Anonymity-enhanced Pseudonym System
|
|
- Audra Andrews
- 5 years ago
- Views:
Transcription
1 JAIST Reposi Title Anonymity-enhanced Pseudonym System Autho(s)Tamua, Yuko; Miyaji, Atsuko Citation Lectue Notes in Compute Science, 2 47 Issue Date 2003 Type Jounal Aticle Text vesion autho URL Rights This is the autho-ceated vesion o Yuko Tamua, Atsuko Miyaji, Lectue Compute Science, 2846/2003, 2003, 3 oiginal publication is available at q Applied cyptogaphy and netwok sec Intenational Confeence, ACNS 2003, Desciption China, Octobe 16-19, 2003 : poceed Jianying Zhou, Moti Yung, Yongfei Ha Japan Advanced Institute of Science and
2 Anonymity-enhanced Pseudonym System Yuko Tamua and Atsuko Miyaji 1-1, Asahidai, Tatsunokuchi, Ishikawa, , Japan {yuko, Abstact. Pseudonym systems allow uses to inteact with multiple oganizations anonymously by using pseudonyms. Such schemes ae of significant pactical elevance because it is the best means of poviding pivacy fo uses. In pevious woks, uses tansact with a oganization by demonstation of possession of a cedential issued by the oganization o elationship with anothe cedential. Howeve, the infomation that a use has a cedential fom a specific oganization compomises pivacy of the use. In the pesent pape, we give a fomal definition of pactical pseudonym system in which the level of pivacy povided can be chosen be accoding to secuity policies. 1 Intoduction As infomation gets inceasingly accessible, it has been impotant that individuals contol thei infomation to potect thei pivacy. Pseudonym systems (also called anonymous cedential systems) [1 6] allow uses to wok effectively and anonymously with multiple oganizations by using diffeent pseudonyms. Such systems ae called anonymous when tansactions caied out by the same use cannot be coelated. In the systems, an oganization knows uses by only pseudonym in which each pseudonym cannot be linked to othes. An oganization issues a cedential on a pseudonym, and the coesponding use demonstates the possession of this cedential to anothe oganization without evealing anything but the possession. Lysyanskaya, Rivest, Sahai and Wolf [5] poposed a geneal pseudonym system based on one-way functions and geneal zeo-knowledge poofs. In thei scheme, howeve, cedentials fo a use need to be eissued by the oganization so that the use can pove the possession of a cedential seveal times. Camenisch and Lysyanskaya [6] solved such a poblem by applying stong-rsa-based signatue schemes [14] and goup signatue schemes [9] to thei pseudonym system. In thei scheme, uses can demonstate the possession of cedentials in any numbe of times and these demonstations cannot be linked to the same pseudonym. Howeve, unfotunately, the pevious schemes [1 6], poving the possession of a cedential cannot but give a veifie the infomation about which oganization a use tansacts with. A pseudonym system by Camenisch and Lysyanskaya [6] is the most efficient and the pactical in pevious woks. In thei system, a use establishes a pseudonym and its validating tag, then the use is issued a cedential as a signatue on the tag by the oganization. Thei system equies
3 the public-key of an issuing oganization to pove the possession of a cedential and thus gives the infomation of the oganization to a veifie necessaily. As a esult, this compomises the pivacy of uses, although the veifie does not necessaily need the infomation. The best pseudonym system should be able to choose the level of pivacy accoding to its secuity policies. In this pape, we popose an anonymity-enhanced pseudonym system by showing a cedential issued by a goup. Ou system can allow a use to choose the level of pivacy accoding to thei secuity policies. In ou system, an oganization is a membe of a goup, a cedential on a pseudonym with an oganization is issued by the goup manage. Such a cedential is a signatue on the validating tag and the public-key of the oganization by the goup manage. Consequently, the use can pove the possession of a cedential fom some oganization in the goup without infoming of the oganization. Moeove, ou system povides a featue: flexibility of choosing the methods to pove the possession of a cedential accoding to secuity policies. Namely, a use is given the fou methods to pove: (1) showing a cedential with the identity of an oganization if a use needs to infom a veifie of the possession of a cedential fom the oganization, (2) showing a cedential without the identity of an oganization if a use wants to give a veifie only the infomation that the cedential is issued fom a goup, (3) tansfeing a cedential with the identity of an oganization and (4) tansfeing a cedential without the identity of an oganization if a use want to pove the possession of a cedential to anothe oganization with whom the use has established a pseudonym. Futhemoe, ou system satisfies all the desiable popeties that the pevious schemes [1 6] have. The est of this pape is oganized as follows. The next section pesents the fomal definitions and the equiements of an anonymity-enhanced pseudonym system. In section 3, we popose a pactical pseudonym system, afte an oveview. The secuity is discussed in section 4. 2 Fomal Definitions and Requiements 2.1 The model of pseudonym system Ou pseudonym system is constituted by the following playes: Cetification authoity (CA) : only entity that knows the use s identity. Goup (G I ) : set of oganizations. Goup manage (G I ) : only entity that has a secet-key of G I and gants a cedential to a use. (We use CA and G 0 G 0 as intechangeable name.) Oganization (O i ) : entity which belongs to goups. Use (U) : entity who egistes with a goup and tansacts with an oganization in the goup by the pseudonym. Veifie (V ) : entity that veifies cedentials of uses. Pseudonym systems should satisfy the following popeties:
4 Anonymity of uses : Veifies (Veifying oganizations) cannot find out anything about a use, except the fact of the use s owneship of a cedentials, even if it coopeates with othes. Unlinkability of pseudonyms : Diffeent pseudonyms of the same use ae not linked, even if a goup manage o an oganization coopeates with othes. Unfogeability of cedentials : It is impossible to foge a cedential issued by a goup manage, even if uses, othe goup manages and oganizations team up. 2.2 Ideal cedential system We define an ideal pseudonyms system [6] that elies on a tusted paty T as an intemediato that is esponsible fo the necessay popeties of the system. All tansactions ae made via T. T also ensues anonymity of the uses towads the goup manages, oganizations, and veifies. Fo an ideal pseudonym system (IPS) and a cyptogaphic pseudonym system without T (CPS), we gives a secuity definition, same as [6]. Definition 1 Let V = poly(k) be the numbe of playes in the system with secuity paamete k. Fo an ideal pseudonym system IPS, and its cyptogaphic implementation CPS, we denote a cedential system with secuity paamete k and event schedule E fo the events that take place in this system, by IPS(1 k,e) (esp., (CPS(1 k,e))). If {A 1 (1 k ),...,A V (1 k )} is a list of the playes s outputs, then we denote these playe s outputs by {A 1 (1 k ),...,A V (1 k )} PS(1k,E) when all of them, togethe, exist within a pseudonyms system PS. CPS is secue if thee exists a simulato S (ideal-wold advesay) such that the following holds, fo all inteactive pobabilistic polynomial-time machines A (eal-wold advesay), fo all sufficiently lage k: (1) In the IPS, S contols the playes in the ideal-wold coesponding to those eal wold playes contolled by A. (2) Fo all event schedules E A {{Z i (1 k )} V i=1, A(1k )} CPS(1k,E) c {{Z i (1 k )} V i=1, SA (1 k )} IPS(1k,E) whee S is given black-box access to A, (D 1 (1 k ) c D 2 (1 k ) denotes computational indistinguishability of the distibutions D 1 and D 2.) 2.3 Functional definitions This section povides functional definitions in ou pseudonym system. Let k be the secuity paamete and neg(k) denote any function that vanishes faste than any invese polynomial. Definition 2 A pseudonym system consists of the following pocedue:
5 Key geneation GK G, GK (O,G) and GK U fo G, O G and U output a secet and public-key pai (X G, Y G ) fo a goup G, (X (O,G), Y (O,G) ) fo an oganization O G, and (X U, Y U ) fo a use U, espectively. GK G and GK U take as input 1 k, and GK (U,O) takes 1 k and a goup public-key Y G. Pseudonym geneation GP U, X between U and an entity X G, takes as U s pivate input the secet-key X U, and as thei common input a goup public-key Y G. The pivate output fo U is some secet infomation S (U,X), and the common output is U s pseudonym P (U,X). Cedential issue IC U, G between U and G G, outputs a cedential C (U,G) on P (U,G) GP U, G. U s pivate input is X U and S (U,G), G s pivate input is a goup secet-key X G, and thei common input is Y G and P (U,G). (GP P means that GP outputs P.) Pseudonym s validity geneation GV U, O i between U and O i G, outputs a signatue on P (U,Oi) GP U, O i. O i s pivate input is a secet-key X (Oi,G), and thei common input is Y G, Y (Oi,G) and P (U,Oi) with O i. U s pivate output is a signatue σ (U,Oi). Cedential blind issue BIC U, G, blind issue of a cedential on a pseudonym, between U and G G, outputs a cedential C (U,Oi) on P (U,Oi) GP U, O i whee O i G. U s pivate input is X U, S (U,G), S (U,Oi) and P (U,Oi), G s pivate input is X G, and thei common input is Y G, Y (Oi,G), P (U,G) and σ (U,Oi). Cedential showing SC U, V, showing a cedential on a pseudonym with a goup, between U and V, takes as U s pivate input X U, S (U,G), P (U,G) and C (U,G), and as thei common input Y G. It outputs 1 o 0, which, if C (U,G) IC U, G (P (U,G) ) whee P (U,G) GP U, G o not with pobability 1 neg(k), espectively. (IC(P) Cmeans that IC outputs C by an input P.) SC + U, V, showing a cedential with identity of an oganization, between U and V, takes as U s pivate input X U, S (U,Oi), P (U,Oi) and C (U,Oi), and as thei common input Y G and Y (Oi,G). It outputs 1 o 0, which, if C (U,Oi) BIC U(P (U,Oi)),G whee P (U,Oi) GP U, O i, o not with pobability 1 neg(k), espectively. (BIC U(P),G ) Cmeans that BIC outputs C by U s pivate input P.) SC U, V, showing a cedential without identity of an oganization, between U and V, takes as U s pivate input X U, S (U,Oi), P (U,Oi), C (U,Oi) and Y (Oi,G), and as thei common input Y G. It outputs 1 o 0, which, if C (U,Oi) BIC U(P (U,Oi)),G whee P (U,Oi) GP U, O i, o not with pobability 1 neg(k), espectively. Cedential tansfe TC U, X j, tansfeing a cedential on a pseudonym with a goup, between a use U and an entity X j G J, takes as U s pivate input X U, S (U,GI), S (U,Xj ), P (U,GI) and C (U,GI), as thei common input Y GI, Y GJ and P (U,Xj). It outputs 1 o 0, which, if C (U,GI) IC U, G I (P (U,GI)), P (U,GI) GP U(X U ),G I and P (U,Xj) GP U(X U ),X j o not with pobability 1 neg(k), espectively. TC + U, X j, tansfeing a cedential with identity of an oganization, between U and X j G J, takes as U s pivate input X U, S (U,Oi), S (U,Xj ), P (U,Oi) and C (U,Oi), as thei common input Y GI, Y GJ, Y (Oi,G I) and P (U,Xj). It outputs 1 o 0, which, if C (U,Oi) BIC U(P (U,Oi)),G I, P (U,Oi)
6 GP U(X U ),O i, and P (U,Xj ) GP U(X U ),X j o not with pobability 1 neg(k), espectively. TC U, X j, tansfeing a cedential without identity of an oganization, between U and an entity X j G J, takes as U s pivate input X U, S (U,Oi), S (U,Xj ), P (U,Oi), C (U,Oi) and Y (Oi,G I), and as thei common input Y GI, Y GJ and P (U,Xj ). It outputs 1 o 0, which, if C (U,Oi) BIC U(P (U,Oi)),G I, P (U,Oi) GP U(X U ),O i, and P (U,Xj) GP U(X U ),X j o not with pobability 1 neg(k), espectively. 2.4 Notations We use the same notation in [6, 9] fo the vaious poofs of knowledge of discete logaithms and poofs of the validity of statements about discete logaithms. (I) Poof of knowledge o equality in diffeent goups: We use poofs that the discete logaithms of two goup elements y 1 G 1,y 2 G 2 to the bases g 1 G 1 and g 2 G 2 in diffeent goups G 1 and G 2 which has an ode q 1 and q 2, espectively, ae equal. This poof can be ealized only if both discete logaithms lie in the inteval [0, min{q 1,q 2 }]. PK{(α) :y 1 = g 1 α y 2 = g 2 α α [0, min{q 1,q 2 }]} denotes a zeo-knowledge poof of knowledge of integes α such that y 1 = g 1 α and y 2 = g 2 α holds, whee α [0, min{q 1,q 2 }]. This potocol genealized to seveal diffeent goups, to epesentations, and to abitay modula elations. (II) Poof of knowledge of the discete logaithm modulo a composite: In [6,?], they apply such PK s to the goup of quadatic esidues modulo a composite n, G = QR n. Thus the pove needs to convince the veifie that elements he pesents ae indeed quadatic esidues. It is sufficient to execute PK{(α) :y 2 = (g 2 ) α } instead of PK{(α) :y = g α } [6]. The quantity α is defined as log g 2 y 2 which is same as log g y in case y is a quadatic esidue. We use the notation PK 2 {(α) :y = g α } in the goup of quadatic esidues modulo a composite, simply. 3 Constuction of Pseudonym System 3.1 Pocedues We give an oveview of ou pseudonym system in this section. The basic system compises pocedues, (1) System setup, (2) Registation of an oganization (Enty into the system of an oganization), (3) Registation of a use ((3-1) Registation with CA (Enty into the system of a use), (3-2) Registation with a goup, (3-3) Registation with an oganization), (4) Poof the possession of a cedential by a use ((4-1) Showing a cedential with/without identity of an oganization, (4-2) Tansfeing a cedential with/without identity of an oganization). In ou pape, thoughout we assume that uses, oganizations and goup manages ae connected by pefect anonymous channels, and each potocol is executed though a secue channel.
7 1. System setup: All goup manages G I geneate thei goup secet and public-key pais (X GI, Y GI ) by unning GK GI. 2. Registation with goup G of oganization O i : O i uns GK (Oi,G), geneates a secet and public-key pai (X (Oi,G), Y (Oi,G)) by using G s public-key Y G, and egistes Y (Oi,G). A goup manage G publishes a list of public-keys of oganizations Registation with CA of use U: Afte identification by U, CA checks that U is eligible to join the system. U geneates a maste secet-key X U by unning GK U, both U and CA un GP U(X U ),CA to establish U s pseudonym P (U,CA) which is based on X U. Then U can eceive a cedential C (U,CA), by unning IC U, CA (P (U,CA) ) Registation with goup G of use U: Both U and G un GP U(X U ),G to establish U s pseudonym P (U,G), and un TC U, G to demonstate whethe o not U is a valid paticipant in the system. In TC, U can pove the possession of C (U,CA) on P (U,CA) based on X U whee P (U,G) GP U(X U ),G. If it is valid, G issues a cedential C (U,G) on P (U,G) to U by unning IC U, G Registation with oganization O i G of use U: Both U and O i un GP U(X U ),O i to get P (U,Oi), and un TC U, O i to pove the possession of C (U,G) on P (U,G) based on X U. If it is valid, then they un GV U, O i to geneate a poof of a validity of P (U,Oi), whose output σ (U,Oi) guaantees that U has egisteed a pseudonym with O i. Note that σ (U,Oi) is the U s pivate output. Afte G checks the validity of σ (U,Oi), G blindly issues a cedential C (U,Oi) on P (U,Oi) by unning BIC U(P (U,Oi)),G Showing of a cedential on a pseudonym with oganization O i : U chooses a way to show a cedential. If U wants to let V know an oganization O i G with which U tansacts, then both U and V un SC + U, V (Y (Oi,G)), which assues that U has C (U,Oi) on P (U,Oi) established with O i.ifu does not want to let V know the coesponding oganization, both U and V un SC U(Y (Oi,G)),V which poves the only possession of a cedential C (U,Oi) on P (U,Oi) without evealing Y (Oi,G), C (U,Oi) and P (U,Oi) Tansfeing a cedential on a pseudonym with oganization O i : Let U egiste P (U,Oi) and P (U,Xj) with an oganization O i G I and X j G J espectively. Both U and X j execute TC + U, X j (Y (Oi,G I)) which assues that U has C (U,Oi) on P (U,Oi) based on X U whee P (U,Xj ) GP U(X U ),X j, without evealing C (U,Oi) and P (U,Oi). IfU does not want to let X j know the oganization O i, then both U and X j un TC U(Y (Oi,G I)),X j. 3.2 Constuctions of pseudonym systems This section povides constuctions of ou pseudonym system. Common system paamete
8 Secuity-elated system paametes ae as follows: the length l n of the RSA modulus, the intege intevals Γ =] 2 lγ, 2 lγ [, =] 2 l, 2 l [, Λ =]2 lλ, 2 lλ+lσ [, such that l = ɛl Γ and l Γ =2l n, whee ɛ>1 is a secuity paamete, and 2 lλ > 2(2 2lΓ +2 lγ +2 l ), and 2(2 lσ (2 2lΓ +2 l )+2 l ) < 2 lλ. Geneation of keys 1. A goup manage G G chooses andom l n /2-bit pimes p G,q G such that p G := 2p G + 1 and q G := 2q G + 1 ae pime, sets modulus n G := p G q G.It also chooses elements d G,e G,f G,g G,h G R QR ng. It stoes X G := (p G,q G ) as its secet-keys, and publishes Y G := (n G,d G,e G,f G,g G,h G ) as its publickey togethe with a poof that n G is the poduct of two safe pimes and that the elements d G,e G,f G,g G and h G lie indeed in QR ng. 2. An oganization O i chooses a secet-key x (Oi,G) R Γ and sets a coesponding public-key y (Oi,G) := g (Oi,G) G (mod n G ) to egiste with goup G. O i x stoes x (Oi,G) as a secet-key X (Oi,G) and publishes y (Oi,G) and its identity id (Oi,G) as O i s public-keys Y (Oi,G). 3. A use U chooses a andom secet element x U Γ, and stoes it as U s maste secet-key X U in the system. Geneation of a pseudonym GP U, X assues that P (U,X) =(N (U,X),P (U,X) ) is of ight fom, i.e., P (U,X) = g G x U h G s (U,X), with x U Γ and s (U,X). N (U,X) and P (U,X) ae called a nym and its validating tag, espectively. To establish a pseudonym with an entity X, both U and X cay out the following potocol: 1. U chooses N 1 {0, 1} k, 1 R and 2, 3 R {0, 1} 2ln, sets c 1 := d G 1 e G 2 and c 2 := d G x U e G 3. U sends N 1,c 1 and c 2 to X, and seves as the pove to veifie X in PK 2 {(α, β, γ, δ) : c 1 = d G α e G β c 2 = d G γ e G δ }, to pove c 1 and c 2 ae geneated coectly. 2. X chooses R, and sends and N 2 to U. 3. U sets the nym N (U,X) := N 1 N 2, and computes s (U,X) := ( 1 + (mod 2 l )) 2 l + 1, and s = ( 1 + )/(2 l +1 1). U sets P (U,X) := g G x U h G s (U,X) as a validating tag of N (U,X). U sends P (U,X) to X, and shows that it was fomed coectly: U sets c 3 := d G s e G 4 fo 4 R {0, 1} ln, sends it to X. Then they engage in PK 2 {(α, β, γ, δ, ε, ζ, ϑ, ξ) :c 1 = d G α e G β c 2 = d G γ e G δ c 3 = d G ε e G ζ P (U,X) = g G γ h G ϑ (c 1 (d G ) 2l +1 )/(c 3 2 l )=d G ϑ e G ξ γ Γ ϑ }. 5. X stoes P (U,X) =(N (U,X),P (U,X) ) in its database. 6. U stoes (S (U,X), P (U,X) )=(s (U,X), {N (U,X),P (U,X) }) in its ecod with X.
9 Issue of a cedential on a pseudonym with a goup IC U, G guaantees that a cedential on a peviously established P (U,G) is C (U,G) =(E (U,G),C (U,G) ) such that C (U,G) (P (U,G) f G ) 1/E (U,G) (mod ng ). To be ganted cedential, U uns the following potocol with G: 1. U identifies as its owne by PK 2 {(α, β) :P (U,G) = g α G h β G } fo P (U,G) in G s database. 2. G chooses a andom pime E (U,G) R Λ, computes C (U,G) := (P (U,G) f G ) 1/E (U,G) (mod n G ), and sends E (U,G) and C (U,G) to U. Then G stoes C (U,G) = (E (U,G),C (U,G) ) as a cedential on P (U,G). E 3. U checks if C (U,G) (U,G) P (U,G) f G (mod n G ) and E (U,G) Λ, and stoes C (U,G) =(E (U,G),C (U,G) ) in its ecod with goup G. Showing a cedential on a pseudonym with a goup U poves the possession of C (U,G) IC U, G by unning SC. Both U and V engage in the following potocol: 1. U sets c 1 := C (U,G) e G 1 and c 2 := e G 1 d G 2 fo 1, 2 R {0, 1} 2ln, and sends c 1 and c 2 to V, 2. U engages with V in PK 2 {(α, β, γ, δ, ε, ζ, ξ) :f G = c 1 α /g G β h G γ e G δ c 2 = e G ε d G ζ 1=c 2 α /e G δ d G ξ α Λ β Γ γ }. Tansfeing a cedential on a pseudonym with a goup TC assues that U owns C (U,GI) on P (U,GI) based on X U whee P (U,Xj ) GP U(X U ),X j. U poves it by unning TC with X j G J with whom U has established P (U,Xj): 1. U sets c 1 := C (U,GI)e 1 G and c 2 := e 1 GI d 2 GI fo 1, 2 R {0, 1} 2ln, and sends c 1 and c 2 to X j, 2. U engages with X i in PK 2 {(α, β, γ, δ, ε, ζ, ξ, η) :f GI = c α 1 /g β GI h γ δ GI e GI c 2 = e ε ζ GI d GI 1=c α 2 /e δ ξ GI d GI P (U,Xj) = g β η GJ h GJ α Λ β Γ γ }, fo P (U,Xj) in X j s database.
10 Geneation of a poof of pseudonym s validity GV guaantees that U s output σ (U,Oi) is independent of O i s view of the convesation. In ode to geneate a signatue on P (U,Oi), both U and O i un GV : 1. U identifies as its owne by PK 2 {(α, β) :P (U,Oi) = g α G h β G }, fo P (U,Oi) in O i s database. 2. O i geneates Q (U,Oi) := P x (O (U,Oi) i,g), t 1 := g G and t 2 := P (U,Oi) fo R {0, 1} 2ln, and sends Q (U,Oi),t 1 and t 2 to U. 3. U chooses 1, 2 and 3 R {0, 1} 2ln and computes t 1 := t 1 g 1 G y (Oi,G) 2, t 2 := (t 2 P 1 (U,Oi) Q 2 (U,Oi) ) 3, P (U,O := P i) (U,O 3 i) and Q (U,O := Q i) (U,O 3 i). Then U sets e := H(g G,y (Oi,G),P(U,O i),q (U,O,t i) 1,t 2 ), sends e := e 2 to O i. 4. O i computes s := ex (Oi,G) and sends it to U. 5. U checks if t 1 = g s G y e (Oi,G), t 2 = P s (U,Oi) Q e (U,Oi), and sets s := s + 1. Then U stoes σ (U,Oi) := (e,s,p(u,o i),q (U,O i) ) as a poof of a validity of P (U,Oi), and keeps 3 secetly until U gets a cedential on P (U,Oi). Issue of a cedential on a pseudonym with an oganization BIC U, G guaantees that a cedential on P (U,Oi) is C (U,Oi) =(E (U,Oi),C (U,Oi)) such that C (U,Oi) (P (U,Oi)d G id (Oi,G) f G ) 1/E (U,O i). BIC establishes C (U,Oi) without evealing anything moe than the fact that U has egisteed with O i to G. Such a cedential can be ganted by using the blind RSA-signatue [1] in the following potocol: 1. U chooses a pime E (U,Oi) R Λ and R Z ng, and geneates c := E (U,O i ) P (U,Oi) id d (Oi,G) G f G. Then U sends c, E (U,Oi) and σ (U,Oi). Futhemoe U must show that σ (U,Oi) was geneated to U and c was geneated coectly: U computes c 1 := e 1 G fo 1 R {0, 1} 2ln, and engages with G in PK 2 {(α, β, γ, δ, ε, ζ, ξ, η) :P (U,G) = g G α h G β 1=P (U,G) γ /g G δ h G ε P (U,O i) = g G δ h G ζ P (U,O i) = cγ (e G E (U,Oi) ) ξ /(c 1 E (U,Oi) d G id (U,Oi) f G ) γ α Γ, β }, fo P (U,G) in G s database. 2. O i checks if σ is valid: if e = H(g G,y (Oi,G),P (U,O i),q (U,O i), t 1, t 2 ) whee t 1 = g G s y (Oi,G) e, t 2 = P (U,O i) s Q (U,O i) e, and y (Oi,G) is in G s public-key list. Then O i computes c := c 1/E (U,O i) and sends it to U. 3. U sets C (U,Oi) := c /. Then U checks if C (U,Oi) E (U,O i) P (U,Oi)d G id (Oi,G) f G (mod n G ), and stoes (E (U,Oi),C (U,Oi)) in its ecod with oganization O i.
11 Showing a cedential with identity of an oganization To pove the possession of C (U,Oi) BIC U, G, both U and V un SC +. They engage in the following potocol: 1. U sets c 1 := C (U,Oi)e 1 G and c 2 := e 1 G d 2 G fo 1, 2 R {0, 1} 2ln, and sends c 1 and c 2 to V, 2. U engages with V in PK 2 id {(α, β, γ, δ, ε, ζ, ξ) :f G d (Oi,G) G = c α 1 /g β G h γ δ G e G c 2 = e G ε d G ζ 1=c 2 α /e G δ d G ξ α Λ β Γ γ }. Showing a cedential without identity of an oganization In ode to pove the possession of a cedential geneated by unning BIC U, G, both U and V un SC. They engage in the following potocol: 1. U sets c 1 := C (U,Oi)e 1 G and c 2 := e 1 G d 2 G fo 1, 2 R {0, 1} 2ln, and sends c 1 and c 2 to V, 2. U engages with V in PK 2 {(α, β, γ, δ, ε, ζ, ξ, η) :f G = c 1 α /g G β h G γ d G δ e G ε c 2 = e G ζ d G ξ 1=c 2 α /e G ε d G η α Λ β Γ γ }. Tansfeing a cedential with identity of an oganization In TC +, U poves the possession of C (U,Oi) on P (U,Oi) based on X U whee P (U,Xj) GP U(X U ),X j to X j G J : 1. U sets c 1 := C (U,Oi)e 1 GI and c 2 := e 1 GI d 2 GI fo 1, 2 R {0, 1} 2ln, and sends c 1 and c 2 to X j, 2. U engages with X j in PK 2 {(α, β, γ, δ, ε, ζ, ξ, η) :f GI d GI id (Oi,G I ) = c 1 α /g GI β h GI γ e GI δ fo P (U,Xj) in X j s database. c 2 = e GI ε d GI ζ 1=c 2 α /e GI δ d GI ξ P (U,Xj) = g GJ β h GJ η α Λ β Γ γ }, Tansfeing a cedential without identity of an oganization U poves the possession of a cedential geneated by unning BIC U, G I on a pseudonym based on X U whee P (U,Xj) GP U(X U ),X j :
12 1. U sets c 1 := C (U,Oi)e 1 GI and c 2 := e 1 GI d 2 GI fo 1, 2 R {0, 1} 2ln, and sends c 1 and c 2 to X j, 2. U engages with X j in PK 2 {(α, β, γ, δ, ε, ζ, ξ, η, ϕ) :f GI = c α 1 /g β GI h γ GI d δ ε GI e GI c 2 = e ζ ξ GI d GI 1=c α 2 /e ε η GI d GI P (U,Xj ) = g β ϕ GJ h GJ α Λ β Γ γ }, fo P (U,Xj ) in X j s database. 4 Poof of Secuity fo Ou Scheme In this section, we assess the secuity of ou pseudonym system. Unde the stong RSA assumption and the decisional Diffie-Hellman assumption modulo a safe pime poduct, the following technical lemmas about the potocols descibed ae stated hee: Lemma 3 The PK 2 {(α, β, γ, δ, ε, ζ, ϑ, ξ) :c 1 = d α G e β G c 2 = d γ G e δ G c 3 = d ε G e ζ G P (U,X) = g γ G h ϑ G (c 1 (d G ) 2l +1 2 )/(c l ) = d ϑ G e ξ G γ Γ ϑ } in GP is a statistical zeo-knowledge poof of knowledge of the coectly fomed values x U,s (U,X) that coespond to a pseudonym validating tag P (U,X). Lemma 4 The PK 2 potocols in SC,TC,SC +,SC,TC + and TC ae a statistical zeo-knowledge poof of knowledge of the pove s maste secet-key, coesponding secet infomation(s) and cedential in ight fom. The poofs of these Lemmas is closely elated to Lemma 1, 2 and 3 of [6], we only pove the secuity of the PK 2 potocol in TC hee. The othe poofs can easily infeed fom the following. Lemma 5 The PK 2 {(α, β, γ, δ, ε, ζ, ξ, η, ϕ) :f GI = c α 1 /g β GI h γ GI d δ GI e ε GI c 2 = e ζ GI d ξ GI 1 = c α 2 /e ε GI d η GI P (U,Xj ) = g β GJ h ϕ GJ α Λ β Γ γ } in TC is a statistical zeo-knowledge poof of knowledge of the values x Γ, s 1,s 2, E Λ, C, and y such that P (U,Xj ) = g x s GJ h 1 GJ (mod n GJ ), and C E = g x s GI h 2 GI d y GI f GI (mod n GI ). Poof. By the popeties of the PK 2 and the RSA assumption, the knowledge extacto can poduce values α, β, γ, δ, ε, ζ, ξ, η, ϕ such that the statement afte the colon holds. As c 2 = e GI ζ d GI ξ and 1 = c 2 α /e GI ε d GI η fom which we conclude that ζα = ε (mod od(e GI )), we have c 1 α /e GI ε = g GI β h GI γ d GI δ f G = (c 1 /e GI ζ ) α, whee α Λ, β Γ and γ. It follows that U must know a valid cedential c 1 /e GI ζ on a pseudonym. Futhemoe, fom P (U,Xj) = g GJ β h GJ η,it guaantees that both pseudonym P (U,Xj) and a pseudonym egisteed with O i ae based on the same maste secet key.
13 Lemma 6 The PK 2 {(α, β, γ, δ, ε, ζ, ξ, η) :P (U,G) = g G α h G β 1=P (U,G) γ /g G δ h G ε P (U,O i) = g G δ h G ζ P (U,O i) = cγ (e G E (U,Oi) ) ξ /(c 1 E (U,Oi) d G id (U,Oi ) f G ) γ α Γ, β } in BIC is a statistical zeo-knowledge poof of knowledge of the values x Γ, s,, and 3 such that P (U,G) = g G x h G s, c = E (U,O i ) P (U,Oi)d G id (Oi,G) f G and P (U,O i) = P (U,O i) 3. Poof. In the statement afte the colon, P (U,G) = g G α h G β and 1 = P (U,G) γ /g G δ h G ε fom which we conclude αγ δ (mod od(g G )). Fom P (U,O i) = cγ (e G E (U,Oi) ) ξ /(c 1 E (U,Oi) d G id (U,Oi) f G ) γ, we have c γ = g G δ h G ζ (c 1 E (U,Oi) d G id (Oi,G) f G ) γ /(e G E (U,Oi) ) ξ = {(c 1 /e G ξ/γ ) E (U,O i) g G α h G ζ/γ d G id (Oi,G) f G } γ.asα Γ and β, c is fomed collectly, by using the same key undelying P (U,G). 4.1 Desciption of the simulato We have to descibe simulato S fo ou scheme and then show that it satisfies Definition 1. The paties the advesay A contols ae subsumed into a single paty. We only descibe the simulato fo the advesay. Setup. Fo the goup manage G G and the oganization O G not contolled by A, S sets up thei secet and public-key (X G, Y G ), and (X (Oi,G), Y (Oi,G)) as dictated by the potocol. Futhemoe, S ceates an achive G o achive O whee it will ecod the cedentials of uses contolled by A with the goup manage o the oganization. It also initialized a list of uses contolled by A, list A. Geneation of a pseudonym with a goup. A use establishes a pseudonym with a goup manage G: (I) If a use is contolled by A, (i) S uses the knowledge extacto of Lemma 3 to discove the use s maste secet key x and the secet values s, (i-1) If x / list A, S ceates a new use U with login name L U, and obtains a pseudonym N (U,G), and a key K U coesponding to L U by inteaction with T. Denote (x, s) by(x U,s (U,G) ), S stoes (U, L U,x U,K U,N (U,G),s (U,G) )in list A, (ii-2) If x list A, S obtains N (U,G) fo this use U coesponding to x by inteaction with T, and adds N (U,G),s (U,G) := s to U s ecod. (II) If a goup manage G is contolled by A, S will use the zeo-knowledge simulato fom Lemma 3 to funish the A s view of the potocol. Issue a cedential on a pseudonym with a goup. A use equests a goup manage G to issue a cedential: (I) If a use is contolled by A, (i) upon eceiving a message fom T, S uns the knowledge extacto fo the poof of knowledge of step 1 of IC, to detemine the value x and s. Fo N coesponding to (x, s), (i-1) if N / list A, then S efuses to gant a cedential. (i-2) If N list A, then S issued the coect E and C by inteaction with T. S stoes the values (x U,s (U,G),E (U,G),C (U,G) ):=(x, s, E, C) inachive G. (II) If a goup manage G is contolled by A, S will un the zeo-knowledge simulato fo step 1 of IC, and continue the potocol as U would. If the use accepts, then S infoms T that the cedential was ganted.
14 Geneation of a pseudonym with an oganization. A use establishes a pseudonym with an oganization O G: This pat of the simulato can easily be infeed fom the pat fo the above Geneation of a pseudonym with a goup. Geneation of a poof of pseudonym s validity. A use equests an oganization O to gant a poof of pseudonym s validity: (I) If a use is contolled by A, (i) S uses the knowledge extacto fo PK of step 1 of GV to discove the use s key x and the value s.fon coesponding to (x, s), (i-1) If N/ list A, S efuses to gant a poof of pseudonym s validity. (i-2) If N list A, S gants σ by inteaction with T. (II) If an oganization O is contolled by A, S will un the zeo-knowledge simulato fo step 1 of GV, and continue the potocol as U would. Issue a cedential on a pseudonym with an oganization. A use equests a goup manage G G to issue a cedential with an oganization O G: (I) If a use is contolled by A, (i) upon eceiving a message fom T, S uns the knowledge extacto fo the poof of knowledge of step 1 of BIC to extact the value x, s (U,G),s (U,O) and. (i-1) If (x, s (U,G) ) / achive G, then S efuses to gant a cedential, (i-2) If (x, s (U,G) ) achive G, then S issues the coect c coesponding to E by executing the est of the G s side of it. S detemines C by c /. It stoes the values (x, s (U,O),C,E)inachive O. (II) If a use is contolled by A and an oganization O G is dishonest, (i) upon eceiving a message fom T, S uns the knowledge extacto fo the poof of knowledge of step 1 of BIC, to extact the value x, s (U,G),s and. S looks at achive O : (i-1) If (x, s) achive O, S denotes this use by U, (i-2) If (x, s) / achive O, let U be the use with x. S obtains N (U,O) by inteaction with T, (ii) S looks at achive G : (ii-1) If (x, s (U,G) ) / achive G, then S efuses to gant a cedential, (ii-2) If (x, s (U,G) ) achive G, then S issues the coect c coesponding to E by executing the est of the G s side of it. S detemines C by c /. It stoes the values (x, s (U,O),C,E)in achive O. (III) If an issuing goup manage G G contolled by A, S will un the zeo-knowledge simulato fo step 1 of BIC, and execute the est of the use s side of it. If the use accepts, then S infoms T that the cedential was ganted. Showing a cedential with identity of an oganization Showing a cedential without identity of an oganization Tansfeing a cedential with identity of an oganization These pats of the simulato can easily be infeed fom the pat fo Tansfeing a cedential without identity of an oganization that follows. Tansfeing a cedential without identity of an oganization. A use wants to show owneship of a cedential of a pseudonym with some oganization in a goup G I to an oganization O j G J : (I) If a use is contolled by A, (i) S uns O j s pat of TC, and extacts the values x, s (U,Oi),s (U,Oj ),E,C and y (Oi,G I) with the knowledge extacto of Lemma 5. (i-1) if (x, s (U,Oi),E,C) / achive Oi, S ejects, (i-2) If
15 (x, s (U,Oi),E,C) achive Oi, S communicates with T fo tansfeing a cedential by U. (II) If a use is contolled by A and an issuing goup manage G I is dishonest, (i) S uns O j side of CT with the knowledge extacto of Lemma 5 to obtain the values x, s, s (U,Oj),E,C and y, let O i be an oganization whose public-key is y. (i-1) If O j s side of the potocol eject, it does nothing, (i- 2) Othewise: (2-A-a) If x achive Oi, denote this use by U, (2-A-b) If x/ achive Oi, let U be the use with x, and S obtain N (U,Oi) by inteaction with T. (2-B) If (E,C) / achive Oi, then S uns BIC, adds the output to U s ecod. (2-C) S communicates with T fo tansfeing a cedential by U. (III) If a veification oganization O j is contolled by A, S uns the zeoknowledge simulato of Lemma 5 to do that. 4.2 Poof of Successful Simulation We show that ou simulato fails with negligible pobability only. We show in the following lemma that a tuple (x, s, E, C) the knowledge of which is essential fo poving possession of a cedential, is unfogeable even unde an adaptive attack. As these poofs can be found in [6], we leave out the poofs. Lemma 7 Unde the stong RSA assumption and the discete logaithm assumption modulo a safe pime poduct, if a polynomially bounded advesay succeeds in poving owneship of a valid cedential ecod (P, E, C) with a goup G, then this cedential ecod was ceated by unning GP, IC and TC with a goup manage G G. Lemma 8 Unde the stong RSA assumption, the discete logaithm assumption modulo a safe pime poduct and, if a polynomially bounded advesay succeeds in poving owneship of a valid cedential ecod (P, E, C) with an oganization O G, then this cedential ecod was ceated by unning GP and TC with an oganization O G, BIC with a goup manage G G. The statistical zeo-knowledge popety of the undelying potocols gives us Lemma 9 which in tun implies Theoem 10. Lemma 9 The view of the advesay in the eal potocol is statistically close to his view in the simulation. Theoem 10 Unde the stong RSA assumption, the decisional Diffie-Hellman assumption modulo a safe pime poduct, and the assumption that factoing is had, ou pseudonym system descibed above is secue. 5 Conclusion This pape pesents an anonymity-enhanced pseudonym system; a use can select a way to pove the possession of a cedential on a pseudonym with an oganization. We can add a mechanism: global anonymity evocation fo discoveing the
16 identity of a use whose tansactions ae illegal, o local anonymity evocation fo evealing a pseudonym of a use who misuses the cedential, in the same way as [6]. Refeences 1. D.Chaum, Secuity without identification: Tansaction systems to make big bothe obsolete, Communications of the ACM, vol. 28, , D.Chaum and J.-H.Evetse, A secue and pivacy - potecting potocol fo tansmitting pesonal infomation between oganizations, Poceedings of CRYPTO 86, vol. 263, , Spinge Velag, L.Chen, Access with pseudonyms, Cyptogaphy: Policy and Algoithms, vol. 1029, , Spinge Velag, I.B.Damgad, Payment systems and cedential mechanism with povable secuity against abuse by individuals, Poceedings of CRYPTO 88, vol. 403, , Spinge Velag, A.Lysyanskaya and R.Rivest and A.Sahai and S.Wolf, Pseudonym Systems, Selected Aeas in Cyptogaphy, vol. 1758, Spinge Velag, J.Camenisch and A.Lysyanskaya, Efficient non-tansfeable anonymous multishow cedential system with optional anonymity evocation, Poceedings of EU- ROCRYPT 2001, vol. 2045, , Spinge Velag, J.Camenisch and A.Lysyanskaya, Dynamic accumulatos and application to efficient evocation of anonymous cedentials, Poceedings of CRYPTO 2002, vol. 2442, 61 76, Spinge Velag, J.Camenisch and E.V.Heeweghen, Design and implementation of the idemix anonymous cedential system, ACM CCS 02, G.Ateniese and J.Camenisch and M.Joye and G.Tsudik, A pactical and povably secue coalition-esistant goup signatue scheme, Poceedings of CRYPTO 2000, vol. 1880, , Spinge Velag, C.P.Schno, Efficient signatue geneation fo smat cads, Jounal of Cyptology, vol. 4, , A.Fiat and A.Shami, How to pove youself: Pactical solution to identification and signatue poblems, Poceedings of CRYPTO 86, vol. 263, , Spinge Velag, E.Fujisaki and T.Okamoto, Statistical zeo knowledge potocols to pove modula polynomial elations, Poceedings of CRYPTO 97, vol. 1294, 16 30, Spinge Velag, J.Camenisch and M.Stadle, Efficient goup signatue schemes fo lage goups, Poceedings of CRYPTO 97, vol. 1294, , Spinge Velag, R.Came and V.Shoup, Signatue schemes based on the stong RSA assumption, Poceedings of 6th ACM Confeence on Compute and Communications Secuity, 46 52, ACM pess, M.Bellae and C.Nampempe and D.Pointcheval and M.Semanko, The Powe of RSA Invesion Oacles and the Secuity of Chaum s RSA-Based Blind Signatue Scheme, Poceedings of Financial Cyptogaphy 2001, vol. 2339, , Spinge Velag, 2001
10/04/18. P [P(x)] 1 negl(n).
Mastemath, Sping 208 Into to Lattice lgs & Cypto Lectue 0 0/04/8 Lectues: D. Dadush, L. Ducas Scibe: K. de Boe Intoduction In this lectue, we will teat two main pats. Duing the fist pat we continue the
More informationKey Establishment Protocols. Cryptography CS 507 Erkay Savas Sabanci University
Key Establishment Potocols Cyptogaphy CS 507 Ekay Savas Sabanci Univesity ekays@sabanciuniv.edu Key distibution poblem Secuity of the keys Even if the cyptogaphic algoithms & potocols ae cyptogaphically
More informationSecret Exponent Attacks on RSA-type Schemes with Moduli N = p r q
Secet Exponent Attacks on RSA-type Schemes with Moduli N = p q Alexande May Faculty of Compute Science, Electical Engineeing and Mathematics Univesity of Padebon 33102 Padebon, Gemany alexx@uni-padebon.de
More informationLecture 25: Pairing Based Cryptography
6.897 Special Topics in Cyptogaphy Instucto: Ran Canetti May 5, 2004 Lectue 25: Paiing Based Cyptogaphy Scibe: Ben Adida 1 Intoduction The field of Paiing Based Cyptogaphy has exploded ove the past 3 yeas
More informationConcurrent Blind Signatures without Random Oracles
Concuent Blind Signatues without Random Oacles Aggelos Kiayias Hong-Sheng Zhou Abstact We pesent a blind signatue scheme that is efficient and povably secue without andom oacles unde concuent attacks utilizing
More informationStanford University CS259Q: Quantum Computing Handout 8 Luca Trevisan October 18, 2012
Stanfod Univesity CS59Q: Quantum Computing Handout 8 Luca Tevisan Octobe 8, 0 Lectue 8 In which we use the quantum Fouie tansfom to solve the peiod-finding poblem. The Peiod Finding Poblem Let f : {0,...,
More informationProbablistically Checkable Proofs
Lectue 12 Pobablistically Checkable Poofs May 13, 2004 Lectue: Paul Beame Notes: Chis Re 12.1 Pobablisitically Checkable Poofs Oveview We know that IP = PSPACE. This means thee is an inteactive potocol
More informationNew problems in universal algebraic geometry illustrated by boolean equations
New poblems in univesal algebaic geomety illustated by boolean equations axiv:1611.00152v2 [math.ra] 25 Nov 2016 Atem N. Shevlyakov Novembe 28, 2016 Abstact We discuss new poblems in univesal algebaic
More informationNon-Transferable Proxy Re-Encryption Scheme
Title Non-Tansfeable Poxy Re-Encyption Scheme Autho(s) He, Y; Chim, TW; Hui, CK; Yiu, SM Citation The 5th IFIP Intenational Confeence on New Technologies, Mobility and Secuity (NTMS 12), Istanbul, Tukey,
More informationA more efficient secure event signature protocol for massively multiplayer online games based on P2P Dapeng Li1, a, Liang Hu1,b, and JianFeng Chu1,c
Intenational Foum on Mechanical, Contol and Automation (IFMCA 2016) A moe efficient secue event signatue potocol fo massively multiplaye online games based on P2P Dapeng Li1, a, Liang Hu1,b, and JianFeng
More informationProvable Security in Cryptography
Povable Secuity in Cyptogaphy Thomas Baignèes EPFL http://lasecwww.epfl.ch May 29, 2007 (ve. 25) These lectue notes ae a compilation of some of my eadings while I was pepaing two lectues given at EPFL
More informationCALCULATING THE NUMBER OF TWIN PRIMES WITH SPECIFIED DISTANCE BETWEEN THEM BASED ON THE SIMPLEST PROBABILISTIC MODEL
U.P.B. Sci. Bull. Seies A, Vol. 80, Iss.3, 018 ISSN 13-707 CALCULATING THE NUMBER OF TWIN PRIMES WITH SPECIFIED DISTANCE BETWEEN THEM BASED ON THE SIMPLEST PROBABILISTIC MODEL Sasengali ABDYMANAPOV 1,
More informationConstruction and Analysis of Boolean Functions of 2t + 1 Variables with Maximum Algebraic Immunity
Constuction and Analysis of Boolean Functions of 2t + 1 Vaiables with Maximum Algebaic Immunity Na Li and Wen-Feng Qi Depatment of Applied Mathematics, Zhengzhou Infomation Engineeing Univesity, Zhengzhou,
More informationLifting Private Information Retrieval from Two to any Number of Messages
Lifting Pivate Infomation Retieval fom Two to any umbe of Messages Rafael G.L. D Oliveia, Salim El Rouayheb ECE, Rutges Univesity, Piscataway, J Emails: d746@scaletmail.utges.edu, salim.elouayheb@utges.edu
More informationSome RSA-based Encryption Schemes with Tight Security Reduction
Some RSA-based Encyption Schemes with Tight Secuity Reduction Kaou Kuosawa 1 and Tsuyoshi Takagi 2 1 Ibaaki Univesity, 4-12-1 Nakanausawa, Hitachi, Ibaaki, 316-8511, Japan kuosawa@cis.ibaaki.ac.jp 2 Technische
More informationFunctions Defined on Fuzzy Real Numbers According to Zadeh s Extension
Intenational Mathematical Foum, 3, 2008, no. 16, 763-776 Functions Defined on Fuzzy Real Numbes Accoding to Zadeh s Extension Oma A. AbuAaqob, Nabil T. Shawagfeh and Oma A. AbuGhneim 1 Mathematics Depatment,
More informationCryptography. Primitives and Protocols. Aggelos Kiayias
P1 P2 P3 E E E IV C1 C2 C3 Aggelos Kiayias Cyptogaphy Pimitives and Potocols Based on notes by G. Panagiotakos, S. Pehlivanoglu, J. Todd, K. Samai, T. Zachaias and H.S. Zhou CONTENTS 1 Contents 1 Intoduction
More informationC/CS/Phys C191 Shor s order (period) finding algorithm and factoring 11/12/14 Fall 2014 Lecture 22
C/CS/Phys C9 Sho s ode (peiod) finding algoithm and factoing /2/4 Fall 204 Lectue 22 With a fast algoithm fo the uantum Fouie Tansfom in hand, it is clea that many useful applications should be possible.
More informationE E E. Aggelos Kiayias. Cryptography. Primitives and Protocols. Based on notes by S. Pehlivanoglu, J. Todd, K. Samari, T. Zacharias and H.S.
P1 P2 P3 E E E IV C1 C2 C3 Aggelos Kiayias Cyptogaphy Pimitives and Potocols Based on notes by S. Pehlivanoglu, J. Todd, K. Samai, T. Zachaias and H.S. Zhou CONTENTS 1 Contents 1 Intoduction 4 1.1 Flipping
More informationNew Finding on Factoring Prime Power RSA Modulus N = p r q
Jounal of Mathematical Reseach with Applications Jul., 207, Vol. 37, o. 4, pp. 404 48 DOI:0.3770/j.issn:2095-265.207.04.003 Http://jme.dlut.edu.cn ew Finding on Factoing Pime Powe RSA Modulus = p q Sadiq
More informationResearch Article On Alzer and Qiu s Conjecture for Complete Elliptic Integral and Inverse Hyperbolic Tangent Function
Abstact and Applied Analysis Volume 011, Aticle ID 697547, 7 pages doi:10.1155/011/697547 Reseach Aticle On Alze and Qiu s Conjectue fo Complete Elliptic Integal and Invese Hypebolic Tangent Function Yu-Ming
More informationMultiple Criteria Secretary Problem: A New Approach
J. Stat. Appl. Po. 3, o., 9-38 (04 9 Jounal of Statistics Applications & Pobability An Intenational Jounal http://dx.doi.og/0.785/jsap/0303 Multiple Citeia Secetay Poblem: A ew Appoach Alaka Padhye, and
More informationDo Managers Do Good With Other People s Money? Online Appendix
Do Manages Do Good With Othe People s Money? Online Appendix Ing-Haw Cheng Haison Hong Kelly Shue Abstact This is the Online Appendix fo Cheng, Hong and Shue 2013) containing details of the model. Datmouth
More informationAQI: Advanced Quantum Information Lecture 2 (Module 4): Order finding and factoring algorithms February 20, 2013
AQI: Advanced Quantum Infomation Lectue 2 (Module 4): Ode finding and factoing algoithms Febuay 20, 203 Lectue: D. Mak Tame (email: m.tame@impeial.ac.uk) Intoduction In the last lectue we looked at the
More informationRate Splitting is Approximately Optimal for Fading Gaussian Interference Channels
Rate Splitting is Appoximately Optimal fo Fading Gaussian Intefeence Channels Joyson Sebastian, Can Kaakus, Suhas Diggavi, I-Hsiang Wang Abstact In this pape, we study the -use Gaussian intefeence-channel
More informationANA BERRIZBEITIA, LUIS A. MEDINA, ALEXANDER C. MOLL, VICTOR H. MOLL, AND LAINE NOBLE
THE p-adic VALUATION OF STIRLING NUMBERS ANA BERRIZBEITIA, LUIS A. MEDINA, ALEXANDER C. MOLL, VICTOR H. MOLL, AND LAINE NOBLE Abstact. Let p > 2 be a pime. The p-adic valuation of Stiling numbes of the
More informationQIP Course 10: Quantum Factorization Algorithm (Part 3)
QIP Couse 10: Quantum Factoization Algoithm (Pat 3 Ryutaoh Matsumoto Nagoya Univesity, Japan Send you comments to yutaoh.matsumoto@nagoya-u.jp Septembe 2018 @ Tokyo Tech. Matsumoto (Nagoya U. QIP Couse
More informationNOTE. Some New Bounds for Cover-Free Families
Jounal of Combinatoial Theoy, Seies A 90, 224234 (2000) doi:10.1006jcta.1999.3036, available online at http:.idealibay.com on NOTE Some Ne Bounds fo Cove-Fee Families D. R. Stinson 1 and R. Wei Depatment
More informationQuantum Fourier Transform
Chapte 5 Quantum Fouie Tansfom Many poblems in physics and mathematics ae solved by tansfoming a poblem into some othe poblem with a known solution. Some notable examples ae Laplace tansfom, Legende tansfom,
More informationA STUDY OF HAMMING CODES AS ERROR CORRECTING CODES
AGU Intenational Jounal of Science and Technology A STUDY OF HAMMING CODES AS ERROR CORRECTING CODES Ritu Ahuja Depatment of Mathematics Khalsa College fo Women, Civil Lines, Ludhiana-141001, Punjab, (India)
More informationVanishing lines in generalized Adams spectral sequences are generic
ISSN 364-0380 (on line) 465-3060 (pinted) 55 Geomety & Topology Volume 3 (999) 55 65 Published: 2 July 999 G G G G T T T G T T T G T G T GG TT G G G G GG T T T TT Vanishing lines in genealized Adams spectal
More informationPearson s Chi-Square Test Modifications for Comparison of Unweighted and Weighted Histograms and Two Weighted Histograms
Peason s Chi-Squae Test Modifications fo Compaison of Unweighted and Weighted Histogams and Two Weighted Histogams Univesity of Akueyi, Bogi, v/noduslód, IS-6 Akueyi, Iceland E-mail: nikolai@unak.is Two
More informationSurveillance Points in High Dimensional Spaces
Société de Calcul Mathématique SA Tools fo decision help since 995 Suveillance Points in High Dimensional Spaces by Benad Beauzamy Januay 06 Abstact Let us conside any compute softwae, elying upon a lage
More informationOvercoming Weak Expectations
Ovecoming Weak Expectations Yevgeniy Dodis Depatment of Compute Science New Yok Univesity Email: dodis@cs.nyu.edu (Invited Pape) Yu Yu Institute fo Intedisciplinay Infomation Sciences Tsinghua Univesity,
More informationAnalytical Solutions for Confined Aquifers with non constant Pumping using Computer Algebra
Poceedings of the 006 IASME/SEAS Int. Conf. on ate Resouces, Hydaulics & Hydology, Chalkida, Geece, May -3, 006 (pp7-) Analytical Solutions fo Confined Aquifes with non constant Pumping using Compute Algeba
More informationMore Efficient Oblivious Transfer Extensions with Security for Malicious Adversaries
Moe Efficient Oblivious Tansfe Extensions with Secuity fo Malicious Advesaies Gilad Ashaov Yehuda Lindell Thomas Schneide Michael Zohne Hebew Univesity Ba-Ilan Univesity Damstadt Damstadt EUROCRYPT 2015
More informationChapter 3: Theory of Modular Arithmetic 38
Chapte 3: Theoy of Modula Aithmetic 38 Section D Chinese Remainde Theoem By the end of this section you will be able to pove the Chinese Remainde Theoem apply this theoem to solve simultaneous linea conguences
More informationDesign and Analysis of Password-Based Key Derivation Functions
Design and Analysis of Passwod-Based Key Deivation Functions 245 Fances F. Yao 1 and Yiqun Lisa Yin 2 1 Depatment of Compute Science, City Univesity of Hong Kong, Kowloon, Hong Kong csfyao@cityu.edu.hk
More information4/18/2005. Statistical Learning Theory
Statistical Leaning Theoy Statistical Leaning Theoy A model of supevised leaning consists of: a Envionment - Supplying a vecto x with a fixed but unknown pdf F x (x b Teache. It povides a desied esponse
More informationQUANTUM ALGORITHMS IN ALGEBRAIC NUMBER THEORY
QUANTU ALGORITHS IN ALGEBRAIC NUBER THEORY SION RUBINSTEIN-SALZEDO Abstact. In this aticle, we discuss some quantum algoithms fo detemining the goup of units and the ideal class goup of a numbe field.
More informationONE-POINT CODES USING PLACES OF HIGHER DEGREE
ONE-POINT CODES USING PLACES OF HIGHER DEGREE GRETCHEN L. MATTHEWS AND TODD W. MICHEL DEPARTMENT OF MATHEMATICAL SCIENCES CLEMSON UNIVERSITY CLEMSON, SC 29634-0975 U.S.A. E-MAIL: GMATTHE@CLEMSON.EDU, TMICHEL@CLEMSON.EDU
More informationConspiracy and Information Flow in the Take-Grant Protection Model
Conspiacy and Infomation Flow in the Take-Gant Potection Model Matt Bishop Depatment of Compute Science Univesity of Califonia at Davis Davis, CA 95616-8562 ABSTRACT The Take Gant Potection Model is a
More informationDesign and Analysis of Password-Based Key Derivation Functions
Design and Analysis of Passwod-Based Key Deivation Functions Fances F. Yao 1 and Yiqun Lisa Yin 2 1 Depatment of Compute Science City Univesity of Hong Kong Kowloon, Hong Kong Email: csfyao@cityu.edu.hk
More information3.1 Random variables
3 Chapte III Random Vaiables 3 Random vaiables A sample space S may be difficult to descibe if the elements of S ae not numbes discuss how we can use a ule by which an element s of S may be associated
More informationUsing Laplace Transform to Evaluate Improper Integrals Chii-Huei Yu
Available at https://edupediapublicationsog/jounals Volume 3 Issue 4 Febuay 216 Using Laplace Tansfom to Evaluate Impope Integals Chii-Huei Yu Depatment of Infomation Technology, Nan Jeon Univesity of
More informationCentral Coverage Bayes Prediction Intervals for the Generalized Pareto Distribution
Statistics Reseach Lettes Vol. Iss., Novembe Cental Coveage Bayes Pediction Intevals fo the Genealized Paeto Distibution Gyan Pakash Depatment of Community Medicine S. N. Medical College, Aga, U. P., India
More informationUnobserved Correlation in Ascending Auctions: Example And Extensions
Unobseved Coelation in Ascending Auctions: Example And Extensions Daniel Quint Univesity of Wisconsin Novembe 2009 Intoduction In pivate-value ascending auctions, the winning bidde s willingness to pay
More informationarxiv: v1 [math.co] 4 May 2017
On The Numbe Of Unlabeled Bipatite Gaphs Abdullah Atmaca and A Yavuz Ouç axiv:7050800v [mathco] 4 May 207 Abstact This pape solves a poblem that was stated by M A Haison in 973 [] This poblem, that has
More informationE E E. Aggelos Kiayias. Cryptography. Primitives and Protocols. Notes by S. Pehlivanoglu, J. Todd, and H.S. Zhou
P1 P2 P3 E E E IV C1 C2 C3 Aggelos Kiayias Cyptogaphy Pimitives and Potocols Notes by S. Pehlivanoglu, J. Todd, and H.S. Zhou CONTENTS 1 Contents 2 1 Intoduction To begin discussing the basic popeties
More informationarxiv: v1 [math.co] 1 Apr 2011
Weight enumeation of codes fom finite spaces Relinde Juius Octobe 23, 2018 axiv:1104.0172v1 [math.co] 1 Ap 2011 Abstact We study the genealized and extended weight enumeato of the - ay Simplex code and
More informationLocalization of Eigenvalues in Small Specified Regions of Complex Plane by State Feedback Matrix
Jounal of Sciences, Islamic Republic of Ian (): - () Univesity of Tehan, ISSN - http://sciencesutaci Localization of Eigenvalues in Small Specified Regions of Complex Plane by State Feedback Matix H Ahsani
More informationFUSE Fusion Utility Sequence Estimator
FUSE Fusion Utility Sequence Estimato Belu V. Dasaathy Dynetics, Inc. P. O. Box 5500 Huntsville, AL 3584-5500 belu.d@dynetics.com Sean D. Townsend Dynetics, Inc. P. O. Box 5500 Huntsville, AL 3584-5500
More informationEquivocal Blind Signatures and Adaptive UC-Security
Equivocal Blind Signatues and Adaptive UC-Secuity Aggelos Kiayias Hong-Sheng Zhou Septembe 4, 2007 Abstact We study the design of adaptively secue blind signatues in the univesal composability (UC) setting.
More informationCryptography. Lecture 11. Arpita Patra
Cptogaph Lectue Apita Pata Geneic Results in PK Wold CPA Secuit CCA Secuit Bit Encption Man-bit Encption Bit Encption Man-Bit Encption Π CPA-secue KEM Π SKE COA-secue SKE Π Hb CPA-secue Π CCA-secue KEM
More informationGradient-based Neural Network for Online Solution of Lyapunov Matrix Equation with Li Activation Function
Intenational Confeence on Infomation echnology and Management Innovation (ICIMI 05) Gadient-based Neual Netwok fo Online Solution of Lyapunov Matix Equation with Li Activation unction Shiheng Wang, Shidong
More informationON THE INVERSE SIGNED TOTAL DOMINATION NUMBER IN GRAPHS. D.A. Mojdeh and B. Samadi
Opuscula Math. 37, no. 3 (017), 447 456 http://dx.doi.og/10.7494/opmath.017.37.3.447 Opuscula Mathematica ON THE INVERSE SIGNED TOTAL DOMINATION NUMBER IN GRAPHS D.A. Mojdeh and B. Samadi Communicated
More informationRelating Branching Program Size and. Formula Size over the Full Binary Basis. FB Informatik, LS II, Univ. Dortmund, Dortmund, Germany
Relating Banching Pogam Size and omula Size ove the ull Binay Basis Matin Saueho y Ingo Wegene y Ralph Wechne z y B Infomatik, LS II, Univ. Dotmund, 44 Dotmund, Gemany z ankfut, Gemany sauehof/wegene@ls.cs.uni-dotmund.de
More informationOn Polynomials Construction
Intenational Jounal of Mathematical Analysis Vol., 08, no. 6, 5-57 HIKARI Ltd, www.m-hikai.com https://doi.og/0.988/ima.08.843 On Polynomials Constuction E. O. Adeyefa Depatment of Mathematics, Fedeal
More informationA Bijective Approach to the Permutational Power of a Priority Queue
A Bijective Appoach to the Pemutational Powe of a Pioity Queue Ia M. Gessel Kuang-Yeh Wang Depatment of Mathematics Bandeis Univesity Waltham, MA 02254-9110 Abstact A pioity queue tansfoms an input pemutation
More informationGoodness-of-fit for composite hypotheses.
Section 11 Goodness-of-fit fo composite hypotheses. Example. Let us conside a Matlab example. Let us geneate 50 obsevations fom N(1, 2): X=nomnd(1,2,50,1); Then, unning a chi-squaed goodness-of-fit test
More informationCHARIOT: Cloud-Assisted Access Control for the Internet of Things
CHARIOT: Cloud-Assisted Access Contol fo the Intenet of Things Clémentine Gitti Euecom Sophia Antipolis, Fance gitti@euecom.f Melek Önen Euecom Sophia Antipolis, Fance onen@euecom.f Refik Molva Euecom
More informationExperiment I Voltage Variation and Control
ELE303 Electicity Netwoks Expeiment I oltage aiation and ontol Objective To demonstate that the voltage diffeence between the sending end of a tansmission line and the load o eceiving end depends mainly
More informationAppraisal of Logistics Enterprise Competitiveness on the Basis of Fuzzy Analysis Algorithm
Appaisal of Logistics Entepise Competitiveness on the Basis of Fuzzy Analysis Algoithm Yan Zhao, Fengge Yao, Minming She Habin Univesity of Commece, Habin, Heilongjiang 150028, China, zhaoyan2000@yahoo.com.cn
More informationA Simple Model of Communication APIs Application to Dynamic Partial-order Reduction
Simple Model of Communication PIs pplication to Dynamic Patial-ode Reduction Cistian Rosa Stephan Mez Matin Quinson VOCS 2010 22/09/2010 1 / 18 Motivation Distibuted lgoithms ae had to get ight: lack of
More informationThe Iterated Random Function Problem,
The Iteated Random Function Poblem, Ritam Bhaumik 1, ilanjan Datta 2, Avijit Dutta 1, icky Mouha 3,4, and Midul andi 1 1 Indian Statistical Institute, Kolkata, India. 2 Indian Institute of Technology,
More informationLecture 18: Graph Isomorphisms
INFR11102: Computational Complexity 22/11/2018 Lectue: Heng Guo Lectue 18: Gaph Isomophisms 1 An Athu-Melin potocol fo GNI Last time we gave a simple inteactive potocol fo GNI with pivate coins. We will
More informationKOEBE DOMAINS FOR THE CLASSES OF FUNCTIONS WITH RANGES INCLUDED IN GIVEN SETS
Jounal of Applied Analysis Vol. 14, No. 1 2008), pp. 43 52 KOEBE DOMAINS FOR THE CLASSES OF FUNCTIONS WITH RANGES INCLUDED IN GIVEN SETS L. KOCZAN and P. ZAPRAWA Received Mach 12, 2007 and, in evised fom,
More informationA Converse to Low-Rank Matrix Completion
A Convese to Low-Rank Matix Completion Daniel L. Pimentel-Alacón, Robet D. Nowak Univesity of Wisconsin-Madison Abstact In many pactical applications, one is given a subset Ω of the enties in a d N data
More informationON INDEPENDENT SETS IN PURELY ATOMIC PROBABILITY SPACES WITH GEOMETRIC DISTRIBUTION. 1. Introduction. 1 r r. r k for every set E A, E \ {0},
ON INDEPENDENT SETS IN PURELY ATOMIC PROBABILITY SPACES WITH GEOMETRIC DISTRIBUTION E. J. IONASCU and A. A. STANCU Abstact. We ae inteested in constucting concete independent events in puely atomic pobability
More informationComputer Security Laboratory Concordia Institute for Information Systems Engineering Concordia University, Montreal (QC), Canada
2005 Intenational Confeence on Wieless Netwoks, Communications and Mobile Computing Impoving the Diffie-Heliman Secue Key Exchange P. Bhattachaya, M. Debbabi and H. Otok Compute Secuity Laboatoy Concodia
More informationLecture 7. Public Key Cryptography (Diffie-Hellman and RSA)
Lectue 7 Pulic Key Cytogahy (Diffie-Hellman and RSA) 1 Pulic Key Cytogahy Asymmetic cytogahy Invented in 1974-1978 (Diffie-Hellman and Rivest-Shami- Adleman) Two keys: ivate (SK), ulic (PK) Encytion: with
More informationA scaling-up methodology for co-rotating twin-screw extruders
A scaling-up methodology fo co-otating twin-scew extudes A. Gaspa-Cunha, J. A. Covas Institute fo Polymes and Composites/I3N, Univesity of Minho, Guimaães 4800-058, Potugal Abstact. Scaling-up of co-otating
More informationOn the Quasi-inverse of a Non-square Matrix: An Infinite Solution
Applied Mathematical Sciences, Vol 11, 2017, no 27, 1337-1351 HIKARI Ltd, wwwm-hikaicom https://doiog/1012988/ams20177273 On the Quasi-invese of a Non-squae Matix: An Infinite Solution Ruben D Codeo J
More informationBounds for Codimensions of Fitting Ideals
Ž. JOUNAL OF ALGEBA 194, 378 382 1997 ATICLE NO. JA966999 Bounds fo Coensions of Fitting Ideals Michał Kwiecinski* Uniwesytet Jagiellonski, Instytut Matematyki, ul. eymonta 4, 30-059, Kakow, Poland Communicated
More informationA Deep Convolutional Neural Network Based on Nested Residue Number System
A Deep Convolutional Neual Netwok Based on Nested Residue Numbe System Hioki Nakahaa Ehime Univesity, Japan Tsutomu Sasao Meiji Univesity, Japan Abstact A pe-tained deep convolutional neual netwok (DCNN)
More informationFixed Argument Pairing Inversion on Elliptic Curves
Fixed Agument Paiing Invesion on Elliptic Cuves Sungwook Kim and Jung Hee Cheon ISaC & Dept. of Mathematical Sciences Seoul National Univesity Seoul, Koea {avell7,jhcheon}@snu.ac.k Abstact. Let E be an
More information1 Explicit Explore or Exploit (E 3 ) Algorithm
2.997 Decision-Making in Lage-Scale Systems Mach 3 MIT, Sping 2004 Handout #2 Lectue Note 9 Explicit Exploe o Exploit (E 3 ) Algoithm Last lectue, we studied the Q-leaning algoithm: [ ] Q t+ (x t, a t
More informationMethod for Approximating Irrational Numbers
Method fo Appoximating Iational Numbes Eic Reichwein Depatment of Physics Univesity of Califonia, Santa Cuz June 6, 0 Abstact I will put foth an algoithm fo poducing inceasingly accuate ational appoximations
More informationTHE JEU DE TAQUIN ON THE SHIFTED RIM HOOK TABLEAUX. Jaejin Lee
Koean J. Math. 23 (2015), No. 3, pp. 427 438 http://dx.doi.og/10.11568/kjm.2015.23.3.427 THE JEU DE TAQUIN ON THE SHIFTED RIM HOOK TABLEAUX Jaejin Lee Abstact. The Schensted algoithm fist descibed by Robinson
More information16 Modeling a Language by a Markov Process
K. Pommeening, Language Statistics 80 16 Modeling a Language by a Makov Pocess Fo deiving theoetical esults a common model of language is the intepetation of texts as esults of Makov pocesses. This model
More informationA NEW VARIABLE STIFFNESS SPRING USING A PRESTRESSED MECHANISM
Poceedings of the ASME 2010 Intenational Design Engineeing Technical Confeences & Computes and Infomation in Engineeing Confeence IDETC/CIE 2010 August 15-18, 2010, Monteal, Quebec, Canada DETC2010-28496
More informationLecture 28: Convergence of Random Variables and Related Theorems
EE50: Pobability Foundations fo Electical Enginees July-Novembe 205 Lectue 28: Convegence of Random Vaiables and Related Theoems Lectue:. Kishna Jagannathan Scibe: Gopal, Sudhasan, Ajay, Swamy, Kolla An
More informationDuality between Statical and Kinematical Engineering Systems
Pape 00, Civil-Comp Ltd., Stiling, Scotland Poceedings of the Sixth Intenational Confeence on Computational Stuctues Technology, B.H.V. Topping and Z. Bittna (Editos), Civil-Comp Pess, Stiling, Scotland.
More informationHidden Identity-Based Signatures
Hidden Identity-Based Signatues ggelos Kiayias Hong-Sheng Zhou bstact This pape intoduces Hidden Identity-based Signatues (Hidden-IBS), a type of digital signatues that povide mediated signe-anonymity
More informationHua Xu 3 and Hiroaki Mukaidani 33. The University of Tsukuba, Otsuka. Hiroshima City University, 3-4-1, Ozuka-Higashi
he inea Quadatic Dynamic Game fo Discete-ime Descipto Systems Hua Xu 3 and Hioai Muaidani 33 3 Gaduate School of Systems Management he Univesity of suuba, 3-9- Otsua Bunyo-u, oyo -0, Japan xuhua@gssm.otsua.tsuuba.ac.jp
More information( ) [ ] [ ] [ ] δf φ = F φ+δφ F. xdx.
9. LAGRANGIAN OF THE ELECTROMAGNETIC FIELD In the pevious section the Lagangian and Hamiltonian of an ensemble of point paticles was developed. This appoach is based on a qt. This discete fomulation can
More informationSolving Some Definite Integrals Using Parseval s Theorem
Ameican Jounal of Numeical Analysis 4 Vol. No. 6-64 Available online at http://pubs.sciepub.com/ajna///5 Science and Education Publishing DOI:.69/ajna---5 Solving Some Definite Integals Using Paseval s
More informationEnumerating permutation polynomials
Enumeating pemutation polynomials Theodoulos Gaefalakis a,1, Giogos Kapetanakis a,, a Depatment of Mathematics and Applied Mathematics, Univesity of Cete, 70013 Heaklion, Geece Abstact We conside thoblem
More informationOn the integration of the equations of hydrodynamics
Uebe die Integation de hydodynamischen Gleichungen J f eine u angew Math 56 (859) -0 On the integation of the equations of hydodynamics (By A Clebsch at Calsuhe) Tanslated by D H Delphenich In a pevious
More informationQuasi-Randomness and the Distribution of Copies of a Fixed Graph
Quasi-Randomness and the Distibution of Copies of a Fixed Gaph Asaf Shapia Abstact We show that if a gaph G has the popety that all subsets of vetices of size n/4 contain the coect numbe of tiangles one
More informationMultiple Experts with Binary Features
Multiple Expets with Binay Featues Ye Jin & Lingen Zhang Decembe 9, 2010 1 Intoduction Ou intuition fo the poect comes fom the pape Supevised Leaning fom Multiple Expets: Whom to tust when eveyone lies
More informationJournal of Inequalities in Pure and Applied Mathematics
Jounal of Inequalities in Pue and Applied Mathematics COEFFICIENT INEQUALITY FOR A FUNCTION WHOSE DERIVATIVE HAS A POSITIVE REAL PART S. ABRAMOVICH, M. KLARIČIĆ BAKULA AND S. BANIĆ Depatment of Mathematics
More informationAnonymous return route information for onion based mix-nets
Anonymous etun oute infomation fo onion based mix-nets ABSTRACT Yoshifumi Manabe NTT Communication Science Laboatoies NTT Copoation Atsugi Kanagawa 239-0198 Japan manabeyoshifumi@labnttcojp This pape poposes
More informationOn decompositions of complete multipartite graphs into the union of two even cycles
On decompositions of complete multipatite gaphs into the union of two even cycles A. Su, J. Buchanan, R. C. Bunge, S. I. El-Zanati, E. Pelttai, G. Rasmuson, E. Spaks, S. Tagais Depatment of Mathematics
More informationMarkscheme May 2017 Calculus Higher level Paper 3
M7/5/MATHL/HP3/ENG/TZ0/SE/M Makscheme May 07 Calculus Highe level Pape 3 pages M7/5/MATHL/HP3/ENG/TZ0/SE/M This makscheme is the popety of the Intenational Baccalaueate and must not be epoduced o distibuted
More informationChannel matrix, measurement matrix and collapsed matrix. in teleportation
Channel matix, measuement matix and collapsed matix in telepotation XIN-WEI ZHA, JIAN-XIA QI and HAI-YANG SONG School of Science, Xi an Univesity of Posts and Telecommunications, Xi an, 71011, P R China
More informationA Multivariate Normal Law for Turing s Formulae
A Multivaiate Nomal Law fo Tuing s Fomulae Zhiyi Zhang Depatment of Mathematics and Statistics Univesity of Noth Caolina at Chalotte Chalotte, NC 28223 Abstact This pape establishes a sufficient condition
More informationConservative Averaging Method and its Application for One Heat Conduction Problem
Poceedings of the 4th WSEAS Int. Conf. on HEAT TRANSFER THERMAL ENGINEERING and ENVIRONMENT Elounda Geece August - 6 (pp6-) Consevative Aveaging Method and its Application fo One Heat Conduction Poblem
More informationDeterministic vs Non-deterministic Graph Property Testing
Deteministic vs Non-deteministic Gaph Popety Testing Lio Gishboline Asaf Shapia Abstact A gaph popety P is said to be testable if one can check whethe a gaph is close o fa fom satisfying P using few andom
More informationTo Feel a Force Chapter 7 Static equilibrium - torque and friction
To eel a oce Chapte 7 Chapte 7: Static fiction, toque and static equilibium A. Review of foce vectos Between the eath and a small mass, gavitational foces of equal magnitude and opposite diection act on
More information