fitness comparison by statistical testing in construction
play

Fitness Comparison by Statistical Testing in Construction of - PowerPoint PPT Presentation

Mar 08, 2023 •270 likes •715 views

Fitness Comparison by Statistical Testing in Construction of SAT-Based Guess-and-Determine Cryptographic Attacks Artem Pavlenko, Maxim Buzdalov, Vladimir Ulyantsev GECCO 2019, July 16 Symmetric cryptography Alice wants to send a secret

  1. Fitness Comparison by Statistical Testing in Construction of SAT-Based Guess-and-Determine Cryptographic Attacks Artem Pavlenko, Maxim Buzdalov, Vladimir Ulyantsev GECCO 2019, July 16

  2. Symmetric cryptography Alice wants to send a secret Plaintext 0 0 1 0 1 1 1 0 message to Bob. To do that, she generates a Keystream � Then she applies bitwise XOR. 1 0 0 1 1 0 1 1 random sequence. Initial state Keystream The keystreams should be identical Ciphertext 1 0 1 1 0 1 0 1 1 1 1 0 0 generator and have no regularity. Bob also generates the same and also applies bitwise XOR Keystream 1 0 0 1 1 0 1 1 � random sequence. . . to recover the message. Plaintext 0 0 1 0 1 1 1 0 1 / 13

  3. Symmetric cryptography Alice wants to send a secret Plaintext 0 0 1 0 1 1 1 0 message to Bob. To do that, she generates a Keystream � Then she applies bitwise XOR. 1 0 0 1 1 0 1 1 random sequence. Initial state Keystream The keystreams should be identical Ciphertext 1 0 1 1 0 1 0 1 1 1 1 0 0 generator and have no regularity. Bob also generates the same and also applies bitwise XOR Keystream 1 0 0 1 1 0 1 1 � random sequence. . . to recover the message. Plaintext 0 0 1 0 1 1 1 0 1 / 13

  4. Symmetric cryptography Alice wants to send a secret Plaintext 0 0 1 0 1 1 1 0 message to Bob. To do that, she generates a Keystream � Then she applies bitwise XOR. 1 0 0 1 1 0 1 1 random sequence. Initial state Keystream The keystreams should be identical Ciphertext 1 0 1 1 0 1 0 1 1 1 1 0 0 generator and have no regularity. Bob also generates the same and also applies bitwise XOR Keystream 1 0 0 1 1 0 1 1 � random sequence. . . to recover the message. Plaintext 0 0 1 0 1 1 1 0 1 / 13

  5. Symmetric cryptography Alice wants to send a secret Plaintext 0 0 1 0 1 1 1 0 message to Bob. To do that, she generates a Keystream � Then she applies bitwise XOR. 1 0 0 1 1 0 1 1 random sequence. Initial state Keystream The keystreams should be identical Ciphertext 1 0 1 1 0 1 0 1 1 1 1 0 0 generator and have no regularity. Bob also generates the same and also applies bitwise XOR Keystream 1 0 0 1 1 0 1 1 � random sequence. . . to recover the message. Plaintext 0 0 1 0 1 1 1 0 1 / 13

  6. Symmetric cryptography Alice wants to send a secret Plaintext 0 0 1 0 1 1 1 0 message to Bob. To do that, she generates a Keystream � Then she applies bitwise XOR. 1 0 0 1 1 0 1 1 random sequence. Initial state Keystream The keystreams should be identical Ciphertext 1 0 1 1 0 1 0 1 1 1 1 0 0 generator and have no regularity. Bob also generates the same and also applies bitwise XOR Keystream 1 0 0 1 1 0 1 1 � random sequence. . . to recover the message. Plaintext 0 0 1 0 1 1 1 0 1 / 13

  7. Symmetric cryptography Alice wants to send a secret Plaintext 0 0 1 0 1 1 1 0 message to Bob. To do that, she generates a Keystream � Then she applies bitwise XOR. 1 0 0 1 1 0 1 1 random sequence. Initial state Keystream The keystreams should be identical Ciphertext 1 0 1 1 0 1 0 1 1 1 1 0 0 generator and have no regularity. Bob also generates the same and also applies bitwise XOR Keystream 1 0 0 1 1 0 1 1 � random sequence. . . to recover the message. Plaintext 0 0 1 0 1 1 1 0 1 / 13

  8. Symmetric cryptography Alice wants to send a secret Plaintext 0 0 1 0 1 1 1 0 message to Bob. To do that, she generates a Keystream � Then she applies bitwise XOR. 1 0 0 1 1 0 1 1 random sequence. Initial state Keystream The keystreams should be identical Ciphertext 1 0 1 1 0 1 0 1 1 1 1 0 0 generator and have no regularity. Bob also generates the same and also applies bitwise XOR Keystream 1 0 0 1 1 0 1 1 � random sequence. . . to recover the message. Plaintext 0 0 1 0 1 1 1 0 1 / 13

  9. Attack on the keystream generator Part of plaintext 0 0 1 0 1 Eve has eavesdropped matching She applies bitwise XOR to reveal Part of ciphertext � 1 0 1 1 0 parts of plaintext and ciphertext. a part of keystream. Initial state Keystream Part of keystream 1 0 0 1 1 ? ? ? ? ? generator Generator is known. Eve needs to restore initial state, so that the rest of the transmission is cracked. 2 / 13

  10. Attack on the keystream generator Part of plaintext 0 0 1 0 1 Eve has eavesdropped matching She applies bitwise XOR to reveal Part of ciphertext � 1 0 1 1 0 parts of plaintext and ciphertext. a part of keystream. Initial state Keystream Part of keystream 1 0 0 1 1 ? ? ? ? ? generator Generator is known. Eve needs to restore initial state, so that the rest of the transmission is cracked. 2 / 13

  11. Attack on the keystream generator Part of plaintext 0 0 1 0 1 Eve has eavesdropped matching She applies bitwise XOR to reveal Part of ciphertext � 1 0 1 1 0 parts of plaintext and ciphertext. a part of keystream. Initial state Keystream Part of keystream 1 0 0 1 1 ? ? ? ? ? generator Generator is known. Eve needs to restore initial state, so that the rest of the transmission is cracked. 2 / 13

  12. Attack on the keystream generator Part of plaintext 0 0 1 0 1 Eve has eavesdropped matching She applies bitwise XOR to reveal Part of ciphertext � 1 0 1 1 0 parts of plaintext and ciphertext. a part of keystream. Initial state Keystream Part of keystream 1 0 0 1 1 ? ? ? ? ? generator Generator is known. Eve needs to restore initial state, so that the rest of the transmission is cracked. 2 / 13

  13. Example of a keystream generator: Trivium-64 3 / 13

  14. Algebraic cryptoanalysis Produced keystream Initial state Keystream z 0 z 1 z 2 z 3 z 4 x 0 x 1 x 2 x 3 x 4 generator SAT formula generator, y i – auxiliary variables f ( x 0 , . . . , x n , y 0 , . . . , y m , z 0 , . . . , z k ) = true Actual keystream Cracked state SAT 1 0 0 1 1 1 1 1 0 0 solver 4 / 13

  15. Algebraic cryptoanalysis Produced keystream Initial state Keystream z 0 z 1 z 2 z 3 z 4 x 0 x 1 x 2 x 3 x 4 generator SAT formula generator, y i – auxiliary variables f ( x 0 , . . . , x n , y 0 , . . . , y m , z 0 , . . . , z k ) = true Actual keystream Cracked state SAT 1 0 0 1 1 1 1 1 0 0 solver 4 / 13

  16. Algebraic cryptoanalysis Produced keystream Initial state Keystream z 0 z 1 z 2 z 3 z 4 x 0 x 1 x 2 x 3 x 4 generator SAT formula generator, y i – auxiliary variables f ( x 0 , . . . , x n , y 0 , . . . , y m , z 0 , . . . , z k ) = true Actual keystream Cracked state SAT 1 0 0 1 1 1 1 1 0 0 solver 4 / 13

  17. Guess-and-determine attacks Standard way to solve SAT problems ◮ Take the formula ◮ Pass it to the SAT solver 5 / 13

  18. Guess-and-determine attacks Standard way to solve SAT problems ◮ Take the formula ◮ Pass it to the SAT solver A possible alternative when solving hard SAT problems ◮ Choose a subset B of the formula’s variables – the guessed bit set ◮ Iterate over all 2 | B | combinations of their values ◮ For each combination: ◮ Take the formula, substitute these variables with their values ◮ Pass it to the SAT solver ◮ If solution found, terminate 5 / 13

  19. Guess-and-determine attacks Standard way to solve SAT problems ◮ Take the formula ◮ Pass it to the SAT solver A possible alternative when solving hard SAT problems ◮ Choose a subset B of the formula’s variables – the guessed bit set ◮ Iterate over all 2 | B | combinations of their values ◮ For each combination: ◮ Take the formula, substitute these variables with their values ◮ Pass it to the SAT solver ◮ If solution found, terminate ◮ Sometimes this is faster. In cryptanalysis, it happens quite often 5 / 13

  20. Attack time of a guess-and-determine attack Several definitions possible. We use the following: ◮ Assume the keystream is infinite ◮ Set a time limit T for an attempt to solve one piece ◮ Found a solution within T → congratulations! ◮ Did not manage to find → continue with the next piece ◮ Let p be the (very small) probability that we find a solution: ◮ Expected time of an attack: T / p ◮ Time with 95% of confidence: ≈ 3 T / p 6 / 13

  21. Attack time of a guess-and-determine attack Several definitions possible. We use the following: ◮ Assume the keystream is infinite ◮ Set a time limit T for an attempt to solve one piece ◮ Found a solution within T → congratulations! ◮ Did not manage to find → continue with the next piece ◮ Let p be the (very small) probability that we find a solution: ◮ Expected time of an attack: T / p ◮ Time with 95% of confidence: ≈ 3 T / p What is a good time of an attack? ◮ Any non-trivial result is important ◮ Example: “SHA-1 collisions now 2 52 ” ◮ A hint of a weakness → move to non-compromised ciphers until too late! 6 / 13

  22. How to measure the attack time Direct measurement? ◮ Well, possible, but it will take way too long 7 / 13

  23. How to measure the attack time Direct measurement? ◮ Well, possible, but it will take way too long Clever indirect measurement ◮ A Monte-Carlo technique 7 / 13

  24. How to measure the attack time Direct measurement? ◮ Well, possible, but it will take way too long Clever indirect measurement ◮ A Monte-Carlo technique ◮ Generate a random initial state 7 / 13

  25. How to measure the attack time Direct measurement? ◮ Well, possible, but it will take way too long Clever indirect measurement ◮ A Monte-Carlo technique ◮ Generate a random initial state ◮ Compute the keystream of the needed length 7 / 13

Recommend

W3: Individual Fitness Fitness Exercise Testing Pyschology Exercise Benchmark Sociology

W3: Individual Fitness Fitness Exercise Testing Pyschology Exercise Benchmark Sociology

W3: Individual Fitness Fitness Exercise Testing Pyschology Exercise Benchmark Sociology Asessments Healthy Fitness Zone AGENDA A1. Introduction to Fitness A2. Immediate Effects of Exercise A3. PE & Safety A4. Healthy Fitness Zone

1.03k views • 55 slides
Statistical mechanics of fitness landscapes Joachim Krug Institute for Theoretical Physics,

Statistical mechanics of fitness landscapes Joachim Krug Institute for Theoretical Physics,

Statistical mechanics of fitness landscapes Joachim Krug Institute for Theoretical Physics, University of Cologne & Jasper Franke, Johannes Neidhart, Stefan Nowak, Benjamin Schmiegelt, Ivan Szendro Advances in Nonequilibrium Statistical

380 views • 35 slides
Statistical methodology for bio iosimil ilars, comparison of f process changes and comparison

Statistical methodology for bio iosimil ilars, comparison of f process changes and comparison

Statistical methodology for bio iosimil ilars, comparison of f process changes and comparison of f dis issolution profi files A persp specti tive fr from EFSPI Mike Denham (GlaxoSmithKline) on behalf of EFSPI WG Three Fundamental

548 views • 29 slides
Sequence comparison: Dynamic programming Genome 559: Introduction to Statistical and

Sequence comparison: Dynamic programming Genome 559: Introduction to Statistical and

Sequence comparison: Dynamic programming Genome 559: Introduction to Statistical and Computational Genomics Prof. James H. Thomas http://faculty.washington.edu/jht/GS559_2013/ Sequence comparison overview Problem: Find the best

647 views • 36 slides
Applied Statistical Analysis EDUC 6050 Week 6 Finding clarity using data Today 1. Hypothesis

Applied Statistical Analysis EDUC 6050 Week 6 Finding clarity using data Today 1. Hypothesis

Applied Statistical Analysis EDUC 6050 Week 6 Finding clarity using data Today 1. Hypothesis Testing with ANOVA One-Way Two-Way 2 Do you know comparison population mean ! and standard deviation # ? Know comparison population mean

837 views • 44 slides
Statistical Comparison of Algorithms Part II Leandro L. Minku University of Birmingham, UK

Statistical Comparison of Algorithms Part II Leandro L. Minku University of Birmingham, UK

Statistical Comparison of Algorithms Part II Leandro L. Minku University of Birmingham, UK Overview Recap of the general idea underlying statistical hypothesis tests. What to compare? Two algorithms on a single problem instance.

1.53k views • 122 slides
p(E|H p(E|H p ) p ) p(E|H p(E|H d ) d ) Need for testing In forensic voice comparison,

p(E|H p(E|H p ) p ) p(E|H p(E|H d ) d ) Need for testing In forensic voice comparison,

Multi-laboratory evaluation of forensic voice comparison systems under conditions reflecting those of a real forensic case forensic_eval_01 Geoffrey Stewart Morrison Ewald Enzinger p(E|H p(E|H p ) p ) p(E|H p(E|H d ) d ) Need for testing

337 views • 21 slides
A Comfortable TestPlayer for Analyzing Statistical Usage Testing Strategies Winfried Dulz

A Comfortable TestPlayer for Analyzing Statistical Usage Testing Strategies Winfried Dulz

A Comfortable TestPlayer for Analyzing Statistical Usage Testing Strategies Winfried Dulz (Department of Computer Science 7, University of Erlangen-Nuremberg, Germany) Outline Motivation Short History of Statistical Usage Testing

702 views • 41 slides
Statistical Methods Statistical Methods Descriptive Inferential Statistics Statistics

Statistical Methods Statistical Methods Descriptive Inferential Statistics Statistics

Statistical Methods Statistical Methods Descriptive Inferential Statistics Statistics Hypothesis Others Estimation Testing Outline of today Hypothesis testing for one population mean Hypothesis testing for two samples comparing

1.45k views • 109 slides
Sequence comparison: Sequence comparison: Significance of alignment scores

Sequence comparison: Sequence comparison: Significance of alignment scores

Sequence comparison: Sequence comparison: Significance of alignment scores http://faculty.washington.edu/jht/GS559_2014/ Genome 559: Introduction to Statistical and Computational Genomics d C i l G i Prof. James H. Thomas Unscaled EVD

781 views • 13 slides
Chapter 6 Hypothesis Testing What is Hypothesis Testing? the use of statistical

Chapter 6 Hypothesis Testing What is Hypothesis Testing? the use of statistical

Chapter 6 Hypothesis Testing What is Hypothesis Testing? the use of statistical procedures to answer research questions Typical research question (generic): For hypothesis testing, research questions are statements: This is

770 views • 50 slides
Chapter 6 Hypothesis Testing What is Hypothesis Testing? the use of statistical

Chapter 6 Hypothesis Testing What is Hypothesis Testing? the use of statistical

Chapter 6 Hypothesis Testing What is Hypothesis Testing? the use of statistical procedures to answer research questions Typical research question (generic): For hypothesis testing, research questions are statements: This is

243 views • 22 slides
Hypothesis testing and statistical decision theory Lirong Xia Fall, 2016 Schedule

Hypothesis testing and statistical decision theory Lirong Xia Fall, 2016 Schedule

Hypothesis testing and statistical decision theory Lirong Xia Fall, 2016 Schedule Hypothesis testing Statistical decision theory a more general framework for statistical inference try to explain the scene behind tests

635 views • 28 slides
Hypothesis testing and statistical decision theory Lirong Xia March 25, 2016 Schedule

Hypothesis testing and statistical decision theory Lirong Xia March 25, 2016 Schedule

Hypothesis testing and statistical decision theory Lirong Xia March 25, 2016 Schedule Hypothesis testing Statistical decision theory a more general framework for statistical inference try to explain the scene behind tests

478 views • 28 slides
1 A review of fitness Fitness has two components: 1. Viability; an individuals ability to

1 A review of fitness Fitness has two components: 1. Viability; an individuals ability to

Functional divergence 1: FFTNS and Shifting balance theory There is no conflict between neutralists and selectionists on the role of natural selection: Natural selection is the only explanation for adaptation 1 A review of fitness Fitness has

500 views • 27 slides
2. Two typical geometries of fitness landscapes Fitness landscape analysis for understanding and

2. Two typical geometries of fitness landscapes Fitness landscape analysis for understanding and

Multimodal fitness landscape Rugged fitness landscapes Neutral fitness landscapes Neutral Networks 2. Two typical geometries of fitness landscapes Fitness landscape analysis for understanding and designing local search heuristics S

615 views • 57 slides
Sequence comparison: Introduction and motivation Genome 559: Introduction to Statistical and

Sequence comparison: Introduction and motivation Genome 559: Introduction to Statistical and

Sequence comparison: Introduction and motivation Genome 559: Introduction to Statistical and Computational Genomics Prof. James H. Thomas Logistics Syllabus and web site: http://faculty.washington.edu/jht/GS559_2010/ Should I take this

573 views • 18 slides
FOOD FITNESS MINDSET www.staceygreenside.org ABOUT ME Wife and mother Formerly worked

FOOD FITNESS MINDSET www.staceygreenside.org ABOUT ME Wife and mother Formerly worked

FOOD FITNESS MINDSET www.staceygreenside.org ABOUT ME Wife and mother Formerly worked in corporate America for 16 years Full time fitness instructor and online food/fitness mentor Licensed to teach dance fitness, PiYo,

288 views • 13 slides
Rational Statistical Analysis Practice In Dissolution Profile Comparison: FDA Perspective

Rational Statistical Analysis Practice In Dissolution Profile Comparison: FDA Perspective

Rational Statistical Analysis Practice In Dissolution Profile Comparison: FDA Perspective Haritha Mandula, Ph.D. FDA/CDER/OPQ/ Office of New Drug Products Division of Biopharmaceutics M-CERSI Workshop, May 21-22, 2019, University of Maryland,

282 views • 25 slides
Sequence comparison: Significance of similarity scores Genome 559: Introduction to Statistical

Sequence comparison: Significance of similarity scores Genome 559: Introduction to Statistical

Sequence comparison: Significance of similarity scores Genome 559: Introduction to Statistical and Computational Genomics Prof. James H. Thomas Review How to compute and use a score matrix. log-odds of sum-of-pair counts vs. expected

296 views • 26 slides
Poverty measures for local comparison: statistical problems and empirical results in

Poverty measures for local comparison: statistical problems and empirical results in

Poverty measures for local comparison: statistical problems and empirical results in OECD countries Gianni Betti*, Francesca Gagliardi*, Achille Lemmi*, Mario Piacentini** and Vijay Verma* * Department of Economics and Statistics -

239 views • 23 slides
Statistical Performances measures - models comparison L Patryl a , D. Galeriu a ... a Commissariat

Statistical Performances measures - models comparison L Patryl a , D. Galeriu a ... a Commissariat

Statistical Performances measures - models comparison L Patryl a , D. Galeriu a ... a Commissariat ` a lEnergie Atomique, DAM, DIF, F-91297 Arpajon (France) b Horia Hulubei Institute for Physics & Nuclear Engineering (Romania)

1.17k views • 75 slides
Comparison of complementary statistical analysis approaches in metabolomic food traceability Ral

Comparison of complementary statistical analysis approaches in metabolomic food traceability Ral

Comparison of complementary statistical analysis approaches in metabolomic food traceability Ral Gonzlez-Domnguez 1,2* , Ana Sayago 1,2 , ngeles Fernndez-Recamales 1,2 1 Department of Chemistry, Faculty of Experimental Sciences,

377 views • 13 slides
THE VALUE OF TESTING MMC SYSTEMS Joanne Booth Business Manager - Construction Overview Value

THE VALUE OF TESTING MMC SYSTEMS Joanne Booth Business Manager - Construction Overview Value

THE VALUE OF TESTING MMC SYSTEMS Joanne Booth Business Manager - Construction Overview Value engineering Structural testing Component tests Site testing Durability assessments Transportability studies Value engineering

272 views • 23 slides

More recommend