Fixed Argument Pairing Inversion on Elliptic Curves

Size: px
Start display at page:

Download "Fixed Argument Pairing Inversion on Elliptic Curves"

Transcription

1 Fixed Agument Paiing Invesion on Elliptic Cuves Sungwook Kim and Jung Hee Cheon ISaC & Dept. of Mathematical Sciences Seoul National Univesity Seoul, Koea Abstact. Let E be an elliptic cuve ove a finite field F q with a powe of pime q, a pime dividing #E(F q), and k the smallest positive intege satisfying Φ k (p), called embedding degee. Then a bilinea map t : E(F q)[] E(F q k)/e(f q k) F q is defined, called the Tate k paiing. And the Ate paiing and othe vaiants ae obtained by educing the domain fo each agument and aising it to some powe. In this pape we conside the Fixed Agument Paiing Invesion (FAPI) poblem fo the Tate paiing and its vaiants. In 2012, consideing FAPI fo the Ate i paiing, Kanayama and Okamoto fomulated the Exponentiation Invesion (EI) poblem. Howeve the definition gives a somewhat vague desciption of the hadness of EI. We point out that the descibed EI can be easily solved, and hence claify the desciption so that the poblem does contain the actual hadness connection with the pescibed domain fo given paiings. Next we show that inveting the Ate paiing (including othe vaiants of the Tate paiing) defined on the smalle domain is neithe easie no hade than inveting the Tate paiing defined on the lage domain. This is vey inteesting because it is commonly believed that the stuctue of the Ate paiing is so simple and good (that is, the Mille length is shot, the solution domain is small and has an algebaic stuctue induced fom the Fobenius map) that it may leak some infomation, thus thee would be a chance fo attackes to find futhe appoach to solve FAPI fo the Ate paiing, diffeently fom the Tate paiing. Key wods: Paiing Inveision, Fixed Agument Paiing Invesion, Exponentiation Invesion, Tate Paiing, Ate paiing. 1 Intoduction Paiings have played an impotant ole in ecent public-key cyptogaphy. Many cyptogaphic systems and potocols have been poposed using paiings since the identity-based encyption scheme [2], the shot signatue scheme [3], and the one-ound thee-way key exchange potocol [10]. Let F q be a finite field with q = p m elements whee p is a pime and E an elliptic cuve ove F q. Fo a lage pime dividing #E(F q ), let k be the embedding degee of E(F q ), which is the smallest positive intege such that divides q k 1. Let G 1 and G 2 be two subgoups of E(F q k) and µ the set of -th oots of unity in F q k. Then a paiing is a bilinea map e : G 1 G 2 µ. The most widely used paiing is the Tate paiing t : E(F q )[] E(F q k)/e(f q k) µ. If E(F q k) does not contain any points of ode 2, both E(F q )[] and E(F q k)/e(f q k) ae identified with the diect sum of 1- and q-eigenspaces G 1 and G 2 of the Fobenius endomophism π q. Then simplifying the domain of the Tate paiing to G 1 G 2 o G 2 G 1 and aising it to a powe, thee have been numeous poposals on vaiants of the simplified Tate paiing [9, 17, 12, 16, 8].

2 The secuity of paiing-based cyptosystems elies on the hadness to solve the DLP on µ, ECDLP on G 1 and G 2, and the paiing invesion poblem. All the paiing computation is composed of the Mille step which evaluates the Mille function f at two ational points P and Q (o divisos) on the elliptic cuve and the final exponentiation step which aises the esult value f(p, Q) of the Mille step to some powe d. Thus the natual stategy to solve the paiing invesion poblem consists of two steps: 1) inveting the final exponentiation step which computes the d-th oot y F fo an element z µ q k and 2) finding points P and Q satisfying f(p, Q) = y. We call them the Exponentiation Invesion (EI) poblem and the Mille Invesion (MI) poblem, espectively. In this pape we focus ou concen to the Fixed Agument Paiing Invesion (FAPI) poblem. It asks to find an unknown point when the fist o the second agument of paiings ae fixed to some point, called FAPI-1 and FAPI-2, espectively. We fist discuss EI. Recently consideing FAPI on the Ate i paiing [11], Kanayama and Okamoto fomulated EI and mentioned that it is difficult in geneal. In Section 3 we point out the descibe EI in [11] is somewhat vague to explain the hadness of the poblem. Indeed it is geneally had to find a d-th oot in a goup if d is a diviso of the ode of goup. Howeve the situation in EI is diffeent fom the geneal case. Fo example in the Tate paiing the final exponentiation step aises the evaluation of Mille function to a powe qk 1 time fom the fact that ( qk 1. We show that one can find a qk 1 -th oot in polynomial, ) = 1. And we point out the cucial hadness is to find a oot which intesects with the image space of the Mille function on the pescibed domain fo given paiings, and hence claify the desciption of EI. In Section 4 we investigate the elationship between FAPI of the Tate paiing defined on the extended domain and the Ate paiing including othe vaiants. If two paiings ae defined on the same domain, i.e., G 1 G 2 o vice vesa, the equivalence is tivial. Howeve as studied in [6], if we conside the Tate paiing with extended domain t : E(F q k)[] E(F qk ) µ, bottlenecks to invet two paiings ae diffeent. In the case of the Tate paiing with lage domain since taking a andom qk 1 -th oot is enough, it is easy to solve EI, while had to invet the Mille function due to its high degee. And the situation becomes evese in the case of the Ate paiing. We show that FAPI of the Tate paiing with the extended domain is computationally equivalent to that of the Ate paiing (including othe vaiants). The esult implies even if the domain is changed, the total hadness of FAPI is invaiant. It is vey inteesting because it is commonly believed that the stuctue of the Ate paiing is so simple and good (that is, the Mille length is shot, the solution domain is small and has an algebaic stuctue induced fom the Fobenius map) that it may leak some infomation and hence thee would be a chance fo attackes to find futhe appoach to solve FAPI fo the Ate paiing, diffeently fom the Tate paiing. Notation. Thoughout the pape, fo integes a, b, and i, we use the notation a i b if a i b, but a i+1 b.

3 2 Peliminaies 2.1 The Tate Paiing Let F q be a finite field with q = p m elements whee p is a pime, and let E be an elliptic cuve ove F q. Conside a lage pime dividing #E(F q ). Thoughout we assume #E(F q ). Let k be the embedding degee of E(F q ), i.e., Φ k (q) whee Φ k (x) Z[x] is the k-th cyclotomic polynomial. In this case, E[] is contained in E(F q k), whee E[] is the set of -tosion points and isomophic to Z/Z Z/Z if gcd(, q) = 1. We define f s,q to be a nomalized F q k-ational function with diviso (f s,q ) = s(q) ([s]q) (s 1)(O). Fo each m, n Z, the nomalized Mille functions have the following popeties [13, 14]. We denote by l R,S the equation of the line though R and S, and by v R the equation of the vetical line though R. D1. f a+b,q = f a,q f b,q l[a]q,[b]q v [a+b]q D2. f ab,q = f a b,q f a,[b]q D3. f 1 a,q = f a,q v [a]q The Tate paiing is defined as follows: t : E(F q k)[] E(F q k)/e(f q k) µ F q k, t(p, Q) f,p (Q) (qk 1)/, whee µ is the set of tosion elements in F q k. The Mille length of the Tate paiing is log. If we do not conside nondegeneacy popety of paiings, the second agument of the above Tate paiing is extended to the lage set E(F q k). Thoughout we conside the Tate paiing on extended domain since it is moe convenient to deal with the paiing invesion poblem. 2.2 Vaiants of the Tate paiing Denote by π q the Fobenius endomophism π q : E E; (x, y) (x q, y q ), and define two eigenspaces of π q to be G 1 and G 2, i.e., G 1 = E[] ke(π q [1]) = E(F q )[], G 2 = E[] ke(π q [q]). Moe efficient paiings ove G 2 G 1 have been extensively studied such as the Ate paiing [9], Ate i paiing [17], R-ate paiing [12], optimal paiings [16, 8], and so on. One of the basic tool is the following lemma. Lemma 1. [9, Theoem 1] Let λ q mod and m = (λ k 1)/, then the educed Ate paiing a λ : G 2 G 1 ; (Q, P ) f λ,q (P ) (qk 1)/, defines a bilinea paiing which is non-degeneate fo m (i.e. 2 λ k 1). Futhe it satisfies a λ = t(q, P ) m(λ q)/(λk q k). As the case of the Ate paiing, all the vaiants of the Tate paiing can be obtained by aising the Tate paiing on G 2 G 1 (o vice vesa) to appopiate powe. Futhe, Vecauteen intoduced an optimal paiing [16], whose Mille length is vey shot.

4 Lemma 2. [16, Theoem 4] Let m and wite m = l i=0 c iq i and s i = l j=i c jq j then a [c0,...,c l ] : G 2 G 1 µ ; (Q, P ) ( l i=0 f qi c i,q (P ) l i=0 l [si+1 ]Q,[c i q i ]Q(P ) v [si ]Q(P ) Futhemoe, it is non-degeneate if m d dq qk (qk 1) d dq ( l i=0 c iq i ) mod. ) (q k 1)/ In a paallel computing model, the Mille length of the above paiing is log max i { c i }. Vecauteen gives a method to obtain small c i using lattice basis eduction algoithm. In bief conside the following φ(k)-dimensional lattice L spanned by ows of q L := q q φ(k) Then (c 0,..., c l ) belongs to L and by Minkowski s theoem thee exists a shot vecto V in L with V 1/φ(k). Thus the Mille length can be educed to log /φ(k). 2.3 Paiing Invesion Poblems The poblems of ou inteests ae fomulated as follows : Definition 1 ([6]). Fo subgoups G 1 and G 2 of E(F q k), let e : G 1 G 2 µ F be q k a well-defined, bilinea paiing. The Fixed Agument Paiing Invesion 1 (FAPI-1) poblem: given a paiing e, P 1 G 1, and z µ, find P 2 G 2 such that e(p 1, P 2 ) = z. The Fixed Agument Paiing Invesion 2 (FAPI-2) poblem: given a paiing e, P 2 G 2, and z µ, find P 1 G 1 such that e(p 1, P 2 ) = z. The Genealized Paiing Invesion (GPI) poblem: given a paiing e and z µ, find P 1 G 1 and P 2 G 2 such that e(p 1, P 2 ) = z. A paiing is computed by e(p 1, P 2 ) = f s,p1 (P 2 ) d fo some intege s and d, whee f s,p1 is a nomalized F q k-ational function with diviso (f s,p1 ) = s(p 1 ) ([s]p 1 ) (s 1)(O). Thus a natual way to solve FAPI fo a paiing e(p 1, P 2 ) = z is pefomed via two steps, i.e., computing a d-th oot y of z and then find a point P 2 (o P 1 ) satisfying the equation f,p1 ( ) = y (o f, (P 2 ) = y) when P 1 (o P 2 ) is fixed. The fist and second step ae called the Exponentiation invesion(ei) poblem and the Mille Invesion (MI) poblem, espectively. 3 Exponentiation Invesion In this section we conside EI. Dealing with the paiing invesion poblem of Ate i, Kanayama and Okamoto pesented the definition fo this poblem in [11] and mentioned that it is had in geneal. Though this section we explain that the descibed EI is not had. We point out whee the hadness to invet the final exponentiation step aises concetely and claify the desciption of EI..

5 3.1 The d-th Root Extaction In [11, Definition 3] Kanayama and Okamoto defined EI as follows: Definition 2. [11, Definition 3] Fo an unknown element y F q k, assume that an intege d and the value of z := y d F ae known. Then, the EI, o (d, z)-ei, is the poblem of q k finding y fom the instance (d, z). They mentioned that the above is geneally had. Howeve the desciption is insufficient to give an explanation fo the hadness of EI fo elevant paings pecisely. In fact one can find a d-th oot y in polynomial time fo most paiing fiendly cuves. The follwing lemma is well-known, but we give a poof fo the convenience of eades. Theoem 1. Let d be the intege such that d (q k 1) and (d, (q k 1)/d) = 1. Then given z (F ) d, thee exists an algoithm to find a oot y F of the equation y d = z in q k q k O(k 3 log 3 q)-bit opeations. Poof. Since (d, (q k 1)/d) = 1, thee exist integes a and b such that a d b (q k 1)/d = 1. Then fom (z a ) d = z 1+b(qk 1)/d = z z b(qk 1)/d = z (y d ) b(qk 1)/d = z, z a is a d-th oot of z. We can compute z a by executing the extended Euclidean algoithm one time and computing one F q k-exponentiation. ( ) Most of paiing fiendly cuves satisfy q k 1. In this case the exponent d := qk 1 is elatively pime to qk 1 d (= ). Thus one can find a d-th oot of z vey efficiently. Let ζ be a geneato of F. Fo a solution y q k 0 of y0 d = z, y 0ζ i is anothe solution fo each 0 i < d. A geneato ζ of F can be found in O(k 4 log 4 q)- bit opeations when q k the factoization of q k 1 is known [5]. Thus once one gets a solution y 0 of y0 d = z, one can compute evey solution of y d = z, i.e., {y 0 ζ i : 0 i < d}. We emak that in the case that d i q k 1 fo i > 1, a d-th oot can be computed by means of the Adleman-Mandes-Mille altoithm [1] (see also [4, Section 7.3]), which exploits the DLP solve as a suboutine. 3.2 The Hadness of EI Let us conside the Tate paiing t : E(F q k)[] E(F q k) µ F q k ; (Q, P ) f,q (P ) qk 1. Recall given Q and z, FAPI-1 fo the Tate paiing t(q, ) = z can be done by finding 1) a q k 1 -th oot y of z and then 2) a point P E(F q k) satisfying f,q (P ) = y. Since thee ae qk 1 candidates fo solutions of EI, it seems infeasible to find a pope oot. Howeve Galbaith, Hess, and Vecauteen showed that it is enough to wok with a andom oot y, i.e., thee exists a point P coesponding to a andom oot with the high pobability [6, Example 18]. Since computing a andom qk 1 oot is easy as discussed peviously, FAPI-1 fo the Tate paiing is polynomial time educible to MI. Howeve note

6 that MI equies to find a oot of a highe degee (appoximately ) polynomial equation induced fom a ational function equation f,q ( ) = y. Fo the Ate paiing o othe vaiants of the Tate paiing defined on G 2 G 1, the situation is totally diffeent. As biefly mentioned in [15], taking a andom qk 1 -th oot does not help to find a point of G 1 in MI. Moe pecisely these class of paiings can be descibed as follows: t : G 2 G 1 F q /(F k q ) µ k, whee the map fom G 2 G 1 to F q k /(F q k ) is given by f s,q (P ) fo an intege s and the isomophism is the qk 1 powe map. Since fo a fixed Q G 2 the aveage cadinality of the image set {f s,q (P ) : P G 1 } is, the image set foms the set of epesentatives of the equivalence class F /(F ). Suppose P G q k q k 1 is a solution of FAPI-1 fo these class of paiings t (Q, ) = z. Then a andom qk 1 -th oot of z is of the fom f s,q (P )α fo a α F q k. And solving the equation f s,q ( ) = f s,q (P )α does not give a point in G 1 in geneal. Theefoe it is equied to claify the definition of EI with egad to the pescibed domain so that it eflects the cucial hadness. Definition 3 (Refomulation of EI). Let e : G 1 G 2 F q k /(F q k ) µ be a paiing ove elliptic cuves, whee the map fom G 1 G 2 to F q k /(F q k ) is given by f s,q (P ) fo an intege s and the isomophism is the d-poweing map. Then given P 1 G 1 and z µ, the exponentiation invesion (EI) poblem is defined to find the value of {y F q k : y d = z} {f s,p1 (P 2 ) F q k : P 2 G 2 }. EI fo the fixed second agument is defined analogously. In the case of the Tate paiing on E(F k q)[] E(F q k), the cadinality of the set {y F q k : y d = z} {f s,p1 (P 2 ) F q k : P 2 G 2 } is appoximately d. And the value is appoximately 1 in the case of its vaiants on G 2 G 1, which implies that EI fo paiings on small domain is had. Once one solves EI fo the vaiants of the Tate paiing, MI is easie than that of the Tate paiing since the value s can be educed to 1/φ(k) [16]. Thus natually one can expect that the hadness of MI and that of EI ae complementay, hence the hadness of the Tate paiing on lage domain and its vaiants on smalle domain is invaiant. We discuss it pecisely in the next section. 4 Equivalence of FAPI fo the Tate and the Ate Paiings In this section we investigate the elationship between FAPI of the Tate paiing t : E(F q k)[] E(F q k) µ and the Ate paiing. Note that the Ate paiing and othe vaiants can be computed as t := t κ fo some intege κ with κ whose domain is esticted to G 2 G 1. If the domain of the Tate paiing is esticted to G 2 G 1, the equivalence of FAPI among these paiings is tivial. Howeve if the domain of the fist agument fo the Tate paiing ae extended to E(F q k)[] (o the second agument to E(F q k)), which is the oiginal space, then the elationship of FAPI between them does not seem obvious any moe. Note that if E(F q k) has no point of ode 2, E(F q k)[] is the set of epesentatives of E(F q k)/e(f q k). Thus fo evey R E(F q k), R is witten as a sum of some P G 1, Q G 2, and the -multiple of P E(F q k), i.e., R = P + Q + P. And since E(F q k)[] =

7 G 1 G 2, evey S E(F q k)[] is witten as a sum of some P G 1 and Q G 2. The following lemma is well-known. Lemma 3. Let E be an odinay elliptic cuve ove F q, a pime such that #E(F q k) and q 1. Then the maps t : G i G i µ fo i = 1 and 2 ae both tivial. Now we ae in a position to show that the computational equivalence between FAPI fo the Tate paiing on a lage domain and the Ate paiing on a smalle domain. Note that a solution of FAPI fo the Tate paiing does not belong to the domain of the Ate paiing. Thus it is equied to extact a pope point fom this intemediate solution. Theoem 2. Let E be an odinay elliptic cuve ove F q, a pime such that #E(F q k) and q 1. Suppose that E(F q k) has no point of ode 2. Then FAPI-1 fo the Tate paiing t : G 2 E(F q k) µ is computationally equivalent to that of the Ate paiing including its vaiants t := t κ : G 2 G 1 µ. Poof. Let z µ and Q G 2 be instances of FAPI-1. Let Σ t and Σ t be oacles of FAPI-1 fo t on G 2 E(F q k) and t on G 2 G 1, espectively. That is, on inputs z µ and Q G 2, Σ t and Σ t output P t E(F q k) and P t G 1 satisfying t(q, P t ) = z and t(q, P t ) = z, espectively. It is easy to see that FAPI-1 fo t on G 2 G 1 implies FAPI-1 fo t on G 2 E(F q k). Taking input (z, Q) to Σ t we have P t G 1 E(F q k). Since t(, ) κ = t(, ) on G 2 G 1, we have t(q, κp t ) = t(q, P t )κ = t(q, P t ) = z. Hence we can solve FAPI-1 fo t on G 2 E(F q k) by one call of Σ t. Convesely, on input (z, Q), suppose Σ t outputs P t such that t(q, P t ) = z. Then since E(F q k) has no point of ode 2, P t = Q 1 + P + P (1) fo some Q 1 G 2, P G 1, and P E(F q k). Fistly we claim that (κ 1 mod ) P is the desied point, i.e., t(q, (κ 1 mod ) P ) = z. This can be veified as follows: z κ = t(q, Q 1 + P + P ) κ = t(q, Q 1 ) κ t(q, P ) κ t(q, P ) κ = t(q, Q 1 ) κ t(q, P ) κ = t(q, Q 1 ) κ t(q, P ) = t(q, P ), whee the last equality comes fom Lemma 3. Now it suffices to extact P fom P t. Fom q 1, δ #E(F q k) fo some intege δ 2. (In fact, δ = 2 since E(F q k) is of ank at most 2 and has no point of ode 2.) Then taking #E(F q k)/ δ -multiple to both sides of (1), we have #E(F q k)/ δ P t = #E(F q k)/ δ Q 1 + #E(F q k)/ δ P + E(F q k)/ δ 1 P.

8 Note that if E(F q k)/ δ 1 P O, 2 should divide the ode of P, which contadicts that E(F q k) has no point of ode 2. Thus the above equation becomes #E(F q k)/ δ P t = #E(F q k)/ δ Q 1 + #E(F q k)/ δ P (2) Next we extact the point #E(F q k)/ δ P out of (2). The technique is followed fom the pevious wok by Galbaith and Veheul [7, Poposition 1]: taking the q-th powe Fobenius map to both sides of (2), we have and hence togethe with (2) #E(F q k)/ δ π q (P t ) = q #E(F q k)/ δ Q 1 + #E(F q k)/ δ P (q 1) #E(F q k)/ δ P = #E(F q k)/ δ (qp t π q (P t )). Since ( δ, q 1) = 1, the extended Euclidean algoithm yields two integes α and α such that α (q 1) α δ = 1. Then #E(F q k)/ δ P = (1 + α δ ) #E(F q k)/ δ P = α(q 1) #E(F q k)/ δ P = α #E(F q k)/ δ (qp t π q (P t )). Also since (#E(F q k)/ δ, ) = 1, thee exist two integes β and β such that β #E(F q k)/ δ β = 1. Hence we have P = (1 + β ) P = β #E(F q k)/ δ P = α β #E(F q k)/ δ (qp t π q (P t )). Theoem 3. Let E be an odinay elliptic cuve ove F q, a pime such that #E(F q k) and q 1. Suppose that E(F q k) has no point of ode 2. Then FAPI-2 fo the Tate paiing t : E(F q k)[] G 1 µ is computationally equivalent to the of the Ate paiing including its vaiants t := t κ : G 2 G 1 µ. Poof. Let z µ and P G 1 be instances of FAPI-2. Let Σ t and Σ t be oacles of FAPI-2 fo t on E(F q k)[] G 1 and t on G 2 G 1, espectively. That is, on inputs z µ and P G 1, Σ t and Σ t output Q t E(F q k)[] and Q t G 2 satisfying t(q t, P ) = z and t(q t, P ) = z, espectively. Taking input (z, P ) to Σ t we have Q t G 2 E(F q k)[]. Since t(, ) κ = t(, ) on G 2 G 1, we have t(κq t, P ) = t(q t, P )κ = t(q t, P ) = z. Hence we can solve FAPI-2 fo the Tate paiing on E(F q k)[] G 1 by one call of Σ t. Convesely, suppose, on input (z, P ), Σ t outputs Q t such that t(q t, P ) = z. Then since E(F q k)[] = G 1 G 2, we have Q t = P + Q (3)

9 fo some P G 1 and Q G 2. Then fom z κ = t(p + Q, P ) κ = t(p, P ) κ t(q, P ) κ = t(p, P ) κ t(q, P ) = t(q, P ), whee the last equality comes fom Lemma 3, (κ 1 mod ) Q is the desied point. Now as pesented in [7, Poposition 1], one can extact Q fom Q t as follows: taking q-th powe Fobenius map to both sides of (3) yields the equation π q (Q t ) = P + q Q. Woking the above equation togethe with (3), we have (q 1) Q = (Q t π q (Q t )). Since (, q 1) = 1, the extended Euclidean algoithm yields two integes α and α such that α (q 1) α = 1. Theefoe Q = (1 + α ) Q = α(q 1) Q = α(q t π q (Q t )). Thus inveting the Ate paiing (including othe vaiants of the Tate paiing) defined on the smalle domain is neithe easie no hade than inveting the Tate paiing defined on the lage domain. If MI gets easie (hade) with educed (extended) domain, EI gets hade (easie) to the same extent and vice vesa. Theefoe the oveall hadness is invaiant. 5 Conclusion In this pape we have efomulated the definition of EI given by Kanayama and Okamoto. We pointed out that a andom qk 1 -th oot can be computed easily given z µ and anlayzed the cucial hadness to invet the final exponentiation step in paiings. We have also investigated the elationship between the invesion of the Tate paiing defined on E(F q k)[] E(F q k) and the Ate paiing on G 2 G 1 and shown that FAPI fo the paiings ae computationally equivalent. It implies that the hadness of MI and that of EI ae complementay in the paiing invesion poblem. Howeve we stess that we cuently do not know the pecise hadness of FAPI. To the best of ou knowledge, thee is no known pactical attack on FAPI. It is still woth investigating the secuity of the paiing invesion poblem fo the Ate o its optimized vesions, focusing on the nice algebaic stuctue they exploit.

10 Refeences 1. L. M. Adleman, K. Mandes, and G. Mille, On taking Roots in Finite Field, in Poc. of 18th IEEE Symposium on Foundations of Compute Science, pp D. Boneh and M. Fanklin, Identity-based Encyption fom the Weil Paiing, in Poc. of CRYTO 2001, vol. 2139, Lectue Notes on Compute Science, pp , D. Boneh, X. Boyen, and H. Shacham, Shot Goup Signatues, in Poc. of CRYTO 2004, vol. 3152, Lectue Notes on Compute Science, pp.41 55, E. Bach and J. Shallit, Algoithmic Numbe Theoy, Vol. 1. MIT Pess, S. Galbaith, Mathematics of Public Key Cyptogaphy, Cambidge Univesity Pess, Available: 6. S. Galbaith, F. Hess, and F. Vecauteen, Aspects of Paiing Invesion, IEEE Tans. Inf. Theoy, vol. 54, no. 12, pp , S. Galbaith and R. Veheul, An Analysis of the Vecto Decomposition Poblem, Poc. of PKC 2008, vol. 4939, Lectue Notes on Compute Science, pp , F. Hess, Paiing Lattices, in Poc. of PAIRING 2008, vol. 5209, Lectue Notes on Compute Science, pp.18 38, F. Hess, N. Smat, and F. Vecauteen, The Eta Paiing Revisited, IEEE Tans. Inf. Theoy, vol. 52, no. 10, pp , A. Joux, A One Round Potocol fo Tipatite Diffie-Hellman, in Poc. of ANTS 2000, vol. 1838, Lectue Notes on Compute Science, pp , N. Kanayama and E. Okamoto, Appoach to Paiing Invesions Without Solving Mille Invesion, IEEE Tans. Inf. Theoy, vol.58, no.2, pp , E. Lee, H. Lee, and C. Pak, Efficient and Genealized Paiing Computation on Abelian Vaieties, IEEE Tans. Inf. Theoy, vol. 55, no. 4, pp , V. S. Mille, Shot pogams fo functions on cuves, unpublished manuscipt (1986). Available: V. S. Mille, The Weil Paiing and its efficient calculation, J. Cyptol., vol. 17, no. 4, pp , F. Vecauteen, The Hidden Root Poblem, in Poc. of PAIRING 2008, vol. 5209, Lectue Notes on Compute Science, pp.89 99, F. Vecauteen, Optimal Paiing, IEEE Tans. Inf. Theoy, vol. 56, no. 1, pp , C. Zhao, F. Zhang, and J. Huang A note on the Ate paiing, Int. J. Inf. Secuity, vol. 6, no. 7, pp , 2008.

Lecture 25: Pairing Based Cryptography

Lecture 25: Pairing Based Cryptography 6.897 Special Topics in Cyptogaphy Instucto: Ran Canetti May 5, 2004 Lectue 25: Paiing Based Cyptogaphy Scibe: Ben Adida 1 Intoduction The field of Paiing Based Cyptogaphy has exploded ove the past 3 yeas

More information

Guide to Pairing-Based Cryptography. Nadia El Mrabet and Marc Joye, Eds.

Guide to Pairing-Based Cryptography. Nadia El Mrabet and Marc Joye, Eds. Guide to Paiing-Based Cyptogaphy by Nadia El Mabet and Mac Joye, Eds. 3 Paiings Soina Ionica Univesité de Picadie Jules Vene Damien Robet INRIA Bodeaux Sud-Ouest, Univesité de Bodeaux 3.1 Functions, Divisos

More information

Pairing Inversion via Non-degenerate Auxiliary Pairings

Pairing Inversion via Non-degenerate Auxiliary Pairings Paiing Invesion via Non-degeneate Auxiliay Paiings Seunghwan Chang 1, Hoon Hong 2, Eunjeong Lee 1, and Hyang-Sook Lee 3 1 Institute of Mathematical Sciences, Ewha Womans Univesity, Seoul, S. Koea schang@ewha.ac.k,

More information

Secret Exponent Attacks on RSA-type Schemes with Moduli N = p r q

Secret Exponent Attacks on RSA-type Schemes with Moduli N = p r q Secet Exponent Attacks on RSA-type Schemes with Moduli N = p q Alexande May Faculty of Compute Science, Electical Engineeing and Mathematics Univesity of Padebon 33102 Padebon, Gemany alexx@uni-padebon.de

More information

Probablistically Checkable Proofs

Probablistically Checkable Proofs Lectue 12 Pobablistically Checkable Poofs May 13, 2004 Lectue: Paul Beame Notes: Chis Re 12.1 Pobablisitically Checkable Poofs Oveview We know that IP = PSPACE. This means thee is an inteactive potocol

More information

New problems in universal algebraic geometry illustrated by boolean equations

New problems in universal algebraic geometry illustrated by boolean equations New poblems in univesal algebaic geomety illustated by boolean equations axiv:1611.00152v2 [math.ra] 25 Nov 2016 Atem N. Shevlyakov Novembe 28, 2016 Abstact We discuss new poblems in univesal algebaic

More information

Stanford University CS259Q: Quantum Computing Handout 8 Luca Trevisan October 18, 2012

Stanford University CS259Q: Quantum Computing Handout 8 Luca Trevisan October 18, 2012 Stanfod Univesity CS59Q: Quantum Computing Handout 8 Luca Tevisan Octobe 8, 0 Lectue 8 In which we use the quantum Fouie tansfom to solve the peiod-finding poblem. The Peiod Finding Poblem Let f : {0,...,

More information

C/CS/Phys C191 Shor s order (period) finding algorithm and factoring 11/12/14 Fall 2014 Lecture 22

C/CS/Phys C191 Shor s order (period) finding algorithm and factoring 11/12/14 Fall 2014 Lecture 22 C/CS/Phys C9 Sho s ode (peiod) finding algoithm and factoing /2/4 Fall 204 Lectue 22 With a fast algoithm fo the uantum Fouie Tansfom in hand, it is clea that many useful applications should be possible.

More information

9.1 The multiplicative group of a finite field. Theorem 9.1. The multiplicative group F of a finite field is cyclic.

9.1 The multiplicative group of a finite field. Theorem 9.1. The multiplicative group F of a finite field is cyclic. Chapte 9 Pimitive Roots 9.1 The multiplicative goup of a finite fld Theoem 9.1. The multiplicative goup F of a finite fld is cyclic. Remak: In paticula, if p is a pime then (Z/p) is cyclic. In fact, this

More information

AQI: Advanced Quantum Information Lecture 2 (Module 4): Order finding and factoring algorithms February 20, 2013

AQI: Advanced Quantum Information Lecture 2 (Module 4): Order finding and factoring algorithms February 20, 2013 AQI: Advanced Quantum Infomation Lectue 2 (Module 4): Ode finding and factoing algoithms Febuay 20, 203 Lectue: D. Mak Tame (email: m.tame@impeial.ac.uk) Intoduction In the last lectue we looked at the

More information

Introduction Common Divisors. Discrete Mathematics Andrei Bulatov

Introduction Common Divisors. Discrete Mathematics Andrei Bulatov Intoduction Common Divisos Discete Mathematics Andei Bulatov Discete Mathematics Common Divisos 3- Pevious Lectue Integes Division, popeties of divisibility The division algoithm Repesentation of numbes

More information

Vanishing lines in generalized Adams spectral sequences are generic

Vanishing lines in generalized Adams spectral sequences are generic ISSN 364-0380 (on line) 465-3060 (pinted) 55 Geomety & Topology Volume 3 (999) 55 65 Published: 2 July 999 G G G G T T T G T T T G T G T GG TT G G G G GG T T T TT Vanishing lines in genealized Adams spectal

More information

On the Computation of the Optimal Ate Pairing at the 192-bit Security Level

On the Computation of the Optimal Ate Pairing at the 192-bit Security Level On the Computation of the Optimal Ate Paiing at the 192-bit Secuity Level Loubna Ghammam 1 and Emmanuel Fouotsa 2 (1) IRMAR, UMR CNRS 6625, Univesité Rennes 1, Campus de Beaulieu 35042 Rennes cedex, Fance.

More information

Enumerating permutation polynomials

Enumerating permutation polynomials Enumeating pemutation polynomials Theodoulos Gaefalakis a,1, Giogos Kapetanakis a,, a Depatment of Mathematics and Applied Mathematics, Univesity of Cete, 70013 Heaklion, Geece Abstact We conside thoblem

More information

ON INDEPENDENT SETS IN PURELY ATOMIC PROBABILITY SPACES WITH GEOMETRIC DISTRIBUTION. 1. Introduction. 1 r r. r k for every set E A, E \ {0},

ON INDEPENDENT SETS IN PURELY ATOMIC PROBABILITY SPACES WITH GEOMETRIC DISTRIBUTION. 1. Introduction. 1 r r. r k for every set E A, E \ {0}, ON INDEPENDENT SETS IN PURELY ATOMIC PROBABILITY SPACES WITH GEOMETRIC DISTRIBUTION E. J. IONASCU and A. A. STANCU Abstact. We ae inteested in constucting concete independent events in puely atomic pobability

More information

Quasi-Randomness and the Distribution of Copies of a Fixed Graph

Quasi-Randomness and the Distribution of Copies of a Fixed Graph Quasi-Randomness and the Distibution of Copies of a Fixed Gaph Asaf Shapia Abstact We show that if a gaph G has the popety that all subsets of vetices of size n/4 contain the coect numbe of tiangles one

More information

arxiv: v1 [math.co] 1 Apr 2011

arxiv: v1 [math.co] 1 Apr 2011 Weight enumeation of codes fom finite spaces Relinde Juius Octobe 23, 2018 axiv:1104.0172v1 [math.co] 1 Ap 2011 Abstact We study the genealized and extended weight enumeato of the - ay Simplex code and

More information

New Finding on Factoring Prime Power RSA Modulus N = p r q

New Finding on Factoring Prime Power RSA Modulus N = p r q Jounal of Mathematical Reseach with Applications Jul., 207, Vol. 37, o. 4, pp. 404 48 DOI:0.3770/j.issn:2095-265.207.04.003 Http://jme.dlut.edu.cn ew Finding on Factoing Pime Powe RSA Modulus = p q Sadiq

More information

QUANTUM ALGORITHMS IN ALGEBRAIC NUMBER THEORY

QUANTUM ALGORITHMS IN ALGEBRAIC NUMBER THEORY QUANTU ALGORITHS IN ALGEBRAIC NUBER THEORY SION RUBINSTEIN-SALZEDO Abstact. In this aticle, we discuss some quantum algoithms fo detemining the goup of units and the ideal class goup of a numbe field.

More information

SPECTRAL SEQUENCES. im(er

SPECTRAL SEQUENCES. im(er SPECTRAL SEQUENCES MATTHEW GREENBERG. Intoduction Definition. Let a. An a-th stage spectal (cohomological) sequence consists of the following data: bigaded objects E = p,q Z Ep,q, a diffeentials d : E

More information

10/04/18. P [P(x)] 1 negl(n).

10/04/18. P [P(x)] 1 negl(n). Mastemath, Sping 208 Into to Lattice lgs & Cypto Lectue 0 0/04/8 Lectues: D. Dadush, L. Ducas Scibe: K. de Boe Intoduction In this lectue, we will teat two main pats. Duing the fist pat we continue the

More information

Lecture 18: Graph Isomorphisms

Lecture 18: Graph Isomorphisms INFR11102: Computational Complexity 22/11/2018 Lectue: Heng Guo Lectue 18: Gaph Isomophisms 1 An Athu-Melin potocol fo GNI Last time we gave a simple inteactive potocol fo GNI with pivate coins. We will

More information

Syntactical content of nite approximations of partial algebras 1 Wiktor Bartol Inst. Matematyki, Uniw. Warszawski, Warszawa (Poland)

Syntactical content of nite approximations of partial algebras 1 Wiktor Bartol Inst. Matematyki, Uniw. Warszawski, Warszawa (Poland) Syntactical content of nite appoximations of patial algebas 1 Wikto Batol Inst. Matematyki, Uniw. Waszawski, 02-097 Waszawa (Poland) batol@mimuw.edu.pl Xavie Caicedo Dep. Matematicas, Univ. de los Andes,

More information

Method for Approximating Irrational Numbers

Method for Approximating Irrational Numbers Method fo Appoximating Iational Numbes Eic Reichwein Depatment of Physics Univesity of Califonia, Santa Cuz June 6, 0 Abstact I will put foth an algoithm fo poducing inceasingly accuate ational appoximations

More information

Quantum Fourier Transform

Quantum Fourier Transform Chapte 5 Quantum Fouie Tansfom Many poblems in physics and mathematics ae solved by tansfoming a poblem into some othe poblem with a known solution. Some notable examples ae Laplace tansfom, Legende tansfom,

More information

Construction and Analysis of Boolean Functions of 2t + 1 Variables with Maximum Algebraic Immunity

Construction and Analysis of Boolean Functions of 2t + 1 Variables with Maximum Algebraic Immunity Constuction and Analysis of Boolean Functions of 2t + 1 Vaiables with Maximum Algebaic Immunity Na Li and Wen-Feng Qi Depatment of Applied Mathematics, Zhengzhou Infomation Engineeing Univesity, Zhengzhou,

More information

arxiv: v1 [math.co] 4 May 2017

arxiv: v1 [math.co] 4 May 2017 On The Numbe Of Unlabeled Bipatite Gaphs Abdullah Atmaca and A Yavuz Ouç axiv:7050800v [mathco] 4 May 207 Abstact This pape solves a poblem that was stated by M A Haison in 973 [] This poblem, that has

More information

ONE-POINT CODES USING PLACES OF HIGHER DEGREE

ONE-POINT CODES USING PLACES OF HIGHER DEGREE ONE-POINT CODES USING PLACES OF HIGHER DEGREE GRETCHEN L. MATTHEWS AND TODD W. MICHEL DEPARTMENT OF MATHEMATICAL SCIENCES CLEMSON UNIVERSITY CLEMSON, SC 29634-0975 U.S.A. E-MAIL: GMATTHE@CLEMSON.EDU, TMICHEL@CLEMSON.EDU

More information

Fractional Zero Forcing via Three-color Forcing Games

Fractional Zero Forcing via Three-color Forcing Games Factional Zeo Focing via Thee-colo Focing Games Leslie Hogben Kevin F. Palmowski David E. Robeson Michael Young May 13, 2015 Abstact An -fold analogue of the positive semidefinite zeo focing pocess that

More information

Lecture 16 Root Systems and Root Lattices

Lecture 16 Root Systems and Root Lattices 1.745 Intoduction to Lie Algebas Novembe 1, 010 Lectue 16 Root Systems and Root Lattices Pof. Victo Kac Scibe: Michael Cossley Recall that a oot system is a pai (V, ), whee V is a finite dimensional Euclidean

More information

ON THE INVERSE SIGNED TOTAL DOMINATION NUMBER IN GRAPHS. D.A. Mojdeh and B. Samadi

ON THE INVERSE SIGNED TOTAL DOMINATION NUMBER IN GRAPHS. D.A. Mojdeh and B. Samadi Opuscula Math. 37, no. 3 (017), 447 456 http://dx.doi.og/10.7494/opmath.017.37.3.447 Opuscula Mathematica ON THE INVERSE SIGNED TOTAL DOMINATION NUMBER IN GRAPHS D.A. Mojdeh and B. Samadi Communicated

More information

Solution to HW 3, Ma 1a Fall 2016

Solution to HW 3, Ma 1a Fall 2016 Solution to HW 3, Ma a Fall 206 Section 2. Execise 2: Let C be a subset of the eal numbes consisting of those eal numbes x having the popety that evey digit in the decimal expansion of x is, 3, 5, o 7.

More information

COLLAPSING WALLS THEOREM

COLLAPSING WALLS THEOREM COLLAPSING WALLS THEOREM IGOR PAK AND ROM PINCHASI Abstact. Let P R 3 be a pyamid with the base a convex polygon Q. We show that when othe faces ae collapsed (otated aound the edges onto the plane spanned

More information

Numerical approximation to ζ(2n+1)

Numerical approximation to ζ(2n+1) Illinois Wesleyan Univesity Fom the SelectedWoks of Tian-Xiao He 6 Numeical appoximation to ζ(n+1) Tian-Xiao He, Illinois Wesleyan Univesity Michael J. Dancs Available at: https://woks.bepess.com/tian_xiao_he/6/

More information

Math 301: The Erdős-Stone-Simonovitz Theorem and Extremal Numbers for Bipartite Graphs

Math 301: The Erdős-Stone-Simonovitz Theorem and Extremal Numbers for Bipartite Graphs Math 30: The Edős-Stone-Simonovitz Theoem and Extemal Numbes fo Bipatite Gaphs May Radcliffe The Edős-Stone-Simonovitz Theoem Recall, in class we poved Tuán s Gaph Theoem, namely Theoem Tuán s Theoem Let

More information

arxiv: v2 [math.ag] 4 Jul 2012

arxiv: v2 [math.ag] 4 Jul 2012 SOME EXAMPLES OF VECTOR BUNDLES IN THE BASE LOCUS OF THE GENERALIZED THETA DIVISOR axiv:0707.2326v2 [math.ag] 4 Jul 2012 SEBASTIAN CASALAINA-MARTIN, TAWANDA GWENA, AND MONTSERRAT TEIXIDOR I BIGAS Abstact.

More information

Berkeley Math Circle AIME Preparation March 5, 2013

Berkeley Math Circle AIME Preparation March 5, 2013 Algeba Toolkit Rules of Thumb. Make sue that you can pove all fomulas you use. This is even bette than memoizing the fomulas. Although it is best to memoize, as well. Stive fo elegant, economical methods.

More information

Fall 2014 Randomized Algorithms Oct 8, Lecture 3

Fall 2014 Randomized Algorithms Oct 8, Lecture 3 Fall 204 Randomized Algoithms Oct 8, 204 Lectue 3 Pof. Fiedich Eisenband Scibes: Floian Tamè In this lectue we will be concened with linea pogamming, in paticula Clakson s Las Vegas algoithm []. The main

More information

Chapter 3: Theory of Modular Arithmetic 38

Chapter 3: Theory of Modular Arithmetic 38 Chapte 3: Theoy of Modula Aithmetic 38 Section D Chinese Remainde Theoem By the end of this section you will be able to pove the Chinese Remainde Theoem apply this theoem to solve simultaneous linea conguences

More information

A scaling-up methodology for co-rotating twin-screw extruders

A scaling-up methodology for co-rotating twin-screw extruders A scaling-up methodology fo co-otating twin-scew extudes A. Gaspa-Cunha, J. A. Covas Institute fo Polymes and Composites/I3N, Univesity of Minho, Guimaães 4800-058, Potugal Abstact. Scaling-up of co-otating

More information

working pages for Paul Richards class notes; do not copy or circulate without permission from PGR 2004/11/3 10:50

working pages for Paul Richards class notes; do not copy or circulate without permission from PGR 2004/11/3 10:50 woking pages fo Paul Richads class notes; do not copy o ciculate without pemission fom PGR 2004/11/3 10:50 CHAPTER7 Solid angle, 3D integals, Gauss s Theoem, and a Delta Function We define the solid angle,

More information

PROBLEM SET #1 SOLUTIONS by Robert A. DiStasio Jr.

PROBLEM SET #1 SOLUTIONS by Robert A. DiStasio Jr. POBLM S # SOLUIONS by obet A. DiStasio J. Q. he Bon-Oppenheime appoximation is the standad way of appoximating the gound state of a molecula system. Wite down the conditions that detemine the tonic and

More information

EM Boundary Value Problems

EM Boundary Value Problems EM Bounday Value Poblems 10/ 9 11/ By Ilekta chistidi & Lee, Seung-Hyun A. Geneal Desciption : Maxwell Equations & Loentz Foce We want to find the equations of motion of chaged paticles. The way to do

More information

Suborbital graphs for the group Γ 2

Suborbital graphs for the group Γ 2 Hacettepe Jounal of Mathematics and Statistics Volume 44 5 2015, 1033 1044 Subobital gaphs fo the goup Γ 2 Bahadı Özgü Güle, Muat Beşenk, Yavuz Kesicioğlu, Ali Hikmet Değe Keywods: Abstact In this pape,

More information

Surveillance Points in High Dimensional Spaces

Surveillance Points in High Dimensional Spaces Société de Calcul Mathématique SA Tools fo decision help since 995 Suveillance Points in High Dimensional Spaces by Benad Beauzamy Januay 06 Abstact Let us conside any compute softwae, elying upon a lage

More information

Efficient Multiplication in for Elliptic Curve Cryptography

Efficient Multiplication in for Elliptic Curve Cryptography Efficient Multiplication in fo Elliptic Cuve Cyptogaphy JC Bajad, L Imbet, C Nège and T Plantad Laboatoie d Infomatique de Robotique et de Micoélectonique de Montpellie LIRMM, ue Ada, 3439 Montpellie cedex

More information

Some RSA-based Encryption Schemes with Tight Security Reduction

Some RSA-based Encryption Schemes with Tight Security Reduction Some RSA-based Encyption Schemes with Tight Secuity Reduction Kaou Kuosawa 1 and Tsuyoshi Takagi 2 1 Ibaaki Univesity, 4-12-1 Nakanausawa, Hitachi, Ibaaki, 316-8511, Japan kuosawa@cis.ibaaki.ac.jp 2 Technische

More information

A Bijective Approach to the Permutational Power of a Priority Queue

A Bijective Approach to the Permutational Power of a Priority Queue A Bijective Appoach to the Pemutational Powe of a Pioity Queue Ia M. Gessel Kuang-Yeh Wang Depatment of Mathematics Bandeis Univesity Waltham, MA 02254-9110 Abstact A pioity queue tansfoms an input pemutation

More information

Mean Curvature and Shape Operator of Slant Immersions in a Sasakian Space Form

Mean Curvature and Shape Operator of Slant Immersions in a Sasakian Space Form Mean Cuvatue and Shape Opeato of Slant Immesions in a Sasakian Space Fom Muck Main Tipathi, Jean-Sic Kim and Son-Be Kim Abstact Fo submanifolds, in a Sasakian space fom, which ae tangential to the stuctue

More information

Analytical Solutions for Confined Aquifers with non constant Pumping using Computer Algebra

Analytical Solutions for Confined Aquifers with non constant Pumping using Computer Algebra Poceedings of the 006 IASME/SEAS Int. Conf. on ate Resouces, Hydaulics & Hydology, Chalkida, Geece, May -3, 006 (pp7-) Analytical Solutions fo Confined Aquifes with non constant Pumping using Compute Algeba

More information

MATH 220: SECOND ORDER CONSTANT COEFFICIENT PDE. We consider second order constant coefficient scalar linear PDEs on R n. These have the form

MATH 220: SECOND ORDER CONSTANT COEFFICIENT PDE. We consider second order constant coefficient scalar linear PDEs on R n. These have the form MATH 220: SECOND ORDER CONSTANT COEFFICIENT PDE ANDRAS VASY We conside second ode constant coefficient scala linea PDEs on R n. These have the fom Lu = f L = a ij xi xj + b i xi + c i whee a ij b i and

More information

The height of minimal Hilbert bases

The height of minimal Hilbert bases 1 The height of minimal Hilbet bases Matin Henk and Robet Weismantel Abstact Fo an integal polyhedal cone C = pos{a 1,..., a m, a i Z d, a subset BC) C Z d is called a minimal Hilbet basis of C iff i)

More information

Functions Defined on Fuzzy Real Numbers According to Zadeh s Extension

Functions Defined on Fuzzy Real Numbers According to Zadeh s Extension Intenational Mathematical Foum, 3, 2008, no. 16, 763-776 Functions Defined on Fuzzy Real Numbes Accoding to Zadeh s Extension Oma A. AbuAaqob, Nabil T. Shawagfeh and Oma A. AbuGhneim 1 Mathematics Depatment,

More information

On a quantity that is analogous to potential and a theorem that relates to it

On a quantity that is analogous to potential and a theorem that relates to it Su une quantité analogue au potential et su un théoème y elatif C R Acad Sci 7 (87) 34-39 On a quantity that is analogous to potential and a theoem that elates to it By R CLAUSIUS Tanslated by D H Delphenich

More information

COORDINATE TRANSFORMATIONS - THE JACOBIAN DETERMINANT

COORDINATE TRANSFORMATIONS - THE JACOBIAN DETERMINANT COORDINATE TRANSFORMATIONS - THE JACOBIAN DETERMINANT Link to: phsicspages home page. To leave a comment o epot an eo, please use the auilia blog. Refeence: d Inveno, Ra, Intoducing Einstein s Relativit

More information

A Multivariate Normal Law for Turing s Formulae

A Multivariate Normal Law for Turing s Formulae A Multivaiate Nomal Law fo Tuing s Fomulae Zhiyi Zhang Depatment of Mathematics and Statistics Univesity of Noth Caolina at Chalotte Chalotte, NC 28223 Abstact This pape establishes a sufficient condition

More information

On decompositions of complete multipartite graphs into the union of two even cycles

On decompositions of complete multipartite graphs into the union of two even cycles On decompositions of complete multipatite gaphs into the union of two even cycles A. Su, J. Buchanan, R. C. Bunge, S. I. El-Zanati, E. Pelttai, G. Rasmuson, E. Spaks, S. Tagais Depatment of Mathematics

More information

q i i=1 p i ln p i Another measure, which proves a useful benchmark in our analysis, is the chi squared divergence of p, q, which is defined by

q i i=1 p i ln p i Another measure, which proves a useful benchmark in our analysis, is the chi squared divergence of p, q, which is defined by CSISZÁR f DIVERGENCE, OSTROWSKI S INEQUALITY AND MUTUAL INFORMATION S. S. DRAGOMIR, V. GLUŠČEVIĆ, AND C. E. M. PEARCE Abstact. The Ostowski integal inequality fo an absolutely continuous function is used

More information

On the Quasi-inverse of a Non-square Matrix: An Infinite Solution

On the Quasi-inverse of a Non-square Matrix: An Infinite Solution Applied Mathematical Sciences, Vol 11, 2017, no 27, 1337-1351 HIKARI Ltd, wwwm-hikaicom https://doiog/1012988/ams20177273 On the Quasi-invese of a Non-squae Matix: An Infinite Solution Ruben D Codeo J

More information

Bounds on the performance of back-to-front airplane boarding policies

Bounds on the performance of back-to-front airplane boarding policies Bounds on the pefomance of bac-to-font aiplane boading policies Eitan Bachmat Michael Elin Abstact We povide bounds on the pefomance of bac-to-font aiplane boading policies. In paticula, we show that no

More information

Lecture 28: Convergence of Random Variables and Related Theorems

Lecture 28: Convergence of Random Variables and Related Theorems EE50: Pobability Foundations fo Electical Enginees July-Novembe 205 Lectue 28: Convegence of Random Vaiables and Related Theoems Lectue:. Kishna Jagannathan Scibe: Gopal, Sudhasan, Ajay, Swamy, Kolla An

More information

Measure Estimates of Nodal Sets of Polyharmonic Functions

Measure Estimates of Nodal Sets of Polyharmonic Functions Chin. Ann. Math. Se. B 39(5), 08, 97 93 DOI: 0.007/s40-08-004-6 Chinese Annals of Mathematics, Seies B c The Editoial Office of CAM and Spinge-Velag Belin Heidelbeg 08 Measue Estimates of Nodal Sets of

More information

Pearson s Chi-Square Test Modifications for Comparison of Unweighted and Weighted Histograms and Two Weighted Histograms

Pearson s Chi-Square Test Modifications for Comparison of Unweighted and Weighted Histograms and Two Weighted Histograms Peason s Chi-Squae Test Modifications fo Compaison of Unweighted and Weighted Histogams and Two Weighted Histogams Univesity of Akueyi, Bogi, v/noduslód, IS-6 Akueyi, Iceland E-mail: nikolai@unak.is Two

More information

Deterministic vs Non-deterministic Graph Property Testing

Deterministic vs Non-deterministic Graph Property Testing Deteministic vs Non-deteministic Gaph Popety Testing Lio Gishboline Asaf Shapia Abstact A gaph popety P is said to be testable if one can check whethe a gaph is close o fa fom satisfying P using few andom

More information

A Crash Course in (2 2) Matrices

A Crash Course in (2 2) Matrices A Cash Couse in ( ) Matices Seveal weeks woth of matix algeba in an hou (Relax, we will only stuy the simplest case, that of matices) Review topics: What is a matix (pl matices)? A matix is a ectangula

More information

The Substring Search Problem

The Substring Search Problem The Substing Seach Poblem One algoithm which is used in a vaiety of applications is the family of substing seach algoithms. These algoithms allow a use to detemine if, given two chaacte stings, one is

More information

Chapter 5 Linear Equations: Basic Theory and Practice

Chapter 5 Linear Equations: Basic Theory and Practice Chapte 5 inea Equations: Basic Theoy and actice In this chapte and the next, we ae inteested in the linea algebaic equation AX = b, (5-1) whee A is an m n matix, X is an n 1 vecto to be solved fo, and

More information

Asymptotically Lacunary Statistical Equivalent Sequence Spaces Defined by Ideal Convergence and an Orlicz Function

Asymptotically Lacunary Statistical Equivalent Sequence Spaces Defined by Ideal Convergence and an Orlicz Function "Science Stays Tue Hee" Jounal of Mathematics and Statistical Science, 335-35 Science Signpost Publishing Asymptotically Lacunay Statistical Equivalent Sequence Spaces Defined by Ideal Convegence and an

More information

HOW TO TEACH THE FUNDAMENTALS OF INFORMATION SCIENCE, CODING, DECODING AND NUMBER SYSTEMS?

HOW TO TEACH THE FUNDAMENTALS OF INFORMATION SCIENCE, CODING, DECODING AND NUMBER SYSTEMS? 6th INTERNATIONAL MULTIDISCIPLINARY CONFERENCE HOW TO TEACH THE FUNDAMENTALS OF INFORMATION SCIENCE, CODING, DECODING AND NUMBER SYSTEMS? Cecília Sitkuné Göömbei College of Nyíegyháza Hungay Abstact: The

More information

Inverting the nal exponentiation of Tate pairings on ordinary elliptic curves using faults

Inverting the nal exponentiation of Tate pairings on ordinary elliptic curves using faults Inveting the nal exponentiation of Tate paiings on odinay elliptic cuves using faults Ronan Lashemes 1,2, Jacques Founie 1, and Louis Goubin 2 1 CEA-TechReg, Gadanne, Fance onan.lashemes@cea.f, jacques.founie@cea.f

More information

The Schwarzschild Solution

The Schwarzschild Solution The Schwazschild Solution Johannes Schmude 1 Depatment of Physics Swansea Univesity, Swansea, SA2 8PP, United Kingdom Decembe 6, 2007 1 pyjs@swansea.ac.uk Intoduction We use the following conventions:

More information

Divisibility. c = bf = (ae)f = a(ef) EXAMPLE: Since 7 56 and , the Theorem above tells us that

Divisibility. c = bf = (ae)f = a(ef) EXAMPLE: Since 7 56 and , the Theorem above tells us that Divisibility DEFINITION: If a and b ae integes with a 0, we say that a divides b if thee is an intege c such that b = ac. If a divides b, we also say that a is a diviso o facto of b. NOTATION: d n means

More information

Journal of Inequalities in Pure and Applied Mathematics

Journal of Inequalities in Pure and Applied Mathematics Jounal of Inequalities in Pue and Applied Mathematics COEFFICIENT INEQUALITY FOR A FUNCTION WHOSE DERIVATIVE HAS A POSITIVE REAL PART S. ABRAMOVICH, M. KLARIČIĆ BAKULA AND S. BANIĆ Depatment of Mathematics

More information

Galois points on quartic surfaces

Galois points on quartic surfaces J. Math. Soc. Japan Vol. 53, No. 3, 2001 Galois points on quatic sufaces By Hisao Yoshihaa (Received Nov. 29, 1999) (Revised Ma. 30, 2000) Abstact. Let S be a smooth hypesuface in the pojective thee space

More information

On a Hyperplane Arrangement Problem and Tighter Analysis of an Error-Tolerant Pooling Design

On a Hyperplane Arrangement Problem and Tighter Analysis of an Error-Tolerant Pooling Design On a Hypeplane Aangement Poblem and Tighte Analysis of an Eo-Toleant Pooling Design Hung Q Ngo August 19, 2006 Abstact In this pape, we fomulate and investigate the following poblem: given integes d, k

More information

Lecture 8 - Gauss s Law

Lecture 8 - Gauss s Law Lectue 8 - Gauss s Law A Puzzle... Example Calculate the potential enegy, pe ion, fo an infinite 1D ionic cystal with sepaation a; that is, a ow of equally spaced chages of magnitude e and altenating sign.

More information

1 Explicit Explore or Exploit (E 3 ) Algorithm

1 Explicit Explore or Exploit (E 3 ) Algorithm 2.997 Decision-Making in Lage-Scale Systems Mach 3 MIT, Sping 2004 Handout #2 Lectue Note 9 Explicit Exploe o Exploit (E 3 ) Algoithm Last lectue, we studied the Q-leaning algoithm: [ ] Q t+ (x t, a t

More information

Encapsulation theory: radial encapsulation. Edmund Kirwan *

Encapsulation theory: radial encapsulation. Edmund Kirwan * Encapsulation theoy: adial encapsulation. Edmund Kiwan * www.edmundkiwan.com Abstact This pape intoduces the concept of adial encapsulation, wheeby dependencies ae constained to act fom subsets towads

More information

Central Coverage Bayes Prediction Intervals for the Generalized Pareto Distribution

Central Coverage Bayes Prediction Intervals for the Generalized Pareto Distribution Statistics Reseach Lettes Vol. Iss., Novembe Cental Coveage Bayes Pediction Intevals fo the Genealized Paeto Distibution Gyan Pakash Depatment of Community Medicine S. N. Medical College, Aga, U. P., India

More information

An intersection theorem for four sets

An intersection theorem for four sets An intesection theoem fo fou sets Dhuv Mubayi Novembe 22, 2006 Abstact Fix integes n, 4 and let F denote a family of -sets of an n-element set Suppose that fo evey fou distinct A, B, C, D F with A B C

More information

On the ratio of maximum and minimum degree in maximal intersecting families

On the ratio of maximum and minimum degree in maximal intersecting families On the atio of maximum and minimum degee in maximal intesecting families Zoltán Lóánt Nagy Lale Özkahya Balázs Patkós Máté Vize Septembe 5, 011 Abstact To study how balanced o unbalanced a maximal intesecting

More information

arxiv: v1 [math.nt] 28 Oct 2017

arxiv: v1 [math.nt] 28 Oct 2017 ON th COEFFICIENT OF DIVISORS OF x n axiv:70049v [mathnt] 28 Oct 207 SAI TEJA SOMU Abstact Let,n be two natual numbes and let H(,n denote the maximal absolute value of th coefficient of divisos of x n

More information

2-Monoid of Observables on String G

2-Monoid of Observables on String G 2-Monoid of Obsevables on Sting G Scheibe Novembe 28, 2006 Abstact Given any 2-goupoid, we can associate to it a monoidal categoy which can be thought of as the 2-monoid of obsevables of the 2-paticle

More information

THE JEU DE TAQUIN ON THE SHIFTED RIM HOOK TABLEAUX. Jaejin Lee

THE JEU DE TAQUIN ON THE SHIFTED RIM HOOK TABLEAUX. Jaejin Lee Koean J. Math. 23 (2015), No. 3, pp. 427 438 http://dx.doi.og/10.11568/kjm.2015.23.3.427 THE JEU DE TAQUIN ON THE SHIFTED RIM HOOK TABLEAUX Jaejin Lee Abstact. The Schensted algoithm fist descibed by Robinson

More information

Information Retrieval Advanced IR models. Luca Bondi

Information Retrieval Advanced IR models. Luca Bondi Advanced IR models Luca Bondi Advanced IR models 2 (LSI) Pobabilistic Latent Semantic Analysis (plsa) Vecto Space Model 3 Stating point: Vecto Space Model Documents and queies epesented as vectos in the

More information

2 S. Gao and M. A. Shokollahi opeations in Fq, and usually we will use the \Soft O" notation to ignoe logaithmic factos: g = O(n) ~ means that g = O(n

2 S. Gao and M. A. Shokollahi opeations in Fq, and usually we will use the \Soft O notation to ignoe logaithmic factos: g = O(n) ~ means that g = O(n Computing Roots of Polynomials ove Function Fields of Cuves Shuhong Gao 1 and M. Amin Shokollahi 2 1 Depatment of Mathematical Sciences, Clemson Univesity, Clemson, SC 29634 USA 2 Bell Labs, Rm. 2C-353,

More information

ANA BERRIZBEITIA, LUIS A. MEDINA, ALEXANDER C. MOLL, VICTOR H. MOLL, AND LAINE NOBLE

ANA BERRIZBEITIA, LUIS A. MEDINA, ALEXANDER C. MOLL, VICTOR H. MOLL, AND LAINE NOBLE THE p-adic VALUATION OF STIRLING NUMBERS ANA BERRIZBEITIA, LUIS A. MEDINA, ALEXANDER C. MOLL, VICTOR H. MOLL, AND LAINE NOBLE Abstact. Let p > 2 be a pime. The p-adic valuation of Stiling numbes of the

More information

CALCULATING THE NUMBER OF TWIN PRIMES WITH SPECIFIED DISTANCE BETWEEN THEM BASED ON THE SIMPLEST PROBABILISTIC MODEL

CALCULATING THE NUMBER OF TWIN PRIMES WITH SPECIFIED DISTANCE BETWEEN THEM BASED ON THE SIMPLEST PROBABILISTIC MODEL U.P.B. Sci. Bull. Seies A, Vol. 80, Iss.3, 018 ISSN 13-707 CALCULATING THE NUMBER OF TWIN PRIMES WITH SPECIFIED DISTANCE BETWEEN THEM BASED ON THE SIMPLEST PROBABILISTIC MODEL Sasengali ABDYMANAPOV 1,

More information

Brief summary of functional analysis APPM 5440 Fall 2014 Applied Analysis

Brief summary of functional analysis APPM 5440 Fall 2014 Applied Analysis Bief summay of functional analysis APPM 5440 Fall 014 Applied Analysis Stephen Becke, stephen.becke@coloado.edu Standad theoems. When necessay, I used Royden s and Keyzsig s books as a efeence. Vesion

More information

arxiv: v1 [math.na] 8 Feb 2013

arxiv: v1 [math.na] 8 Feb 2013 A mixed method fo Diichlet poblems with adial basis functions axiv:1302.2079v1 [math.na] 8 Feb 2013 Nobet Heue Thanh Tan Abstact We pesent a simple discetization by adial basis functions fo the Poisson

More information

Failure Probability of 2-within-Consecutive-(2, 2)-out-of-(n, m): F System for Special Values of m

Failure Probability of 2-within-Consecutive-(2, 2)-out-of-(n, m): F System for Special Values of m Jounal of Mathematics and Statistics 5 (): 0-4, 009 ISSN 549-3644 009 Science Publications Failue Pobability of -within-consecutive-(, )-out-of-(n, m): F System fo Special Values of m E.M.E.. Sayed Depatment

More information

Algebra of Matrix Arithmetic

Algebra of Matrix Arithmetic JOURNAL OF ALGEBRA 210, 194215 1998 ARTICLE NO JA987527 Algeba of Matix Aithmetic Gautami Bhowmik and Olivie Ramae Depatment of Mathematics, Uniesite Lille 1, Unite associee au CNRS, URA 751, 59655 Villeneue

More information

arxiv: v1 [physics.gen-ph] 18 Aug 2018

arxiv: v1 [physics.gen-ph] 18 Aug 2018 Path integal and Sommefeld quantization axiv:1809.04416v1 [physics.gen-ph] 18 Aug 018 Mikoto Matsuda 1, and Takehisa Fujita, 1 Japan Health and Medical technological college, Tokyo, Japan College of Science

More information

Temporal-Difference Learning

Temporal-Difference Learning .997 Decision-Making in Lage-Scale Systems Mach 17 MIT, Sping 004 Handout #17 Lectue Note 13 1 Tempoal-Diffeence Leaning We now conside the poblem of computing an appopiate paamete, so that, given an appoximation

More information

Localization of Eigenvalues in Small Specified Regions of Complex Plane by State Feedback Matrix

Localization of Eigenvalues in Small Specified Regions of Complex Plane by State Feedback Matrix Jounal of Sciences, Islamic Republic of Ian (): - () Univesity of Tehan, ISSN - http://sciencesutaci Localization of Eigenvalues in Small Specified Regions of Complex Plane by State Feedback Matix H Ahsani

More information

SUFFICIENT CONDITIONS FOR MAXIMALLY EDGE-CONNECTED AND SUPER-EDGE-CONNECTED GRAPHS DEPENDING ON THE CLIQUE NUMBER

SUFFICIENT CONDITIONS FOR MAXIMALLY EDGE-CONNECTED AND SUPER-EDGE-CONNECTED GRAPHS DEPENDING ON THE CLIQUE NUMBER Discussiones Mathematicae Gaph Theoy 39 (019) 567 573 doi:10.7151/dmgt.096 SUFFICIENT CONDITIONS FOR MAXIMALLY EDGE-CONNECTED AND SUPER-EDGE-CONNECTED GRAPHS DEPENDING ON THE CLIQUE NUMBER Lutz Volkmann

More information

Application of homotopy perturbation method to the Navier-Stokes equations in cylindrical coordinates

Application of homotopy perturbation method to the Navier-Stokes equations in cylindrical coordinates Computational Ecology and Softwae 5 5(): 9-5 Aticle Application of homotopy petubation method to the Navie-Stokes equations in cylindical coodinates H. A. Wahab Anwa Jamal Saia Bhatti Muhammad Naeem Muhammad

More information

titrrvers:rtt t>1 NO~~H CAROLINA

titrrvers:rtt t>1 NO~~H CAROLINA titvers:tt t>1 NO~~H CAROLINA Depatment of statistics Chapel Hill, N. C. ON A BOUN.D USEFUL IN THE THEORY OF FACTORIAL DESIGNS AND ERROR CORRECTING CODES by R. C. Bose and J. N. Sivastava Apil 1963 Gant

More information

arxiv: v1 [math.nt] 12 May 2017

arxiv: v1 [math.nt] 12 May 2017 SEQUENCES OF CONSECUTIVE HAPPY NUMBERS IN NEGATIVE BASES HELEN G. GRUNDMAN AND PAMELA E. HARRIS axiv:1705.04648v1 [math.nt] 12 May 2017 ABSTRACT. Fo b 2 and e 2, let S e,b : Z Z 0 be the function taking

More information

1. INTRODUCTION FAST ELLIPTIC CURVE CRYPTOGRAPHY USING OPTIMAL DOUBLE-BASE CHAINS

1. INTRODUCTION FAST ELLIPTIC CURVE CRYPTOGRAPHY USING OPTIMAL DOUBLE-BASE CHAINS FAST ELLIPTIC CURVE CRYPTOGRAPHY USING OPTIMAL DOUBLE-BASE CHAINS Voapong Suppakitpaisan, Hioshi Imai Gaduate School of Infomation Science and Technology, The Univesity of Tokyo Tokyo, Japan 11-00 m t

More information