Improved Information Set Decoding Decoding Random Linear Codes in O(20.054n)
|
|
- Domenic Thornton
- 5 years ago
- Views:
Transcription
1 Imroved Information Set Decoding Decoding Random Linear Codes in O(2.54n) Alexander May, Alexander Meurer, Enrico Thomae ASIACRYPT 211, Seoul HORST GÖRTZ INSTITUTE FOR IT-SECURITY FACULTY OF MATHEMATICS Deartment for IT-Security and Crytology
2 Reca Binary Linear Codes A binary linear code C is a k-dimensional subsace of F2n n Generator matrix G =k /1 C = { xt G : x 2 F2k } n Parity check matrix H = n-k /1 C = { H c = : c 2 F2n }
3 Reca Binary Linear Codes A binary linear code C is a k-dimensional subsace of F2n n Generator matrix G =k /1 C = { xt G : x 2 F2k } n Parity check matrix H = n-k /1 C = { H c = : c 2 F2n } Minimum distance d = minx y2c{ wt(x+y) } C is called binary [n,k,d] code. d x y
4 Reca Binary Linear Codes n A binary linear code C is a k-dimensional subsace of F 2 Running Running time time of of decoding decoding algorithms: algorithms: T(n,k,d) T(n,k,d) n In this talk: Analysis for random binary linear In this talk: Analysis for random binary linear k / 1 Generator matrix G = C = { xt G : x 2 F2k } codes codes with with constant constant rate rate R=k/n R=k/n n For For n, n, kk and and dd are are related related via via GilbertGilbertVarshamov bound, Varshamov bound, thus thus Parity check matrix H = n-k / 1 C = { H c = : c 2 F2n } T(n,k,d) T(n,k,d) == T(n,k) T(n,k) We We comare comare algorithms algorithms by by their their comlexity comlexity Minimum distance d i.e. =i.e.minc2c{ wt(c) } coeffcient F(k), coeffcient F(k), F(k)n F(k)n T(n,k) == O(2 )) Such C is called binary [n,k,d] T(n,k) O(2code. d x y
5 Scenario (Bounded Distance Decoding) 4 5 d-1 Obtain x = c + e with c 2 C and w := wt(e) = 2 x Goal: Find e and thus c = x + e 4 5 d-1 2 Consider syndrome s := s(x) = H x = H (c+e) = H e Find linear combination of w columns of H matching s weight w n n-k H = + + = s c
6 Scenario (Bounded Distance Decoding) 4 5 d-1 Obtain x = c + e with c 2 C and w := wt(e) = 2 x Goal: Find e and thus c = x + e 4 5 d-1 2 c Consider syndrome s := s(x) = H x = H (c+e) = H e Find linear combination of w columns of H matching s weight w n n-k H Brute-Force Brute-Force comlexity comlexity = + + n s T(n,k,d) T(n,k,d) == w =
7 Scenario (Bounded Distance Decoding) 4 5 d-1 Obtain x = c + e with c 2 C and w := wt(e) = 2 x Goal: Find e and thus c = x + e 4 5 d-1 2 Consider syndrome s := s(x) = H x = H (c+e) = H e Find linear combination of w columns of H matching s weight w n n-k H Comlexity Comlexity = + s F(k) = c
8 Some very basic observations Allowed (linear algebra) transformations Permuting the columns of H does not change the roblem
9 Some very basic observations Allowed (linear algebra) transformations Permuting the columns of H does not change the roblem weight w n n-k H = s
10 Some very basic observations Allowed (linear algebra) transformations Permuting the columns of H does not change the roblem weight w n n-k H = s
11 Some very basic observations Allowed (linear algebra) transformations Permuting the columns of H does not change the roblem Elementary row oerations on H do not change the roblem
12 Some very basic observations Allowed (linear algebra) transformations Permuting the columns of H does not change the roblem Elementary row oerations on H do not change the roblem weight w n n-k H = s
13 Some very basic observations Allowed (linear algebra) transformations Permuting the columns of H does not change the roblem Elementary row oerations on H do not change the roblem weight w n UG n-k H Invertible (n-k)x(n-k) matrix = UG s
14 Randomized systematic form From now on, we work on a randomly column-ermuted version of H in systematic form (n-k) x k matrix UG * H = * Q In-k UP (n-k)-dimensional idendity matrix
15 Basic Information Set Decoding ''Reducing the brute-force search sace by linear algebra.''
16 Basic Information Set Decoding Fundamental rincile: Randomization: transform H into column-ermuted systematic form H Q In-k Search hase: Try to fnd solution e = weight w weight w Q In-k = s If no solution found: Rerandomize and try again!, i.e.
17 Basic Information Set Decoding Fundamental rincile: Randomization: transform H into column-ermuted systematic form H Q In-k -1 T(n,k,d) T(n,k,d) == Pr[ good Pr[ good randomization] randomization]-1 xx C[Search] C[Search] Search hase: Try to fnd solution e = weight w weight w Q In-k = s If no solution found: Rerandomize and try again!, i.e.
18 Classical ISD variants Lee-Brickel (1988) w- k n-k Q In-k = s Brute force on Q, i.e. search e'= If so, fll u e''= w- with wt(qe'+s) = w- with remaining (w-) 1's
19 Classical ISD variants Lee-Brickel (1988) w- e' k n-k k Q In-k = s Q + s = e'' wt(qe'+s) = w- Brute force on Q, i.e. search e'= If so, fll u e''= w- with wt(qe'+s) = w- with remaining (w-) 1's
20 Classical ISD variants Lee-Brickel (1988) w- e' k n-k k Q In-k = s Q + s = e'' wt(qe'+s) = w T(n,k,d) = Pr[ good randomization] xxwith C[Brute force] T(n,k,d) = Pr[ good randomization] C[Brute force]= w- Brute force on Q, i.e. search e'= 1 wt(qe'+s) If so, fll u e''= == w- k n k with w remaining n w w- xx 1's k
21 Classical ISD variants Lee-Brickel (1988) w- e' k n-k k Q In-k = s Q + s = e'' wt(qe'+s) = w- Comlexity (bounded distance decoding) (bounded decoding) Brute forcecomlexity on Q, i.e. search e'= distance with wt(qe'+s) = w- If so, fll u e''= remaining w- 1's F(k) with.5751 w-
22 Classical ISD variants Stern (1989) Meet-in-the-middle on Q /2 /2 w- k/2 k/2 l n-k-l q1,, qk Q' In-k = s
23 Classical ISD variants Stern (1989) /2 Find with Find e'= e'= /2 with Qe'=s' Qe'=s' on on frst frst ll coordinates, coordinates, i.e. i.e. /2 Meet-in-the-middle on Q /2 /2 w- k/2 k/2 l n-k-l q1,, qk Q' In-k /2 = Q' = s s' q1,, qk * : * via via standard standard sort sort & & match match qi i I 1 k I 1 [ 1,, ] 2 match qi s ' i I 2 k I 2 [ 1,, k ] 2
24 Classical ISD variants Stern (1989) Meet-in-the-middle on Q /2 /2 w- k/2 k/2 l n-k-l q1,, qk Q' In-k /2 /2 w- q1,, qk = s Q' + s = In-k
25 Classical ISD variants Stern (1989) Meet-in-the-middle on Q /2 /2 w- k/2 k/2 l n-k-l q1,, qk Q' In-k = s w- s' * : * + s = In-k
26 Classical ISD variants Stern (1989) Meet-in-the-middle on Q /2 /2 w- k/2 k/2 l n-k-l q1,, qk Q' In-k = s w- s' * : * + s = * : * = e'' In-k
27 Classical ISD variants Stern (1989) Meet-in-the-middle on Q /2 /2 w- k/2 k/2 l n-k-l q1,, qk Q' In-k T(n,k,d) T(n,k,d) = s == == s' * : * + s = -1 Pr[ good randomization] Pr[ good randomization]-1 xxc[mitm] C[MitM] [ 2 k / 2 n k l / 2 w n w w- ] 1 * xx: * k=/2 e'' /2 In-k
28 Classical ISD variants Stern (1989) Meet-in-the-middle on Q /2 /2 w- k/2 k/2 l n-k-l q1,, qk Q' In-k = s s' * : * + s = Comlexity Comlexity (bounded (bounded distance distance decoding) decoding) F(k).5563 w- * : * = e'' In-k
29 Wraing u so far Different methods search for different error-distributions Lee-Brickel (1988) Stern (1989) /2 w- /2 w-
30 Wraing u so far Different methods search for different error-distributions Lee-Brickel (1988) Stern (1989) /2 w- /2 w- Recently: Ball-collision decoding (CRYPTO11) by Bernstein et al. Imroving Pr[good rand.] by allowing q extra 1's within the length l zero-window F(k).5558 /2 /2 q/2 q/2 w--q
31 Wraing u so far Different methods search for different error-distributions Lee-Brickel (1988) Stern (1989) /2 w- /2 w- Recently: Ball-collision decoding (CRYPTO11) by Bernstein et al. Imroving Pr[good rand.] by allowing q extra 1's within the length l zero-window /2 /2 q/2 q/2 w--q F(k).5558 Both Stern and BallColl imrove runtime at the cost of increased sace consumtion ( see aer for details)
32 Wraing u so far Asymtotic comlexity (Bounded Distance Decoding) Lee-Brickel F(k) =.5751 Stern F(k) =.5563 BallColl F(k) =.5558
33 Our New Algorithm
34 Generalized ISD framework Starting oint: Generalized ISD framework of Finiasz and Sendrier (ASIACRYPT 29) Observation: Since frst l columns of In-k can not be used in Stern's algorithm, we can simly shift them to the Q-art of H
35 Generalized ISD framework Starting oint: Generalized ISD framework of Finiasz and Sendrier (ASIACRYPT 29) Observation: Since frst l columns of In-k can not be used in Stern's algorithm, we can simly shift them to the Q-art of H k H= Q n-k In-k
36 Generalized ISD framework Starting oint: Generalized ISD framework of Finiasz and Sendrier (ASIACRYPT 29) Observation: Since frst l columns of In-k can not be used in Stern's algorithm, we can simly shift them to the Q-art of H k+l n-k-l H= Q In-k-l l rows
37 Generalized ISD framework Major subroblem: Finding exactly columns amongst q1,..., qk+l matching s on it's frst l coordinates s' k+l n-k-l q1,..., qk+l Q' In-k-l H= l rows
38 Generalized ISD framework Major subroblem: Finding exactly columns amongst q1,..., qk+l matching s on it's frst l coordinates s' Stern divides the qi into disjoint sets, i.e. searches index sets k l k l q i qi =s ' I 1 [1,, ] and I 2 [ 1,, k l] with 2 2 i I 1 i I 2 k+l n-k-l q1,..., qk+l Q' In-k-l H= l rows
39 Our New Algorithm Main contribution: More effcient non-disjoint matching insired by reresentation technique of Howgrave-Graham and Joux (in the context of subset sum algorithms), i.e. ick q i qi =s ' and I 1, I 2 [1,, k l ] with I j = 2 i I 1 i I 2 k+l n-k-l q1,..., qk+l Q' In-k-l H= l rows
40 The reresentation trick in detail k+l Aim: Find such that weight k+l q1,..., qk+l There are = ways of decomosing /2 /2 /2, It suffces to fnd one of them! /2 /2 s1' : sl',..., e.g.
41 How can we roft from reresentations? w- k+l n-k-l q1,..., qk+l Q' In-k-l equivalent solutions /2 / 2 k l from k l to /2 /2 Advantage: Every solution exands into Disadvantage: Search sace grows Goal: Find one solution via Divide & Conquer strategy Rule of thumb: We get better if k l /2 k l / 2 /2 /2
42 How can we roft from reresentations? w- k+l n-k-l q1,..., qk+l Q' In-k-l Advantage: Every solution exands into equivalent solutions Comlexity /2 Comlexity / 2 k l Disadvantage: Search sace grows from k l * to= e'' / / 2 : T(n,k,d) = Pr[ good randomization] x C[ReTrick] T(n,k,d) = Pr[ good randomization] x C[ReTrick] * attack (Wagner) Goal: Find one solution via Generalized Birthday k l k l n k l k l == / 2 k l / 2 xx Rule of thumb: We get better if /2 / 2 [ ] 1 w n w /2 /2
43 How can we roft from reresentations? w- k+l n-k-l q1,..., qk+l Q' In-k-l equivalent solutions /2 k l / 2 k l Disadvantage: Search sace grows from to * = Comlexity (bounded distance decoding) Comlexity (bounded distance decoding) /e'' 2 /2 Advantage: Every solution exands into Goal: Find one solution via Generalized Rule of thumb: We get better if : Birthday* k l F(k).5364 /2 /2 k l / 2 /2 attack (Wagner)
44 Comlexity comarison Asymtotic comlexitiy (Bounded Distance Decoding) Lee-Brickel F(k) =.5751 BallColl F(k) =.5558 MMT F(k) =.5364
45 Summary Asymtotically fastest generic decoding algorithm Not a mere time-memory trade-off ( see aer) First alication of HGJ reresentation trick to a different scenario Oen questions Precise analysis w.r.t. olynomial factors (e.g. linear algebra) Transfer Bernstein's seed-u tricks for Stern's algorithm What is the real break even oint comared to other methods?
46 Summary Asymtotically fastest generic decoding algorithm Not a mere time-memory trade-off ( see aer) First alication of HGJ reresentation trick to a different scenario Thank you! Oen questions Precise analysis w.r.t. olynomial factors (e.g. linear algebra) Transfer Bernstein's seed-u tricks for Stern's algorithm What is the real break even oint comared to other methods?
Decoding Random Binary Linear Codes in 2n/20 How 1+1=0 Improves Information Set Decoding
Decoding Random Binary Linear Codes in 2n/20 How 1+1=0 Improves Information Set Decoding A. Becker, A. Joux, A. May, A. Meurer EUROCRYPT 2012, Cambridge The Representation Technique [HGJ10] How to fnd
More informationHow to improve information set decoding exploiting that = 0 mod 2
How to improve information set decoding exploiting that 1 + 1 = 0 mod 2 Anja Becker Postdoc at EPFL Seminar CCA January 11, 2013, Paris Representation Find unique solution to hard problem in cryptography
More informationDecoding One Out of Many
Decoding One Out of Many Nicolas Sendrier INRIA Paris-Rocquencourt, équipe-projet SECRET Code-based Cryptography Workshop 11-12 May 2011, Eindhoven, The Netherlands Computational Syndrome Decoding Problem:
More informationBall-collision decoding
Ball-collision decoding Christiane Peters Technische Universiteit Eindhoven joint work with Daniel J. Bernstein and Tanja Lange Oberseminar Cryptography and Computer Algebra TU Darmstadt November 8, 200
More informationPost-Quantum Cryptography
Post-Quantum Cryptography Code-Based Cryptography Tanja Lange with some slides by Tung Chou and Christiane Peters Technische Universiteit Eindhoven ASCrypto Summer School: 18 September 2017 Error correction
More informationDecoding Random Binary Linear Codes in 2 n/20 : How 1+1=0Improves Information Set Decoding
Decoding Random Binary Linear Codes in n/0 : How 1+1=0Improves Information Set Decoding Anja Becker 1, Antoine Joux 1,, Alexander May 3,, and Alexander Meurer 3, 1 Université de Versailles Saint-Quentin,
More informationAttacking and defending the McEliece cryptosystem
Attacking and defending the McEliece cryptosystem (Joint work with Daniel J. Bernstein and Tanja Lange) Christiane Peters Technische Universiteit Eindhoven PQCrypto 2nd Workshop on Postquantum Cryptography
More informationAdvances in code-based public-key cryptography. D. J. Bernstein University of Illinois at Chicago
Advances in code-based public-key cryptography D. J. Bernstein University of Illinois at Chicago Advertisements 1. pqcrypto.org: Post-quantum cryptography hash-based, lattice-based, code-based, multivariate
More informationImproving the efficiency of Generalized Birthday Attacks against certain structured cryptosystems
Improving the efficiency of Generalized Birthday Attacks against certain structured cryptosystems Robert Niebuhr 1, Pierre-Louis Cayrel 2, and Johannes Buchmann 1,2 1 Technische Universität Darmstadt Fachbereich
More information#A8 INTEGERS 12 (2012) PARTITION OF AN INTEGER INTO DISTINCT BOUNDED PARTS, IDENTITIES AND BOUNDS
#A8 INTEGERS 1 (01) PARTITION OF AN INTEGER INTO DISTINCT BOUNDED PARTS, IDENTITIES AND BOUNDS Mohammadreza Bidar 1 Deartment of Mathematics, Sharif University of Technology, Tehran, Iran mrebidar@gmailcom
More informationVulnerabilities of McEliece in the World of Escher
Vulnerabilities of McEliece in the World of Escher Dustin Moody and Ray Perlner National Institute of Standards and Technology, Gaithersburg, Maryland, USA dustin.moody@nist.gov, ray.perlner@nist.gov Abstract.
More informationA Generic Algorithm for Small Weight Discrete Logarithms in Composite Groups
A Generic Algorithm for Small Weight Discrete Logarithms in Composite Groups Alexander May and Ilya Ozerov Horst Görtz Institute for IT-Security Ruhr-University Bochum, Germany Faculty of Mathematics alex.may@rub.de,
More informationSolving LPN Using Covering Codes
Solving LPN Using Covering Codes Qian Guo 1,2 Thomas Johansson 1 Carl Löndahl 1 1 Dept of Electrical and Information Technology, Lund University 2 School of Computer Science, Fudan University ASIACRYPT
More informationCryptanalysis of Pseudorandom Generators
CSE 206A: Lattice Algorithms and Alications Fall 2017 Crytanalysis of Pseudorandom Generators Instructor: Daniele Micciancio UCSD CSE As a motivating alication for the study of lattice in crytograhy we
More informationMcEliece in the world of Escher
McEliece in the world of Escher Danilo Gligoroski 1 and Simona Samardjiska 1,2 and Håkon Jacobsen 1 and Sergey Bezzateev 3 1 Department of Telematics, Norwegian University of Science and Technology (NTNU),
More informationCode Based Cryptology at TU/e
Code Based Cryptology at TU/e Ruud Pellikaan g.r.pellikaan@tue.nl University Indonesia, Depok, Nov. 2 University Padjadjaran, Bandung, Nov. 6 Institute Technology Bandung, Bandung, Nov. 6 University Gadjah
More informationA Key Recovery Attack on MDPC with CCA Security Using Decoding Errors
A Key Recovery Attack on MDPC with CCA Security Using Decoding Errors Qian Guo Thomas Johansson Paul Stankovski Dept. of Electrical and Information Technology, Lund University ASIACRYPT 2016 Dec 8th, 2016
More informationCRYPTANALYSE EN TEMPS POLYNOMIAL DU SCHÉMA DE MCELIECE BASÉ SUR LES CODES
POLYNOMIAL DU SCHÉMA CODES GÉOMÉTRIQUES A. COUVREUR 1 I. MÁRQUEZ-CORBELLA 1 R. PELLIKAAN 2 1 INRIA Saclay & LIX 2 Department of Mathematics and Computing Science, TU/e. Journées Codage et Cryptographie
More informationImproved Generalized Birthday Attack
Improved Generalized Birthday Attack Paul Kirchner July 11, 2011 Abstract Let r, B and w be positive integers. Let C be a linear code of length Bw and subspace of F r 2. The k-regular-decoding problem
More informationA Fast Provably Secure Cryptographic Hash Function
A Fast Provably Secure Cryptographic Hash Function Daniel Augot, Matthieu Finiasz, and Nicolas Sendrier Projet Codes, INRIA Rocquencourt BP 15, 78153 Le Chesnay - Cedex, France [DanielAugot,MatthieuFiniasz,NicolasSendrier]@inriafr
More informationOn the Security of Some Cryptosystems Based on Error-correcting Codes
On the Security of Some Cryptosystems Based on Error-correcting Codes Florent Chabaud * Florent.Chabaud~ens.fr Laboratoire d'informatique de FENS ** 45, rue d'ulm 75230 Paris Cedex 05 FRANCE Abstract.
More informationCode-based post-quantum cryptography. D. J. Bernstein University of Illinois at Chicago
Code-based post-quantum cryptography D. J. Bernstein University of Illinois at Chicago Once the enormous energy boost that quantum computers are expected to provide hits the street, most encryption security
More informationResearch Article A Note on the Modified q-bernoulli Numbers and Polynomials with Weight α
Abstract and Alied Analysis Volume 20, Article ID 54534, 8 ages doi:0.55/20/54534 Research Article A Note on the Modified -Bernoulli Numbers and Polynomials with Weight α T. Kim, D. V. Dolgy, 2 S. H. Lee,
More informationEfficient Hardware Architecture of SEED S-box for Smart Cards
JOURNL OF SEMICONDUCTOR TECHNOLOY ND SCIENCE VOL.4 NO.4 DECEMBER 4 37 Efficient Hardware rchitecture of SEED S-bo for Smart Cards Joon-Ho Hwang bstract This aer resents an efficient architecture that otimizes
More informationASYMPTOTIC BEHAVIOR FOR THE BEST LOWER BOUND OF JENSEN S FUNCTIONAL
75 Kragujevac J. Math. 25 23) 75 79. ASYMPTOTIC BEHAVIOR FOR THE BEST LOWER BOUND OF JENSEN S FUNCTIONAL Stojan Radenović and Mirjana Pavlović 2 University of Belgrade, Faculty of Mechanical Engineering,
More informationOn the Use of Structured Codes in Code Based Cryptography 1. Nicolas Sendrier
On the Use of Structured Codes in Code Based Cryptography 1 Nicolas Sendrier INRIA, CRI Paris-Rocquencourt, Project-Team SECRET Email: Nicolas.Sendrier@inria.fr WWW: http://www-roc.inria.fr/secret/nicolas.sendrier/
More informationIdeals over a Non-Commutative Ring and their Application in Cryptology
Ideals over a Non-Commutative Ring and their Application in Cryptology E. M. Gabidulin, A. V. Paramonov and 0. V. Tretjakov Moscow Institute of Physics and Technology 141700 Dolgoprudnii Moscow Region,
More informationCode-Based Cryptography
Code-Based Cryptography Tanja Lange with some slides by Tung Chou and Christiane Peters Technische Universiteit Eindhoven Australian Summer School on Embedded Cryptography 11 December 2018 Error correction
More informationON THE NORM OF AN IDEMPOTENT SCHUR MULTIPLIER ON THE SCHATTEN CLASS
PROCEEDINGS OF THE AMERICAN MATHEMATICAL SOCIETY Volume 00, Number 0, Pages 000 000 S 000-9939XX)0000-0 ON THE NORM OF AN IDEMPOTENT SCHUR MULTIPLIER ON THE SCHATTEN CLASS WILLIAM D. BANKS AND ASMA HARCHARRAS
More informationCDH/DDH-Based Encryption. K&L Sections , 11.4.
CDH/DDH-Based Encrytion K&L Sections 8.3.1-8.3.3, 11.4. 1 Cyclic grous A finite grou G of order q is cyclic if it has an element g of q. { 0 1 2 q 1} In this case, G = g = g, g, g,, g ; G is said to be
More informationME 375 System Modeling and Analysis. Homework 11 Solution. Out: 18 November 2011 Due: 30 November 2011 = + +
Out: 8 November Due: 3 November Problem : You are given the following system: Gs () =. s + s+ a) Using Lalace and Inverse Lalace, calculate the unit ste resonse of this system (assume zero initial conditions).
More informationOn split sample and randomized confidence intervals for binomial proportions
On slit samle and randomized confidence intervals for binomial roortions Måns Thulin Deartment of Mathematics, Usala University arxiv:1402.6536v1 [stat.me] 26 Feb 2014 Abstract Slit samle methods have
More informationBayesian System for Differential Cryptanalysis of DES
Available online at www.sciencedirect.com ScienceDirect IERI Procedia 7 (014 ) 15 0 013 International Conference on Alied Comuting, Comuter Science, and Comuter Engineering Bayesian System for Differential
More informationExtremal Polynomials with Varying Measures
International Mathematical Forum, 2, 2007, no. 39, 1927-1934 Extremal Polynomials with Varying Measures Rabah Khaldi Deartment of Mathematics, Annaba University B.P. 12, 23000 Annaba, Algeria rkhadi@yahoo.fr
More informationq-ary Symmetric Channel for Large q
List-Message Passing Achieves Caacity on the q-ary Symmetric Channel for Large q Fan Zhang and Henry D Pfister Deartment of Electrical and Comuter Engineering, Texas A&M University {fanzhang,hfister}@tamuedu
More informationSYND: a Fast Code-Based Stream Cipher with a Security Reduction
SYND: a Fast Code-Based Stream Cipher with a Security Reduction Philippe Gaborit XLIM-DMI, Université de Limoges 13 av. Albert Thomas 87000, Limoges, France gaborit@unilim.fr Cedric Lauradoux INRIA Rocquencourt,
More informationApproximating min-max k-clustering
Aroximating min-max k-clustering Asaf Levin July 24, 2007 Abstract We consider the roblems of set artitioning into k clusters with minimum total cost and minimum of the maximum cost of a cluster. The cost
More informationSpectral Properties of Schrödinger-type Operators and Large-time Behavior of the Solutions to the Corresponding Wave Equation
Math. Model. Nat. Phenom. Vol. 8, No., 23,. 27 24 DOI:.5/mmn/2386 Sectral Proerties of Schrödinger-tye Oerators and Large-time Behavior of the Solutions to the Corresonding Wave Equation A.G. Ramm Deartment
More informationCode Based Cryptography
Code Based Cryptography Alain Couvreur INRIA & LIX, École Polytechnique École de Printemps Post Scryptum 2018 A. Couvreur Code Based Crypto Post scryptum 2018 1 / 66 Outline 1 Introduction 2 A bit coding
More informationA distinguisher for high-rate McEliece Cryptosystems
A distinguisher for high-rate McEliece Cryptosystems JC Faugère (INRIA, SALSA project), A Otmani (Université Caen- INRIA, SECRET project), L Perret (INRIA, SALSA project), J-P Tillich (INRIA, SECRET project)
More informationHexi McEliece Public Key Cryptosystem
Appl Math Inf Sci 8, No 5, 2595-2603 (2014) 2595 Applied Mathematics & Information Sciences An International Journal http://dxdoiorg/1012785/amis/080559 Hexi McEliece Public Key Cryptosystem K Ilanthenral
More informationCSE 599d - Quantum Computing When Quantum Computers Fall Apart
CSE 599d - Quantum Comuting When Quantum Comuters Fall Aart Dave Bacon Deartment of Comuter Science & Engineering, University of Washington In this lecture we are going to begin discussing what haens to
More informationWhen do the Fibonacci invertible classes modulo M form a subgroup?
Annales Mathematicae et Informaticae 41 (2013). 265 270 Proceedings of the 15 th International Conference on Fibonacci Numbers and Their Alications Institute of Mathematics and Informatics, Eszterházy
More informationWhen do Fibonacci invertible classes modulo M form a subgroup?
Calhoun: The NPS Institutional Archive DSace Reository Faculty and Researchers Faculty and Researchers Collection 2013 When do Fibonacci invertible classes modulo M form a subgrou? Luca, Florian Annales
More informationCode-based Cryptography
Code-based Cryptography Codes correcteurs d erreurs et applications à la cryptographie MPRI 2014/2015-2.13.2 Nicolas Sendrier Linear Codes for Telecommunication data k linear expansion codeword n > k noisy
More informationFast correlation attacks on certain stream ciphers
FSE 2011, February 14-16, Lyngby, Denmark Fast correlation attacks on certain stream ciphers Willi Meier FHNW Switzerland 1 Overview A decoding problem LFSR-based stream ciphers Correlation attacks Fast
More informationSolving Cyclotomic Polynomials by Radical Expressions Andreas Weber and Michael Keckeisen
Solving Cyclotomic Polynomials by Radical Exressions Andreas Weber and Michael Keckeisen Abstract: We describe a Male ackage that allows the solution of cyclotomic olynomials by radical exressions. We
More informationRIEMANN-STIELTJES OPERATORS BETWEEN WEIGHTED BERGMAN SPACES
RIEMANN-STIELTJES OPERATORS BETWEEN WEIGHTED BERGMAN SPACES JIE XIAO This aer is dedicated to the memory of Nikolaos Danikas 1947-2004) Abstract. This note comletely describes the bounded or comact Riemann-
More informationTopic 17. Analysis of Algorithms
Topic 17 Analysis of Algorithms Analysis of Algorithms- Review Efficiency of an algorithm can be measured in terms of : Time complexity: a measure of the amount of time required to execute an algorithm
More informationPractical Key Recovery for Discrete-Logarithm Based Authentication Schemes from Random Nonce Bits
Practical Key Recovery for Discrete-Logarithm Based Authentication Schemes from Random Nonce Bits Damien Vergnaud École normale supérieure CHES September, 15th 2015 (with Aurélie Bauer) Damien Vergnaud
More informationComputer arithmetic. Intensive Computation. Annalisa Massini 2017/2018
Comuter arithmetic Intensive Comutation Annalisa Massini 7/8 Intensive Comutation - 7/8 References Comuter Architecture - A Quantitative Aroach Hennessy Patterson Aendix J Intensive Comutation - 7/8 3
More informationA brief survey of post-quantum cryptography. D. J. Bernstein University of Illinois at Chicago
A brief survey of post-quantum cryptography D. J. Bernstein University of Illinois at Chicago Once the enormous energy boost that quantum computers are expected to provide hits the street, most encryption
More informationSmaller Decoding Exponents: Ball-Collision Decoding
Smaller Decoding Exponents: Ball-Collision Decoding Daniel J. Bernstein 1,TanjaLange 2, and Christiane Peters 2 1 Department of Computer Science University of Illinois at Chicago, Chicago, IL 60607 7045,
More informationLattice Attacks on the DGHV Homomorphic Encryption Scheme
Lattice Attacks on the DGHV Homomorhic Encrytion Scheme Abderrahmane Nitaj 1 and Tajjeeddine Rachidi 2 1 Laboratoire de Mathématiques Nicolas Oresme Université de Caen Basse Normandie, France abderrahmanenitaj@unicaenfr
More informationAn Inverse Problem for Two Spectra of Complex Finite Jacobi Matrices
Coyright 202 Tech Science Press CMES, vol.86, no.4,.30-39, 202 An Inverse Problem for Two Sectra of Comlex Finite Jacobi Matrices Gusein Sh. Guseinov Abstract: This aer deals with the inverse sectral roblem
More information#A6 INTEGERS 15A (2015) ON REDUCIBLE AND PRIMITIVE SUBSETS OF F P, I. Katalin Gyarmati 1.
#A6 INTEGERS 15A (015) ON REDUCIBLE AND PRIMITIVE SUBSETS OF F P, I Katalin Gyarmati 1 Deartment of Algebra and Number Theory, Eötvös Loránd University and MTA-ELTE Geometric and Algebraic Combinatorics
More informationarxiv:math/ v4 [math.gn] 25 Nov 2006
arxiv:math/0607751v4 [math.gn] 25 Nov 2006 On the uniqueness of the coincidence index on orientable differentiable manifolds P. Christoher Staecker October 12, 2006 Abstract The fixed oint index of toological
More informationTheory of Parallel Hardware May 11, 2004 Massachusetts Institute of Technology Charles Leiserson, Michael Bender, Bradley Kuszmaul
Theory of Parallel Hardware May 11, 2004 Massachusetts Institute of Technology 6.896 Charles Leiserson, Michael Bender, Bradley Kuszmaul Final Examination Final Examination ffl Do not oen this exam booklet
More informationAn Attack on a Fully Homomorphic Encryption Scheme
An Attack on a Fully Homomorhic Encrytion Scheme Yuu Hu 1 and Fenghe Wang 2 1 Telecommunication School, Xidian University, 710071 Xi an, China 2 Deartment of Mathematics and Physics Shandong Jianzhu University,
More informationA sharp generalization on cone b-metric space over Banach algebra
Available online at www.isr-ublications.com/jnsa J. Nonlinear Sci. Al., 10 2017), 429 435 Research Article Journal Homeage: www.tjnsa.com - www.isr-ublications.com/jnsa A shar generalization on cone b-metric
More informationGeneralized Coiflets: A New Family of Orthonormal Wavelets
Generalized Coiflets A New Family of Orthonormal Wavelets Dong Wei, Alan C Bovik, and Brian L Evans Laboratory for Image and Video Engineering Deartment of Electrical and Comuter Engineering The University
More informationCode-Based Cryptography McEliece Cryptosystem
Code-Based Cryptography McEliece Cryptosystem I. Márquez-Corbella 0 . McEliece Cryptosystem 1. Formal Definition. Security-Reduction Proof 3. McEliece Assumptions 4. Notions of Security 5. Critical Attacks
More informationHigh-speed cryptography, part 3: more cryptosystems. Daniel J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven
High-speed cryptography, part 3: more cryptosystems Daniel J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven Cryptographers Working systems Cryptanalytic algorithm designers
More information2-D Analysis for Iterative Learning Controller for Discrete-Time Systems With Variable Initial Conditions Yong FANG 1, and Tommy W. S.
-D Analysis for Iterative Learning Controller for Discrete-ime Systems With Variable Initial Conditions Yong FANG, and ommy W. S. Chow Abstract In this aer, an iterative learning controller alying to linear
More informationVarious Proofs for the Decrease Monotonicity of the Schatten s Power Norm, Various Families of R n Norms and Some Open Problems
Int. J. Oen Problems Comt. Math., Vol. 3, No. 2, June 2010 ISSN 1998-6262; Coyright c ICSRS Publication, 2010 www.i-csrs.org Various Proofs for the Decrease Monotonicity of the Schatten s Power Norm, Various
More informationCode-based Cryptography
Code-based Cryptography PQCRYPTO Summer School on Post-Quantum Cryptography 2017 TU Eindhoven Nicolas Sendrier Linear Codes for Telecommunication data k linear expansion codeword n > k noisy channel data?
More informationIntroduction to Quantum Safe Cryptography. ENISA September 2018
Introduction to Quantum Safe Cryptography ENISA September 2018 Introduction This talk will introduce the mathematical background of the most popular PQC primitives Code-based Lattice-based Multivariate
More informationarxiv:math/ v1 [math.fa] 5 Dec 2003
arxiv:math/0323v [math.fa] 5 Dec 2003 WEAK CLUSTER POINTS OF A SEQUENCE AND COVERINGS BY CYLINDERS VLADIMIR KADETS Abstract. Let H be a Hilbert sace. Using Ball s solution of the comlex lank roblem we
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 14 October 16, 2013 CPSC 467, Lecture 14 1/45 Message Digest / Cryptographic Hash Functions Hash Function Constructions Extending
More informationNumerical Methods for Particle Tracing in Vector Fields
On-Line Visualization Notes Numerical Methods for Particle Tracing in Vector Fields Kenneth I. Joy Visualization and Grahics Research Laboratory Deartment of Comuter Science University of California, Davis
More informationBeam-Beam Stability in Electron-Positron Storage Rings
Beam-Beam Stability in Electron-Positron Storage Rings Bjoern S. Schmekel, Joseh T. Rogers Cornell University, Deartment of Physics, Ithaca, New York 4853, USA Abstract At the interaction oint of a storage
More informationUniformly best wavenumber approximations by spatial central difference operators: An initial investigation
Uniformly best wavenumber aroximations by satial central difference oerators: An initial investigation Vitor Linders and Jan Nordström Abstract A characterisation theorem for best uniform wavenumber aroximations
More informationThe Fekete Szegő theorem with splitting conditions: Part I
ACTA ARITHMETICA XCIII.2 (2000) The Fekete Szegő theorem with slitting conditions: Part I by Robert Rumely (Athens, GA) A classical theorem of Fekete and Szegő [4] says that if E is a comact set in the
More informationEnumeration of Balanced Symmetric Functions over GF (p)
Enumeration of Balanced Symmetric Functions over GF () Shaojing Fu 1, Chao Li 1 and Longjiang Qu 1 Ping Li 1 Deartment of Mathematics and System Science, Science College of ational University of Defence
More informationQuantum Information Set Decoding Algorithms
Quantum Information Set Decoding Algorithms Ghazal Kachigar 1 and Jean-Pierre Tillich 1 Institut de Mathématiques de Bordeaux Université de Bordeaux Talence Cedex F-33405, France ghazal.kachigar@u-bordeaux.fr
More information: Error Correcting Codes. October 2017 Lecture 1
03683072: Error Correcting Codes. October 2017 Lecture 1 First Definitions and Basic Codes Amnon Ta-Shma and Dean Doron 1 Error Correcting Codes Basics Definition 1. An (n, K, d) q code is a subset of
More informationMATH 433 Applied Algebra Lecture 22: Review for Exam 2.
MATH 433 Applied Algebra Lecture 22: Review for Exam 2. Topics for Exam 2 Permutations Cycles, transpositions Cycle decomposition of a permutation Order of a permutation Sign of a permutation Symmetric
More informationQuasi-dyadic CFS signatures
Quasi-dyadic CFS signatures Paulo S. L. M. Barreto 1, Pierre-Louis Cayrel 2, Rafael Misoczki 1, and Robert Niebuhr 3 1 Departamento de Engenharia de Computação e Sistemas Digitais (PCS), Escola Politécnica,
More informationConstructive aspects of code-based cryptography
DIMACS Workshop on The Mathematics of Post-Quantum Cryptography Rutgers University January 12-16, 2015 Constructive aspects of code-based cryptography Marco Baldi Università Politecnica delle Marche Ancona,
More informationCommutators on l. D. Dosev and W. B. Johnson
Submitted exclusively to the London Mathematical Society doi:10.1112/0000/000000 Commutators on l D. Dosev and W. B. Johnson Abstract The oerators on l which are commutators are those not of the form λi
More informationGroup Theory Problems
Grou Theory Problems Ali Nesin 1 October 1999 Throughout the exercises G is a grou. We let Z i = Z i (G) and Z = Z(G). Let H and K be two subgrous of finite index of G. Show that H K has also finite index
More informationA Social Welfare Optimal Sequential Allocation Procedure
A Social Welfare Otimal Sequential Allocation Procedure Thomas Kalinowsi Universität Rostoc, Germany Nina Narodytsa and Toby Walsh NICTA and UNSW, Australia May 2, 201 Abstract We consider a simle sequential
More informationCHAPMAN & HALL/CRC CRYPTOGRAPHY AND NETWORK SECURITY ALGORITHMIC CR YPTAN ALY51S. Ant nine J aux
CHAPMAN & HALL/CRC CRYPTOGRAPHY AND NETWORK SECURITY ALGORITHMIC CR YPTAN ALY51S Ant nine J aux (g) CRC Press Taylor 8* Francis Croup Boca Raton London New York CRC Press is an imprint of the Taylor &
More informationAN IMPROVED BABY-STEP-GIANT-STEP METHOD FOR CERTAIN ELLIPTIC CURVES. 1. Introduction
J. Al. Math. & Comuting Vol. 20(2006), No. 1-2,. 485-489 AN IMPROVED BABY-STEP-GIANT-STEP METHOD FOR CERTAIN ELLIPTIC CURVES BYEONG-KWEON OH, KIL-CHAN HA AND JANGHEON OH Abstract. In this aer, we slightly
More informationCR extensions with a classical Several Complex Variables point of view. August Peter Brådalen Sonne Master s Thesis, Spring 2018
CR extensions with a classical Several Comlex Variables oint of view August Peter Brådalen Sonne Master s Thesis, Sring 2018 This master s thesis is submitted under the master s rogramme Mathematics, with
More information1 Properties of Spherical Harmonics
Proerties of Sherical Harmonics. Reetition In the lecture the sherical harmonics Y m were introduced as the eigenfunctions of angular momentum oerators lˆz and lˆ2 in sherical coordinates. We found that
More informationNew weighing matrices and orthogonal designs constructed using two sequences with zero autocorrelation function - a review
University of Wollongong Research Online Faculty of Informatics - Paers (Archive) Faculty of Engineering and Information Sciences 1999 New weighing matrices and orthogonal designs constructed using two
More informationLEIBNIZ SEMINORMS IN PROBABILITY SPACES
LEIBNIZ SEMINORMS IN PROBABILITY SPACES ÁDÁM BESENYEI AND ZOLTÁN LÉKA Abstract. In this aer we study the (strong) Leibniz roerty of centered moments of bounded random variables. We shall answer a question
More informationAttacks in code based cryptography: a survey, new results and open problems
Attacks in code based cryptography: a survey, new results and open problems J.-P. Tillich Inria, team-project SECRET April 9, 2018 1. Code based cryptography introduction Difficult problem in coding theory
More informationAn Overview of Witt Vectors
An Overview of Witt Vectors Daniel Finkel December 7, 2007 Abstract This aer offers a brief overview of the basics of Witt vectors. As an alication, we summarize work of Bartolo and Falcone to rove that
More informationStream Ciphers: Cryptanalytic Techniques
Stream Ciphers: Cryptanalytic Techniques Thomas Johansson Department of Electrical and Information Technology. Lund University, Sweden ECRYPT Summer school 2007 (Lund University) Stream Ciphers: Cryptanalytic
More informationQC-MDPC: A Timing Attack and a CCA2 KEM
QC-MDPC: A Timing Attack and a CCA2 KEM Edward Eaton 1, Matthieu Lequesne 23, Alex Parent 1, and Nicolas Sendrier 3 1 ISARA Corporation, Waterloo, Canada {ted.eaton,alex.parent}@isara.com 2 Sorbonne Universités,
More informationAn Algebraic Framework for Pseudorandom Functions and Applications to Related-Key Security
An extended abstract of this aer aears in the Proceedings of the 35th Annual Crytology Conference (CRYPTO 2015), Part I, Rosario ennaro and Matthew Robshaw (Eds.), volume 9215 of Lecture Notes in Comuter
More informationElectromagnetic Levitation Control of Contactless Linear Synchronous Drive for Flexible Vertical Transportation
Electromagnetic Levitation Control of Contactless Linear Synchronous Drive for Flexible Vertical Transortation Toshiyuki NAKAI*, Daisuke TATEISHI**, Takafumi KOSEKI*, and Yasuaki AOYAMA*** (*)Deartment
More informationELEC 519A Selected Topics in Digital Communications: Information Theory. Hamming Codes and Bounds on Codes
ELEC 519A Selected Topics in Digital Communications: Information Theory Hamming Codes and Bounds on Codes Single Error Correcting Codes 2 Hamming Codes (7,4,3) Hamming code 1 0 0 0 0 1 1 0 1 0 0 1 0 1
More informationFinding Shortest Hamiltonian Path is in P. Abstract
Finding Shortest Hamiltonian Path is in P Dhananay P. Mehendale Sir Parashurambhau College, Tilak Road, Pune, India bstract The roblem of finding shortest Hamiltonian ath in a eighted comlete grah belongs
More informationImproving the Performance of the SYND Stream Cipher
Improving the Performance of the SYND Stream Cipher Mohammed Meziani, Gerhard Hoffmann and Pierre-Louis Cayrel AfricaCrypt 2012, July 10-12, Ifrane Morocco Backgrounds Previous Works XSYND Conclusion and
More informationA Unified 2D Representation of Fuzzy Reasoning, CBR, and Experience Based Reasoning
University of Wollongong Research Online Faculty of Commerce - aers (Archive) Faculty of Business 26 A Unified 2D Reresentation of Fuzzy Reasoning, CBR, and Exerience Based Reasoning Zhaohao Sun University
More informationConversions among Several Classes of Predicate Encryption and Applications to ABE with Various Compactness Tradeoffs
Conversions among Several Classes of Predicate Encrytion and Alications to ABE with Various Comactness Tradeoffs Nuttaong Attraadung, Goichiro Hanaoka, and Shota Yamada National Institute of Advanced Industrial
More informationOptimum Soft Decision Decoding of Linear Block Codes
Optimum Soft Decision Decoding of Linear Block Codes {m i } Channel encoder C=(C n-1,,c 0 ) BPSK S(t) (n,k,d) linear modulator block code Optimal receiver AWGN Assume that [n,k,d] linear block code C is
More information