The reactive simulatability (RSIM) framework for asynchronous systems

We define reactive simulatability for general asynchronous systems. Roughly, simulatability means that a real system implements an ideal system (specification) in a way that preserves security in a general cryptographic sense. Reactive means that the system can interact with its users multiple times, e.g., in many concurrent protocol runs or a multi-round game. In terms of distributed systems, reactive simulatability is a type of refinement that preserves particularly strong properties, in particular confidentiality. A core feature of reactive simulatability is composability, i.e., the real system can be plugged in instead of the ideal system within arbitrary larger systems; this is shown in follow-up papers, and so is the preservation of many classes of individual security properties from the ideal to the real systems.A large part of this paper defines a suitable system model. It is based on probabilistic IO automata (PIOA) with two main new features: One is generic distributed scheduling. Important special cases are realistic adversarial scheduling, procedure-call-type scheduling among colocated system parts, and special schedulers such as for fairness, also in combinations. The other is the definition of the reactive runtime via a realization by Turing machines such that notions like polynomial-time are composable. The simple complexity of the transition functions of the automata is not composable.As specializations of this model we define security-specific concepts, in particular a separation between honest users and adversaries and several trust models.The benefit of IO automata as the main model, instead of only interactive Turing machines as usual in cryptographic multi-party computation, is that many cryptographic systems can be specified with an ideal system consisting of only one simple, deterministic IO automaton without any cryptographic objects, as many follow-up papers show. This enables the use of classic formal methods and automatic proof tools for proving larger distributed protocols and systems that use these cryptographic systems.     

Conditional composition

Generalizing the notion of function composition, we introduce the concept ofconditional function composition and present a theory of such compositions. We use the theory to describe the semantics of a programming language with exceptions, and to relate exceptions to theIF statement.Supported in part by Air Force Office of Scientific Research grant number 91-0070. Now at DEC Systems Research Center, Palo Alto, CA.     

Conditional association

Estimating conditional dependence between two random variables given the knowledge of a third random variable is essential in neuroscientific applications to understand the causal architecture of a distributed network. However, existing methods of assessing conditional dependence, such as the conditional mutual information, are computationally expensive, involve free parameters, and are difficult to understand in the context of realizations. In this letter, we discuss a novel approach to this problem and develop a computationally simple and parameter-free estimator. The difference between the proposed approach and the existing ones is that the former expresses conditional dependence in terms of a finite set of realizations, whereas the latter use random variables, which are not available in practice. We call this approach conditional association, since it is based on a generalization of the concept of association to arbitrary metric spaces. We also discuss a novel and computationally efficient approach of generating surrogate data for evaluating the significance of the acquired association value.     

Conditional extremals

Imagine that measurements are made at times t ₀ and t ₁ of the trajectory of a physical system whose governing laws are given approximately by a class ${{\mathcal A}}$ of so-called prior vector fields. Because the physical laws are not known precisely, the measurements might not be realised by the integral curve of any prior field. We want to estimate the behaviour of the physical system between times t ₀ and t ₁. This is done by solving a variational problem, yielding so-called conditional extrema which satisfy an Euler?CLagrange equation. Then conservative prior fields on simply-connected Riemannian manifolds are characterised in terms of their conditional extrema. For specific prior fields on space forms, conditional extrema are obtained in terms of the Weierstrass elliptic function. Another class of examples comes from left-invariant prior fields on bi-invariant Lie groups, whose conditional extrema are shown to be right translations of pointwise-products of 1-parameter subgroups.     

Conditional Capabilities

Protection in capability-based operating systems is comsidered. The concept of a conditional capability, which is a generalization of a conventional capability, is proposed. The conditional capability can only be exercised when certain conditions relating to the context of its use are satisfied. It is shown that such capabilities form a basis upon which features such as domains of protection, revocation, and type extension can be built. The implementation of these features can be isolated into sepuate modules thus leaving the basic protection module uncluttered and simplifying the overall structure of the system.     

基于样本条件价值改进的 Co-training 算法

Co-training是一种主流的半监督学习算法. 该算法中两视图下的分类器通过迭代的方式, 互为对方从无标记样本集中挑选新增样本, 以更新对方训练集. Co-training以分类器的后验概率输出作为新增样本的挑选策略, 该策略忽略了样本对于当前分类器的价值. 针对该问题, 本文提出一种改进的Co-training式算法—CVCOT (Conditional value-based co-training), 即采用基于样本条件价值的挑选策略来优化Co-training. 通过定义无标记样本的条件价值, 各视图下的分类器以样本条件价值为依据来挑选新增样本, 以此更新训练集. 该策略既可保证新增样本的标记可靠性, 又能优先将价值较高的富信息样本补充到训练集中, 可以有效地优化分类器. 在UCI数据集和网页分类应用上的实验结果表明: CVCOT具有较好的分类性能和学习效率.     

Conditional Anomaly Detection

When anomaly detection software is used as a data analysis tool, finding the hardest-to-detect anomalies is not the most critical task. Rather, it is often more important to make sure that those anomalies that are reported to the user are in fact interesting. If too many unremarkable data points are returned to the user labeled as candidate anomalies, the software can soon fall into disuse. One way to ensure that returned anomalies are useful is to make use of domain knowledge provided by the user. Often, the data in question includes a set of environmental attributes whose values a user would never consider to be directly indicative of an anomaly. However, such attributes cannot be ignored because they have a direct effect on the expected distribution of the result attributes whose values can indicate an anomalous observation. This paper describes a general purpose method called conditional anomaly detection for taking such differences among attributes into account, and proposes three different expectation-maximization algorithms for learning the model that is used in conditional anomaly detection. Experiments with more than 13 different data sets compare our algorithms with several other more standard methods for outlier or anomaly detection     

From Conditional Events to Conditional Measures: A New Axiomatic Approach

Our starting point is a definition of conditional event EH which differs from many seemingly similar ones adopted in the relevant literature since 1935, starting with de Finetti. In fact, if we do not assign the same third value u (undetermined) to all conditional events, but make it depend on EH, it turns out that this function t(EH) can be taken as a general conditional uncertainty measure, and we get (through a suitable – in a sense, compulsory – choice of the relevant operations among conditional events) the natural axioms for many different (besides probability) conditional measures.     

Conditional matching preclusion sets

The matching preclusion number of a graph is the minimum number of edges whose deletion results in a graph that has neither perfect matchings nor almost-perfect matchings. For many interconnection networks, the optimal sets are precisely those induced by a single vertex. In this paper, we look for obstruction sets beyond these sets. We introduce the conditional matching preclusion number of a graph. It is the minimum number of edges whose deletion results in a graph with no isolated vertices that has neither perfect matchings nor almost-perfect matchings. We find this number and classify all optimal sets for several basic classes of graphs.     

Conditional e-payments with transferability

We introduce a novel conditional e-cash protocol allowing future anonymous cashing of bank-issued e-money only upon the satisfaction of an agreed-upon public condition. Payers are able to remunerate payees for services that depend on future, yet to be determined outcomes of events. Moreover, payees are able to further transfer payments to third parties. Once the payment is complete, any double-spending attempt by the payer will reveal its identity; no double spending by any of payees in the payee transfer chain is possible. Payers cannot be linked to payees or to ongoing or past transactions. The flow of cash within the system is thus both correct and anonymous. We discuss several applications of conditional e-cash including online trading of financial securities, prediction markets, and betting systems.     

Conditional edge-fault-tolerant Hamiltonicity of dual-cubes

The dual-cube is an interconnection network for linking a large number of nodes with a low node degree. It uses low-dimensional hypercubes as building blocks and keeps the main desired properties of the hypercube. A dual-cube DC(n) has n + 1 links per node where n is the degree of a cluster (n-cube), and one more link is used for connecting to a node in another cluster. In this paper, assuming each node is incident with at least two fault-free links, we show a dual-cube DC(n) contains a fault-free Hamiltonian cycle, even if it has up to 2n − 3 link faults. The result is optimal with respect to the number of tolerant edge faults.     

Subterranean-SAE算法的条件立方攻击

美国国家标准与技术研究院(NIST)于2018年开始征集轻量级认证加密和哈希算法标准,其中Subterranean 2.0密码套件是晋级到第二轮的32个候选算法之一. Subterranean-SAE是Subterranean2.0密码套件中的一种认证加密工作模式. 2019年,刘富康等人对4轮空白轮(4 blank rounds)的Subterranean-SAE算法进行了基于条件立方的密钥恢复攻击,此攻击有效的前提假设是:当条件变量满足条件时输出代数次数为64,否则为65.但刘富康等人并没有验证该假设是否成立.借助三子集可分性理论,本文首次提出了在初始状态未知场景下评估输出代数次数的新技术,并将该技术成功应用于4轮空白轮Subterranean-SAE算法.实验结果表明, 4轮空白轮Subterranean-SAE算法32个输出比特的代数次数上界为63,因此刘富康等人的密钥恢复攻击实际为区分攻击.进一步,本文提出降低立方维数、扩展立方变量选取范围的策略,并成功改进了Subterranean-SAE算法条件立方的搜索方法.利用此方法我们共搜索到24组33维立方并以此构造条件立方攻击,...     

Conditional and composite temporal CSPs

Constraint Satisfaction Problems (CSPs) have been widely used to solve combinatorial problems. In order to deal with dynamic CSPs where the information regarding any possible change is known a priori and can thus be enumerated beforehand, conditional constraints and composite variables have been studied in the past decade. Indeed, these two concepts allow the addition of variables and their related constraints in a dynamic manner during the resolution process. More precisely, a conditional constraint restricts the participation of a variable in a feasible scenario while a composite variable allows us to express a disjunction of variables where only one will be added to the problem to solve. In order to deal with a wide variety of real life applications under temporal constraints, we present in this paper a unique temporal CSP framework including numeric and symbolic temporal information, conditional constraints and composite variables. We call this model, a Conditional and Composite Temporal CSP (or CCTCSP). To solve the CCTCSP we propose two methods respectively based on Stochastic Local Search (SLS) and constraint propagation. In order to assess the efficiency in time of the solving methods we propose, experimental tests have been conducted on randomly generated CCTCSPs. The results demonstrate the superiority of a variant of the Maintaining Arc Consistency (MAC) technique (that we call MAX+) over the other constraint propagation strategies, Forward Checking (FC) and its variants, for both consistent and inconsistent problems. It has also been shown that, in the case of consistent problems, MAC+ outperforms the SLS method Min Conflict Random Walk (MCRW) for highly constrained CCTCSPs while both methods have comparable time performance for under and middle constrained problems. MCRW is, however, the method of choice for highly constrained CCTCSPs if we decide to trade search time for the quality of the solution returned (number of solved constraints).     

Aggregate Queries Over Conditional Tables

Conditional tables have been identified long ago as a way to capture unknown or incomplete information. However, queries over conditional tables have never been allowed to involve column functions such as aggregates. In this paper, the theory of conditional tables is extended in this direction, and it is shown that a strong representation system exists which has the closure property that the result of an aggregate query over a conditional table can be again represented by a conditional table. It turns out, however, that the number of tuples in a conditional table representing the result of an aggregate query may grow exponentially in the number of variables in the table. This phenomenon is analyzed in detail, and tight upper and lower bounds concerning the number of tuples contained in the result of an aggregate query are given. Finally, representation techniques are sketched that approximate aggregation results in tables of reasonable size.     

Conditional probability and fuzzy information

The main subject of this paper is the embedding of fuzzy set theory—and related concepts—in a coherent conditional probability scenario. This allows to deal with perception-based information—in the sense of Zadeh—and with a rigorous treatment of the concept of likelihood, dealing also with its role in statistical inference. A coherent conditional probability is looked on as a general non-additive “uncertainty” measure m(·)=P(E|·) of the conditioning events. This gives rise to a clear, precise and rigorous mathematical frame, which allows to define fuzzy subsets and to introduce in a very natural way the counterparts of the basic continuous T-norms and the corresponding dual T-conorms, bound to the former by coherence. Also the ensuing connections of this approach to possibility theory and to information measures are recalled.     

一种扩展条件函数依赖的发现算法

扩展条件函数依赖(extended conditional functional dependency,eCFD)是一种描述数据一致性的语义规则,是条件函数依赖(conditional functional dependency,CFD)的扩展.相比于CFD,eCFD能够描述更多的模式从而表达更丰富的语义信息.然而,关注eCFD的研究工作并不多.从给定数据中发现eCFD规则是一个重要问题,据笔者所知,目前还没有这方面的工作.该问题的难点在于,给定数据中所有合法的eCFD规则之间存在不一致的情况,且包含大量冗余,而CFD和传统的函数依赖规则并没有这样的问题.为避免不一致,同时尽可能地消除冗余,定义了“强合法eCFD”和“近似无冗余eCFD”.基于这些概念给出了eCFD发现问题的形式化定义,并给出了MeCFD算法.利用划分属性的方法,MeCFD首先生成所有的基本eCFD,然后,通过合并基本eCFD来构造“组合eCFD”.使用先深序来搜索候选空间,使得MeCFD仅用常数的存储空间来维护数据划分,节省了大量的空间开销,有效的剪枝策略被用来改进MeCFD的性能.真实数据集上的实验结果显示出MeCFD良好的可扩展性以及剪枝策略和优化方法的有效性.     

基于条件约束的胶囊生成对抗网络

生成式对抗网络(Generative adversarial networks, GAN)是主要的以无监督方式学习深度生成模型的方法之一.基于可微生成器网络的生成式建模方法, 是目前最热门的研究领域, 但由于真实样本分布的复杂性, 导致GAN生成模型在训练过程稳定性、生成质量等方面均存在不少问题.在生成式建模领域, 对网络结构的探索是重要的一个研究方向, 本文利用胶囊神经网络(Capsule networks, CapsNets)重构生成对抗网络模型结构, 在训练过程中使用了Wasserstein GAN (WGAN)中提出的基于Earth-mover距离的损失函数, 并在此基础上加以条件约束来稳定模型生成过程, 从而建立带条件约束的胶囊生成对抗网络(Conditional-CapsuleGAN, C-CapsGAN).通过在MNIST和CIFAR-10数据集上的多组实验, 结果表明将CapsNets应用到生成式建模领域是可行的, 相较于现有类似模型, C-CapsGAN不仅能在图像生成任务中稳定生成高质量图像, 同时还能更有效地抑制模式坍塌情况的发生.     

条件变分时序图自编码器

网络表示学习(也被称为图嵌入)是链接预测、节点分类、社区发现、图可视化等图任务的基础.现有大多数的图嵌入算法主要是针对静态图开发的,难以捕捉现实世界的网络随时间进化的动态特征.目前,针对动态网络表示学习方法的研究工作仍相对不足.提出了条件变分时序图自编码器(TS-CVGAE),可以同时学习动态网络的局部结构和随时间的演化模式.该方法首先改进了传统图卷积得到时序图卷积,并在条件变分自编码器的框架下使用时序图卷积对网络节点进行编码.训练结束后,条件变分自编码器的中间层就是最终的网络嵌入结果.实验结果表明,该方法在4个现实动态网络数据集上的链接预测表现均优于相关的静、动态网络表示学习方法.     

Conditional Probability Meets Update Logic

Dynamic update of information states is a new paradigm in logicalsemantics. But such updates are also a traditional hallmark ofprobabilistic reasoning. This note brings the two perspectives togetherin an update mechanism for probabilities which modifies state spaces.