We identify three types of attack on the intellectual property contained in software and three corresponding technical defenses. A defense against reverse engineering is obfuscation, a process that renders software unintelligible but still functional. A defense against software piracy is watermarking, a process that makes it possible to determine the origin of software. A defense against tampering is tamper-proofing, so that unauthorized modifications to software (for example, to remove a watermark) will result in nonfunctional code. We briefly survey the available technology for each type of defense.

We investigate structural properties of statistical zero knowledge (SZK) both in the interactive and in the non-interactive model. Specifically, we look into the closure properties of SZK languages under monotone logical formula composition. This gives rise to new protocol techniques. We show that interactive SZK for random self reducible languages (RSR) (and for co-RSR) is closed under monotone boolean operations. Namely, we give SZK proofs for monotone boolean formulae whose atoms are statements about an SZK language which is RSR (or a complement of RSR). All previously known languages in SZK are in these classes. We then show that if a language L has a noninteractive SZK proof system then honest-verifier interactive SZK proof systems exist for all monotone boolean formulae whose atoms are statements about the complement of L. We also discuss extensions and generalizations. 1 Introduction Goldwasser, Micali, and Rackoff [34] introduced the notion of a zero-knowledge proof, a proof ...

We show how to use the RSA one-way accumulator to realize an efficient and dynamic authenticated dictionary, where untrusted directories provide cryptographically verifiable answers to membership queries on a set maintained by a trusted source. Our accumulator-based scheme for authenticated dictionaries supports efficient incremental updates of the underlying set by insertions and deletions of elements. Also, the user can optimally verify in constant time the authenticity of the answer provided by a directory with a simple and practical algorithm. This work has applications to certificate management in public key infrastructure and end-to-end integrity of data collections published by third parties on the Internet.

It is generally accepted that in principle it’s possible to formalize completely almost all of present-day mathematics. The practicability of actually doing so is widely doubted, as is the value of the result. But in the computer age we believe that such formalization is possible and desirable. In contrast to the QED Manifesto however, we do not offer polemics in support of such a project. We merely try to place the formalization of mathematics in its historical perspective, as well as looking at existing praxis and identifying what we regard as the most interesting issues, theoretical and practical.

Abstract. We present a fully proof-producing implementation of a quantifierelimination procedure for real closed fields. To our knowledge, this is the first generally useful proof-producing implementation of such an algorithm. Whilemany problems within the domain are intractable, we demonstrate convincing examples of its value in interactive theorem proving. 1 Overview and related work Arguably the first automated theorem prover ever written was for a theory of lineararithmetic [8]. Nowadays many theorem proving systems, even those normally classified as `interactive ' rather than `automatic', contain procedures to automate routinearithmetical reasoning over some of the supported number systems like N, Z, Q, R and C. Experience shows that such automated support is invaluable in relieving users ofwhat would otherwise be tedious low-level proofs. We can identify several very common limitations of such procedures:- Often they are restricted to proving purely universal formulas rather than dealingwith arbitrary quantifier structure and performing general quantifier elimination.- Often they are not complete even for the supported class of formulas; in partic-ular procedures for the integers often fail on problems that depend inherently on divisibility properties (e.g. 8x y 2 Z. 2x + 1 6 = 2y)- They seldom handle non-trivial nonlinear reasoning, even in such simple cases as 8x y 2 R. x> 0 ^ y> 0) xy> 0, and those that do [18] tend to use heuristicsrather than systematic complete methods.- Many of the procedures are standalone decision algorithms that produce no certifi-cate of correctness and do not produce a `proof ' in the usual sense. The earliest serious exception is described in [4]. Many of these restrictions are not so important in practice, since subproblems aris-ing in interactive proof can still often be handled effectively. Indeed, sometimes the restrictions are unavoidable: Tarski's theorem on the undefinability of truth implies thatthere cannot even be a complete semidecision procedure for nonlinear reasoning over

. We contrast theorem provers and computer algebra systems, pointing out the advantages and disadvantages of each, and suggest a simple way to achieve a synthesis of some of the best features of both. Our method is based on the systematic separation of search for a solution and checking the solution, using a physical connection between systems. We describe the separation of proof search and checking in some detail, relating it to proof planning and to the complexity class NP, and discuss different ways of exploiting a physical link between systems. Finally, the method is illustrated by some concrete examples of computer algebra results proved formally in the HOL theorem prover with the aid of Maple: the evaluation of trigonometric integrals. Key words: Proof checking, automated theorem proving, computer algebra, complexity theory JEL codes: ? 1. Theorem provers vs. computer algebra systems Computer algebra systems (CASs) seem superficially similar to computer theorem provers: both a...

We describe AgoVista, a web-based search engine designed to allow applied computer scientists to classify problems and find algorithms and implementations that solve these problems. Unlike other search engines, AgoVista is not keyword based. Rather, users provide a set of input)output samples that describe the behavior of the problem they wish to classify. This type of query-by-example requires no knowledge of specialized terminology, only an ability to formalize the problem. The search mechanism of AgoVista is based on a novel application of program checking, a technique developed as an alternative to program verification and testing. 1 Background Frequently, working software developers will encounter a problem with which they are unfamiliar, but which -- they suspect -- has probably been treated by the Computer Science theory community. Just as frequently, theoretical computer scientists will be working on a problem which they suspect might have a practical application. Unfortunat...

A certifying algorithm is an algorithm that produces, with each output, a certificate or witness (easy-to-verify proof) that the particular output has not been compromised by a bug. A user of a certifying algorithm inputs x, receives the output y and the certificate w, and then checks, either manually or by use of a program, that w proves that y is a correct output for input x. In this way, he/she can be sure of the correctness of the output without having to trust the algorithm. We put forward the thesis that certifying algorithms are much superior to non-certifying algorithms, and that for complex algorithmic tasks, only certifying algorithms are satisfactory. Acceptance of this thesis would lead to a change of how algorithms are taught and how algorithms are researched. The widespread use of certifying algorithms would greatly enhance the reliability of algorithmic software. We survey the state of the art in certifying algorithms and add to it. In particular, we start a

This paper provides a family of definitions that formalize the notion of a timer and some preliminary results that demonstrate the utility of these definitions.

The interplay of coding theory and computational complexity theory is a rich source of results and problems. This article surveys three of the major themes in this area: ffl the use of codes to improve algorithmic efficiency ffl the theory of program testing and correcting, which is a complexity theoretic analogue of error detection and correction ffl the use of codes to obtain characterizations of traditional complexity classes such as NP and PSPACE; these new characterizations are in turn used to show that certain combinatorial optimization problems are as hard to approximate closely as they are to solve exactly. 1 Introduction Complexity theory is the study of efficient computation. Faced with a computational problem that can be modelled formally, a complexity theorist seeks first to find a solution that is provably efficient and, if such a solution is not found, to prove that none exists. Coding theory, which provides techniques for "robust representation" of information, ...