Impossible differential attacks on 4-round DES-like ciphers
|
|
- Megan Henderson
- 5 years ago
- Views:
Transcription
1 INENAIONA JOUNA OF COMPUES AND COMMUNICAIONS Volume 9, 2015 Impossble dfferental attacks on 4-round DES-lke cphers Pavol Zajac Abstract Data Encrypton Standard was a man publc encrypton standard for more than 20 years, but now t s consdered nsecure. However, there are stll numerous proposals of new lghtweght cpher desgns smlar to DES, some of them only consstng of 4 Festel rounds. It s known that there exst generc dstngushers for 4-round Festel cpher, but ther complexty scales exponentally wth the cpher sze. In the theoretcal analyss, an deal round functon s consdered. In ths artcle we focus on a model of Festel cphers wth desgn smlar to DES. he round functon conssts of bt expanson, S-box applcaton, and permutaton of bts. We show that practcal DES-lke desgns cannot have only 4-rounds, even f the S-boxes are key-dependent, due to the mpossble dfferental attacks. Keywords Festel cpher, cryptanalyss, DES. I. INODUCION AA Data Encrypton Standard (DES [4] was a publc Dsymmetrc encrypton standard for more than 20 years. Now t s consdered nsecure due to short 56-bt keys and only 64-bt block sze, and due to lnear [11] and dfferental [2] attacks. It was replaced by the Advanced Encrypton Standard (AES [12], but n many legacy applcatons t s stll n use, ether n the orgnal form, or as DEA, known also as rple DES. Many applcatons n the areas of moble computng, e-health servces, wreless sensor networks, etc. requre a smple way to secure communcaton channels. AES, as a current symmetrc encrypton standard provdes robust and secure encrypton. Its nce mathematcal descrpton provdes alternatve varants that can be adapted where publc standard s not sutable [5]. However, AES and ts varants can be too complex and costly for some applcatons, e.g., when only 80-bt securty s requred. he balancng ssues between cpher securty and mplementaton costs are the man object of study of the lghtweght cryptography. ghtweght cryptography focuses on a smple cpher desgns that provdes enough securty wth lower costs n hardware or software mplementatons. he queston of general lower bounds on mplementaton of cphers wth gven securty crtera s an open problem, although some results are known for specfc types of Boolean functons that are mportant buldng blocks of the cphers [6]. he research was supported by the Scence Grant Agency - project VEGA 1/0173/13. hus, desgn of lghtweght cphers s mostly nfluenced by the known standard cpher desgns, ncludng the DES. here are many promsng lghtweght varants of DES such as DES [9]. In [13], an extremely lghtweght verson of DES s proposed wth only 4 rounds of Festel encrypton. It s already known that such a desgn s nsecure from the theoretcal pont of vew [14], due to collson attacks. However, the complexty n/4 of these attacks s O (2, where n s the block sze. hus, t mght seem that problems wth 4-round DES-lke cpher can be avoded by large enough block sze. In ths paper we show a practcal key-reconstructon attack on generalzed 4-round DES-lke cpher. Its complexty depends on the S-box sze and expanson factor, both of whch cannot be ncreased too much (due to mplementaton constrants. hs leads to a concluson that 4-round DES-lke cpher constructons are nherently nsecure and should not be used n practce. II. PEIMINAIES In ths secton we summarze basc notatons and defntons. Frst, we ntroduce the DES-lke cphers as a generalzaton of the desgn of the orgnal Data Encrypton Standard. hen we provde basc prelmnares on dfferental cryptanalyss and mpossble dfferental attacks. A. DES-lke cphers nb nk nb et e: Z2 Z2 Z2 n -bt blocks and havng B be a block cpher operatng on n K bt key. We construct functon e as a composton of partal functons that denote the ndvdual steps of the encrypton algorthm. We call e a generalzed DES cpher, f t has a Festel structure, and ts round functon conssts of bt expanson, key addton, S-box evaluaton and bt permutaton layers. A cpher wth Festel structure works as follows: 1. Splt the nput strng nto left and rght half, 2. ransform rght part wth a (key-dependent round functon F and XO t nto the left part, 3. Swap the two parts. hs s repeated r tmes, where each repetton of ths process wll be denoted as a round (of encrypton. Mathematcally, let x= ( l r denote the nput strng. ISSN:
2 INENAIONA JOUNA OF COMPUES AND COMMUNICAIONS Volume 9, 2015 hen y = ( r l F ( r s an output strng of one Festel k round ( denotes XO operaton on bt strngs. et n 2m B = for some postve nteger m, and let n m, and let s be an nteger that dvdes both m, and n. nk n r KS : Z ( Z denote a key schedule algorthm. et 2 2 hs algorthm provdes r subkeys master key k. I.e., 1 2 r k, k,, k gven a 1 2 r KS( k = ( k, k,, k. Subkeys are used to defne key dependent round functons for Festel cpher. ns / ms / et σ : denote any Boolean functon. We defne S-box layer (contanng s parallel S-boxes as a n m functon S:, where Sx ( 0,, xns / 1, xns /,, xn 1 = σ ( x,, x,, σ ( x,, x. ( 1 0 ns / 1 s n ns / n 1 I.e., we apply s S-boxes n parallel on ( n/ s -bt substrngs of the nput, producng correspondng ( m/ s -bt substrngs of the output. et ε : Zn Zm, n> m, such that for every y Zm, there s at least one x Zn such that y = ε x. Bt expanson m n functon E: s defned as ( ε ε ε n Ex (, x,, x = x, x,, x. 0 1 m 1 (0 (1 ( 1 hs means that each nput bt s coped nto output bts (n any order, and some of the nput bts can occur n the output multple tmes (are duplcated, trplcated, etc.. et π : Zm Zm be a bjecton. Bt permutaton functon m m P: Z Z s defned as 2 2 ( π π π n Ex (, x,, x = x, x,, x. 0 1 m 1 (0 (1 ( 1 hs means that each nput bt s coped nto output bts n the order prescrbed by permutaton π. m n m ound functon F: Z2 of a generalzed DES cpher can be wrtten as F( xk, = PSEx ( ( ( k, n m m n where S: denotes the S-box layer, E: m m s the bt expanson, and P: s the bt permutaton. In non-mathematcal terms, generalzed DES s a Festel cpher, wth round functon that frst performs bt expanson (takes m nput bts, and reorders/copes them to n output bts, XOs the expanded nput wth the round key, apples S-boxes n parallel, and fnally mxes the output bts wth bt permutaton P. It s schematcally denoted n Fgure 2. B. Dfferental cryptanalyss Dfferental cryptanalyss was ntroduced by Bham and Shamr n 1991 [2]. hey attack DES-lke cphers by studyng the statstcal dstrbuton of dfferences durng the encrypton process. Classcal dfferental cryptanalyss requres the knowledge of S-boxes to produce a statstcal model of S-box dfferental response,.e., the probablty that a gven change of S-box nput produces a partcular S-box output dfference. A good overvew of the standard dfferental cryptanalyss s provded n [7]. he frst step n the attack s the study of S-boxes. he attacker computes a dfferental profle of the n m S-box S: by computng probabltes n pab, = 1/2 { xsx ; ( Sx ( a = b}, for each, 0 ab. Here p ab, s a probablty that for a random nput of the S-box and gven nput dfference a the S-box produces output dfference b. he attacker examnes the lnear parts of the cpher (n DES-lke cpher these are just expansons and bt permutatons, and the Festel scheme tself, and dentfes dfferental trajectores. A dfferental trajectory s a path of some selected dfference through the encrypton scheme under condton that some specfc nput-output dfference pars are realzed on S-boxes n ths path. Multplyng dfferental probabltes gves a good estmate for the probablty p d that gven nput dfference of the cpher causes the expected output dfference (correspondng to the studed trajectory. If p d s sgnfcantly hgher than the probablty that such an output dfference can occur randomly, t can be exploted n the dstngushng attack, or even n key recovery attacks. A tradtonal dfferental cryptanalyss requres the knowledge of S-boxes and the structure of the cpher to compute the dfferental profles and to search for sutable dfferental trajectores. When S-boxes are key dependent, or kept secret n other way, the standard technques of dfferental cryptanalyss are thwarted (or at least they are not so straghtforward. Stll, n the later secton we wll show that n generalzed DES we can adapt a method of mpossble dfferentals [3], n a way that does not requre the knowledge of concrete S-boxes. Impossble dfferental cryptanalyss s based on those dfferences whch have zero probablty to occur. In ths case we do not work wth ndvdual trajectores and dfferences, but nstead focus on the sets of dfferences. he attacker must dentfy a large set of mpossble dfferences. E.g., suppose that some specfc nput dfference can only change the even number of bts n the output. hen every output dfference wth odd Hammng weght becomes mpossble, and the set of all output dfferences wth odd Hammng weght becomes a set of mpossble dfferences. hs creates a dstngusher for the cpher, because n deal case (a random permutaton half of the dfferences can have odd Hammng weght. It s generally more dffcult to dentfy mpossble ISSN:
3 INENAIONA JOUNA OF COMPUES AND COMMUNICAIONS Volume 9, 2015 Fg. 1 he propagaton of a dfference n a 4-round Festel scheme. dfferentals n a cpher. o show that some set of dfferentals t s necessary to show that there s no way that the nput dfference can cause any of the mpossble output dfferences, so the attacker must rule out every possble dfferental trajectory. However, t s relatvely easy to dentfy mpossble dfferentals n cphers wth small number of rounds, or weak dffuson. One of possble technques to dentfy mpossble dfferences for cphers wth more rounds s the technque of Φ matrx used n [6]. Matrx Φ assocated wth some Boolean transformaton n n Boolean matrx that contans 1 n F: Z Z s a n n Ph f and only f a change of nput bt can 2 2 poston, j cause a change of output bt j for some nput x. I.e., ( Φ = ff F( x e F( x 0 for some x, where, j 1 ( e s a bt vector wth a sngle 1 at -th poston. et denote the Boolean product of matrces (wth AND nstead of multplcatons, and O nstead of addton. It s easy to show that Φ Ph have zeroes n those postons, where the -th nput of F F cannot nfluence j -th output of F F. hus, zeroes n Boolean powers of Φ dentfy potentally useful mpossble dfferental sets. III. IMPOSSIBE DIFFEENIA AACK ON 4-OUND DES- IKE CIPHE In ths secton we apply the mpossble dfferental attack to the generalzed DES-lke cpher. An attacker starts by encryptng two plantext pars, whch have a sutably selected sngle-bt dfference. By studyng the propagaton of ths dfference n the Festel scheme, and n the round functon, the attacker can effcently characterze a large set of mpossble output dfferences from the thrd round of the scheme. hs set of mpossble dfferences can then be used to elmnate wrong (partal key hypotheses, and to reduce the keyspace n an effcent way (as long as the sze of the S-box s small. A. Dfference propagaton on the Festel scheme level et us study the response of Festel cpher to a sngle bt change n the left half of nput. he stuaton s depcted n Fgure 1. Frst we encrypt any plantext ( x, x, gettng cphertext ( y, y. he attacker chooses a sngle bt m dfference δ Z2,.e., wh ( δ = 1. He then encrypts the plantext ( x δ, x, obtanng cphertext * * ( y, y = ( y d, y d. A good cpher should provde a strong avalanche effect,.e., the output dfferences d and d should be unpredctable (wth approxmately one half of bts equal to zero, and one half equal to one. If we study the encrypton n more detal, we can see that n the frst round the nput to round functon F s the same n x. hus, the dfference δ s unchanged, both encryptons ( and s only swapped to the rght sde (and zero dfference s swapped to the left sde. In the second round the nput to functon F s dfferent durng the two encryptons, t dffers k 2 exactly by the dfference δ. If we do not know more detals about the structure of F, we cannot predct how wll the outputs of F dffer. We wll denote the output dfference n k 2 ths second round. he dfference gets swapped to the rght sde, and the dfference δ back to the left sde. In the thrd round the nput dfference to F k 3 s, whch s unknown, thus we do not know the output dfference of F k 3 as well. However, we know that on rght sde s unchanged and gets swapped to the left sde. In the fourth round dfference s further changed by the output dfference of F k 4. Once the attacker obtans the cphertexts and learns dfferences d, and d, he can propagate them backwards. Dfference d s exactly the nput dfference of F k 4, and we can see that d d3 s the output dfference of F k 3. k 1 ISSN:
4 INENAIONA JOUNA OF COMPUES AND COMMUNICAIONS Volume 9, 2015 Dfference d s the XO sum of and the output dfference of F k 4. hus, f the attacker somehow knows subkey k 4, he can compute n the followng way: = d F y F y * k ( k (. 4 4 he dfference s an output dfference of F k 2 provded a sngle bt nput dfference δ. If F has a DES-lke structure descrbed n Secton \ref{s2}, only some of dfferences are possble. et us denote a set of mpossble dfferences by,.e., = ; Pr F ( X F ( X δ = = 0. { X ( k } 2 k2 Gven two P-C pars ((,,(, ( ( * * x,,(, δ x y y x x y y, and, attacker can use set to quckly dscard some of the potental subkeys used n the last round. he attacker chooses subkey value k, and computes * = d Fk ( y (. Fk y k = k, cannot belong to set, otherwse there s /2 m that belong to. hus,, the attacker mmedately knows that k k4. If 4 a chance proportonal to f hs allows the attacker quck computaton of the last subkey, whch s an effcent attack on cpher f the subkey leaks nformaton about the key, and f the subkey s not longer than the full cpher key. However, f the cpher has DES-lke cpher, we can do much better by studyng the structure of functon F n more detals. B. Impossble dfferentals n a round functon Frst, let us consder how the set s constructed. he attacker chooses a sngle bt dfference δ. et us suppose that the bt whch s changed has ndex. he expanson functon E propagates the change to all postons j such that ε ( j =. he only S-boxes that are nfluenced by the change are those, where the change s propagated to. We call these S- boxes actve, and other S-boxes nactve. Suppose that a= mn { j; ε ( j = }. he attacker wll choose n such a way that he gets at most a actve S-boxes (and s a nactve S-boxes. When S-box s nactve, ts nputs do not change between encryptons. hs means that also ts outputs do not change. he output dfference of nactve S-box can only contan zero bts. On the other hand, the output dfference bts of the actve S-box can be varous dfferent btstrngs. If an S-box s known, attacker can restrct Fg. 2 he propagaton of a sngle-bt dfference nsde a DES-lke round functon. the set of possble output dfferences by analyzng the set of output dfferences for a gven nput dfference,.e., { Sx ( Sx ( }. In the worst-case scenaro from the attacker's pont of vew, the S-box s unknown. Stll, the attacker can consder that any non-zero bt strng s a possble output dfference from an actve S-box. In ths harder case, when the attacker does not know the S-boxes, we cannot, and do not need to, model the dstrbuton of output dfferences from actve S-boxes. Stll, due to the presence of nactve S-boxes, we can be certan that the number of non-zero bts n dfference s at most a m/ s (out of possble m bts. In the last step of the round functon, the known zerodfference bts from the output of nactve S-boxes are further dstrbuted by permutaton functon P. A dfference, whch has non-zero bt n a poston that s an output of nactve S-box after permutaton P s mpossble dfference for the whole round functon. If permutaton P s secret, the attacker stll knows the mnmal number of zero bts that any output dfference can have. he scenaro wth secret P s however unlkely, as t can be easy to extract hdden wrng from hardware mplementatons, and t s much more dffcult to mplement key-dependent bt set of permutatons than a sngle fxed permutaton. et us suppose that E, and P are known, and S -boxes can reman hdden from the attacker. he attacker can characterze the set by assocatng t wth a bt mask µ, whch has 0 n those postons that correspond to outputs of actve S-box permuted by P, and 1 n a postons correspondng to per muted outputs of nactve S-boxes. he attacker can quckly test whether : compute btwse AND between and µ. If t s non-zero, the dfference s mpossble. Moreover, the attacker can test n parts: compute btwse AND just between a selected bts of and correspondng bts of µ. he non-zero result mmedately ISSN:
5 INENAIONA JOUNA OF COMPUES AND COMMUNICAIONS Volume 9, 2015 tells us that dfference s mpossble, regardless of the rest of the bts that were not tested. et us provde a small example. he smplfed stuaton s denoted n Fgure 2. he nput dfference δ = s expanded by E nto dfference hs dfference changes the nputs of the frst two S-boxes, whch become actve S-boxes. he remanng two S-boxes are nactve. he bts of output dfference correspondng to outputs of actve S-boxes can potentally have both zero and non-zero value, denoted by '*' n the pcture. he output dfferences are dstrbuted by permutaton P. Dependng on the key, and on the actual nputs, we can observe any output dfference n the form '**00 **00 *0*0 *00*'. For the attack, we characterze the mpossble dfferental set by the bt mask µ = C. Key extracton attack Once we compute the mask µ, we can focus on the attack on the last round subkey. We want to fnd all values of k that do not lead to mpossble dfferentals. We do not need to compute the whole output of F k to dscard some key, t suffces to fnd some part of that can be compared wth mask µ and dscarded. Key k s XO-ed to expanded nput * y, and y, respectvely, before computng the output of S- boxes. hus, to compute the m/ s bts of, we only need to guess n/ s bts of k, and the contents of a sngle S-box. If the S-box s key-dependent, we guess the correspondng key bts that are used to generate the S-boxes. After computng the correspondng m/ s bts of the dfference, we check t wth the correspondng part of the mask µ. If the dfference s mpossble, we know that the key guess was ncorrect. We can separate the search for a correct subkey and S boxes: Just work wth a sngle hypothess for S-boxes, and try to fnd the correct subkey. If the S-box hypothess s ncorrect, the mpossble dfferentals wll elmnate all subkeys, otherwse a correct subkey wll reman (and S-boxes are found. / For each part of the key, we test only 2 ns hypotheses / separately, for a total work of s 2 ns, nstead of 2 n tests, whch s an exponental speedup. E.g. for classcal DES, n = 48, and to fnd the subkey usng a whole, we would need tests. If we test 4-bt blocks of = 512 tests. o prevent ths separately, we only need attack, we would need to sgnfcantly ncrease the value n/ s. However, the sze of S-boxes s also exponental n n/ s, thus t s not possble to ncrease the sze due to mplementaton constrants. A sngle set of two P-C pars ((,,(, ( ( * * x,,(, δ x y y x x y y, and provdes only a partal reducton n possble key space. Suppose that we test 4-bt blocks ( m/ s = 4. If the correspondng part of mask µ s 0000, we cannot elmnate any key hypothess. We try to avod such blocks, or to test two or more blocks together n such a case (so that the correspondng mask does not contan only zeros. If the correspondng mask has a sngle bt equal to one, we can elmnate approxmately half of hypotheses. If the mask has all ones, only approxmately 1 out of 16 hypotheses s not elmnated. Furthermore, the attacker can provde dfferent sets of nput P-C pars, each of whch wll elmnate a fracton of remanng key hypotheses, untl at most one wll reman. he number of requred sets of P-C pars s logarthmc n the key / space (comparable to n/ s, nstead of 2 ns. hus the attack has very low complexty even for cphers wth large blocks and key szes. After the attack on the last round s successful, we can ether reconstruct the orgnal key (dependng on the key schedule, or adapt the attack to a smpler 3-round structure. IV. CONCUSIONS he famous results of uby and ackoff [10] show that usng Festel constructon one can transform a pseudorandom functon nto a pseudorandom permutaton wth three round Festel cpher. hese results were further extended to 4-round Festel constructons and further by Patarn [14]. hs does not however mean, that t s possble to use just 4-round Festel scheme to construct a secure cpher, such as proposed n [13], due to a requrement that the round functon s already an deal pseudorandom functon. In ths artcle we study the mpossble dfferental attacks on 4-round DES-lke cpher. We show that t s possble to mount a key recovery attack on such a cpher wth complexty scalng wth the sze of the S-box, nstead of wth the block sze. he attacker uses a slow dffuson of the Festel scheme, and a lmted local dffuson of a sngle round. he attack can work wthout the knowledge of the S-boxes, but can be made more effcent, f the S-boxes are known. It can be concluded that smlar desgns are nherently nsecure and should not be used n applcatons that requre secure communcaton. Stll, the 4-round constructon has relatvely good avalanche, thus t mght be possble to use t n place where only avalanche effect and not strong securty s requred, e.g., n steganographc systems [8]. It s possble to strengthen the cpher by ncreasng the number of rounds, but t s not clear how many rounds are requred to provde enough resstance aganst more sophstcated attacks than the one presented n ths paper. o study more advanced attacks, graph technques, smlar to [6] can be adapted to search for mpossble dfferental sets. From the securty pont of vew, the best recommendaton s ISSN:
6 INENAIONA JOUNA OF COMPUES AND COMMUNICAIONS Volume 9, 2015 to use standard cphers, such as AES [12] nstead of custom desgns, and try to conserve resources n other parts of the system. Alternatvely, t s possble to consder replacng block cpher wth a fast and smple stream cpher [1] (see also [15] for stream cpher overvew. EFEENCES [1] E. Antal, and V. Hromada, A New Stream Cpher Based on Falka M- 125, atra Mountans Mathematcal Publcatons, 57(4, 2013, pp [2] E. Bham, and A. Shamr, Dfferental Cryptanalyss of DES-lke Cryptosystems, Journal of Cryptology, 4(1, 1991, pp [3] E. Bham, A. Bryukov, and A. Shamr, Cryptanalyss of Skpjack educed to 31 ounds Usng Impossble Dfferentals, Proceedngs of EUOCYP'99, NCS 1592, 1999, pp [4] Data Encrypton Standard. FIPS pub 46. Appendx A, Federal Informaton Processng Standards Publcaton, [5] O. Grosek, P. Zajac, Effcent selecton of the AES-class MxColumns parameters, WSEAS ransactons on Informaton Scence and Applcatons 4(4, 2007, pp [6] O. Grosek, P. Zajac, Graphs connected wth block cphers, WSEAS ransactons on Informaton Scence and Applcatons 3(2, 2006, pp [7] H. Heys, A tutoral on near and Dfferental Cryptanalyss, Cryptologa, 26(3, 2002, pp [8] M. Jokay, he Desgn of a Steganographc System Based on the Internal MP4 Fle Structures, Internatonal Journal of Computers and Communcatons 5(4, 2012, pp [9] G. eander, C. Paar, A. Poschmann, and K. Schramm, New lghtweght DES varants, Fast Software Encrypton, Sprnger Berln Hedelberg, 2007, pp [10] M. uby, C. ackoff, How to construct pseudorandom permutatons from pseudorandom functons, SIAM Journal on Computng 17(2, 1988, pp [11] M. Matsu, he frst expermental cryptanalyss of the Data Encrypton Standard, Advances n Cryptology Crypto'94. Sprnger Berln Hedelberg, 1994, pp [12] Natonal Insttute of Standards and echnology, NIS FIPS PUB 197, Advanced Encrypton Standard, U.S. Department of Commerce [13] J. Pan, S., and Z. Xu, Securty mechansm for a wreless-sensornetwork-based healthcare montorng system, IE Communcatons 6 (18, 2012, pp [14] J. Patarn, New esults on Pseudorandom Permutaton Generators Based on the DES Scheme, CYPO 1991, pp [15] M. Vojvoda, A Survey of Securty Mechansms n Moble Communcaton Systems. atra Mountans Mathematcal Publcatons, 25, 2002, pp ISSN:
A Novel Feistel Cipher Involving a Bunch of Keys supplemented with Modular Arithmetic Addition
(IJACSA) Internatonal Journal of Advanced Computer Scence Applcatons, A Novel Festel Cpher Involvng a Bunch of Keys supplemented wth Modular Arthmetc Addton Dr. V.U.K Sastry Dean R&D, Department of Computer
More informationMessage modification, neutral bits and boomerangs
Message modfcaton, neutral bts and boomerangs From whch round should we start countng n SHA? Antone Joux DGA and Unversty of Versalles St-Quentn-en-Yvelnes France Jont work wth Thomas Peyrn 1 Dfferental
More informationCryptanalysis of pairing-free certificateless authenticated key agreement protocol
Cryptanalyss of parng-free certfcateless authentcated key agreement protocol Zhan Zhu Chna Shp Development Desgn Center CSDDC Wuhan Chna Emal: zhuzhan0@gmal.com bstract: Recently He et al. [D. He J. Chen
More informationThe Synchronous 8th-Order Differential Attack on 12 Rounds of the Block Cipher HyRAL
The Synchronous 8th-Order Dfferental Attack on 12 Rounds of the Block Cpher HyRAL Yasutaka Igarash, Sej Fukushma, and Tomohro Hachno Kagoshma Unversty, Kagoshma, Japan Emal: {garash, fukushma, hachno}@eee.kagoshma-u.ac.jp
More informationImproved Integral Cryptanalysis of FOX Block Cipher 1
Improved Integral Cryptanalyss of FOX Block Cpher 1 Wu Wenlng, Zhang Wentao, and Feng Dengguo State Key Laboratory of Informaton Securty, Insttute of Software, Chnese Academy of Scences, Bejng 100080,
More informationDifferential Cryptanalysis of Nimbus
Dfferental Cryptanalyss of Nmbus Vladmr Furman Computer Scence Department, Technon - Israel Insttute of Technology, Hafa 32000, Israel. vfurman@cs.technon.ac.l. Abstract. Nmbus s a block cpher submtted
More informationDifference Equations
Dfference Equatons c Jan Vrbk 1 Bascs Suppose a sequence of numbers, say a 0,a 1,a,a 3,... s defned by a certan general relatonshp between, say, three consecutve values of the sequence, e.g. a + +3a +1
More informationSpeeding up Computation of Scalar Multiplication in Elliptic Curve Cryptosystem
H.K. Pathak et. al. / (IJCSE) Internatonal Journal on Computer Scence and Engneerng Speedng up Computaton of Scalar Multplcaton n Ellptc Curve Cryptosystem H. K. Pathak Manju Sangh S.o.S n Computer scence
More informationAn efficient algorithm for multivariate Maclaurin Newton transformation
Annales UMCS Informatca AI VIII, 2 2008) 5 14 DOI: 10.2478/v10065-008-0020-6 An effcent algorthm for multvarate Maclaurn Newton transformaton Joanna Kapusta Insttute of Mathematcs and Computer Scence,
More informationThe Key-Dependent Attack on Block Ciphers
The Key-Dependent Attack on Block Cphers Xaoru Sun and Xueja La Department of Computer Scence Shangha Jao Tong Unversty Shangha, 200240, Chna sunsrus@sjtu.edu.cn, la-xj@cs.sjtu.edu.cn Abstract. In ths
More informationModule 3 LOSSY IMAGE COMPRESSION SYSTEMS. Version 2 ECE IIT, Kharagpur
Module 3 LOSSY IMAGE COMPRESSION SYSTEMS Verson ECE IIT, Kharagpur Lesson 6 Theory of Quantzaton Verson ECE IIT, Kharagpur Instructonal Objectves At the end of ths lesson, the students should be able to:
More informationProblem Set 9 Solutions
Desgn and Analyss of Algorthms May 4, 2015 Massachusetts Insttute of Technology 6.046J/18.410J Profs. Erk Demane, Srn Devadas, and Nancy Lynch Problem Set 9 Solutons Problem Set 9 Solutons Ths problem
More informationChapter 13: Multiple Regression
Chapter 13: Multple Regresson 13.1 Developng the multple-regresson Model The general model can be descrbed as: It smplfes for two ndependent varables: The sample ft parameter b 0, b 1, and b are used to
More informationKernel Methods and SVMs Extension
Kernel Methods and SVMs Extenson The purpose of ths document s to revew materal covered n Machne Learnng 1 Supervsed Learnng regardng support vector machnes (SVMs). Ths document also provdes a general
More informationNUMERICAL DIFFERENTIATION
NUMERICAL DIFFERENTIATION 1 Introducton Dfferentaton s a method to compute the rate at whch a dependent output y changes wth respect to the change n the ndependent nput x. Ths rate of change s called the
More informationMin Cut, Fast Cut, Polynomial Identities
Randomzed Algorthms, Summer 016 Mn Cut, Fast Cut, Polynomal Identtes Instructor: Thomas Kesselhem and Kurt Mehlhorn 1 Mn Cuts n Graphs Lecture (5 pages) Throughout ths secton, G = (V, E) s a mult-graph.
More informationa b a In case b 0, a being divisible by b is the same as to say that
Secton 6.2 Dvsblty among the ntegers An nteger a ε s dvsble by b ε f there s an nteger c ε such that a = bc. Note that s dvsble by any nteger b, snce = b. On the other hand, a s dvsble by only f a = :
More informationStructure and Drive Paul A. Jensen Copyright July 20, 2003
Structure and Drve Paul A. Jensen Copyrght July 20, 2003 A system s made up of several operatons wth flow passng between them. The structure of the system descrbes the flow paths from nputs to outputs.
More informationEEE 241: Linear Systems
EEE : Lnear Systems Summary #: Backpropagaton BACKPROPAGATION The perceptron rule as well as the Wdrow Hoff learnng were desgned to tran sngle layer networks. They suffer from the same dsadvantage: they
More informationThe stream cipher MICKEY
The stream cpher MICKEY-128 2.0 Steve Babbage Vodafone Group R&D, Newbury, UK steve.babbage@vodafone.com Matthew Dodd Independent consultant matthew@mdodd.net www.mdodd.net 30 th June 2006 Abstract: We
More informationComments on a secure dynamic ID-based remote user authentication scheme for multiserver environment using smart cards
Comments on a secure dynamc ID-based remote user authentcaton scheme for multserver envronment usng smart cards Debao He chool of Mathematcs tatstcs Wuhan nversty Wuhan People s Republc of Chna Emal: hedebao@63com
More informationOn the correction of the h-index for career length
1 On the correcton of the h-ndex for career length by L. Egghe Unverstet Hasselt (UHasselt), Campus Depenbeek, Agoralaan, B-3590 Depenbeek, Belgum 1 and Unverstet Antwerpen (UA), IBW, Stadscampus, Venusstraat
More informationHMMT February 2016 February 20, 2016
HMMT February 016 February 0, 016 Combnatorcs 1. For postve ntegers n, let S n be the set of ntegers x such that n dstnct lnes, no three concurrent, can dvde a plane nto x regons (for example, S = {3,
More informationNEW CONSTRUCTIONS IN LINEAR CRYPTANALYSIS OF BLOCK CIPHERS
Proceedngs of ACS 000, Szczecn, pp.53-530 NEW CONSTRUCTIONS IN LINEAR CRYPTANALYSIS OF BLOCK CIPHERS ANNA ZUGAJ, KAROL GÓRSKI, ZBIGNIEW KOTULSKI, ANDRZEJ PASZKIEWICZ 3, JANUSZ SZCZEPAŃSKI ENIGMA Informaton
More informationExercises. 18 Algorithms
18 Algorthms Exercses 0.1. In each of the followng stuatons, ndcate whether f = O(g), or f = Ω(g), or both (n whch case f = Θ(g)). f(n) g(n) (a) n 100 n 200 (b) n 1/2 n 2/3 (c) 100n + log n n + (log n)
More informationThe Order Relation and Trace Inequalities for. Hermitian Operators
Internatonal Mathematcal Forum, Vol 3, 08, no, 507-57 HIKARI Ltd, wwwm-hkarcom https://doorg/0988/mf088055 The Order Relaton and Trace Inequaltes for Hermtan Operators Y Huang School of Informaton Scence
More informationGeneralized Linear Methods
Generalzed Lnear Methods 1 Introducton In the Ensemble Methods the general dea s that usng a combnaton of several weak learner one could make a better learner. More formally, assume that we have a set
More informationPsychology 282 Lecture #24 Outline Regression Diagnostics: Outliers
Psychology 282 Lecture #24 Outlne Regresson Dagnostcs: Outlers In an earler lecture we studed the statstcal assumptons underlyng the regresson model, ncludng the followng ponts: Formal statement of assumptons.
More informationErrors for Linear Systems
Errors for Lnear Systems When we solve a lnear system Ax b we often do not know A and b exactly, but have only approxmatons  and ˆb avalable. Then the best thng we can do s to solve ˆx ˆb exactly whch
More informationAffine transformations and convexity
Affne transformatons and convexty The purpose of ths document s to prove some basc propertes of affne transformatons nvolvng convex sets. Here are a few onlne references for background nformaton: http://math.ucr.edu/
More informationComparison of Regression Lines
STATGRAPHICS Rev. 9/13/2013 Comparson of Regresson Lnes Summary... 1 Data Input... 3 Analyss Summary... 4 Plot of Ftted Model... 6 Condtonal Sums of Squares... 6 Analyss Optons... 7 Forecasts... 8 Confdence
More informationx = , so that calculated
Stat 4, secton Sngle Factor ANOVA notes by Tm Plachowsk n chapter 8 we conducted hypothess tests n whch we compared a sngle sample s mean or proporton to some hypotheszed value Chapter 9 expanded ths to
More informationA new construction of 3-separable matrices via an improved decoding of Macula s construction
Dscrete Optmzaton 5 008 700 704 Contents lsts avalable at ScenceDrect Dscrete Optmzaton journal homepage: wwwelsevercom/locate/dsopt A new constructon of 3-separable matrces va an mproved decodng of Macula
More informationLectures - Week 4 Matrix norms, Conditioning, Vector Spaces, Linear Independence, Spanning sets and Basis, Null space and Range of a Matrix
Lectures - Week 4 Matrx norms, Condtonng, Vector Spaces, Lnear Independence, Spannng sets and Bass, Null space and Range of a Matrx Matrx Norms Now we turn to assocatng a number to each matrx. We could
More informationAppendix B: Resampling Algorithms
407 Appendx B: Resamplng Algorthms A common problem of all partcle flters s the degeneracy of weghts, whch conssts of the unbounded ncrease of the varance of the mportance weghts ω [ ] of the partcles
More informationChapter 5. Solution of System of Linear Equations. Module No. 6. Solution of Inconsistent and Ill Conditioned Systems
Numercal Analyss by Dr. Anta Pal Assstant Professor Department of Mathematcs Natonal Insttute of Technology Durgapur Durgapur-713209 emal: anta.bue@gmal.com 1 . Chapter 5 Soluton of System of Lnear Equatons
More informationCSci 6974 and ECSE 6966 Math. Tech. for Vision, Graphics and Robotics Lecture 21, April 17, 2006 Estimating A Plane Homography
CSc 6974 and ECSE 6966 Math. Tech. for Vson, Graphcs and Robotcs Lecture 21, Aprl 17, 2006 Estmatng A Plane Homography Overvew We contnue wth a dscusson of the major ssues, usng estmaton of plane projectve
More informationCollege of Computer & Information Science Fall 2009 Northeastern University 20 October 2009
College of Computer & Informaton Scence Fall 2009 Northeastern Unversty 20 October 2009 CS7880: Algorthmc Power Tools Scrbe: Jan Wen and Laura Poplawsk Lecture Outlne: Prmal-dual schema Network Desgn:
More informationOn the Multicriteria Integer Network Flow Problem
BULGARIAN ACADEMY OF SCIENCES CYBERNETICS AND INFORMATION TECHNOLOGIES Volume 5, No 2 Sofa 2005 On the Multcrtera Integer Network Flow Problem Vassl Vasslev, Marana Nkolova, Maryana Vassleva Insttute of
More informationCryptanalysis of a Public-key Cryptosystem Using Lattice Basis Reduction Algorithm
www.ijcsi.org 110 Cryptanalyss of a Publc-key Cryptosystem Usng Lattce Bass Reducton Algorthm Roohallah Rastagh 1, Hamd R. Dall Oskoue 2 1,2 Department of Electrcal Engneerng, Aeronautcal Unversty of Snce
More informationSimulated Power of the Discrete Cramér-von Mises Goodness-of-Fit Tests
Smulated of the Cramér-von Mses Goodness-of-Ft Tests Steele, M., Chaselng, J. and 3 Hurst, C. School of Mathematcal and Physcal Scences, James Cook Unversty, Australan School of Envronmental Studes, Grffth
More informationECE559VV Project Report
ECE559VV Project Report (Supplementary Notes Loc Xuan Bu I. MAX SUM-RATE SCHEDULING: THE UPLINK CASE We have seen (n the presentaton that, for downlnk (broadcast channels, the strategy maxmzng the sum-rate
More informationLecture 10 Support Vector Machines II
Lecture 10 Support Vector Machnes II 22 February 2016 Taylor B. Arnold Yale Statstcs STAT 365/665 1/28 Notes: Problem 3 s posted and due ths upcomng Frday There was an early bug n the fake-test data; fxed
More informationSolving Nonlinear Differential Equations by a Neural Network Method
Solvng Nonlnear Dfferental Equatons by a Neural Network Method Luce P. Aarts and Peter Van der Veer Delft Unversty of Technology, Faculty of Cvlengneerng and Geoscences, Secton of Cvlengneerng Informatcs,
More informationLinear Regression Analysis: Terminology and Notation
ECON 35* -- Secton : Basc Concepts of Regresson Analyss (Page ) Lnear Regresson Analyss: Termnology and Notaton Consder the generc verson of the smple (two-varable) lnear regresson model. It s represented
More informationVQ widely used in coding speech, image, and video
at Scalar quantzers are specal cases of vector quantzers (VQ): they are constraned to look at one sample at a tme (memoryless) VQ does not have such constrant better RD perfomance expected Source codng
More informationLINEAR REGRESSION ANALYSIS. MODULE IX Lecture Multicollinearity
LINEAR REGRESSION ANALYSIS MODULE IX Lecture - 30 Multcollnearty Dr. Shalabh Department of Mathematcs and Statstcs Indan Insttute of Technology Kanpur 2 Remedes for multcollnearty Varous technques have
More informationTowards Security Limits in Side-Channel Attacks
Towards Securty Lmts n Sde-Channel Attacks (Wth an Applcaton to Block Cphers) F.-X. Standaert, E. Peeters, C. Archambeau, and J.-J. Qusquater UCL Crypto Group, Place du Levant 3, B-348 Louvan-la-Neuve,
More informationWeek 5: Neural Networks
Week 5: Neural Networks Instructor: Sergey Levne Neural Networks Summary In the prevous lecture, we saw how we can construct neural networks by extendng logstc regresson. Neural networks consst of multple
More informationComputing Correlated Equilibria in Multi-Player Games
Computng Correlated Equlbra n Mult-Player Games Chrstos H. Papadmtrou Presented by Zhanxang Huang December 7th, 2005 1 The Author Dr. Chrstos H. Papadmtrou CS professor at UC Berkley (taught at Harvard,
More informationNumerical Heat and Mass Transfer
Master degree n Mechancal Engneerng Numercal Heat and Mass Transfer 06-Fnte-Dfference Method (One-dmensonal, steady state heat conducton) Fausto Arpno f.arpno@uncas.t Introducton Why we use models and
More informationTHE SUMMATION NOTATION Ʃ
Sngle Subscrpt otaton THE SUMMATIO OTATIO Ʃ Most of the calculatons we perform n statstcs are repettve operatons on lsts of numbers. For example, we compute the sum of a set of numbers, or the sum of the
More informationEcon107 Applied Econometrics Topic 3: Classical Model (Studenmund, Chapter 4)
I. Classcal Assumptons Econ7 Appled Econometrcs Topc 3: Classcal Model (Studenmund, Chapter 4) We have defned OLS and studed some algebrac propertes of OLS. In ths topc we wll study statstcal propertes
More informationELASTIC WAVE PROPAGATION IN A CONTINUOUS MEDIUM
ELASTIC WAVE PROPAGATION IN A CONTINUOUS MEDIUM An elastc wave s a deformaton of the body that travels throughout the body n all drectons. We can examne the deformaton over a perod of tme by fxng our look
More informationSupplementary Notes for Chapter 9 Mixture Thermodynamics
Supplementary Notes for Chapter 9 Mxture Thermodynamcs Key ponts Nne major topcs of Chapter 9 are revewed below: 1. Notaton and operatonal equatons for mxtures 2. PVTN EOSs for mxtures 3. General effects
More informationHomework Assignment 3 Due in class, Thursday October 15
Homework Assgnment 3 Due n class, Thursday October 15 SDS 383C Statstcal Modelng I 1 Rdge regresson and Lasso 1. Get the Prostrate cancer data from http://statweb.stanford.edu/~tbs/elemstatlearn/ datasets/prostate.data.
More informationFor now, let us focus on a specific model of neurons. These are simplified from reality but can achieve remarkable results.
Neural Networks : Dervaton compled by Alvn Wan from Professor Jtendra Malk s lecture Ths type of computaton s called deep learnng and s the most popular method for many problems, such as computer vson
More informationGraph Reconstruction by Permutations
Graph Reconstructon by Permutatons Perre Ille and Wllam Kocay* Insttut de Mathémathques de Lumny CNRS UMR 6206 163 avenue de Lumny, Case 907 13288 Marselle Cedex 9, France e-mal: lle@ml.unv-mrs.fr Computer
More informationISSN: ISO 9001:2008 Certified International Journal of Engineering and Innovative Technology (IJEIT) Volume 3, Issue 1, July 2013
ISSN: 2277-375 Constructon of Trend Free Run Orders for Orthogonal rrays Usng Codes bstract: Sometmes when the expermental runs are carred out n a tme order sequence, the response can depend on the run
More informationEdge Isoperimetric Inequalities
November 7, 2005 Ross M. Rchardson Edge Isopermetrc Inequaltes 1 Four Questons Recall that n the last lecture we looked at the problem of sopermetrc nequaltes n the hypercube, Q n. Our noton of boundary
More informationAttacks on RSA The Rabin Cryptosystem Semantic Security of RSA Cryptology, Tuesday, February 27th, 2007 Nils Andersen. Complexity Theoretic Reduction
Attacks on RSA The Rabn Cryptosystem Semantc Securty of RSA Cryptology, Tuesday, February 27th, 2007 Nls Andersen Square Roots modulo n Complexty Theoretc Reducton Factorng Algorthms Pollard s p 1 Pollard
More informationFormulas for the Determinant
page 224 224 CHAPTER 3 Determnants e t te t e 2t 38 A = e t 2te t e 2t e t te t 2e 2t 39 If 123 A = 345, 456 compute the matrx product A adj(a) What can you conclude about det(a)? For Problems 40 43, use
More informationA Robust Method for Calculating the Correlation Coefficient
A Robust Method for Calculatng the Correlaton Coeffcent E.B. Nven and C. V. Deutsch Relatonshps between prmary and secondary data are frequently quantfed usng the correlaton coeffcent; however, the tradtonal
More informationMarkov Chain Monte Carlo Lecture 6
where (x 1,..., x N ) X N, N s called the populaton sze, f(x) f (x) for at least one {1, 2,..., N}, and those dfferent from f(x) are called the tral dstrbutons n terms of mportance samplng. Dfferent ways
More informationNotes on Frequency Estimation in Data Streams
Notes on Frequency Estmaton n Data Streams In (one of) the data streamng model(s), the data s a sequence of arrvals a 1, a 2,..., a m of the form a j = (, v) where s the dentty of the tem and belongs to
More informationQueueing Networks II Network Performance
Queueng Networks II Network Performance Davd Tpper Assocate Professor Graduate Telecommuncatons and Networkng Program Unversty of Pttsburgh Sldes 6 Networks of Queues Many communcaton systems must be modeled
More informationIntroduction to Vapor/Liquid Equilibrium, part 2. Raoult s Law:
CE304, Sprng 2004 Lecture 4 Introducton to Vapor/Lqud Equlbrum, part 2 Raoult s Law: The smplest model that allows us do VLE calculatons s obtaned when we assume that the vapor phase s an deal gas, and
More informationCOMPARISON OF SOME RELIABILITY CHARACTERISTICS BETWEEN REDUNDANT SYSTEMS REQUIRING SUPPORTING UNITS FOR THEIR OPERATIONS
Avalable onlne at http://sck.org J. Math. Comput. Sc. 3 (3), No., 6-3 ISSN: 97-537 COMPARISON OF SOME RELIABILITY CHARACTERISTICS BETWEEN REDUNDANT SYSTEMS REQUIRING SUPPORTING UNITS FOR THEIR OPERATIONS
More informationNegative Binomial Regression
STATGRAPHICS Rev. 9/16/2013 Negatve Bnomal Regresson Summary... 1 Data Input... 3 Statstcal Model... 3 Analyss Summary... 4 Analyss Optons... 7 Plot of Ftted Model... 8 Observed Versus Predcted... 10 Predctons...
More informationSupporting Information
Supportng Informaton The neural network f n Eq. 1 s gven by: f x l = ReLU W atom x l + b atom, 2 where ReLU s the element-wse rectfed lnear unt, 21.e., ReLUx = max0, x, W atom R d d s the weght matrx to
More informationA Bayes Algorithm for the Multitask Pattern Recognition Problem Direct Approach
A Bayes Algorthm for the Multtask Pattern Recognton Problem Drect Approach Edward Puchala Wroclaw Unversty of Technology, Char of Systems and Computer etworks, Wybrzeze Wyspanskego 7, 50-370 Wroclaw, Poland
More informationBasically, if you have a dummy dependent variable you will be estimating a probability.
ECON 497: Lecture Notes 13 Page 1 of 1 Metropoltan State Unversty ECON 497: Research and Forecastng Lecture Notes 13 Dummy Dependent Varable Technques Studenmund Chapter 13 Bascally, f you have a dummy
More informationLinear Approximation with Regularization and Moving Least Squares
Lnear Approxmaton wth Regularzaton and Movng Least Squares Igor Grešovn May 007 Revson 4.6 (Revson : March 004). 5 4 3 0.5 3 3.5 4 Contents: Lnear Fttng...4. Weghted Least Squares n Functon Approxmaton...
More information1 Generating functions, continued
Generatng functons, contnued. Generatng functons and parttons We can make use of generatng functons to answer some questons a bt more restrctve than we ve done so far: Queston : Fnd a generatng functon
More informationCase A. P k = Ni ( 2L i k 1 ) + (# big cells) 10d 2 P k.
THE CELLULAR METHOD In ths lecture, we ntroduce the cellular method as an approach to ncdence geometry theorems lke the Szemeréd-Trotter theorem. The method was ntroduced n the paper Combnatoral complexty
More informationInteractive Bi-Level Multi-Objective Integer. Non-linear Programming Problem
Appled Mathematcal Scences Vol 5 0 no 65 3 33 Interactve B-Level Mult-Objectve Integer Non-lnear Programmng Problem O E Emam Department of Informaton Systems aculty of Computer Scence and nformaton Helwan
More informationThe optimal delay of the second test is therefore approximately 210 hours earlier than =2.
THE IEC 61508 FORMULAS 223 The optmal delay of the second test s therefore approxmately 210 hours earler than =2. 8.4 The IEC 61508 Formulas IEC 61508-6 provdes approxmaton formulas for the PF for smple
More informationIntroduction to Algorithms
Introducton to Algorthms 6.046J/8.40J Lecture 7 Prof. Potr Indyk Data Structures Role of data structures: Encapsulate data Support certan operatons (e.g., INSERT, DELETE, SEARCH) Our focus: effcency of
More informationMore metrics on cartesian products
More metrcs on cartesan products If (X, d ) are metrc spaces for 1 n, then n Secton II4 of the lecture notes we defned three metrcs on X whose underlyng topologes are the product topology The purpose of
More informationComparison of the Population Variance Estimators. of 2-Parameter Exponential Distribution Based on. Multiple Criteria Decision Making Method
Appled Mathematcal Scences, Vol. 7, 0, no. 47, 07-0 HIARI Ltd, www.m-hkar.com Comparson of the Populaton Varance Estmators of -Parameter Exponental Dstrbuton Based on Multple Crtera Decson Makng Method
More informationEnsemble Methods: Boosting
Ensemble Methods: Boostng Ncholas Ruozz Unversty of Texas at Dallas Based on the sldes of Vbhav Gogate and Rob Schapre Last Tme Varance reducton va baggng Generate new tranng data sets by samplng wth replacement
More informationOnline Appendix to: Axiomatization and measurement of Quasi-hyperbolic Discounting
Onlne Appendx to: Axomatzaton and measurement of Quas-hyperbolc Dscountng José Lus Montel Olea Tomasz Strzaleck 1 Sample Selecton As dscussed before our ntal sample conssts of two groups of subjects. Group
More informationTime-Varying Systems and Computations Lecture 6
Tme-Varyng Systems and Computatons Lecture 6 Klaus Depold 14. Januar 2014 The Kalman Flter The Kalman estmaton flter attempts to estmate the actual state of an unknown dscrete dynamcal system, gven nosy
More informationCommunication Complexity 16:198: February Lecture 4. x ij y ij
Communcaton Complexty 16:198:671 09 February 2010 Lecture 4 Lecturer: Troy Lee Scrbe: Rajat Mttal 1 Homework problem : Trbes We wll solve the thrd queston n the homework. The goal s to show that the nondetermnstc
More informationLecture 12: Discrete Laplacian
Lecture 12: Dscrete Laplacan Scrbe: Tanye Lu Our goal s to come up wth a dscrete verson of Laplacan operator for trangulated surfaces, so that we can use t n practce to solve related problems We are mostly
More informationLai-Massey Scheme and Quasi-Feistel Networks (Extended Abstract)
La-Massey Scheme and Quas-Festel Networks (Extended Abstract Aaram Yun, Je Hong Park 2, and Jooyoung Lee 2 Unversty of Mnnesota - Twn Ctes aaramyun@gmalcom 2 ETRI Network & Communcaton Securty Dvson, Korea
More informationTuring Machines (intro)
CHAPTER 3 The Church-Turng Thess Contents Turng Machnes defntons, examples, Turng-recognzable and Turng-decdable languages Varants of Turng Machne Multtape Turng machnes, non-determnstc Turng Machnes,
More informationTutorial 2. COMP4134 Biometrics Authentication. February 9, Jun Xu, Teaching Asistant
Tutoral 2 COMP434 ometrcs uthentcaton Jun Xu, Teachng sstant csjunxu@comp.polyu.edu.hk February 9, 207 Table of Contents Problems Problem : nswer the questons Problem 2: Power law functon Problem 3: Convoluton
More informationC/CS/Phy191 Problem Set 3 Solutions Out: Oct 1, 2008., where ( 00. ), so the overall state of the system is ) ( ( ( ( 00 ± 11 ), Φ ± = 1
C/CS/Phy9 Problem Set 3 Solutons Out: Oct, 8 Suppose you have two qubts n some arbtrary entangled state ψ You apply the teleportaton protocol to each of the qubts separately What s the resultng state obtaned
More informationFinding Primitive Roots Pseudo-Deterministically
Electronc Colloquum on Computatonal Complexty, Report No 207 (205) Fndng Prmtve Roots Pseudo-Determnstcally Ofer Grossman December 22, 205 Abstract Pseudo-determnstc algorthms are randomzed search algorthms
More informationAn Improved multiple fractal algorithm
Advanced Scence and Technology Letters Vol.31 (MulGraB 213), pp.184-188 http://dx.do.org/1.1427/astl.213.31.41 An Improved multple fractal algorthm Yun Ln, Xaochu Xu, Jnfeng Pang College of Informaton
More informationPulse Coded Modulation
Pulse Coded Modulaton PCM (Pulse Coded Modulaton) s a voce codng technque defned by the ITU-T G.711 standard and t s used n dgtal telephony to encode the voce sgnal. The frst step n the analog to dgtal
More information/ n ) are compared. The logic is: if the two
STAT C141, Sprng 2005 Lecture 13 Two sample tests One sample tests: examples of goodness of ft tests, where we are testng whether our data supports predctons. Two sample tests: called as tests of ndependence
More informationLearning Theory: Lecture Notes
Learnng Theory: Lecture Notes Lecturer: Kamalka Chaudhur Scrbe: Qush Wang October 27, 2012 1 The Agnostc PAC Model Recall that one of the constrants of the PAC model s that the data dstrbuton has to be
More informationarxiv: v1 [math.ho] 18 May 2008
Recurrence Formulas for Fbonacc Sums Adlson J. V. Brandão, João L. Martns 2 arxv:0805.2707v [math.ho] 8 May 2008 Abstract. In ths artcle we present a new recurrence formula for a fnte sum nvolvng the Fbonacc
More informationMMA and GCMMA two methods for nonlinear optimization
MMA and GCMMA two methods for nonlnear optmzaton Krster Svanberg Optmzaton and Systems Theory, KTH, Stockholm, Sweden. krlle@math.kth.se Ths note descrbes the algorthms used n the author s 2007 mplementatons
More information1 The Mistake Bound Model
5-850: Advanced Algorthms CMU, Sprng 07 Lecture #: Onlne Learnng and Multplcatve Weghts February 7, 07 Lecturer: Anupam Gupta Scrbe: Bryan Lee,Albert Gu, Eugene Cho he Mstake Bound Model Suppose there
More informationResearch Article Green s Theorem for Sign Data
Internatonal Scholarly Research Network ISRN Appled Mathematcs Volume 2012, Artcle ID 539359, 10 pages do:10.5402/2012/539359 Research Artcle Green s Theorem for Sgn Data Lous M. Houston The Unversty of
More informationCHAPTER-5 INFORMATION MEASURE OF FUZZY MATRIX AND FUZZY BINARY RELATION
CAPTER- INFORMATION MEASURE OF FUZZY MATRI AN FUZZY BINARY RELATION Introducton The basc concept of the fuzz matr theor s ver smple and can be appled to socal and natural stuatons A branch of fuzz matr
More informationNP-Completeness : Proofs
NP-Completeness : Proofs Proof Methods A method to show a decson problem Π NP-complete s as follows. (1) Show Π NP. (2) Choose an NP-complete problem Π. (3) Show Π Π. A method to show an optmzaton problem
More information