Immediate Effects of Exercise A3. PE & Safety A4. Healthy Fitness Zone

1.03k views • 55 slides
Statistical mechanics of fitness landscapes Joachim Krug Institute for Theoretical Physics,

Statistical mechanics of fitness landscapes Joachim Krug Institute for Theoretical Physics,

Statistical mechanics of fitness landscapes Joachim Krug Institute for Theoretical Physics, University of Cologne & Jasper Franke, Johannes Neidhart, Stefan Nowak, Benjamin Schmiegelt, Ivan Szendro Advances in Nonequilibrium Statistical

380 views • 35 slides
Statistical methodology for bio iosimil ilars, comparison of f process changes and comparison

Statistical methodology for bio iosimil ilars, comparison of f process changes and comparison

Statistical methodology for bio iosimil ilars, comparison of f process changes and comparison of f dis issolution profi files A persp specti tive fr from EFSPI Mike Denham (GlaxoSmithKline) on behalf of EFSPI WG Three Fundamental

548 views • 29 slides
Sequence comparison: Dynamic programming Genome 559: Introduction to Statistical and

Sequence comparison: Dynamic programming Genome 559: Introduction to Statistical and

Sequence comparison: Dynamic programming Genome 559: Introduction to Statistical and Computational Genomics Prof. James H. Thomas http://faculty.washington.edu/jht/GS559_2013/ Sequence comparison overview Problem: Find the best

647 views • 36 slides
Applied Statistical Analysis EDUC 6050 Week 6 Finding clarity using data Today 1. Hypothesis

Applied Statistical Analysis EDUC 6050 Week 6 Finding clarity using data Today 1. Hypothesis

Applied Statistical Analysis EDUC 6050 Week 6 Finding clarity using data Today 1. Hypothesis Testing with ANOVA One-Way Two-Way 2 Do you know comparison population mean ! and standard deviation # ? Know comparison population mean

837 views • 44 slides
Statistical Comparison of Algorithms Part II Leandro L. Minku University of Birmingham, UK

Statistical Comparison of Algorithms Part II Leandro L. Minku University of Birmingham, UK

Statistical Comparison of Algorithms Part II Leandro L. Minku University of Birmingham, UK Overview Recap of the general idea underlying statistical hypothesis tests. What to compare? Two algorithms on a single problem instance.

1.53k views • 122 slides
p(E|H p(E|H p ) p ) p(E|H p(E|H d ) d ) Need for testing In forensic voice comparison,

p(E|H p(E|H p ) p ) p(E|H p(E|H d ) d ) Need for testing In forensic voice comparison,

Multi-laboratory evaluation of forensic voice comparison systems under conditions reflecting those of a real forensic case forensic_eval_01 Geoffrey Stewart Morrison Ewald Enzinger p(E|H p(E|H p ) p ) p(E|H p(E|H d ) d ) Need for testing

337 views • 21 slides
A Comfortable TestPlayer for Analyzing Statistical Usage Testing Strategies Winfried Dulz

A Comfortable TestPlayer for Analyzing Statistical Usage Testing Strategies Winfried Dulz

A Comfortable TestPlayer for Analyzing Statistical Usage Testing Strategies Winfried Dulz (Department of Computer Science 7, University of Erlangen-Nuremberg, Germany) Outline Motivation Short History of Statistical Usage Testing

702 views • 41 slides
Statistical Methods Statistical Methods Descriptive Inferential Statistics Statistics

Statistical Methods Statistical Methods Descriptive Inferential Statistics Statistics

Statistical Methods Statistical Methods Descriptive Inferential Statistics Statistics Hypothesis Others Estimation Testing Outline of today Hypothesis testing for one population mean Hypothesis testing for two samples comparing

1.45k views • 109 slides
Sequence comparison: Sequence comparison: Significance of alignment scores

Sequence comparison: Sequence comparison: Significance of alignment scores

Sequence comparison: Sequence comparison: Significance of alignment scores http://faculty.washington.edu/jht/GS559_2014/ Genome 559: Introduction to Statistical and Computational Genomics d C i l G i Prof. James H. Thomas Unscaled EVD

781 views • 13 slides
Chapter 6 Hypothesis Testing What is Hypothesis Testing? the use of statistical

Chapter 6 Hypothesis Testing What is Hypothesis Testing? the use of statistical

Chapter 6 Hypothesis Testing What is Hypothesis Testing? the use of statistical procedures to answer research questions Typical research question (generic): For hypothesis testing, research questions are statements: This is

770 views • 50 slides
Chapter 6 Hypothesis Testing What is Hypothesis Testing? the use of statistical

Chapter 6 Hypothesis Testing What is Hypothesis Testing? the use of statistical

Chapter 6 Hypothesis Testing What is Hypothesis Testing? the use of statistical procedures to answer research questions Typical research question (generic): For hypothesis testing, research questions are statements: This is

243 views • 22 slides
Hypothesis testing and statistical decision theory Lirong Xia Fall, 2016 Schedule

Hypothesis testing and statistical decision theory Lirong Xia Fall, 2016 Schedule

Hypothesis testing and statistical decision theory Lirong Xia Fall, 2016 Schedule Hypothesis testing Statistical decision theory a more general framework for statistical inference try to explain the scene behind tests

635 views • 28 slides
Hypothesis testing and statistical decision theory Lirong Xia March 25, 2016 Schedule

Hypothesis testing and statistical decision theory Lirong Xia March 25, 2016 Schedule

Hypothesis testing and statistical decision theory Lirong Xia March 25, 2016 Schedule Hypothesis testing Statistical decision theory a more general framework for statistical inference try to explain the scene behind tests

478 views • 28 slides
1 A review of fitness Fitness has two components: 1. Viability; an individuals ability to

1 A review of fitness Fitness has two components: 1. Viability; an individuals ability to

Functional divergence 1: FFTNS and Shifting balance theory There is no conflict between neutralists and selectionists on the role of natural selection: Natural selection is the only explanation for adaptation 1 A review of fitness Fitness has

500 views • 27 slides
2. Two typical geometries of fitness landscapes Fitness landscape analysis for understanding and

2. Two typical geometries of fitness landscapes Fitness landscape analysis for understanding and

Multimodal fitness landscape Rugged fitness landscapes Neutral fitness landscapes Neutral Networks 2. Two typical geometries of fitness landscapes Fitness landscape analysis for understanding and designing local search heuristics S

615 views • 57 slides
ENCRYPTION WITHOUT MAGIC, RISK MANAGEMENT WITHOUT PAIN #qconlondon @vixentael @vixentael

ENCRYPTION WITHOUT MAGIC, RISK MANAGEMENT WITHOUT PAIN #qconlondon @vixentael @vixentael

ENCRYPTION WITHOUT MAGIC, RISK MANAGEMENT WITHOUT PAIN #qconlondon @vixentael @vixentael Product Engineer Feel free to reach me with security questions. I do check my inbox :) CRYPTOGRAPHY? Blowfish Twofish Rabbit Salsa20 AES OFB

1.03k views • 69 slides
Cryptography for Cloud Security Mohsen Toorani Department of Informatics, University of Bergen

Cryptography for Cloud Security Mohsen Toorani Department of Informatics, University of Bergen

Cryptography for Cloud Security Mohsen Toorani Department of Informatics, University of Bergen Simula@UiB Coins Winter School Finse, Norway May 12, 2017 Mohsen Toorani Cryptography for Cloud Security Finse Winter School 2017 1 / 58 Our

1.39k views • 82 slides
Sample or Random Security A Security Model for Segment-Based Visual Cryptography Sebastian

Sample or Random Security A Security Model for Segment-Based Visual Cryptography Sebastian

Sample or Random Security A Security Model for Segment-Based Visual Cryptography Sebastian Pape Dortmund Technical University March 5th, 2014 Financial Cryptography and Data Security 2014 Sebastian Pape Sample or Random Security March

541 views • 25 slides
Distributed Identity Based Short Linkable Ring Signature Kasra EdalatNejad Prof. Bryan Ford

Distributed Identity Based Short Linkable Ring Signature Kasra EdalatNejad Prof. Bryan Ford

Distributed Identity Based Short Linkable Ring Signature Kasra EdalatNejad Prof. Bryan Ford DEcentralized and DIstributed Systems Goal Anonymity Accountability Usability 2 Ring Signature Anonymous Spontaneous 3 Linkable Ring

372 views • 24 slides
Coconut: Threshold Issuance Selective Disclosure Credentials with Applications to Distributed

Coconut: Threshold Issuance Selective Disclosure Credentials with Applications to Distributed

Coconut: Threshold Issuance Selective Disclosure Credentials with Applications to Distributed Ledgers Authors Alberto Sonnino* Mustafa Al-Bassam* Shehar Bano* Sarah Meiklejohn* George Danezis* * University College London February 2019 The

553 views • 52 slides
Analysis of cryptographic hash functions Christina Boura SECRET Project-Team, INRIA

Analysis of cryptographic hash functions Christina Boura SECRET Project-Team, INRIA

Analysis of cryptographic hash functions Christina Boura SECRET Project-Team, INRIA Paris-Rocquencourt Gemalto, France Ph.D. Defense December 7, 2012 1 / 43 Symmetric key cryptography Alice and Bob share the same secret key . Key Ciphertext

1.17k views • 59 slides
Jasmin: High-Assurance and High-Speed Cryptography Jos Bacelar Almeida Manuel Barbosa Gilles

Jasmin: High-Assurance and High-Speed Cryptography Jos Bacelar Almeida Manuel Barbosa Gilles

Jasmin: High-Assurance and High-Speed Cryptography Jos Bacelar Almeida Manuel Barbosa Gilles Barthe Arthur Blot Benjamin Grgoire Vincent Laporte Tiago Oliveira Hugo Pacheco Benedick Schmidt Pierre-Yves Strub CCS17 2017-11-02

440 views • 31 slides
Consultative Committee for Photometry and Radiometry CCPR Dr Takashi USUDA CCPR President and

Consultative Committee for Photometry and Radiometry CCPR Dr Takashi USUDA CCPR President and

Consultative Committee for Photometry and Radiometry CCPR Dr Takashi USUDA CCPR President and CIPM member (NMIJ Japan) 25 th meeting of the CGPM Scope of the CCPR Consultative Committee for Photometry Describes the

420 views • 9 slides

More recommend