Amsterdam, Netherlands
Amsterdam, Netherlands

Time filter

Source Type

Graefe G.,Hewlett - Packard | Felix H.,National University of Singapore | Idreos S.,CWI Amsterdam | Kuno H.,Hewlett - Packard | Manegold S.,CWI Amsterdam
Proceedings of the VLDB Endowment | Year: 2012

Adaptive indexing initializes and optimizes indexes incrementally, as a side effect of query processing. The goal is to achieve the benefits of indexes while hiding or minimizing the costs of index creation. However, index-optimizing side effects seem to turn readonly queries into update transactions that might, for example, create lock contention. This paper studies concurrency control in the context of adaptive indexing. We show that the design and implementation of adaptive indexing rigorously separates index structures from index contents; this relaxes the constraints and requirements during adaptive indexing compared to those of traditional index updates. Our design adapts to the fact that an adaptive index is refined continuously, and exploits any concurrency opportunities in a dynamic way. A detailed experimental analysis demonstrates that (a) adaptive indexing maintains its adaptive properties even when running concurrent queries, (b) adaptive indexing can exploit the opportunity for parallelism due to concurrent queries, (c) the number of concurrency conflicts and any concurrency administration overheads follow an adaptive behavior, decreasing a s the workload evolvesand adapting to the workload needs. © 2012 VLDB Endowment.


Cascudo I.,CWI Amsterdam | Cramer R.,Leiden University | Xing C.,Nanyang Technological University
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | Year: 2011

An (n,t,d,n-t)-arithmetic secret sharing scheme (with uniformity) for double-struck Fqk over double-struck Fq is an double-struck Fq-linear secret sharing scheme where the secret is selected from double-struck Fqk and each of the n shares is an element of double-struck Fq. Moreover, there is t-privacy (in addition, any t shares are uniformly random in double-struck Fq t) and, if one considers the d-fold "component-wise" product of any d sharings, then the d-fold component-wise product of the d respective secrets is (n - t)-wise uniquely determined by it. Such schemes are a fundamental primitive in information-theoretically secure multi-party computation. Perhaps counter-intuitively, secure multi-party computation is a very powerful primitive for communication-efficient two-party cryptography, as shown recently in a series of surprising results from 2007 on. Moreover, the existence of asymptotically good arithmetic secret sharing schemes plays a crucial role in their communication-efficiency: for each d ≥ 2, if A(q) > 2d, where A(q) is Ihara's constant, then there exists an infinite family of such schemes over double-struck Fq such that n is unbounded, k = Ω(n) and t = Ω(n), as follows from a result at CRYPTO'06. Our main contribution is a novel paradigm for constructing asymptotically good arithmetic secret sharing schemes from towers of algebraic function fields. It is based on a new limit that, for a tower with a given Ihara limit and given positive integer ℓ, gives information on the cardinality of the ℓ-torsion sub-groups of the associated degree-zero divisor class groups and that we believe is of independent interest. As an application of the bounds we obtain, we relax the condition A(q) > 2d from the CRYPTO'06 result substantially in terms of our torsion-limit. As a consequence, this result now holds over nearly all finite fields double-struck Fq. For example, if d = 2, it is sufficient that q = 8,9 or q ≥ 16. © 2011 International Association for Cryptologic Research.


Crommelin D.,CWI Amsterdam
Journal of Statistical Physics | Year: 2012

In scientific topics ranging from protein folding to the thermohaline ocean circulation, it is useful to model the effective macroscopic dynamics of complex systems as noise-driven motion in a potential landscape. In this paper we consider the estimation of such models from a collection of short non-equilibrium trajectories between two points in phase-space. We generalize a recently introduced spectral methodology for the estimation of diffusion processes from timeseries, so that it can be used for non-equilibrium data. This methodology makes use of the spectral properties (leading eigenvalue-eigenfunction pairs) of the Fokker-Planck operator associated with the diffusion process. It is well suited to infer stochastic differential equations that give effective, coarse-grained descriptions of multiscale systems. The generalization to the non-equilibrium situation is illustrated with numerical examples in which potentials and diffusion coefficients are estimated from ensembles of short trajectories. © 2012 Springer Science+Business Media New York.


Dodis Y.,New York University | Pietrzak K.,CWI Amsterdam
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | Year: 2010

A cryptographic primitive is leakage-resilient, if it remains secure even if an adversary can learn a bounded amount of arbitrary information about the computation with every invocation. As a consequence, the physical implementation of a leakage-resilient primitive is secure against every side-channel as long as the amount of information leaked per invocation is bounded. In this paper we prove positive and negative results about the feasibility of constructing leakage-resilient pseudorandom functions and permutations (i.e. block-ciphers). Our results are three fold: 1. We construct (from any standard PRF) a PRF which satisfies a relaxed notion of leakage-resilience where (1) the leakage function is fixed (and not adaptively chosen with each query.) and (2) the computation is split into several steps which leak individually (a "step" will be the invocation of the underlying PRF.) 2. We prove that a Feistel network with a super-logarithmic number of rounds, each instantiated with a leakage-resilient PRF, is a leakage resilient PRP. This reduction also holds for the non-adaptive notion just discussed, we thus get a block-cipher which is leakage-resilient (against non-adaptive leakage). 3. We propose generic side-channel attacks against Feistel networks. The attacks are generic in the sense that they work for any round functions (e.g. uniformly random functions) and only require some simple leakage from the inputs to the round functions. For example we show how to invert an r round Feistel network over 2n bits making 4•(n+1) r-2 forward queries, if with each query we are also given as leakage the Hamming weight of the inputs to the r round functions. This complements the result from the previous item showing that a super-constant number of rounds is necessary. © 2010 Springer-Verlag Berlin Heidelberg.


Faust S.,K.U. Leuven ESAT COSIC IBBT | Pietrzak K.,CWI Amsterdam | Venturi D.,University of Rome La Sapienza
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | Year: 2011

Tampering attacks are cryptanalytic attacks on the implementation of cryptographic algorithms (e.g., smart cards), where an adversary introduces faults with the hope that the tampered device will reveal secret information. Inspired by the work of Ishai et al. [Eurocrypt'06], we propose a compiler that transforms any circuit into a new circuit with the same functionality, but which is resilient against a well-defined and powerful tampering adversary. More concretely, our transformed circuits remain secure even if the adversary can adaptively tamper with every wire in the circuit as long as the tampering fails with some probability δ>0. This additional requirement is motivated by practical tampering attacks, where it is often difficult to guarantee the success of a specific attack. Formally, we show that a q-query tampering attack against the transformed circuit can be "simulated" with only black-box access to the original circuit and log(q) bits of additional auxiliary information. Thus, if the implemented cryptographic scheme is secure against log(q) bits of leakage, then our implementation is tamper-proof in the above sense. Surprisingly, allowing for this small amount of information leakage allows for much more efficient compilers, which moreover do not require randomness during evaluation. Similar to earlier works our compiler requires small, stateless and computation-independent tamper-proof gadgets. Thus, our result can be interpreted as reducing the problem of shielding arbitrary complex computation to protecting simple components. © 2011 Springer-Verlag.


Chakraborty S.,Chennai Mathematical Institute | Garcia-Soriano D.,CWI Amsterdam | Matsliah A.,CWI Amsterdam
Proceedings of the Annual ACM-SIAM Symposium on Discrete Algorithms | Year: 2011

We study the problem of testing isomorphism (equivalence up to relabelling of the variables) of two Boolean functions f,g : {0, 1} n → {0,1}. Our main focus is on the most studied case, where one of the functions is given (explicitly) and the other function may be queried. We prove that for every k ≤ n, the worst-case query complexity of testing isomorphism to a given k-junta is Ω(fc) and O(k log k). Consequently, the query complexity of testing function isomorphism is Θ̃(n). Prior to this work, only lower bounds of Ω(log k) queries were known, for limited ranges of k, proved by Fischer et al. (FOCS 2002), Biais and O'Donnell (CCC 2010), and recently by Alon and Biais (RANDOM 2010). The nearly tight O(k log k) upper bound improves on the Õ(k 4) upper bound from Fischer et al. (FOCS 2002). Extending the lower bound proof, we also show polynomial query-complexity lower bounds for the problems of testing whether a function can be computed by a circuit of size ≤ s, and testing whether the Fourier degree of a function is ≤ d. This answers questions posed by Diakonikolas et al. (FOCS 2007). We also address two closely related problems - 1. Testing isomorphism to a k-junta with one-sided error: we prove that for any 1 < k < n - 1, the query complexity is Ω (log ( n k)), which is almost optimal. This lower bound is a consequence of a proof that the query complexity of testing, with one-sided error, whether a function is a k-parity is Θ (log ( n k)). 2. Testing isomorphism between two unknown functions that can be queried: we prove that the query complexity in this setting is Ω(√2 n) and O(√2 nn log n).


Kargin Y.,CWI Amsterdam
Proceedings of the ACM SIGMOD International Conference on Management of Data | Year: 2013

Nowadays scientists receive increasingly large volumes of data daily. These volumes and accompanying metadata that describes them are collected in scientific file repositories. Today's scientists need a data management tool that makes these file repositories accessible and performs a number of exploration steps near-instantly. Current database technology, however, has a long data-to-insight time, and does not provide enough interactivity to shorten the exploration time. We envision that exploiting metadata helps solving these problems. To this end, we propose a novel query execution paradigm, in which we decompose the query execution into two stages. During the first stage, we process only metadata, whereas the rest of the data is processed during the second stage. So that, we can exploit metadata to boost interactivity and to ingest only required data per query transparently. Preliminary experiments show that up-front ingestion time is reduced by orders of magnitude, while query performance remains similar. Motivated by these results, we identify the challenges on the way from the new paradigm to efficient interactive data exploration. Copyright © 2013 ACM.


Ummels M.,RWTH Aachen | Wojtczak D.,CWI Amsterdam
Logical Methods in Computer Science | Year: 2011

We analyse the computational complexity of finding Nash equilibria in turnbased stochastic multiplayer games with ω-regular objectives. We show that restricting the search space to equilibria whose payoffs fall into a certain interval may lead to undecidability. In particular, we prove that the following problem is undecidable: Given a game G, does there exist a Nash equilibrium of G where player 0 wins with probability 1? Moreover, this problem remains undecidable when restricted to pure strategies or (pure) strategies with finite memory. One way to obtain a decidable variant of the problem is to restrict the strategies to be positional or stationary. For the complexity of these two problems, we obtain a common lower bound of NP and upper bounds of NP and Pspace respectively. Finally, we single out a special case of the general problem that, in many cases, admits an efficient solution. In particular, we prove that deciding the existence of an equilibrium in which each player either wins or loses with probability 1 can be done in polynomial time for games where the objective of each player is given by a parity condition with a bounded number of priorities. © M. Ummels and D. Wojtczak.


Heimel M.,TU Berlin | Pirk H.,CWI Amsterdam | Manegold S.,CWI Amsterdam | Markl V.,TU Berlin
Proceedings of the VLDB Endowment | Year: 2013

The multi-core architectures of today's computer systems make parallelism a necessity for performance critical applications. Writing such applications in a generic, hardware-oblivious manner is a challenging problem: Current database systems thus rely on laborintensive and error-prone manual tuning to exploit the full potential of modern parallel hardware architectures like multi-core CPUs and graphics cards. We propose an alternative design for a parallel database engine, based on a single set of hardware-oblivious operators, which are compiled down to the actual hardware at runtime. This design reduces the development overhead for parallel database engines, while achieving competitive performance to hand-tuned systems. We provide a proof-of-concept for this design by integrating operators written using the parallel programming framework OpenCL into the open-source database MonetDB. Following this approach, we achieve efficient, yet highly portable parallel code without the need for optimization by hand. We evaluated our implementation against MonetDB using TPC-H derived queries and observed a performance that rivals that of MonetDB's query execution on the CPU and surpasses it on the GPU. In addition, we show that the same set of operators runs nearly unchanged on a GPU, demonstrating the feasibility of our approach.


Cascudo I.,CWI Amsterdam | Cramer R.,CWI Amsterdam | Cramer R.,Leiden University | Xing C.,Nanyang Technological University
IEEE Transactions on Information Theory | Year: 2014

The Ihara limit (or constant) A(q) has been a central problem of study in the asymptotic theory of global function fields (or equivalently, algebraic curves over finite fields). It addresses global function fields with many rational points and, so far, most applications of this theory do not require additional properties. Motivated by recent applications, we require global function fields with the additional property that their zero class divisor groups contain at most a small number of (d)-torsion points. We capture this with the notion of torsion limit, a new asymptotic quantity for global function fields. It seems that it is even harder to determine values of this new quantity than the Ihara constant. Nevertheless, some nontrivial upper bounds are derived. Apart from this new asymptotic quantity and bounds on it, we also introduce Riemann-Roch systems of equations. It turns out that this type of equation system plays an important role in the study of several other problems in each of these areas: arithmetic secret sharing, symmetric bilinear complexity of multiplication in finite fields, frameproof codes, and the theory of error correcting codes. Finally, we show how our new asymptotic quantity, our bounds on it and Riemann-Roch systems can be used to improve results in these areas. © 2014 IEEE.

Loading CWI Amsterdam collaborators
Loading CWI Amsterdam collaborators