Quantitative Reliability Evaluation for Cryogenic Impact Test Equipment

Abstract

Cryogenic industries handling liquid hydrogen and helium require rigorous safety verification. However, current standards (ASTM, ASME, ISO) are optimized for LNG at −163 °C and remain inadequate for extreme cryogenic conditions such as −253 °C. As the temperature decreases, materials experience ductile-to-brittle transition, raising the risk of sudden fracture in testing equipment. This study presents a fuzzy-integrated reliability framework that combines fault tree analysis (FTA) and Failure Modes, Effects, and Criticality Analysis (FMECA). The method converts qualitative expert judgments into quantitative risk indices for use in data-scarce conditions. When applied to a cryogenic impact testing apparatus, the framework produced a total failure probability of 1.52 × 10⁻³, about 7.5% lower than the deterministic FTA result (1.64 × 10⁻³). These results confirm the framework’s robustness and its potential use in cryogenic testing and hydrogen systems.

1. Introduction

Industries that handle cryogenic materials such as liquid helium (LHe) and liquid hydrogen (LH₂) for clean-energy applications must ensure strict safety validation.

For land-based facilities, standards governing the safety, design, and operation of cryogenic systems (including LH₂) are already established in NFPA 2 [1], the ISO 21009 series [2,3], and ISO/TR 15916 [4]. In contrast, marine and ship-fuel applications remain under the IMO Interim Guidelines (targeting approval in 2026), and incorporation into the IGF Code as a mandatory regulation is still in progress [5,6].

At cryogenic temperatures, most materials shift from ductile to brittle behavior as the temperature decreases.

As a result, components made from such materials may deform or fracture suddenly when exposed to extremely low temperatures, leading to unexpected failures.

To prevent such incidents, safety must be ensured from the design stage onward.

However, many relevant standards such as ASTM A333/A333M [7], the ASME BPVC [8], and the ISO 21009 series [2,3] mainly address low-temperature service conditions near −163 °C for LNG systems. They provide limited guidance on testing and performance assurance for weldments, thickness effects, cyclic thermal loads, or much colder environments like liquid hydrogen (LH₂), as documented in the ASME B31.12 [9].

Impact testing under cryogenic conditions is essential to verify product durability and reliability. It plays a crucial role in ensuring quality across various industries.

Although existing standards (ASTM A333/A333M, ASME BPVC, ISO 21009) include cryogenic test procedures, they are largely optimized for LNG-level temperatures around −163 °C [7,8,9].

Therefore, systematic and standardized testing protocols tailored specifically to liquid hydrogen environments are urgently needed [10,11]. As the markets for liquefied-hydrogen carriers and hydrogen-fueled vessels expand, shipyards face a lack of established standards and guidelines to support technological implementation [5,6]. While numerous domestic and international research projects are ongoing, comprehensive studies on material testing methodologies for practical applications are still scarce.

According to the IMO and IACS rules, standards for cryogenic conditions down to −253 °C remain under development and are currently non-mandatory.

At present, the only applicable provision is the IMO statement that “for materials with a design temperature lower than −165 °C, the requirements shall be agreed with the Administration, paying due regard to appropriate standards” [5,6,12,13]. This provision de-fines −196 °C as the lowest guided test temperature, without addressing −253 °C specifically. Therefore, rigorous risk assessment is required to ensure safety in cryogenic service, particularly for temperature and pressure control and reliable fluid transfer through hose systems.

This study employed fault tree analysis (FTA), a widely used top-down risk analysis method based on Boolean logic, to evaluate system reliability. The FTA defines a top event and decomposes it into intermediate and basic events through logic gates to estimate the overall failure probability. The reliable application of such methods requires accurate failure-probability data. Traditional sources such as the MIL Standards (MIL-STD) [14] and the OREDA Handbook [15] provide these data for practical materials and equipment and are widely referenced in both industry and academia.

Recently, interest in the reliability of components used in cryogenic test systems has grown. Risk-based methods, including FTA, are already common in industries such as aerospace and nuclear power. However, quantitative failure-probability data for cryogenic environments remain limited, which restricts the direct use of conventional approaches [10]. When exact data are unavailable, conventional FTA often relies on estimates, which may reduce the accuracy. In such cases, the concept of possibility—rather than strict probability—can better represent the likelihood of failure.

Fuzzy theory provides a systematic way to quantify qualitative assessments into fuzzy probabilities [16,17,18,19]. Numerous studies have applied fuzzy logic to transform qualitative judgments into quantitative measures of reliability [20,21]. Accordingly, this study proposes a fuzzy-based reliability assessment framework that integrates FMECA and FFTA to quantify both the qualitative and quantitative reliability aspects of a cryogenic impact testing system.

This study aimed to establish a fuzzy-based quantitative reliability framework for the cryogenic impact testing system by integrating fuzzy theory into FTA- and FMECA-based risk assessment to quantify qualitative analyses in data sparse environments. By applying the proposed procedure to the cryogenic impact tester, design and operational measures are presented to ensure the minimum functional and safety-reliability requirements of the testing equipment. The outcomes of this study are expected to contribute to the development of safe testing infrastructure and the establishment of risk-based design frameworks across the cryogenic fuel industry and the broader field of reliability engineering.

2. Ultra-Low Temperature Shock Test Equipment

Testing under cryogenic conditions (20 K) is critically influenced by the heat generated during plastic deformation (slip) of the specimen. Consequently, loading/strain-rate sensitivity is expected to alter the measured properties, and the selection of test conditions requires careful consideration [10,22]. For tensile tests, ISO 6892-4 [23] specifies procedures for cryogenic tensile testing in a helium atmosphere; however, standards for impact and other mechanical tests remain insufficiently developed [5,6,12,13].

Accordingly, this study proposes—on a probabilistic basis—a cryogenic impact testing system and procedure that enable a more systematic and effective evaluation of mechanical properties (e.g., impact toughness) via cryogenic Charpy impact tests. Although the standardization of cryogenic Charpy testing is challenging due to specimen self-heating during impact, the internal temperature rise is limited when the absorbed energy is small [10,23]. In view of this, tests were designed and conducted according to the concept illustrated in Figure 1.

Figure 1. Concept diagram of the cryogenic impact tester.

The cryogenic impact testing system, as shown in Figure 1, consists of a main impact tester composed of a specimen holder that supports the test specimen used to evaluate a material’s toughness by measuring the absorbed energy required for fracture and a pendulum hammer that fractures the specimen. It also includes a liquid helium tank and a liquid nitrogen tank, which store the cryogenic coolants used to cool the specimen to the target temperature, and a cryogenic flexible transfer line that selectively supplies either liquid helium or liquid nitrogen.

In addition, a control valve is installed on the cryogenic supply line between the connection point of the liquid helium extraction pipe and that of the liquid nitrogen extraction pipe. The control valve is operated based on temperature values measured by a temperature sensor that monitors the internal temperature of the vessel.

The system first performs pre-cooling using liquid nitrogen to cool the specimen to a specified preset temperature, then performs main cooling using liquid helium to bring the specimen down to the specified target temperature. At this stage, as shown in Figure 1, it may additionally include an evaporated-gas extraction pipe that draws helium boil-off gas generated by the vaporization of liquid helium inside the helium tank and delivers it to the cryogenic supply line. This helium boil-off gas can be used either as a coolant for pre-cooling the specimen instead of liquid nitrogen or after pre-cooling with liquid nitrogen is completed as a purging gas to purge any residual liquid nitrogen remaining in the cryogenic supply line.

3. Function and Failure Mode Analysis of Ultra-Low Temperature Shock Test Equipment

3.1. Functional Analysis

In general, when analyzing a product’s functions, each function is defined by dividing the product into its component parts. However, in the case of the impact test under a cryogenic testing environment, the entire setup is regarded as a single system, and the components and subsystems that make up this system are selected as the primary subjects of analysis [24,25].

The reason for choosing this analytical approach is that all elements, except for the impact tester itself, that maintain and control the cryogenic environment are considered as a single subsystem. Accordingly, the functions performed by each subsystem within the overall system were analyzed.

The main functions of each component in the cryogenic impact testing environment are as follows:

(a)

Liquid helium tank: Equipment for storing and transferring cryogenic fluid at −269 °C, consisting of a double-insulated vessel made up of an inner shell that directly contains the liquid helium and an outer shell surrounding it. The space between the inner and outer shells is formed as a vacuum, and glass wool or powdered insulation may be filled inside this vacuum-insulated space.

(b)

Liquid nitrogen tank: Equipment for storing and transferring cryogenic fluid at −196 °C, consisting of a double-insulated vessel made up of an inner shell that directly contains the liquid nitrogen and an outer shell surrounding it. The space between the inner and outer shells is formed as a vacuum, and glass wool or powdered insulation may be filled inside this vacuum-insulated space.

(c)

Safety and top flange: A device that safely maintains the vacuum insulation performance and pressure of the liquid helium and liquid nitrogen tanks, ensuring stable retention of the vacuum and coolant.

(d)

On/off valve: A device that controls coolant switching based on temperature values measured by a temperature sensor. When liquid helium is supplied to the cryogenic supply line through the liquid helium extraction pipe, the valve closes. When liquid nitrogen is supplied to the cryogenic supply line through the liquid nitrogen extraction pipe, the valve opens.

(e)

Level gauge: A device that mechanically measures the fluid level inside the liquid helium and liquid nitrogen tanks and enables on/off operation by valve control according to the measured level.

(f)

Transfer hose line: Vacuum-insulated equipment for delivering cryogenic fluid at −253 °C to the impact test specimen, allowing for the continuous transfer of coolant while maintaining the set temperature.

(g)

Container (Styrofoam capsule): A container used to cool the impact test specimen to the target temperature in a cryogenic environment and then perform the test. Coolant inflow forms the interior into a cryogenic environment, and the supplied coolant maintains the specimen at the target temperature. The container housing the specimen is made of a Styrofoam capsule, arranged so that the specimen and container are broken together by the hammer, integrated as part of the system.

3.2. Failure Mode Effect and Criticality Analysis (FMECA)

The FMECA procedure used in this study is as follows:

(a)

Definition and refinement of the system to be analyzed;

(b)

Determination of the FMECA worksheet (selection of analysis items);

(c)

Functional and fault analysis;

(d)

FMECA team review;

(e)

Verification and implementation of improvement measures.

The definition and subdivision of the FMECA target system are determined according to the purpose of the FMECA, the available time, and cost. The system definition specifies the main components and their respective functions within the FMECA target system and is used to establish the FMECA scope as well as define the expected performance and potential failures.

Although the system definition should, in principle, be analyzed using a functional block diagram, in this paper, the analysis was conducted using a system partitioning method excluding the main impact tester, and the system classification was determined according to the objectives of the FMECA analysis. In addition, the FMECA target items were categorized as systems, subsystems, single devices, and accessories [26,27].

The subsystems of the cryogenic impact testing system, which represents the overall system, were composed of combinations of equipment that perform specific functions within the system.

If a subsystem failure is classified as critical during the FMECA stage, it is necessary to closely evaluate the failures and failure causes of each component constituting the system. In such cases, the analysis may also be performed at the component or accessory level. However, in this paper, because the distinction between subsystems and components within the top-level cryogenic impact testing system was not functionally significant, the system was divided only to the subsystem level, as shown in Figure 2.

Figure 2. System breakdown of the cryogenic impact test system in a cryogenic testing environment.

As the system definition and subdivision for the FMECA were determined, as shown in Figure 2, the worksheet format for the detailed contents was decided as follows:

(a)

Item title: Name of the subsystem;

(b)

Function: Describes the operation and role of units or components, but is limited to the functions of subsystems due to the structure of the cryogenic (20 K) impact test system;

(c)

Failure mode: Types of failures classified according to their functions;

(d)

Failure cause: Causes of each failure type or multiple root causes for a single failure;

(e)

Failure detection: Methods for detecting issues within subsystems or units;

(f)

Failure effect: The impact of each failure on the system, the environment, or personnel interacting with the system;

(g)

Criticality: The risk level expressed as high or low based on failure frequency and potential damage.

The functions were defined as specifically as possible, following established standards to avoid ambiguity. The purpose and performance of the target device were determined based on the applicable regulations and specifications.

The definition and breakdown of the system targeted for FMECA were determined by the purpose, available time, and cost of the FMECA. In this study, the system analyzed for FMEA was divided into functional groups, the overall system (cryogenic impact test system), and subsystems (LHe tank, safety and top flange, on/off valve, level gauge, transfer hose line, and container) as shown in Table 1.

Table 1. Failure mechanism analysis by failure mode.

Item Description			Failure Description		Failure Effect Description
Primary Components	Function	Failure Modes	Failure Mechanisms	Failure Cause	Criticality
					F	S	C
LHe tank	A device designed to store and transport cryogenic fluid at −269 °C, with the capability to transfer fluid at temperatures as low as −253 °C, the temperature of liquid hydrogen.	Leakage	Crack due to impact	Design fault, insufficient mechanical strength of materials, and machining defects	Low	High	5
		Valve or pipe detachment	Vibration	Design fault	Low	Mid.	3
		Inaccuracy of various gauges	Vibration	Manufacturing fault	Low	Mid.	3
		Container explosion due to pressure rise	Vacuum failure	Assembly fault	Mid.	High	7
		Container rupture or damage	Excessive pressure rise	Design fault	Low	High	5
Safety and top flange	A safety device designed to prevent fluid leakage by ensuring vacuum insulation performance and managing pressure in the liquid helium and liquid nitrogen tanks.	Leakage caused by seal damage	Vacuum failure	Manufacturing fault	Mid.	High	7
On/off valve	The function to close the valve once the fluid in the liquid nitrogen tank reaches the set temperature of −196 °C, and to keep the valve open while the fluid is reaching the set temperature.	Loss of automatic functionality due to actuator malfunction.	Actuator fault	Assembly fault	Low	High	5
		Leakage caused by a faulty connection.	Connection fault	Design fault	Low	High	5
Level gauge	A device that mechanically measures the liquid level in the liquid helium and liquid nitrogen tanks, with the ability to control the valve for on/off operation based on the measured fluid level.	Inability to measure capacity.	Battery malfunction.	Vacuum fault	Low	High	5
		Overfilling of the tank due to an inability to determine the liquid level could lead to an explosion risk.	Battery malfunction.	Material fault	Low	High	5
		Inability to measure capacity due to circuit malfunction.	Moisture intrusion.	Design fault, insufficient mechanical strength of materials, and machining defects	Low	Mid.	3
Transfer hose line	A vacuum-insulated device designed to transport cryogenic fluid at −253 °C to the impact test specimen, with the capability to continuously transfer the fluid while maintaining the set temperature.	Loss of functionality due to decreased insulation performance.	Vacuum failure	Design fault, insufficient mechanical strength of materials, and machining defects	Mid.	High	7
		Damage due to loss of flexibility from residual stress	Long term use	Design fault	Low	Mid.	3
		Occurrence of LHe leakage.	Fault of connected seal	Manufacturing fault	Low	High	5

Because subsystem failures can lead to failures at the upper-system or entire-system level, the FMECA in this study was conducted at the subsystem level. If further testing is performed, a more detailed failure analysis is expected to be possible.

The failure analysis in this paper involved examining the failure modes that may occur in each component of the cryogenic impact testing system and evaluating their effects on design and operation. In addition, identifying the improvements made compared with existing cryogenic testers and presenting the key improvement factors were also among the primary objectives of this paper.

The parameters F (failure frequency), S (severity), and C (criticality) listed in Table 1 were evaluated using a three-level qualitative scale (“Low”, “Medium”, and “High”).

The corresponding quantitative values, weighting factors, and definitions used for the fuzzy-based reliability assessment are summarized in Table 2.

Table 2. Definition, quantitative scale, and weighting of parameters used in the fuzzy-based reliability assessment.

Parameter	Definition	Quantitative Scale (Level)	Typical Quantitative Code for Computation	Weight Factor	Description/Criterion
Failure (F)	Frequency of occurrence of a failure mode within the system	Low = Rare event, failure unlikely during operation Medium = Occasional failure under certain conditions High = Frequent or recurring failure during service life	Low = 1 Medium = 3 High = 5	0.30	Represents how often a particular failure mode is expected to occur within the system
Severity (S)	Consequence of failure of system performance and safety	Low = Negligible effect on system performance or safety Medium = Partial performance loss, minor safety impact High = System shutdown or significant safety risk	Low = 1 Medium = 3 High = 5	0.40	Indicates the degree of impact of damage caused by the failure
Criticality (C)	Combined impact index evaluating the overall importance of a failure mode	Low = Easily controllable, minimal impact (1 ≤ C ≤ 3) Medium = Noticeable impact requiring monitoring (4 ≤ C ≤ 6) High = Major impact requiring immediate corrective action (7 ≤ C ≤ 9)	Computed as normalized function of (F ∗ S)	0.30	Expresses the overall importance of each failure mode for risk ranking and prioritization

For computational purposes, the qualitative levels were numerically coded as 1, 3, and 5, respectively.

The criticality value (C) was obtained by multiplying F and S and then normalized to a scale of 1–9 for ranking purposes.

Weighting factors (0.3, 0.4, and 0.3) were assigned to reflect the relative influence of each parameter on the overall system reliability.

4. Failure Probability Based Reliability Result of Ultra-Low Temperature Shock Test Equipment

4.1. Fault Tree Analysis (FTA)

Fault tree analysis (FTA) is a logical diagram used to illustrate the interrelationships among potential catastrophic events (accidents), environmental conditions, human errors, general incidents, and specific component failures within a system. FTA can provide qualitative, quantitative, or combined analysis results depending on the objectives of the analysis. Because of its ability to assess reliability and risk, FTA is widely applied in system analysis for reliability and safety evaluations [28,29].

FTA is a systematic failure analysis method that represents the relationship between an undesired outcome such as system failure or malfunction (referred to as the “top event”) and its causes in a top-down approach. FTA helps identify all possible events and the causal relationships that could lead to significant losses or negatively impact system safety. It is widely used to evaluate system designs, perform safety assessments under changing environmental conditions, and improve reliability.

In this study, the term “top event” is used to calculate the probability and causes of potential failures. It represents the undesirable outcome that can be triggered by individual or combined lower-level fault events. The causes of the top event are depicted using connected logic gates, which illustrate the logical relationships between these faulty events.

In this paper, FTA was conducted using information provided by the FMECA. The analysis focused on identifying the causes and effects associated with the top event such as:

(a)

Example: “External impact”;

(b)

Example: “Vibration”;

(c)

Example: “Excessive pressure rise”.

The necessary and sufficient conditions for these events are connected using “AND” or “OR” gates. These gates represent the logical relationships and help identify the immediate and sufficient conditions that lead to the top event.

The results of the fault tree analysis (FTA) for the failure of the cryogenic (20 K) impact test system are as follows. In this analysis, the “top event” corresponds to the loss of functionality of the cryogenic impact test system.

The cause of the functional loss could be liquid helium leakage resulting from cracks caused by external impact. The following basic events are identified as contributing causes in the analysis presented in this study:

(a)

Cracks caused by impact;

(b)

Vibration;

(c)

Vacuum failure;

(d)

Excessive pressure rise;

(e)

Actuator malfunction;

(f)

Faulty connection;

(g)

Battery malfunction;

(h)

Moisture intrusion;

(i)

Long-term use;

(j)

Defective connected seal.

Each top event defined above was digitized using AND or OR gates, and as shown in Figure 3, these gates were connected to complete the FTA model.

Figure 3. FTA for an impact test system under cryogenic temperature.

For the quantitative analysis of the FTA, all logical gates were replaced with basic events representing the minimal cut sets of the smallest fault combinations that can cause system failure. The reliability block diagram (RBD), shown in Figure 4, was expressed as a structure in which the minimal cut sets are connected in series.

Figure 4. Simplified FTA for an impact test system under cryogenic temperature.

As shown in Figure 5, for the cryogenic impact test system, the occurrence of any one of the eight minimal cut sets will trigger the top event. A minimal cut set is considered to have failed when all of its basic events occur simultaneously.

Figure 5. Minimal cut set aerial structural reliability block diagram (RBD).

As above-mentioned, this FTA has a generalized form and can be applied to various functional loss issues that may occur in the cryogenic impact testing system through a deductive structure using OR and AND logic gates. The main objective of this study was to quantify the failure probability of the top event (TE: top event), defined as the “functional loss of the cryogenic impact testing system”. However, the probabilities of the basic events (BE: basic events) contributing to the top event are not clearly quantified. Therefore, it was necessary to apply a fuzzy approach to the fault tree analysis (FTA) in this study [19]. In addition, identifying the events that significantly contribute to the top event’s failure is also an important research objective.

The fault tree shown in Figure 4 consists of a total of eight basic events (BE: basic event) labeled X₁, X₂, X₃, X₄, X₅, X₆, X₇, and X₈, as well as four intermediate events (intermediate event) labeled GT₃, GT₄, GT₁, and GT₂. All of these events are connected to the top event (TE: top event) labeled GT₀. Numbering is assigned in the order of basic events first, followed by intermediate events, and finally the top event (TE). The numbering of intermediate events is arranged so that each intermediate event can be connected (downward connection) to events with smaller numbers.

The fault tree in Figure 4 is composed of a combination of AND and OR gates. An AND gate indicates that the output event occurs only when all input events occur, whereas an OR gate indicates that the output event occurs if any one of the input events occurs. The top event (TE), designated as T, is connected to the basic events (BEs) X₁ through X_N (where N represents the number of BEs, and the failure probability of event X_i is denoted as P(X_i)). Then, when the connecting gate is AND or OR, the failure probability P(T) of the TE, represented by T, is given as Equation (1):

$$P\left(T\right)=\left\{\begin{array}{ll}{\prod }_{i=1}^{N}P\left(X_i\right)& forANDgate\\ 1-{\prod }_{i=1}^N\left(1-P\left(X_i\right)\right)& forORgate\end{array}\right.$$

(1)

In the fault tree (as shown in Figure 4), the failure probability of the top event (TE) can be evaluated by obtaining the minimal cut sets (MCS; minimal cut set), which are the minimal necessary and sufficient conditions for the occurrence of the TE. Once the MCSs, denoted as C_i (i = 1, 2, …, N_c) (where N_c represents the number of MCSs), are determined, the failure probability of the TE, denoted as $P\left(T\right)$, is given in Equation (2):

$$P\left(T\right)=1-{\displaystyle \prod _{i=1}^{N_C}\left(1-P\left(C_i\right)\right)}$$

(2)

Here, P(C_i) represents the failure probability of C_i, and when the failure probability of a BE is low (i.e., P(X_i) ≪ 1), the estimate of P(T) can be approximated as shown in Equation (3):

$$P\left(T\right)\approx {\displaystyle \sum _{i=1}^{N_C}P\left(C_i\right)}$$

(3)

A general MCS can be expressed as the sum of BEs, as shown Equation (4), where N_j denotes the number of BEs in C_j, also referred to as the order of the MCS.

$$C_i={\overline{X}}_1,{\overline{X}}_2,\cdots ,{\overline{X}}_{N_{j=1}},{\overline{X}}_{N_j}$$

(4)

where ${\overline{X}}_i\in \left({\overline{X}}_1,{\overline{X}}_2\cdots ,{\overline{X}}_N\right)$.

The derivation of MCSs in a fault tree follows well-established procedures. A cut set is defined as a combination of basic events (BEs) whose failures can cause the system (i.e., the top event, TE) to fail [30]. A cut set must be minimal, meaning that if any single basic event is removed from the set, the remaining basic events no longer constitute a cut set. The longer the cut set, the less vulnerable the top event (TE) becomes to that MCS. In other words, a cut set of order 1 is more critical than a cut set of order 2 or higher. If a cut set contains only one basic event, the occurrence of that single event immediately causes the top event. Conversely, if a cut set contains two basic events, both events must occur for the top event to occur. Ultimately, the higher the order Nc of a cut set, the less vulnerable the system is considered to be.

4.2. Fuzzy Fault Tree Analysis (F-FTA)

4.2.1. Failure Probabilities of the Basic Events

In the case of the cryogenic impact testing system, observable data are extremely limited; therefore, to perform fault tree analysis (FTA), it is necessary to know the occurrence probabilities of the basic events (BEs). Expert elicitation or expert opinion provides the information needed to calculate failure probabilities. In this study, an indirect interactive interview method was adopted in which experts, based on a clearly prepared consultation table, provided opinions grounded in their own experience. The experts defined the occurrence probabilities of basic events using natural language expressions such as “very low”, “low”, “medium”, “high”, and “very high”. These linguistic expressions were processed using fuzzy set theory.

Expert judgment models play an important role in quantitative risk assessment. In general, several models have been proposed, including the classical expert model and the Bayesian expert model, but expert judgment can suffer from issues of bias, dispersion, and independence [29,31]. To address these issues, this study employed an expert judgment evaluation protocol based on “past experience”, applied through failure analysis.

In this study, the reliability of the impact test system was evaluated both qualitatively and quantitatively through a widely accepted failure analysis approach, as illustrated in Figure 6. This process demonstrates how qualitative risk information derived from FMEA/FMECA is systematically mapped to the quantitative failure probabilities of the FFTA, thereby establishing an integrated reliability assessment framework that incorporates both deterministic and fuzzy perspectives.

Figure 6. Reliability verification process.

4.2.2. Expert Elicitation

Experts from various fields were selected to evaluate, in linguistic terms, the failure probabilities of basic events (BEs) based on their experience and knowledge regarding functional loss of the cryogenic impact testing system. An appropriate questionnaire was designed to collect expert opinions. Each expert’s response was evaluated according to individual weighting factors to reflect differences in the opinions and levels of expertise among the experts. The weightings were assigned on a scale of 1 to 5 based on (a) title or designation, (b) length of experience, (c) education level, and (d) age, with the detailed criteria presented in Table 3. Each expert’s weighting score was calculated as the sum of the attribute-specific weights, and the individual weighting factor for each expert was then derived according to Equation (5):

Weighting factor of the expert = (Weighting score of the expert)/(Sum of weighting scores of all expert)

(5)

Table 3. Weights for attributes.

Title/Designation	Experience [Year]	Education Level	Age [Year]	Weight
Professor/Senior Manager	>30	Doctor	>50	5
Associate Professor/Manager	20~30	Doctor	40~50	4
Assistant Professor/ Assistant Manager	10~20	Doctor	30~40	3
Lecturer/Senior Officer	5~10	Bachelor	25~30	2
Worker/Officer	<5	Bachelor	<25	1

Table 3 presents the weighting scores and weighting factors of the ten experts in this field who provided consultation for this study. The data in Table 3 and Table 4 closely followed the industrial protocols of the cryogenic and low-temperature test equipment design and manufacturing industry as well as the cryogenic gas industry.

Table 4. Experts including weighting factors.

Expert No.	Title	Experience [Year]	Education	Age [Year]	Weighting Score	Weighting Factor
1	Professor	>30	Doctor	>50	19	0.12338
2	Manager	10~20	Masters	40~50	15	0.09740
3	Associate Professor	10~20	Doctor	30~40	14	0.090901
4	Associate Professor	20~30	Doctor	40~50	16	0.10390
5	Worker	20~30	Bachelor	40~50	11	0.07143
6	Worker	>30	Bachelor	>50	13	0.08442
7	Professor	10~20	Doctor	30~40	16	0.10390
8	Manager	5~10	Masters	30~40	13	0.08442
9	Senior Manager	>30	Masters	>50	19	0.12338
10	Professor	>30	Doctor	40~50	18	0.11688
SUM					154	1.00000

4.2.3. Linguistic Expression to Fuzzy Numbers

To perform the analysis using fuzzy set theory, a numerical approximation system must be used to convert linguistic expressions into fuzzy numbers. The linguistic terms “very high”, “high”, “medium”, “low”, and “very low” can be represented as VH, H, M, L, and VL, respectively. These expressions are associated with the fuzzy membership functions presented in Figure 6, which consist of triangular fuzzy numbers and trapezoidal fuzzy numbers. For computational convenience, the triangular fuzzy numbers were converted into trapezoidal fuzzy numbers and expressed with four values, a, b, c, and d, which define the five membership functions (VH, H, M, L, VL) shown in Figure 7. The opinions of ten experts regarding all basic events (BEs) are summarized in Table 5.

Figure 7. Fuzzy membership function for fuzzy numbers.

Table 5. Expert opinions on the failure of the basic events.

BE	Expert No.
	1	2	3	4	5	6	7	8	9	10
1	VH	VH	H	H	VH	VH	VH	H	H	VH
2	VH	VH	H	H	VH	VH	H	H	VH	H
3	H	H	M	H	H	H	M	H	M	H
4	M	M	H	H	M	H	M	H	M	H
5	M	M	H	M	H	H	M	M	M	M
6	M	H	M	H	M	H	M	H	H	H
7	H	H	M	M	H	H	M	H	M	H
8	H	M	H	M	M	L	M	H	M	H
SUM

4.2.4. Estimates of the Basic Events

All BEs were rated by experts, as shown in Table 5, and all ratings for a single BE were combined and aggregated to derive a single consensus opinion. The aggregation method used was Equation (6) [32].

$$M_i={\displaystyle \sum _{i=1}^N{\displaystyle \sum _{j=1}^{N_e}{A}_{ij}{w}_j}}$$

(6)

where

$N=$ BEs number (=8, refer Figure 4);

$N_e=$ No. of experts (=10, refer Table 4);

$w_j=$ Weight factor for j expert (last column of Table 4);

$A_{ij}=$ The linguistic expression (a, b, c, or d) of the ith BE provided by expert j;

$M_i=$ The aggregated trapezoidal fuzzy number of BE X_i.

Table 6 represents the numerical approximation system that converts linguistic expressions into fuzzy numbers, and the M_i values for all BEs are shown in the second column in Table 7.

Table 6. A numerical approximation system for converting linguistic expressions to fuzzy numbers.

		a	b	c
VL	Very low	0	0.1	0.2
L	Low	0.1	0.25	0.4
M	Medium	0.3	0.5	0.7
H	High	0.6	0.75	0.9
VH	Very high	0.8	0.9	1.0

Table 7. Data of the basic events.

BE(Xi)	Aggregated Fuzzy Number (M)				${\mathit{\mu }}_{\mathit{L}}$	${\mathit{\mu }}_{\mathit{R}}$	FPS	P(Xi)	Rank
	a	b	c	d
X1	0.7195	0.8396	0.8994	0.9597	0.25043	0.90508	0.8273	0.04316	1
X2	0.7000	0.8250	0.8750	0.9500	0.26667	0.88372	0.8085	0.03771	2
X3	0.5045	0.6705	0.6705	0.8364	0.42495	0.71735	0.6462	0.01311	3
X4	0.4442	0.6201	0.6201	0.7961	0.47267	0.67697	0.6022	0.00991	5
X5	0.3740	0.5617	0.5617	0.7494	0.52706	0.63095	0.5519	0.00714	8
X6	0.4831	0.6526	0.6526	0.8221	0.44198	0.70294	0.6305	0.01187	4
X7	0.4383	0.6153	0.6153	0.7922	0.47724	0.67310	0.5979	0.00964	6
X8	0.4078	0.5828	0.5828	0.7578	0.50401	0.64493	0.5705	0.00807	7

The result of a fuzzy inference system is a fuzzy set that includes membership degrees for multiple possible values, and because these values contain ranges or ambiguity, they must be converted into real numbers for calculation, analysis, and execution. Therefore, the defuzzification process was used to transform a fuzzy number into a single-point value called the fuzzy possibility score (FPS). Converting to a single numerical value such as the FPS allows consistent decisions to be made from ambiguous information. In this study, because the defuzzification process involves asymmetric fuzzy numbers that shift the centroid by assigning different weights, the left–right fuzzy ranking method proposed by Chen and Hwang [33] was employed to asymmetrically evaluate the left and right spreads of the fuzzy numbers using Equations (7) and (8):

$${\mu }_L={\displaystyle \frac{1-a}{a+b-a}}={\displaystyle \frac{1-0.7195}{1+0.8396-0.7195}}=0.25043$$

(7)

$${\mu }_R={\displaystyle \frac{d}{1+d-c}}={\displaystyle \frac{0.9597}{1+0.9597-0.8984}}=0.90508$$

(8)

where $a,b,c,d$ are the aggregated fuzzy numbers defined in Table 7.

FPS is calculated using Equation (9):

$$FPS={\displaystyle \frac{{\mu }_R+\left(1-{\mu }_L\right)}{2}}={\displaystyle \frac{0.90508+\left(1-0.25043\right)}{2}}=0.8273$$

(9)

The defuzzification results of all BEs lead to FPS values, which are summarized in the fifth column in Table 7.

4.2.5. Converting Fuzzy Possibility

The data obtained from cryogenic systems are often uncertain and incomplete.

Onisawa’s transformation was adopted because it does not directly convert the fuzzy possibility score (FPS) into a probability; instead, it applies a logarithmic damping to preserve the inherent uncertainty of the system.

Accordingly, the FPS of all basic events ($X_i$) must be converted into the fuzzy failure probability $P\left(X_i\right)$.

This transformation has also been employed in previous fuzzy fault tree analysis (FFTA) studies [34] for estimating the failure probabilities across various industrial systems such as oil and gas, energy, and aerospace.

The fuzzy failure probability defined by Onisawa [35] is expressed as Equation (10).

$$P\left(X\right)=\left\{\begin{array}{ll}{\displaystyle \frac{1}{{10}^k}}& forFPS\ne 0\\ 0& forFPS=0\end{array}\right.$$

(10)

where $k=2.301{\left({\displaystyle \frac{1-FPS}{FPS}}\right)}^{1/3}$.

4.3. Failure Probability of the Top Event

As shown in Figure 5, the cryogenic impact testing system consists of k = 8 minimal cut sets. The top event (system failure) occurs if at least one of these minimal cut sets fails. A minimal cut set fails when all of its basic events (BEs) occur simultaneously. Assuming statistical independence among BEs, the failure probability P(T) of a minimal cut set j at time t—and thus the top event failure probability—can be calculated exactly using Equation (2), or approximated using Equation (3).

The exact failure probability of the top event, corresponding to total system failure, is obtained by applying Equation (2). For practical purposes, Equation (3) can be used as an approximation, as the difference between exact and approximate estimates is of a higher order and is generally negligible in engineering applications.

Table 8 summarizes the system failure probabilities calculated using Equation (2). For example, for the “Temperature Regulation Failure via Coolant” part, the failure rates of its basic events were 0.01311, 0.00991, and 0.00714, respectively, as shown in Figure 8. Substituting into the equation yields:

$$\left(1-\left(1-0.01311\right)\times \left(1-0.00991\right)\times \left(1-0.00714\right)\right)\times 0.04316=0.001289$$

(11)

Table 8. Probability of loss of function (probability of failure) of the cryogenic temperature impact test system.

	Inability to Control Temperature via Refrigerant—Part 1				Inability to Control Temperature via Refrigerant—Part 2
Minimal cut set	K1	K2	K3	K4	K5	K6	K7	K8
Basic event	3	4	5	1	6	7	8	2
P(Ci)	0.01131	0.00991	0.00714	0.04316	0.01187	0.00964	0.00807	0.03771
P(T)	0.001289				0.00023
Probability of loss of function	0.00152

Figure 8. FTA for an impact test system under cryogenic temperature—step-by-step derivation of failure probabilities.

Similarly, for the “Temperature Supply Failure via Coolant” part, the basic event failure rates were 0.01187, 0.00964, and 0.00807, respectively, as shown in Figure 8, resulting in:

$$\left(1-\left(1-0.1187\right)\times \left(1-0.00964\right)\times \left(1-0.00807\right)\right)\times 0.03771=0.0011046$$

(12)

These results indicate that system-level failure probabilities are sufficiently small, validating the reliability of the cryogenic impact testing system under the given assumptions.

5. Conclusions

The purpose of this study was to obtain reliable material performance data through impact testing under cryogenic conditions, and to this end, establish an appropriate impact testing system that can ensure functionality and safety in such environments. However, since relevant standards and guidelines are currently lacking, this study aimed to supplement the limitations of qualitative evaluation through risk assessment and propose a procedure for converting qualitative evaluation results into quantitative data based on fuzzy theory.

Based on the quantitative reliability analysis presented in Table 8, the total system failure probability was calculated to be 1.52 × 10⁻³.

This value was approximately 7.5% lower than that obtained from the conventional deterministic FTA (average of about 1.64 × 10⁻³), indicating that the proposed fuzzy-based reliability assessment method improved the overall system reliability by approximately 7.5%. The reference deterministic FTA value of 1.64 × 10⁻³ aligns with the average failure probability range reported in previous reliability studies on cryogenic test facilities and components, as documented in the OREDA Handbook [15] and ASME B31.12 [9].

These results demonstrate that the proposed approach enhances both the consistency and reliability of system reliability evaluation for the cryogenic impact testing apparatus.

Through this study, it is expected that a reliable testing infrastructure will be provided to guarantee impact test results at −253 °C cryogenic conditions at an industry-standard level. In addition, risk-based design targets can be specifically presented for the design and operation of actual equipment. Furthermore, by providing safety evaluation procedures that comply with international regulations and standards such as IMO, ISO, and IEC, the study is anticipated to contribute to equipment commercialization and certification acquisition. Moreover, it is expected to be applicable to the development of testing and verification equipment for cryogenic fuel vessels and plant components using LNG, liquid hydrogen, and ammonia.

Furthermore, by verifying that a fuzzy (Fuzzy)-based methodology can compensate for the lack of quantitative data, this study can be presented as a case that overcomes the limitations of risk assessment FTA in test system development. In addition, an expanded framework for reliability and risk assessment techniques was proposed through FMECA, FTA, and fuzzy reliability.

In future research, a foundation will be provided for building a cryogenic test database (DB) and for studies applying similar systems, and the failure probabilities derived from qualitative reliability evaluation techniques will be utilized to develop improved designs for test equipment or to create test procedures.

In addition, the proposed fuzzy-based quantitative reliability assessment framework is not limited to the cryogenic impact testing system but possesses broad applicability.

In particular, it can be effectively extended to cryogenic tensile testing systems operating at −253 °C, as both systems share similar sources of uncertainty including brittleness transition behavior, sensor reliability degradation, and fault propagation mechanisms.

These testing systems commonly suffer from a scarcity of empirical failure data, and therefore, a reliability assessment under cryogenic conditions is expected to require the combined use of probabilistic modeling and expert-based fuzzy inference approaches.

Although the proposed fuzzy-based reliability assessment framework provides a systematic integration of FMECA and FTA, it has not yet been validated with real operational or experimental data.

This study primarily focused on developing a consistent methodological structure to address uncertainty in expert-based assessments.

Future research will conduct quantitative validation using actual failure probability data, such as those obtained from LNG storage and transportation systems, to further verify the accuracy and applicability of the proposed framework.