Lecture 11: Hash Functions and Random Oracle Model

Size: px
Start display at page:

Download "Lecture 11: Hash Functions and Random Oracle Model"

Transcription

1 CS 7810 Foudatios of Cryptography October 16, 017 Lecture 11: Hash Fuctios ad Radom Oracle Model Lecturer: Daiel Wichs Scribe: Akshar Varma 1 Topic Covered Defiitio of Hash Fuctios Merkle-Damgaård Theorem Merkle Trees Radom Oracle Model Collisio-Resistat Hash Fuctios A collisio-resistat hash fuctios (CRHF) is a fuctio that shriks a log message to a short output called the digest of the message. Ituitively, we wat to esure that the eve though the digest is short it uiquely idetifies the message. This may seem cotradictory sice may messages must be hashed to the same digest. However, the security property that we will require, called collisio resistace says that o efficiet adversary ca come up with a collisio cosistig of two differet iputs that both get mapped to the same output..1 Naive defiitio A atural way of defiig a CRHF is as follows. A family of fuctios H : {0, 1} l() {0, 1} with l() > are collisio-resistat hash fuctios iff they satisfy the followig properties. H(x) ca be computed i polyomial time. For all PPT adversaries A, Pr[H(x) = H(x ) x x : (x, x ) A(1 )] = egl(). While this defiitio ituitively captures the idea of a CRHF it is ever goig to be satisfied if we allow for o-uiform adversaries. Whe o-uiform adversaries are allowed there is a trivial adversary that simply hard codes a collisio for each possible ad always successfullly outputs x x such that H(x) = H(x ) (all without doig ay computatio). Lecture 11, Page 1

2 . Better defiitio To remove the possibility of such trivial adversaries, we modify our defiitio to iclude a seed. A family of fuctios H(s, x) : {0, 1} {0, 1} l() {0, 1} with l() > are collisio-resistat hash fuctios iff they satisfy the followig properties. H s (x) := H(s, x) ca be computed i polyomial time. For all PPT adversaries A, Pr[H s (x) = H s (x ) x x : s {0, 1}, (x, x ) A(1, s)] = egl(). The defiitio says that whe a uiformly radom public seed is used, o adversary ca fid a collisio with o-egligible probability. Apart from capturig the ituitio of collisio-resistat hash fuctios it also removes the possibility of trivial adversaries. This seed is primarily for havig a soud defiitio ad i practice useeded hash fuctios are used because o oe kows how to come up with the hard coded collisios ad hece the trivial adversary. 3 Merkle-Damgaård Theorem Recall that for PRGs we had a theorem statig that if we have a PRG which exteds the iput by oe bit, the we ca use that to create PRGs that exteds the iput by ay polyomial umber of bits. Similarly, we ow show that if we ca compress the iput by oe bit, the we ca compress it by ay polyomial umber of bits. Theorem 1 If H s is a family of collisio-resistat hash fuctios with l() = + 1, the we ca costruct a family of collisio-resistat hash fuctios H s with l () = poly(). Proof: We provide a costructio for H s similar to the costructio for the chaied PRG costructio. Let X = (x 1, x,..., x ) be the iput bits to the fuctio H s. We defie H s(x) = y l () via the followig figure. x 1 x x i x l () H s H s H s... H s 0 y 1 y l () 1 y l () We show that if X X such that H s(x) = H s(x ), the we ca use that to fid a collisio for H s. Let y 1,..., y l () be the values created durig the computatio of H s (X) ad y 1,..., y l () be the values created durig the computatio H s(x ). We kow that y l () = y l () because H s(x) = H s(x ). Search backwards for the largest i such that (x i, y i 1 ) (x i, y i 1 ) (this i exists because X X ). This pair implies that H s (x i, y i 1 ) = H s (x i, y i 1 ) y i = y i. This provides a collisio for H s ad is a cotradictio to H s beig a CRHF. Lecture 11, Page

3 A atural questio to ask ow is whether the same costructio is sufficiet for variable legth iputs? The aswer is o. Cosider a CRHF for which H s (0 +1 ) = 0, we simply preped 0 to our iput ad get collisios, H s(x) = H s(0 X). The place where our proof fails is whe we search for the largest i. We simply fall off the chai of H s correspodig to H s(x) whe searchig for this i. We ca avoid this problem by defiig H s (X) = H s(x < l () >) where < l () > is the biary represetatio of the legth of the iput X. Now the same proof idea will work. Either we fid a collisio i the first bits ( l () ) from the right or X = X ad the earlier proof works is sufficiet. 4 Merkle Trees While the Merkle-Damgaård costructio allows us to go from 1 bit compressio to ay sized compressio, we ow look at a differet costructio which is more useful i some scearios. Theorem If H s is a family of collisio-resistat hash fuctios with l() =, the we ca costruct a family of collisio-resistat hash fuctios H s with l () = i for ay i > 0. Proof: Let X = (x 1, x,..., x i) be the iput bits split ito blocks of bits each. We compute the fial digest by creatig a biary tree (of depth i) with each bit block as a leaf, ad every iteral ode beig the hash of the cocateatio of its two childre (x = H s (x l, x r )). Thus, the root will be a digest of the required size ad would be depedet o all the bits of X. We illustrate the tree structure for i = 3. H s(x) x 1 x x 3 x 4 x 5 x 6 x 7 x 8 The proof that this costructio gives us a CRHF is quite similar to the proof of the Merkle-Damgaård costructio. Usig a dowwards search startig at the root i the two Lecture 11, Page 3

4 trees, we would see that a paret ad the correspodig childre would provide a collisio for H s if there is a collisio for H s. 4.1 Merkle-Damgaård costructio vs. Merkle Trees We have see two ways to costruct CRHFs with more compressio power startig with less powerful CRHFs. Both of these have their advatages ad disadvatages ad we ow look at some of those. Parallelizability/Streamig: Merkle Trees aturally provide parallelizability i their costructio ulike the Merkle-Damgaård costructio. O the other had, this parallelizability comes with the disadvatage of havig to store a lot of itermediate states before reachig the fial digest value ulike for Merkle-Damgaård where we oly eed to store oe hashed value at ay give time. However, if the data is received i a streamig maer the the Merkle-Damgaård costructio is much more efficiet i terms of storage space required. Updatio/Appedig: If the iput value chages slightly the the Merkle Tree costructio simply updates the iteral odes that do get chaged which eeds O(i) computatios ad hece smaller tha O(l ()) computatios that the Merkle-Damgaård costructio would eed. This is a simple storage vs. computatio trade-off with the Merkle Tree havig to store all itermediate odes ad the Merkle-Damgaård costructio havig to perform all computatios from scratch. Appedig to the iput is slightly more complicated for the Merkle Tree as ew odes eed to be created ad balacig of the tree may also come ito play if oe eeds to keep the updatio efficiet. For the Merkle-Damgaård costructio storig the state just before the < l () > part might be sufficiet. Small segmet of large dataset: A sceario where the Merkle Tree is better equipped compared to the Merkle-Damgaård costructio is whe a small part of the message eeds to be verified. Suppose Alice has stored a very large amout of data with Bob ad Charlie wats to see a small segmet of this data (say x i ). If Bob seds Charlie the whole data ad the correspodig hash, the that results i a large amout of data trasfer (especially if Charlie is oly cocered with x i ad does t care about the rest of x). However, if Bob uses the Merkle Tree method of computig the hash the he ca simply sed Charlie the requested data segmet alog with the hashes for all the siblig odes alog the path from the leaf for x i to the root (as show i bold i the followig figure). This allows us to solve the problem while avoidig high commuicatio overhead which would ot be possible with the Merkle-Damgaård costructio due to its serial ature. 5 Radom Oracle Model The CRHFs that are used i practice seem to have may other cryptographic properties apart from collisio-resistace. We try to capture this usig the Radom Oracle model by cosiderig a idealized hash fuctio. We formally defie a Radom Oracle model as a model i which all parties (icludig adversaries) have oracle access to a cosistet, uiformly radom fuctio RO : {0, 1} {0, 1}. This oracle ca be thought of as choosig a radom output y o beig queried with Lecture 11, Page 4

5 H s(x) x 1 x x 3 x 4 x 5 x 6 x 7 x 8 a value x ad rememberig its choice. Whe two people query the fuctio with the same x, they both receive the same y value. We defie cryptographic systems i this model the same as earlier, except both the algorithm ad adversary are provided oracle access to RO( ). The stadard security ad correctess requiremets are carried forward ito this settig as we will see i the followig examples. We assume that X = while aalyzig security of the cryptosystems we defie. 5.1 OWFs We defie a OWF i the Radom Oracle model as follows: f RO( ) (X) = RO(X) Sice RO is a truly radom fuctio, there is o way for a adversary to ivert it except by brute-force queries. The probability that oe query of the adversary succeeds is bouded by 1. If the adversary A makes T queries to RO, the we ca boud the success probability of A by T. 5. PRGs We defie a PRG i the Radom Oracle model as follows: G RO( ) (X) = RO(X 0) RO(X 1) This is a PRG as it takes i bits of iput ad returs bits of output. The oly way for a adversary to distiguish betwee G(X) ad U is to query RO o X 0 or X 1, which ca happe with probability at most 1 (adversary eeds to guess X). Similar to the OWF case, the success probability is bouded by T if the adversary is allowed to make T queries. Lecture 11, Page 5

6 5.3 PRFs We defie a PRF i the Radom Oracle model as follows: F RO( ) K (X) = RO(K X) This has the same security as the PRG defiitio if K = (adversary has to guess K). 5.4 CRHF We defie a CRHF i the Radom Oracle model as follows: H RO( ) (X) = RO(X) We claim that this has security T if the adversary makes T queries. The proof follows by otig that the probability of the i th ad j th queries collidig is 1 ad hece with T queries, the probability of fidig a collisio is bouded by T (usig the uio boud). This is also kow as the birthday boud that is see i the birthday paradox. Pr[(X X ) (RO(X) = RO(X )) : (X, X ) A RO( ) (1 )] Pr[ i, j [T ], i j, RO(X i ) = RO(X j )] i,j Pr[RO(X i ) = RO(X j )] T 5.5 Radom Oracles i real life The motivatio of comig up with the Radom Oracle model was to try ad capture the extra properties that CRHFs seemed to show i real life, i a formal ad rigourous maer. Whe we try to go back from the theoretical models to practice, we lose this rigour. I real life there are o radom oracles RO, ad the cryptographic primitives that we costruct i this model caot be directly used. What is doe i practice is to simply replace the RO with a CRHF H s ad use the same costructios as i the Radom Oracle model. Of course H s is ot a truly radom fuctio, ad hece oe of the ice properties that we ca prove regardig RO ecessarily hold whe we use H s. Whe shiftig from theory to practice, mathematical rigour ad proofs are let go ad oe just hopes that it works out. The guaratees regardig security get modified (i a had-wavy maer), with the umber of queries T gettig replaced with the ruig time of H s. While this is ot a rigourous maer of arguig about the security of cryptosystems it seems to work i geeral ad thus gets used. Lecture 11, Page 6

Lecture 11: Pseudorandom functions

Lecture 11: Pseudorandom functions COM S 6830 Cryptography Oct 1, 2009 Istructor: Rafael Pass 1 Recap Lecture 11: Pseudoradom fuctios Scribe: Stefao Ermo Defiitio 1 (Ge, Ec, Dec) is a sigle message secure ecryptio scheme if for all uppt

More information

Lecture 11: Hash Functions, Merkle-Damgaard, Random Oracle

Lecture 11: Hash Functions, Merkle-Damgaard, Random Oracle CS 7880 Graduate Cryptography October 20, 2015 Lecture 11: Hash Functions, Merkle-Damgaard, Random Oracle Lecturer: Daniel Wichs Scribe: Tanay Mehta 1 Topics Covered Review Collision-Resistant Hash Functions

More information

Notes for Lecture 5. 1 Grover Search. 1.1 The Setting. 1.2 Motivation. Lecture 5 (September 26, 2018)

Notes for Lecture 5. 1 Grover Search. 1.1 The Setting. 1.2 Motivation. Lecture 5 (September 26, 2018) COS 597A: Quatum Cryptography Lecture 5 (September 6, 08) Lecturer: Mark Zhadry Priceto Uiversity Scribe: Fermi Ma Notes for Lecture 5 Today we ll move o from the slightly cotrived applicatios of quatum

More information

Lecture 4: Unique-SAT, Parity-SAT, and Approximate Counting

Lecture 4: Unique-SAT, Parity-SAT, and Approximate Counting Advaced Complexity Theory Sprig 206 Lecture 4: Uique-SAT, Parity-SAT, ad Approximate Coutig Prof. Daa Moshkovitz Scribe: Aoymous Studet Scribe Date: Fall 202 Overview I this lecture we begi talkig about

More information

6.3 Testing Series With Positive Terms

6.3 Testing Series With Positive Terms 6.3. TESTING SERIES WITH POSITIVE TERMS 307 6.3 Testig Series With Positive Terms 6.3. Review of what is kow up to ow I theory, testig a series a i for covergece amouts to fidig the i= sequece of partial

More information

Lecture 9: Hierarchy Theorems

Lecture 9: Hierarchy Theorems IAS/PCMI Summer Sessio 2000 Clay Mathematics Udergraduate Program Basic Course o Computatioal Complexity Lecture 9: Hierarchy Theorems David Mix Barrigto ad Alexis Maciel July 27, 2000 Most of this lecture

More information

Lecture 5: April 17, 2013

Lecture 5: April 17, 2013 TTIC/CMSC 350 Mathematical Toolkit Sprig 203 Madhur Tulsiai Lecture 5: April 7, 203 Scribe: Somaye Hashemifar Cheroff bouds recap We recall the Cheroff/Hoeffdig bouds we derived i the last lecture idepedet

More information

OPTIMAL ALGORITHMS -- SUPPLEMENTAL NOTES

OPTIMAL ALGORITHMS -- SUPPLEMENTAL NOTES OPTIMAL ALGORITHMS -- SUPPLEMENTAL NOTES Peter M. Maurer Why Hashig is θ(). As i biary search, hashig assumes that keys are stored i a array which is idexed by a iteger. However, hashig attempts to bypass

More information

Hashing and Amortization

Hashing and Amortization Lecture Hashig ad Amortizatio Supplemetal readig i CLRS: Chapter ; Chapter 7 itro; Sectio 7.. Arrays ad Hashig Arrays are very useful. The items i a array are statically addressed, so that isertig, deletig,

More information

Infinite Sequences and Series

Infinite Sequences and Series Chapter 6 Ifiite Sequeces ad Series 6.1 Ifiite Sequeces 6.1.1 Elemetary Cocepts Simply speakig, a sequece is a ordered list of umbers writte: {a 1, a 2, a 3,...a, a +1,...} where the elemets a i represet

More information

Lecture 16: Monotone Formula Lower Bounds via Graph Entropy. 2 Monotone Formula Lower Bounds via Graph Entropy

Lecture 16: Monotone Formula Lower Bounds via Graph Entropy. 2 Monotone Formula Lower Bounds via Graph Entropy 15-859: Iformatio Theory ad Applicatios i TCS CMU: Sprig 2013 Lecture 16: Mootoe Formula Lower Bouds via Graph Etropy March 26, 2013 Lecturer: Mahdi Cheraghchi Scribe: Shashak Sigh 1 Recap Graph Etropy:

More information

Review of Elementary Cryptography. For more material, see my notes of CSE 5351, available on my webpage

Review of Elementary Cryptography. For more material, see my notes of CSE 5351, available on my webpage Review of Elemetary Cryptography For more material, see my otes of CSE 5351, available o my webpage Outlie Security (CPA, CCA, sematic security, idistiguishability) RSA ElGamal Homomorphic ecryptio 2 Two

More information

Problem Set 2 Solutions

Problem Set 2 Solutions CS271 Radomess & Computatio, Sprig 2018 Problem Set 2 Solutios Poit totals are i the margi; the maximum total umber of poits was 52. 1. Probabilistic method for domiatig sets 6pts Pick a radom subset S

More information

Last time, we talked about how Equation (1) can simulate Equation (2). We asserted that Equation (2) can also simulate Equation (1).

Last time, we talked about how Equation (1) can simulate Equation (2). We asserted that Equation (2) can also simulate Equation (1). 6896 Quatum Complexity Theory Sept 23, 2008 Lecturer: Scott Aaroso Lecture 6 Last Time: Quatum Error-Correctio Quatum Query Model Deutsch-Jozsa Algorithm (Computes x y i oe query) Today: Berstei-Vazirii

More information

Message Authentication Codes. Reading: Chapter 4 of Katz & Lindell

Message Authentication Codes. Reading: Chapter 4 of Katz & Lindell Message Autheticatio Codes Readig: Chapter 4 of Katz & Lidell 1 Message autheticatio Bob receives a message m from Alice, he wats to ow (Data origi autheticatio) whether the message was really set by Alice.

More information

Definitions: Universe U of keys, e.g., U N 0. U very large. Set S U of keys, S = m U.

Definitions: Universe U of keys, e.g., U N 0. U very large. Set S U of keys, S = m U. 7 7 Dictioary: S.isertx): Isert a elemet x. S.deletex): Delete the elemet poited to by x. S.searchk): Retur a poiter to a elemet e with key[e] = k i S if it exists; otherwise retur ull. So far we have

More information

2 High-level Complexity vs. Concrete Complexity

2 High-level Complexity vs. Concrete Complexity COMS 6998: Advaced Complexity Sprig 2017 Lecture 1: Course Itroductio ad Boolea Formulas Lecturer: Rocco Servedio Scribes: Jiahui Liu, Kailash Karthik Meiyappa 1 Overview of Topics 1. Boolea formulas (examples,

More information

NUMERICAL METHODS FOR SOLVING EQUATIONS

NUMERICAL METHODS FOR SOLVING EQUATIONS Mathematics Revisio Guides Numerical Methods for Solvig Equatios Page 1 of 11 M.K. HOME TUITION Mathematics Revisio Guides Level: GCSE Higher Tier NUMERICAL METHODS FOR SOLVING EQUATIONS Versio:. Date:

More information

4.3 Growth Rates of Solutions to Recurrences

4.3 Growth Rates of Solutions to Recurrences 4.3. GROWTH RATES OF SOLUTIONS TO RECURRENCES 81 4.3 Growth Rates of Solutios to Recurreces 4.3.1 Divide ad Coquer Algorithms Oe of the most basic ad powerful algorithmic techiques is divide ad coquer.

More information

Lecture 14: Graph Entropy

Lecture 14: Graph Entropy 15-859: Iformatio Theory ad Applicatios i TCS Sprig 2013 Lecture 14: Graph Etropy March 19, 2013 Lecturer: Mahdi Cheraghchi Scribe: Euiwoog Lee 1 Recap Bergma s boud o the permaet Shearer s Lemma Number

More information

Math 61CM - Solutions to homework 3

Math 61CM - Solutions to homework 3 Math 6CM - Solutios to homework 3 Cédric De Groote October 2 th, 208 Problem : Let F be a field, m 0 a fixed oegative iteger ad let V = {a 0 + a x + + a m x m a 0,, a m F} be the vector space cosistig

More information

Lecture 4: April 10, 2013

Lecture 4: April 10, 2013 TTIC/CMSC 1150 Mathematical Toolkit Sprig 01 Madhur Tulsiai Lecture 4: April 10, 01 Scribe: Haris Agelidakis 1 Chebyshev s Iequality recap I the previous lecture, we used Chebyshev s iequality to get a

More information

MA131 - Analysis 1. Workbook 2 Sequences I

MA131 - Analysis 1. Workbook 2 Sequences I MA3 - Aalysis Workbook 2 Sequeces I Autum 203 Cotets 2 Sequeces I 2. Itroductio.............................. 2.2 Icreasig ad Decreasig Sequeces................ 2 2.3 Bouded Sequeces..........................

More information

ECEN 655: Advanced Channel Coding Spring Lecture 7 02/04/14. Belief propagation is exact on tree-structured factor graphs.

ECEN 655: Advanced Channel Coding Spring Lecture 7 02/04/14. Belief propagation is exact on tree-structured factor graphs. ECEN 655: Advaced Chael Codig Sprig 014 Prof. Hery Pfister Lecture 7 0/04/14 Scribe: Megke Lia 1 4-Cycles i Gallager s Esemble What we already kow: Belief propagatio is exact o tree-structured factor graphs.

More information

Frequentist Inference

Frequentist Inference Frequetist Iferece The topics of the ext three sectios are useful applicatios of the Cetral Limit Theorem. Without kowig aythig about the uderlyig distributio of a sequece of radom variables {X i }, for

More information

Lecture 9: Pseudo-random generators against space bounded computation,

Lecture 9: Pseudo-random generators against space bounded computation, Lecture 9: Pseudo-radom geerators agaist space bouded computatio, Primality Testig Topics i Pseudoradomess ad Complexity (Sprig 2018) Rutgers Uiversity Swastik Kopparty Scribes: Harsha Tirumala, Jiyu Zhag

More information

Design and Analysis of Algorithms

Design and Analysis of Algorithms Desig ad Aalysis of Algorithms Probabilistic aalysis ad Radomized algorithms Referece: CLRS Chapter 5 Topics: Hirig problem Idicatio radom variables Radomized algorithms Huo Hogwei 1 The hirig problem

More information

Notes for Lecture 11

Notes for Lecture 11 U.C. Berkeley CS78: Computatioal Complexity Hadout N Professor Luca Trevisa 3/4/008 Notes for Lecture Eigevalues, Expasio, ad Radom Walks As usual by ow, let G = (V, E) be a udirected d-regular graph with

More information

Oblivious Gradient Clock Synchronization

Oblivious Gradient Clock Synchronization Motivatio: Clock Sychroizatio Oblivious Gradiet Clock Sychroizatio Thomas Locher, ETH Zurich Roger Wattehofer, ETH Zurich Clock sychroizatio is a classic, importat problem! May results have bee published

More information

n outcome is (+1,+1, 1,..., 1). Let the r.v. X denote our position (relative to our starting point 0) after n moves. Thus X = X 1 + X 2 + +X n,

n outcome is (+1,+1, 1,..., 1). Let the r.v. X denote our position (relative to our starting point 0) after n moves. Thus X = X 1 + X 2 + +X n, CS 70 Discrete Mathematics for CS Sprig 2008 David Wager Note 9 Variace Questio: At each time step, I flip a fair coi. If it comes up Heads, I walk oe step to the right; if it comes up Tails, I walk oe

More information

Lecture 2: April 3, 2013

Lecture 2: April 3, 2013 TTIC/CMSC 350 Mathematical Toolkit Sprig 203 Madhur Tulsiai Lecture 2: April 3, 203 Scribe: Shubhedu Trivedi Coi tosses cotiued We retur to the coi tossig example from the last lecture agai: Example. Give,

More information

Randomized Algorithms I, Spring 2018, Department of Computer Science, University of Helsinki Homework 1: Solutions (Discussed January 25, 2018)

Randomized Algorithms I, Spring 2018, Department of Computer Science, University of Helsinki Homework 1: Solutions (Discussed January 25, 2018) Radomized Algorithms I, Sprig 08, Departmet of Computer Sciece, Uiversity of Helsiki Homework : Solutios Discussed Jauary 5, 08). Exercise.: Cosider the followig balls-ad-bi game. We start with oe black

More information

Recursive Algorithm for Generating Partitions of an Integer. 1 Preliminary

Recursive Algorithm for Generating Partitions of an Integer. 1 Preliminary Recursive Algorithm for Geeratig Partitios of a Iteger Sug-Hyuk Cha Computer Sciece Departmet, Pace Uiversity 1 Pace Plaza, New York, NY 10038 USA scha@pace.edu Abstract. This article first reviews the

More information

# fixed points of g. Tree to string. Repeatedly select the leaf with the smallest label, write down the label of its neighbour and remove the leaf.

# fixed points of g. Tree to string. Repeatedly select the leaf with the smallest label, write down the label of its neighbour and remove the leaf. Combiatorics Graph Theory Coutig labelled ad ulabelled graphs There are 2 ( 2) labelled graphs of order. The ulabelled graphs of order correspod to orbits of the actio of S o the set of labelled graphs.

More information

Recursive Algorithms. Recurrences. Recursive Algorithms Analysis

Recursive Algorithms. Recurrences. Recursive Algorithms Analysis Recursive Algorithms Recurreces Computer Sciece & Egieerig 35: Discrete Mathematics Christopher M Bourke cbourke@cseuledu A recursive algorithm is oe i which objects are defied i terms of other objects

More information

Context-free grammars and. Basics of string generation methods

Context-free grammars and. Basics of string generation methods Cotext-free grammars ad laguages Basics of strig geeratio methods What s so great about regular expressios? A regular expressio is a strig represetatio of a regular laguage This allows the storig a whole

More information

Sequences I. Chapter Introduction

Sequences I. Chapter Introduction Chapter 2 Sequeces I 2. Itroductio A sequece is a list of umbers i a defiite order so that we kow which umber is i the first place, which umber is i the secod place ad, for ay atural umber, we kow which

More information

6.895 Essential Coding Theory October 20, Lecture 11. This lecture is focused in comparisons of the following properties/parameters of a code:

6.895 Essential Coding Theory October 20, Lecture 11. This lecture is focused in comparisons of the following properties/parameters of a code: 6.895 Essetial Codig Theory October 0, 004 Lecture 11 Lecturer: Madhu Suda Scribe: Aastasios Sidiropoulos 1 Overview This lecture is focused i comparisos of the followig properties/parameters of a code:

More information

Ma 530 Introduction to Power Series

Ma 530 Introduction to Power Series Ma 530 Itroductio to Power Series Please ote that there is material o power series at Visual Calculus. Some of this material was used as part of the presetatio of the topics that follow. What is a Power

More information

Introduction to Computational Molecular Biology. Gibbs Sampling

Introduction to Computational Molecular Biology. Gibbs Sampling 18.417 Itroductio to Computatioal Molecular Biology Lecture 19: November 16, 2004 Scribe: Tushara C. Karuarata Lecturer: Ross Lippert Editor: Tushara C. Karuarata Gibbs Samplig Itroductio Let s first recall

More information

Solutions to Tutorial 3 (Week 4)

Solutions to Tutorial 3 (Week 4) The Uiversity of Sydey School of Mathematics ad Statistics Solutios to Tutorial Week 4 MATH2962: Real ad Complex Aalysis Advaced Semester 1, 2017 Web Page: http://www.maths.usyd.edu.au/u/ug/im/math2962/

More information

The Binomial Theorem

The Binomial Theorem The Biomial Theorem Robert Marti Itroductio The Biomial Theorem is used to expad biomials, that is, brackets cosistig of two distict terms The formula for the Biomial Theorem is as follows: (a + b ( k

More information

Chapter 6 Infinite Series

Chapter 6 Infinite Series Chapter 6 Ifiite Series I the previous chapter we cosidered itegrals which were improper i the sese that the iterval of itegratio was ubouded. I this chapter we are goig to discuss a topic which is somewhat

More information

Lecture 1: Basic problems of coding theory

Lecture 1: Basic problems of coding theory Lecture 1: Basic problems of codig theory Error-Correctig Codes (Sprig 016) Rutgers Uiversity Swastik Kopparty Scribes: Abhishek Bhrushudi & Aditya Potukuchi Admiistrivia was discussed at the begiig of

More information

Approximations and more PMFs and PDFs

Approximations and more PMFs and PDFs Approximatios ad more PMFs ad PDFs Saad Meimeh 1 Approximatio of biomial with Poisso Cosider the biomial distributio ( b(k,,p = p k (1 p k, k λ: k Assume that is large, ad p is small, but p λ at the limit.

More information

Course 8 Properties of Regular Languages

Course 8 Properties of Regular Languages Course 8 Properties of Regular Laguages The structure ad the cotet of the lecture is based o http://www.eecs.wsu.edu/~aath/cpts37/lectures/idex.htm Topics ) How to prove whether a give laguage is ot regular?

More information

( ) = p and P( i = b) = q.

( ) = p and P( i = b) = q. MATH 540 Radom Walks Part 1 A radom walk X is special stochastic process that measures the height (or value) of a particle that radomly moves upward or dowward certai fixed amouts o each uit icremet of

More information

subcaptionfont+=small,labelformat=parens,labelsep=space,skip=6pt,list=0,hypcap=0 subcaption ALGEBRAIC COMBINATORICS LECTURE 8 TUESDAY, 2/16/2016

subcaptionfont+=small,labelformat=parens,labelsep=space,skip=6pt,list=0,hypcap=0 subcaption ALGEBRAIC COMBINATORICS LECTURE 8 TUESDAY, 2/16/2016 subcaptiofot+=small,labelformat=pares,labelsep=space,skip=6pt,list=0,hypcap=0 subcaptio ALGEBRAIC COMBINATORICS LECTURE 8 TUESDAY, /6/06. Self-cojugate Partitios Recall that, give a partitio λ, we may

More information

Shannon s noiseless coding theorem

Shannon s noiseless coding theorem 18.310 lecture otes May 4, 2015 Shao s oiseless codig theorem Lecturer: Michel Goemas I these otes we discuss Shao s oiseless codig theorem, which is oe of the foudig results of the field of iformatio

More information

Discrete Mathematics for CS Spring 2007 Luca Trevisan Lecture 22

Discrete Mathematics for CS Spring 2007 Luca Trevisan Lecture 22 CS 70 Discrete Mathematics for CS Sprig 2007 Luca Trevisa Lecture 22 Aother Importat Distributio The Geometric Distributio Questio: A biased coi with Heads probability p is tossed repeatedly util the first

More information

1 Hash tables. 1.1 Implementation

1 Hash tables. 1.1 Implementation Lecture 8 Hash Tables, Uiversal Hash Fuctios, Balls ad Bis Scribes: Luke Johsto, Moses Charikar, G. Valiat Date: Oct 18, 2017 Adapted From Virgiia Williams lecture otes 1 Hash tables A hash table is a

More information

Lecture 10: Universal coding and prediction

Lecture 10: Universal coding and prediction 0-704: Iformatio Processig ad Learig Sprig 0 Lecture 0: Uiversal codig ad predictio Lecturer: Aarti Sigh Scribes: Georg M. Goerg Disclaimer: These otes have ot bee subjected to the usual scrutiy reserved

More information

Optimally Sparse SVMs

Optimally Sparse SVMs A. Proof of Lemma 3. We here prove a lower boud o the umber of support vectors to achieve geeralizatio bouds of the form which we cosider. Importatly, this result holds ot oly for liear classifiers, but

More information

Here, e(a, B) is defined as the number of edges between A and B in the n dimensional boolean hypercube.

Here, e(a, B) is defined as the number of edges between A and B in the n dimensional boolean hypercube. Lecture 2 Topics i Complexity Theory ad Pseudoradomess (Sprig 2013) Rutgers Uiversity Swastik Kopparty Scribes: Amey Bhagale, Mrial Kumar 1 Overview I this lecture, we will complete the proof of formula

More information

IP Reference guide for integer programming formulations.

IP Reference guide for integer programming formulations. IP Referece guide for iteger programmig formulatios. by James B. Orli for 15.053 ad 15.058 This documet is iteded as a compact (or relatively compact) guide to the formulatio of iteger programs. For more

More information

Math 113 Exam 4 Practice

Math 113 Exam 4 Practice Math Exam 4 Practice Exam 4 will cover.-.. This sheet has three sectios. The first sectio will remid you about techiques ad formulas that you should kow. The secod gives a umber of practice questios for

More information

Posted-Price, Sealed-Bid Auctions

Posted-Price, Sealed-Bid Auctions Posted-Price, Sealed-Bid Auctios Professors Greewald ad Oyakawa 207-02-08 We itroduce the posted-price, sealed-bid auctio. This auctio format itroduces the idea of approximatios. We describe how well this

More information

Properties of Regular Languages. Reading: Chapter 4

Properties of Regular Languages. Reading: Chapter 4 Properties of Regular Laguages Readig: Chapter 4 Topics ) How to prove whether a give laguage is regular or ot? 2) Closure properties of regular laguages 3) Miimizatio of DFAs 2 Some laguages are ot regular

More information

HOMEWORK 2 SOLUTIONS

HOMEWORK 2 SOLUTIONS HOMEWORK SOLUTIONS CSE 55 RANDOMIZED AND APPROXIMATION ALGORITHMS 1. Questio 1. a) The larger the value of k is, the smaller the expected umber of days util we get all the coupos we eed. I fact if = k

More information

CONSTRUCTING TRUNCATED IRRATIONAL NUMBERS AND DETERMINING THEIR NEIGHBORING PRIMES

CONSTRUCTING TRUNCATED IRRATIONAL NUMBERS AND DETERMINING THEIR NEIGHBORING PRIMES CONSTRUCTING TRUNCATED IRRATIONAL NUMBERS AND DETERMINING THEIR NEIGHBORING PRIMES It is well kow that there exist a ifiite set of irratioal umbers icludig, sqrt(), ad e. Such quatities are of ifiite legth

More information

Optimization Methods MIT 2.098/6.255/ Final exam

Optimization Methods MIT 2.098/6.255/ Final exam Optimizatio Methods MIT 2.098/6.255/15.093 Fial exam Date Give: December 19th, 2006 P1. [30 pts] Classify the followig statemets as true or false. All aswers must be well-justified, either through a short

More information

Lecture 12: September 27

Lecture 12: September 27 36-705: Itermediate Statistics Fall 207 Lecturer: Siva Balakrisha Lecture 2: September 27 Today we will discuss sufficiecy i more detail ad the begi to discuss some geeral strategies for costructig estimators.

More information

Lecture 19: Convergence

Lecture 19: Convergence Lecture 19: Covergece Asymptotic approach I statistical aalysis or iferece, a key to the success of fidig a good procedure is beig able to fid some momets ad/or distributios of various statistics. I may

More information

Continuous Functions

Continuous Functions Cotiuous Fuctios Q What does it mea for a fuctio to be cotiuous at a poit? Aswer- I mathematics, we have a defiitio that cosists of three cocepts that are liked i a special way Cosider the followig defiitio

More information

Fall 2013 MTH431/531 Real analysis Section Notes

Fall 2013 MTH431/531 Real analysis Section Notes Fall 013 MTH431/531 Real aalysis Sectio 8.1-8. Notes Yi Su 013.11.1 1. Defiitio of uiform covergece. We look at a sequece of fuctios f (x) ad study the coverget property. Notice we have two parameters

More information

Disjoint set (Union-Find)

Disjoint set (Union-Find) CS124 Lecture 7 Fall 2018 Disjoit set (Uio-Fid) For Kruskal s algorithm for the miimum spaig tree problem, we foud that we eeded a data structure for maitaiig a collectio of disjoit sets. That is, we eed

More information

(A sequence also can be thought of as the list of function values attained for a function f :ℵ X, where f (n) = x n for n 1.) x 1 x N +k x N +4 x 3

(A sequence also can be thought of as the list of function values attained for a function f :ℵ X, where f (n) = x n for n 1.) x 1 x N +k x N +4 x 3 MATH 337 Sequeces Dr. Neal, WKU Let X be a metric space with distace fuctio d. We shall defie the geeral cocept of sequece ad limit i a metric space, the apply the results i particular to some special

More information

Analytic Continuation

Analytic Continuation Aalytic Cotiuatio The stadard example of this is give by Example Let h (z) = 1 + z + z 2 + z 3 +... kow to coverge oly for z < 1. I fact h (z) = 1/ (1 z) for such z. Yet H (z) = 1/ (1 z) is defied for

More information

Massachusetts Institute of Technology

Massachusetts Institute of Technology 6.0/6.3: Probabilistic Systems Aalysis (Fall 00) Problem Set 8: Solutios. (a) We cosider a Markov chai with states 0,,, 3,, 5, where state i idicates that there are i shoes available at the frot door i

More information

ORIE 633 Network Flows September 27, Lecture 8

ORIE 633 Network Flows September 27, Lecture 8 ORIE 633 Network Flows September 7, 007 Lecturer: David P. Williamso Lecture 8 Scribe: Gema Plaza-Martíez 1 Global mi-cuts i udirected graphs 1.1 Radom cotractio Recall from last time we itroduced the

More information

Lecture 3: August 31

Lecture 3: August 31 36-705: Itermediate Statistics Fall 018 Lecturer: Siva Balakrisha Lecture 3: August 31 This lecture will be mostly a summary of other useful expoetial tail bouds We will ot prove ay of these i lecture,

More information

Lecture Chapter 6: Convergence of Random Sequences

Lecture Chapter 6: Convergence of Random Sequences ECE5: Aalysis of Radom Sigals Fall 6 Lecture Chapter 6: Covergece of Radom Sequeces Dr Salim El Rouayheb Scribe: Abhay Ashutosh Doel, Qibo Zhag, Peiwe Tia, Pegzhe Wag, Lu Liu Radom sequece Defiitio A ifiite

More information

Lecture 9: Expanders Part 2, Extractors

Lecture 9: Expanders Part 2, Extractors Lecture 9: Expaders Part, Extractors Topics i Complexity Theory ad Pseudoradomess Sprig 013 Rutgers Uiversity Swastik Kopparty Scribes: Jaso Perry, Joh Kim I this lecture, we will discuss further the pseudoradomess

More information

6 Integers Modulo n. integer k can be written as k = qn + r, with q,r, 0 r b. So any integer.

6 Integers Modulo n. integer k can be written as k = qn + r, with q,r, 0 r b. So any integer. 6 Itegers Modulo I Example 2.3(e), we have defied the cogruece of two itegers a,b with respect to a modulus. Let us recall that a b (mod ) meas a b. We have proved that cogruece is a equivalece relatio

More information

Discrete Mathematics and Probability Theory Fall 2009 Satish Rao,David Tse Note 12

Discrete Mathematics and Probability Theory Fall 2009 Satish Rao,David Tse Note 12 CS 70 Discrete Mathematics ad Probability Theory Fall 2009 Satish Rao,David Tse Note 12 Two Killer Applicatios I this lecture, we will see two killer apps of elemetary probability i Computer Sciece. 1.

More information

7.7 Hashing. 7.7 Hashing. Perfect Hashing. Direct Addressing

7.7 Hashing. 7.7 Hashing. Perfect Hashing. Direct Addressing Dictioary: S.isertx): Isert a elemet x. S.deletex): Delete the elemet poited to by x. S.searchk): Retur a poiter to a elemet e with key[e] = k i S if it exists; otherwise retur ull. So far we have implemeted

More information

Lecture 11: Channel Coding Theorem: Converse Part

Lecture 11: Channel Coding Theorem: Converse Part EE376A/STATS376A Iformatio Theory Lecture - 02/3/208 Lecture : Chael Codig Theorem: Coverse Part Lecturer: Tsachy Weissma Scribe: Erdem Bıyık I this lecture, we will cotiue our discussio o chael codig

More information

Lecture 14: Randomized Computation (cont.)

Lecture 14: Randomized Computation (cont.) CSE 200 Computability ad Complexity Wedesday, May 15, 2013 Lecture 14: Radomized Computatio (cot.) Istructor: Professor Shachar Lovett Scribe: Dogcai She 1 Radmized Algorithm Examples 1.1 The k-th Elemet

More information

Quantum Computing Lecture 7. Quantum Factoring

Quantum Computing Lecture 7. Quantum Factoring Quatum Computig Lecture 7 Quatum Factorig Maris Ozols Quatum factorig A polyomial time quatum algorithm for factorig umbers was published by Peter Shor i 1994. Polyomial time meas that the umber of gates

More information

CSE 4095/5095 Topics in Big Data Analytics Spring 2017; Homework 1 Solutions

CSE 4095/5095 Topics in Big Data Analytics Spring 2017; Homework 1 Solutions CSE 09/09 Topics i ig Data Aalytics Sprig 2017; Homework 1 Solutios Note: Solutios to problems,, ad 6 are due to Marius Nicolae. 1. Cosider the followig algorithm: for i := 1 to α log e do Pick a radom

More information

Math 113 Exam 3 Practice

Math 113 Exam 3 Practice Math Exam Practice Exam 4 will cover.-., 0. ad 0.. Note that eve though. was tested i exam, questios from that sectios may also be o this exam. For practice problems o., refer to the last review. This

More information

Introduction to Computational Biology Homework 2 Solution

Introduction to Computational Biology Homework 2 Solution Itroductio to Computatioal Biology Homework 2 Solutio Problem 1: Cocave gap pealty fuctio Let γ be a gap pealty fuctio defied over o-egative itegers. The fuctio γ is called sub-additive iff it satisfies

More information

INTEGRATION BY PARTS (TABLE METHOD)

INTEGRATION BY PARTS (TABLE METHOD) INTEGRATION BY PARTS (TABLE METHOD) Suppose you wat to evaluate cos d usig itegratio by parts. Usig the u dv otatio, we get So, u dv d cos du d v si cos d si si d or si si d We see that it is ecessary

More information

Lecture 10 October Minimaxity and least favorable prior sequences

Lecture 10 October Minimaxity and least favorable prior sequences STATS 300A: Theory of Statistics Fall 205 Lecture 0 October 22 Lecturer: Lester Mackey Scribe: Brya He, Rahul Makhijai Warig: These otes may cotai factual ad/or typographic errors. 0. Miimaxity ad least

More information

Algorithms and Data Structures Lecture IV

Algorithms and Data Structures Lecture IV Algorithms ad Data Structures Lecture IV Simoas Šalteis Aalborg Uiversity simas@cs.auc.dk September 5, 00 1 This Lecture Aalyzig the ruig time of recursive algorithms (such as divide-ad-coquer) Writig

More information

Lecture 4 February 16, 2016

Lecture 4 February 16, 2016 MIT 6.854/18.415: Advaced Algorithms Sprig 16 Prof. Akur Moitra Lecture 4 February 16, 16 Scribe: Be Eysebach, Devi Neal 1 Last Time Cosistet Hashig - hash fuctios that evolve well Radom Trees - routig

More information

Analysis of Algorithms. Introduction. Contents

Analysis of Algorithms. Introduction. Contents Itroductio The focus of this module is mathematical aspects of algorithms. Our mai focus is aalysis of algorithms, which meas evaluatig efficiecy of algorithms by aalytical ad mathematical methods. We

More information

An Introduction to Randomized Algorithms

An Introduction to Randomized Algorithms A Itroductio to Radomized Algorithms The focus of this lecture is to study a radomized algorithm for quick sort, aalyze it usig probabilistic recurrece relatios, ad also provide more geeral tools for aalysis

More information

Information Theory and Statistics Lecture 4: Lempel-Ziv code

Information Theory and Statistics Lecture 4: Lempel-Ziv code Iformatio Theory ad Statistics Lecture 4: Lempel-Ziv code Łukasz Dębowski ldebowsk@ipipa.waw.pl Ph. D. Programme 203/204 Etropy rate is the limitig compressio rate Theorem For a statioary process (X i)

More information

Intro to Learning Theory

Intro to Learning Theory Lecture 1, October 18, 2016 Itro to Learig Theory Ruth Urer 1 Machie Learig ad Learig Theory Comig soo 2 Formal Framework 21 Basic otios I our formal model for machie learig, the istaces to be classified

More information

b i u x i U a i j u x i u x j

b i u x i U a i j u x i u x j M ath 5 2 7 Fall 2 0 0 9 L ecture 1 9 N ov. 1 6, 2 0 0 9 ) S ecod- Order Elliptic Equatios: Weak S olutios 1. Defiitios. I this ad the followig two lectures we will study the boudary value problem Here

More information

6.046 Recitation 5: Binary Search Trees Bill Thies, Fall 2004 Outline

6.046 Recitation 5: Binary Search Trees Bill Thies, Fall 2004 Outline 6.046 Recitatio 5: Biary Search Trees Bill Thies, Fall 2004 Outlie My cotact iformatio: Bill Thies thies@mit.edu Office hours: Sat 1-3pm, 36-153 Recitatio website: http://cag.lcs.mit.edu/~thies/6.046/

More information

Problem Cosider the curve give parametrically as x = si t ad y = + cos t for» t» ß: (a) Describe the path this traverses: Where does it start (whe t =

Problem Cosider the curve give parametrically as x = si t ad y = + cos t for» t» ß: (a) Describe the path this traverses: Where does it start (whe t = Mathematics Summer Wilso Fial Exam August 8, ANSWERS Problem 1 (a) Fid the solutio to y +x y = e x x that satisfies y() = 5 : This is already i the form we used for a first order liear differetial equatio,

More information

Lesson 10: Limits and Continuity

Lesson 10: Limits and Continuity www.scimsacademy.com Lesso 10: Limits ad Cotiuity SCIMS Academy 1 Limit of a fuctio The cocept of limit of a fuctio is cetral to all other cocepts i calculus (like cotiuity, derivative, defiite itegrals

More information

CS161: Algorithm Design and Analysis Handout #10 Stanford University Wednesday, 10 February 2016

CS161: Algorithm Design and Analysis Handout #10 Stanford University Wednesday, 10 February 2016 CS161: Algorithm Desig ad Aalysis Hadout #10 Staford Uiversity Wedesday, 10 February 2016 Lecture #11: Wedesday, 10 February 2016 Topics: Example midterm problems ad solutios from a log time ago Sprig

More information

Math 10A final exam, December 16, 2016

Math 10A final exam, December 16, 2016 Please put away all books, calculators, cell phoes ad other devices. You may cosult a sigle two-sided sheet of otes. Please write carefully ad clearly, USING WORDS (ot just symbols). Remember that the

More information

Math 113 Exam 3 Practice

Math 113 Exam 3 Practice Math Exam Practice Exam will cover.-.9. This sheet has three sectios. The first sectio will remid you about techiques ad formulas that you should kow. The secod gives a umber of practice questios for you

More information

UC Berkeley CS 170: Efficient Algorithms and Intractable Problems Handout 17 Lecturer: David Wagner April 3, Notes 17 for CS 170

UC Berkeley CS 170: Efficient Algorithms and Intractable Problems Handout 17 Lecturer: David Wagner April 3, Notes 17 for CS 170 UC Berkeley CS 170: Efficiet Algorithms ad Itractable Problems Hadout 17 Lecturer: David Wager April 3, 2003 Notes 17 for CS 170 1 The Lempel-Ziv algorithm There is a sese i which the Huffma codig was

More information

CHAPTER 10 INFINITE SEQUENCES AND SERIES

CHAPTER 10 INFINITE SEQUENCES AND SERIES CHAPTER 10 INFINITE SEQUENCES AND SERIES 10.1 Sequeces 10.2 Ifiite Series 10.3 The Itegral Tests 10.4 Compariso Tests 10.5 The Ratio ad Root Tests 10.6 Alteratig Series: Absolute ad Coditioal Covergece

More information

Sequences and Series of Functions

Sequences and Series of Functions Chapter 6 Sequeces ad Series of Fuctios 6.1. Covergece of a Sequece of Fuctios Poitwise Covergece. Defiitio 6.1. Let, for each N, fuctio f : A R be defied. If, for each x A, the sequece (f (x)) coverges

More information