Oblivious Transfer based on Key Exchange
|
|
- Kenneth Johnson
- 6 years ago
- Views:
Transcription
1 Oblivious Transfer based on Key Echane bhishek Parakh bstract: Key-echane rotocols have been overlooked as a ossible means for imlementin oblivious transfer (OT) In this aer we resent a rotocol for mutual echane of secrets, -out-of- OT coin-fliin similar to Diffie- Hellman rotocol usin the idea of obliviously echanin encrytion keys Since, Diffie-Hellman scheme is widely used, our rotocol may rovide a useful alternative to the conventional methods for imlementation of oblivious transfer a useful rimitive in buildin larer crytorahic schemes Introduction Oblivious transfer (OT), discussed by Stehen Wiesner as conjuate codin [] became oular when Rabin described a scheme for mutual echane of secrets [] This combined with -outof- oblivious transfer led to the develoment of numerous crytorahic tools n oblivious transfer rotocol is a scheme in which lice transfers to ob a secret without knowin if ob received it, while ob may or may not receive the secret, each haenin with a certain robability, usually one-half Such a scheme usin Ellitic Curve Crytorahy has been discussed in [3] In this aer we construct a rotocol for oblivious transfer usin key echane similar to Diffie- Hellman (DH) rotocol [4], which is a oular method for establishin a shared key between two arties over an insecure channel We modify the Diffie-Hellman rotocol such that the two communicatin arties will succeed or fail in establishin a shared key each with a robability of one-half However, the arty sendin the secret will not know if the receiver has the same key as he/she does There have been imlementations [5,6] of -out-of-n OT based on the Decision Diffie-Hellman (DDH) roblem [7] However, our rotocol differs from revious ones in the sense that - firstly, we describe a scheme for mutual echane of secrets based on DH Secondly, in the revious imlementations the -out-of-n OT use the DDH for the transfer itself, ie alies the Diffie- Hellman eonentiation for the encrytion of secrets directly Here we administer the idea of the oblivious key echane Once the keys are echaned (obliviously), the arties may use any mutually areed encrytion method for the actual transfer / echane of secrets
2 The security of our rotocol arises from the fact that the roblem of determinin an eonent e iven, y a rime, such that e mod y is equivalent to solvin a Discrete Lo Problem (DLP) efficiently The articiants choose numbers, such that is a lare rime on the order of at least 300 decimal diits (04 bits), has a lare rime factor is a enerator of order in the multilicative rou Ζ (a enerator is a rimitive root of ) This ensures the security of the rotocols not only aainst eavesdroers but also aainst the oosin arty, which is to be considered as an adversary as well Since we will be workin only in Ζ, we often do not state it elicitly The roof that the security of Rabin s crytosystem is equivalent to a factorization roblem led to the develoment of the zero-knowlede roof [8] In such a roof a rover tries to convince a verifier that he ossesses certain information but he does not disclose the information but only the roof that he ossesses the information With every iteration of the alorithm, the robability of an imoster cheatin a verifier decreases eonentially We will discuss a scheme for zeroknowlede roof based on the discrete lo roblem Mutual echane of secrets Suose lice ob ossess secrets S S resectively, which they wish to echane, however, they do not trust each other We would like to comlete the echane without a trusted third arty without a rocedure for simultaneous echane of secrets; the latter bein ractically imossible to imlement when the arties are eorahically far aart oth arties are assumed to have an aroriate mechanism to diitally sin every messae they send Let the secrets S S be asswords to files that ob lice want to access such that if a wron assword is used then the files will self-destruct This revents the arties from tryin rom asswords The rotocol is based on the oblivious echane of encrytion keys The Protocol: We eloit the fact that there eist Ζ,, such that they ma to a sinle ciher c, where c mod mod Let K denote the key that lice uses to encryt her secret, while ob uses K to encryt his secret With these assumtions, the rotocol roceeds as follows: lice ob aree uon a rime, a number Ζ as the enerator c such that c mod mod (lice ob both know ) lice rivately chooses or two rom numbers
3 3 ob secretly decides on, such that or a rom number + 4 lice sends to ob: mod mod + 5 ob sends to lice: mod comutes K ( ) mod for himself + 6 lice comutes: K mod 7 ob chooses a rom messae M sends C f ( M ) 8 lice sends back Y f ( C, ) K to ob K, to lice c f ( m, k) is a function known to both lice ob, where m is the inut, k is the key knowin c does not reveal the key used f may be an encrytion function usin a secret key f is the decrytion function (, ) lice Mutual areement: rime such that has a lare rime factor a number Ζ that is a rimitive root of 3 a number c, where c mod mod ( ) M,, ob ( ) K lice [ ( + ) K ] ob Comare with M to determine if K or K K K Illustration of roosed alorithm to achieve oblivious echane of encrytion key (all comutations erformed in Ζ ) 3
4 Two cases arise from the above sequence, namely If then K K, else K K Hence, ob receives K with robability one-half Stes 7 8 hel ob check if he has K by comarin Y M Similarly, echane of key Define states, K takes lace from ob to lice U b K, K, if if ob received K ob did not receive K where, K Ζ K is the bitwise comlement of K U a is similarly defined In order to revent cheatin by either arty, lice sends U a S to ob ob sends Ub S to lice Since, neither arty knows other s state of knowlede of the secret key, this ste does not rovide either arty with any knowlede of other s secret Finally, lice ob echane their secrets encrytin them usin K K, resectively If at the last ste, after lice sends her encryted secret to ob, ob was to cheat not send his secret to lice, then the fact that ob cheated imlies that ob received K U b K that ob had reviously sent Ub S K S lice can retrieve S by comutin K S K S The robability, after the rotocol is comlete, that neither arty knows other s secret key is onefourth Eamle: lice ob wish to echane secrets S c 9 Therefore, c mod 3 c mod 0 from ste of the alorithm Let us eamine them: S They aree uon 3, 5 Two cases arise beinnin Case I: lice chooses: 3 two rom numbers ob chooses: lice sends to ob: mod 5 + mod mod 5 mod 3 9 4
5 5 ob sends to lice: mod mod ( 6 5 ) mod 3 7 mod 3 7 ( 6 7) mod 3 7 comutes for himself: ( ) 7 K mod 9 mod lice comutes: K mod ( 7) 5 mod 3 ob may encryt a rom messae with the key that he has enerated ask lice to decryt it usin her key to determine if he has K Since lice ob have chosen 3, then K K ( 0 ives similar results) Case II: lice chooses: 3 two rom numbers ob chooses: lice sends to ob: mod 5 + mod mod 5 mod ob sends to lice: mod mod 3 7 ( 6 ) mod 3 7 mod 3 7 ( 6 ) mod 3 9 comutes for himself: ( ) 7 K mod 9 mod lice comutes: K mod () 9 5 mod 3 6 5
6 In this case, lice ob have chosen similar results), hence K K ( 0 3 yields In none of the cases can ob can redict before h what choice lice has made, so the rotocol remains fair Security issues: The rotocol breaks down if ob is able to comute both ( ) mod ( + ) [ ] mod We see that ob can deduce comute, usin which he may y mod Given y, deducin y is a DLP If we assume that some how ob is able to deduce y, then in order for him to comute the ratio, he still needs to know either or, which is aain equivalent to a DLP ased on the assumtion that a Discrete Lo Problem is difficult to solve, the rotocol remains secure 3 One-out-of-two oblivious transfer One of the most owerful rimitives that have led to the invention of numerous crytorahic schemes is the one-out-of-two oblivious transfer It may concetually be described as a black bo where lice uts in two secrets, S S, such that ob can only retrieve one of them while ettin no information about the other ob is concerned that lice should not know which secret he retrieved situation may be such that a sy wishes to sell one out of two secrets that he ossesses, while the buyer does not wish the sy to know which information he wants In such a situation the - out-of- oblivious transfer can be emloyed It is assumed that the arty ossessin the two secrets is willin to disclose one only one of these to the other The rocedure of choosin rime, enerator number c mod mod remains identical to that described before However, this time lice uses secret keys K K to encryt secrets S S, resectively She announces to ob that she is associatin key K with key K with With these initial conditions the rotocol follows: + lice secretly chooses sends to ob: mod ob chooses (if he wants secret S ) or (if he wants secret S ) secret numbers 6
7 + 3 ob sends to lice: mod mod + 4 lice chooses a number sends to ob: mod ob comutes: K mod mod 6 lice comutes: K mod ( ) + K mod ( ) 7 lice encryts secret S usin K secret S usin K sends them to ob From the above sequence we see that if ob chooses, then K K if ob chooses, then K K Hence, ob will only be able to retrieve one of the two secrets deendin uon his choice, while lice will not be able to determine which secret ob has retrieved Security issues: In order for ob to cheat, he needs to comute both K K His best otion is to determine one of the keys honestly usin that, try to deduce the other key For instance, if ob honestly comutes K, then he will have access to ut this does not rovide him with any information about which he needs to comute K Similarly, he cannot calculate K from K The roblem is aain equivalent to efficiently solvin a DLP 4 Coin-Fliin Protocols coule may decide on which restaurant to o to or whether they should take a vacation or buy a car for their net anniversary, by tossin a coin In this case fliin a coin is a trivial matter since both arties are resent at the same lace hysically However, roblems arise when the articiants are eorahically searated over lare distances How are they suosed to fairly fli a coin when both of them cannot see the outcome simultaneously? Many business transactions require such an arranement or a simle ame of amblin over the Web may need a fair coin-toss umerous solutions eist for this urose that emloy crytorahic techniques of bit commitment [9, 0] 7
8 It turns out that any oblivious transfer scheme may be suitably modified to fli a coin, so can be the rotocol for mutual echane of secrets that we have resented For instance, if ob receives the same key as lice then ob wins the toss else lice wins fter ob declares the key he has comuted, lice relies if he won or lost reveals all the variables that she had chosen which ob can use to verify lice s claim ob may not disclose any of the variables of his choice 5 Zero-Knowlede Proofs Introduced in 985, zero-knowlede roofs are tyically used to force malicious arties to behave accordin to a redetermined rotocol In addition to their direct alicability to crytorahy, they serve as a ood benchmark for the study of various roblems reardin crytorahic rotocols [,, 3] Here we discuss a rotocol for a rover P to convince a verifier V that he ossesses certain information without disclosin the actual information We may formally describe the roblem as the followin: P declares a y, such that y e mod, where is a rime Ζ y, may be lobal information However, only P knows the eonent e For everyone else, determinin e is a DLP The roblem is for P to convince V that he knows the value of e without disclosin it The rotocol may roceed as follows: e en P chooses a rom inteer n sends X ( ) mod mod n to V V chooses a rom bit b If b 0, M 0; else he chooses a rom m sets M m mod b, M to P sends ( ) e me 3 If b 0, P sends n to V ; else P sends Y M mod mod to V n en 4 When b 0, V verifies X is equal to y mod mod So he believes that P m em knows the value of n If b, V verifies if Y is equal to y mod mod So he is convinced that P knows the value of e This is a sinle round of the rotocol Uon multile rounds of the rotocol, the robability of an imoster cheatin the verifier decreases eonentially We see that an imoster who does not know e will succeed with a robability of one-half in each round This is because if V starts communicatin with an imoster P from round one, then when b 0, P successfully comletes the rotocol, but when b, then P will have to uess the value of e Hence, after t iterations, the robability of the verifier bein cheated t decreases to The rotocol is zero-knowlede because P never sends e, but only uses it as an eonent This makes it equivalent to Discrete-Lo-Problem 8
9 zero-knowlede roof can be used for identification if the verifier knows the value of e, which acts like a assword The rover has to convince the verifier that he knows the assword, without actually ivin it out This is because the verifier may be an imoster tryin to determine the assword by cheatin 6 Conclusion Our alorithm oens u the ossibility of develoment of oblivious transfer schemes usin key echane rotocols cademically, it aears that such alorithms should have receded Rabin s rotocol It shows that there eist numerous variations on the imlementation of OT rotocols lso, most OT schemes can be etended to coin fliin with minor modifications, in which case, only one sided transfer may take lace success or failure deends on the oosin arty bein lucky enouh to deduce the key Our rotocol is different from Rabin s rotocol in the sense that the latter aims at obliviously transmittin the decrytion key from the transmitter to the receiver whereas we establish a shared key between the transmitter receiver with robability one-half Hiher eonents may be emloyed to enerate transfer robabilities other than one-half It turns out that the Diffie- Hellman rotocol is a owerful rimitive can be used as a basis for imlementin many crytorahic rotocols that have been imlemented via the RS tye transformations This ossibility had been overlooked cknowledement I sincerely thank William Perkins James Harold Thomas for discussions useful comments References S Wiesner Conjuate Codin, manuscrit written circa 970, unublished until it aeared in Siact ews, Vol 5, no, 983, M O Rabin How to echane secrets by oblivious transfer Technical Reort TR-8, iken Comutation Laboratory, Harvard University, 98 3 Parakh Oblivious Transfer usin Ellitic Curves, Crytoloia, Volume 3, Issue ril 007, aes W Diffie M E Hellman ew Directions in Crytorahy, IEEE Transactions on Information Theory, vol IT-, ov 976, : M ellare, S Micali on-interactive oblivious transfer alicatoins Cryto 89,
10 6 M aor Pinkas Efficient Oblivious Transfer Protocols, Proceedins of SOD 00 (SIM Symosium on Discrete lorithms), January , Washinton DC 7 D oneh The Decision Diffie-Hellman Problem Proceedins of the Third lorithmic umber Theory Symosium Sriner-Verla LCS 43, 998, : S Goldwasser, S Micali, C Rackoff The knowlede comleity of interactive roof systems CM Symosium on Theory of Comutin, CM Press, ew York, US, 985, M lum Coin fliin by telehone dvances in Crytoloy: Reort on CRYPTO 8, aes 5, Santa arbara, 98 ECE Reort o J Reyneri E Karnin Coin fliin by telehone (Corres) Information Theory, IEEE Transactions on, Volume 30, Issue 5, Se 984 aes: Fiat Shamir, How to rove yourself: Practical solutions to identification sinature roblems, dvances in Crytoloy - Cryto '86, Sriner-Verla (987), U Feie Fiat Shamir Zero Knowlede Proofs of Identity Proceedins of the 9th CM Sym on Theory of Comutin, May 987, aes:0-7 3 O Goldreieh, S Micali Widerson, "Proofs That Yield othin ut Their Validity a Methodoloy of Crytorahic Protocol Desin", Proceedins of FOGS 986,
SQUARES IN Z/NZ. q = ( 1) (p 1)(q 1)
SQUARES I Z/Z We study squares in the ring Z/Z from a theoretical and comutational oint of view. We resent two related crytograhic schemes. 1. SQUARES I Z/Z Consider for eamle the rime = 13. Write the
More informationLecture 21: Quantum Communication
CS 880: Quantum Information Processing 0/6/00 Lecture : Quantum Communication Instructor: Dieter van Melkebeek Scribe: Mark Wellons Last lecture, we introduced the EPR airs which we will use in this lecture
More informationCryptography. Lecture 8. Arpita Patra
Crytograhy Lecture 8 Arita Patra Quick Recall and Today s Roadma >> Hash Functions- stands in between ublic and rivate key world >> Key Agreement >> Assumtions in Finite Cyclic grous - DL, CDH, DDH Grous
More informationA Public-Key Cryptosystem Based on Lucas Sequences
Palestine Journal of Mathematics Vol. 1(2) (2012), 148 152 Palestine Polytechnic University-PPU 2012 A Public-Key Crytosystem Based on Lucas Sequences Lhoussain El Fadil Communicated by Ayman Badawi MSC2010
More informationElliptic Curves and Cryptography
Ellitic Curves and Crytograhy Background in Ellitic Curves We'll now turn to the fascinating theory of ellitic curves. For simlicity, we'll restrict our discussion to ellitic curves over Z, where is a
More informationA Modified Menezes-Vanstone Elliptic Curve Multi-Keys Cryptosystem
A Modified Menezes-Vanstone Ellitic Curve Multi-Keys Crytosystem By K.H. Rahouma Electrical Technology Deartment Technical College in Riyadh Riyadh, Kingdom of Saudi Arabia E-mail: kamel_rahouma@yahoo.com
More informationCryptography Assignment 3
Crytograhy Assignment Michael Orlov orlovm@cs.bgu.ac.il) Yanik Gleyzer yanik@cs.bgu.ac.il) Aril 9, 00 Abstract Solution for Assignment. The terms in this assignment are used as defined in [1]. In some
More informationQUANTUM INFORMATION DELAY SCHEME USING ORTHOGONAL PRODUCT STATES
0 th March 0. Vol. No. 00-0 JATIT & LLS. All rights reserved. ISSN: -86 www.jatit.org E-ISSN: 87- QUANTUM INFORMATION DELAY SCHEME USING ORTHOGONAL PRODUCT STATES XIAOYU LI, LIJU CHEN School of Information
More information1. Introduction. 2. Background of elliptic curve group. Identity-based Digital Signature Scheme Without Bilinear Pairings
Identity-based Digital Signature Scheme Without Bilinear Pairings He Debiao, Chen Jianhua, Hu Jin School of Mathematics Statistics, Wuhan niversity, Wuhan, Hubei, China, 43007 Abstract: Many identity-based
More informationEfficient Hardware Architecture of SEED S-box for Smart Cards
JOURNL OF SEMICONDUCTOR TECHNOLOY ND SCIENCE VOL.4 NO.4 DECEMBER 4 37 Efficient Hardware rchitecture of SEED S-bo for Smart Cards Joon-Ho Hwang bstract This aer resents an efficient architecture that otimizes
More information#A64 INTEGERS 18 (2018) APPLYING MODULAR ARITHMETIC TO DIOPHANTINE EQUATIONS
#A64 INTEGERS 18 (2018) APPLYING MODULAR ARITHMETIC TO DIOPHANTINE EQUATIONS Ramy F. Taki ElDin Physics and Engineering Mathematics Deartment, Faculty of Engineering, Ain Shams University, Cairo, Egyt
More informationMATH 2710: NOTES FOR ANALYSIS
MATH 270: NOTES FOR ANALYSIS The main ideas we will learn from analysis center around the idea of a limit. Limits occurs in several settings. We will start with finite limits of sequences, then cover infinite
More informationLattice Attacks on the DGHV Homomorphic Encryption Scheme
Lattice Attacks on the DGHV Homomorhic Encrytion Scheme Abderrahmane Nitaj 1 and Tajjeeddine Rachidi 2 1 Laboratoire de Mathématiques Nicolas Oresme Université de Caen Basse Normandie, France abderrahmanenitaj@unicaenfr
More informationOn the Unpredictability of Bits of the Elliptic Curve Diffie Hellman Scheme
On the Unredictability of Bits of the Ellitic Curve Diffie Hellman Scheme Dan Boneh 1 and Igor E. Sharlinski 2 1 Deartment of Comuter Science, Stanford University, CA, USA dabo@cs.stanford.edu 2 Deartment
More informationCDH/DDH-Based Encryption. K&L Sections , 11.4.
CDH/DDH-Based Encrytion K&L Sections 8.3.1-8.3.3, 11.4. 1 Cyclic grous A finite grou G of order q is cyclic if it has an element g of q. { 0 1 2 q 1} In this case, G = g = g, g, g,, g ; G is said to be
More informationPrime Reciprocal Digit Frequencies and the Euler Zeta Function
Prime Recirocal Digit Frequencies and the Euler Zeta Function Subhash Kak. The digit frequencies for rimes are not all equal. The least significant digit for rimes greater than 5 can only be, 3, 7, or
More informationTanja Lange Technische Universiteit Eindhoven
Crytanalysis Course Part I Tanja Lange Technische Universiteit Eindhoven 28 Nov 2016 with some slides by Daniel J. Bernstein Main goal of this course: We are the attackers. We want to break ECC and RSA.
More informationRandomness Extraction in finite fields F p
Randomness Extraction in finite fields F n Abdoul Aziz Ciss École doctorale de Mathématiques et d Informatique, Université Cheikh Anta Dio de Dakar, Sénégal BP: 5005, Dakar Fann abdoul.ciss@ucad.edu.sn,
More information8 STOCHASTIC PROCESSES
8 STOCHASTIC PROCESSES The word stochastic is derived from the Greek στoχαστικoς, meaning to aim at a target. Stochastic rocesses involve state which changes in a random way. A Markov rocess is a articular
More informationInfinite Number of Twin Primes
dvances in Pure Mathematics, 06, 6, 95-97 htt://wwwscirorg/journal/am ISSN Online: 60-08 ISSN Print: 60-068 Infinite Number of Twin Primes S N Baibeov, Durmagambetov LN Gumilyov Eurasian National University,
More informationEfficient Cryptosystems From 2 k -th Power Residue Symbols
Efficient Crytosystems From k -th Power Residue Symbols Fabrice Benhamouda, Javier Herranz, Marc Joye 3, and Benoît Libert 4, ENS Paris, CNRS, INRIA, and PSL 45 rue d Ulm, 7530 Paris Cedex 06, France fabrice.benhamouda@ens.fr
More informationAdvanced Cryptography Midterm Exam
Advanced Crytograhy Midterm Exam Solution Serge Vaudenay 17.4.2012 duration: 3h00 any document is allowed a ocket calculator is allowed communication devices are not allowed the exam invigilators will
More informationEfficient Cryptosystems From 2 k -th Power Residue Symbols
Published in Journal of Crytology, 30(2:519 549, 2017. Efficient Crytosystems From 2 k -th Power Residue Symbols Fabrice Benhamouda 1, Javier Herranz 2, Marc Joye 3, and Benoît Libert 4, 1 ES Paris, CRS,
More informationIntroduction to Modern Cryptography. Benny Chor
Introduction to Modern Cryptography Benny Chor Hard Core Bits Coin Flipping Over the Phone Zero Knowledge Lecture 10 (version 1.1) Tel-Aviv University 18 March 2008. Slightly revised March 19. Hard Core
More informationJohn Weatherwax. Analysis of Parallel Depth First Search Algorithms
Sulementary Discussions and Solutions to Selected Problems in: Introduction to Parallel Comuting by Viin Kumar, Ananth Grama, Anshul Guta, & George Karyis John Weatherwax Chater 8 Analysis of Parallel
More informationUniform Law on the Unit Sphere of a Banach Space
Uniform Law on the Unit Shere of a Banach Sace by Bernard Beauzamy Société de Calcul Mathématique SA Faubourg Saint Honoré 75008 Paris France Setember 008 Abstract We investigate the construction of a
More informationMath 261 Exam 2. November 7, The use of notes and books is NOT allowed.
Math 261 Eam 2 ovember 7, 2018 The use of notes and books is OT allowed Eercise 1: Polynomials mod 691 (30 ts In this eercise, you may freely use the fact that 691 is rime Consider the olynomials f( 4
More informationBERNOULLI TRIALS and RELATED PROBABILITY DISTRIBUTIONS
BERNOULLI TRIALS and RELATED PROBABILITY DISTRIBUTIONS A BERNOULLI TRIALS Consider tossing a coin several times It is generally agreed that the following aly here ) Each time the coin is tossed there are
More informationA Block Cipher Involving a Key and a Key Bunch Matrix, Supplemented with Key-Based Permutation and Substitution
(IJACSA) International Journal of Advanced Comuter Science and Alications, Vol. 4, No., 0 A Block Ciher Involving a Key and a Key Bunch Matrix, Sulemented with Key-Based Permutation and Substitution Dr.
More informationCryptanalysis of Pseudorandom Generators
CSE 206A: Lattice Algorithms and Alications Fall 2017 Crytanalysis of Pseudorandom Generators Instructor: Daniele Micciancio UCSD CSE As a motivating alication for the study of lattice in crytograhy we
More informationOn High-order Model Regularization for Constrained Optimization
On Hih-order Model Reularization for Constrained Otimization José Mario Martínez February 7, 207 Abstract In two recent aers reularization methods based on Taylor olynomial models for minimization were
More informationImproved Hidden Vector Encryption with Short Ciphertexts and Tokens
Imroved Hidden Vector Encrytion with Short Cihertexts and Tokens Kwangsu Lee Dong Hoon Lee Abstract Hidden vector encrytion HVE) is a articular kind of redicate encrytion that is an imortant crytograhic
More informationCmpt 250 Unsigned Numbers January 11, 2008
Cmt 25 Unsined Numbers Januar, 28 These notes serve two uroses in the contet of Cmt 25: as we develo the basic desin of an inteer ALU, we ll review the basics of number reresentation and combinational
More informationAN IMPROVED BABY-STEP-GIANT-STEP METHOD FOR CERTAIN ELLIPTIC CURVES. 1. Introduction
J. Al. Math. & Comuting Vol. 20(2006), No. 1-2,. 485-489 AN IMPROVED BABY-STEP-GIANT-STEP METHOD FOR CERTAIN ELLIPTIC CURVES BYEONG-KWEON OH, KIL-CHAN HA AND JANGHEON OH Abstract. In this aer, we slightly
More informationMATHEMATICAL MODELLING OF THE WIRELESS COMMUNICATION NETWORK
Comuter Modelling and ew Technologies, 5, Vol.9, o., 3-39 Transort and Telecommunication Institute, Lomonosov, LV-9, Riga, Latvia MATHEMATICAL MODELLIG OF THE WIRELESS COMMUICATIO ETWORK M. KOPEETSK Deartment
More informationTopic: Lower Bounds on Randomized Algorithms Date: September 22, 2004 Scribe: Srinath Sridhar
15-859(M): Randomized Algorithms Lecturer: Anuam Guta Toic: Lower Bounds on Randomized Algorithms Date: Setember 22, 2004 Scribe: Srinath Sridhar 4.1 Introduction In this lecture, we will first consider
More informationHotelling s Two- Sample T 2
Chater 600 Hotelling s Two- Samle T Introduction This module calculates ower for the Hotelling s two-grou, T-squared (T) test statistic. Hotelling s T is an extension of the univariate two-samle t-test
More informationDETERMINATION OF OPTIMAL HYDRO GENERATING UNIT COMBINATION IN OPERATION
International Journal on Inmation Technoloies & Security,, 07 5 DETERMINTION OF OTIML HYDRO GENERTING UNIT COMINTION IN OERTION Sofija Nikolova-oceva, nton Chaushevski, Dimitar Dimitrov Faculty of Electrical
More informationFeedback-error control
Chater 4 Feedback-error control 4.1 Introduction This chater exlains the feedback-error (FBE) control scheme originally described by Kawato [, 87, 8]. FBE is a widely used neural network based controller
More informationQuantum and Classical Coin-Flipping Protocols based on Bit-Commitment and their Point Games
Quantum and Classical Coin-Fliing Protocols based on Bit-Commitment and their Point Games Ashwin Nayak, Jamie Sikora, Levent Tunçel Follow-u work to a aer that will aear on the arxiv on Monday Berkeley
More information4. Score normalization technical details We now discuss the technical details of the score normalization method.
SMT SCORING SYSTEM This document describes the scoring system for the Stanford Math Tournament We begin by giving an overview of the changes to scoring and a non-technical descrition of the scoring rules
More informationAn Algebraic Framework for Pseudorandom Functions and Applications to Related-Key Security
An extended abstract of this aer aears in the Proceedings of the 35th Annual Crytology Conference (CRYPTO 2015), Part I, Rosario ennaro and Matthew Robshaw (Eds.), volume 9215 of Lecture Notes in Comuter
More informationPredicate Encryption Supporting Disjunctions, Polynomial Equations, and Inner Products
Predicate Encrytion Suorting Disjunctions, Polynomial Equations, and Inner Products Jonathan Katz jkatz@cs.umd.edu Amit Sahai sahai@cs.ucla.edu Brent Waters bwaters@csl.sri.com Abstract Predicate encrytion
More informationOblivious transfer for secure communication
Louisiana State University LSU Digital Commons LSU Master's Theses Graduate School 007 Oblivious transfer for secure communication bhishek Parakh Louisiana State University and gricultural and Mechanical
More informationA secure approach for embedding message text on an elliptic curve defined over prime fields, and building 'EC-RSA-ELGamal' Cryptographic System
International Journal of Comuter Science an Information Security (IJCSIS), Vol. 5, No. 6, June 7 A secure aroach for embeing message tet on an ellitic curve efine over rime fiels, an builing 'EC-RSA-ELGamal'
More informationA New and Optimal Chosen-message Attack on RSA-type Cryptosystems
Published in Y. Han, T. Okamoto, and S. Qing, eds, Information and Communications Security (ICICS 97), vol. 1334 of Lecture Notes in Comer Science,. 30-313, Sringer-Verlag, 1997. A New and Otimal Chosen-message
More informationProbability Estimates for Multi-class Classification by Pairwise Coupling
Probability Estimates for Multi-class Classification by Pairwise Couling Ting-Fan Wu Chih-Jen Lin Deartment of Comuter Science National Taiwan University Taiei 06, Taiwan Ruby C. Weng Deartment of Statistics
More informationOn Erdős and Sárközy s sequences with Property P
Monatsh Math 017 18:565 575 DOI 10.1007/s00605-016-0995-9 On Erdős and Sárközy s sequences with Proerty P Christian Elsholtz 1 Stefan Planitzer 1 Received: 7 November 015 / Acceted: 7 October 016 / Published
More information1-way quantum finite automata: strengths, weaknesses and generalizations
1-way quantum finite automata: strengths, weaknesses and generalizations arxiv:quant-h/9802062v3 30 Se 1998 Andris Ambainis UC Berkeley Abstract Rūsiņš Freivalds University of Latvia We study 1-way quantum
More informationMultiparty Computation
Multiparty Computation Principle There is a (randomized) function f : ({0, 1} l ) n ({0, 1} l ) n. There are n parties, P 1,...,P n. Some of them may be adversarial. Two forms of adversarial behaviour:
More informationECE 534 Information Theory - Midterm 2
ECE 534 Information Theory - Midterm Nov.4, 009. 3:30-4:45 in LH03. You will be given the full class time: 75 minutes. Use it wisely! Many of the roblems have short answers; try to find shortcuts. You
More informationEfficient Cryptosystems From 2 k -th Power Residue Symbols
Efficient Crytosystems From 2 k -th Power Residue Symbols Marc Joye and Benoît Libert Technicolor 975 avenue des Chams Blancs, 35576 Cesson-Sévigné Cedex, France {marc.joye,benoit.libert}@technicolor.com
More informationLecture 14: Secure Multiparty Computation
600.641 Special Topics in Theoretical Cryptography 3/20/2007 Lecture 14: Secure Multiparty Computation Instructor: Susan Hohenberger Scribe: Adam McKibben 1 Overview Suppose a group of people want to determine
More informationBy Evan Chen OTIS, Internal Use
Solutions Notes for DNY-NTCONSTRUCT Evan Chen January 17, 018 1 Solution Notes to TSTST 015/5 Let ϕ(n) denote the number of ositive integers less than n that are relatively rime to n. Prove that there
More informationTHE IMPACT OF ELEVATED MASTS ON LIGHTNING INCIDENCE AT THE RADIO-BASE-STATION VICINITIES
X International Symosium on Lihtnin Protection 9 th -13 th November, 9 Curitiba, Brazil THE IMPACT OF ELEVATED MASTS ON LIGHTNING INCIDENCE AT THE RADIO-BASE-STATION VICINITIES Rosilene Nietzsch Dias 1,
More informationAdvanced digital signatures. October 31, 2004 Jussipekka Leiwo
dvanced digital signatures October 3 004 Jussiekka Leiwo 004 General roerties of signatures Signature is authentic Convinces reciient that the signer deliberately signed the docuent Signature is unforgeable
More informationLinear diophantine equations for discrete tomography
Journal of X-Ray Science and Technology 10 001 59 66 59 IOS Press Linear diohantine euations for discrete tomograhy Yangbo Ye a,gewang b and Jiehua Zhu a a Deartment of Mathematics, The University of Iowa,
More informationTests for Two Proportions in a Stratified Design (Cochran/Mantel-Haenszel Test)
Chater 225 Tests for Two Proortions in a Stratified Design (Cochran/Mantel-Haenszel Test) Introduction In a stratified design, the subects are selected from two or more strata which are formed from imortant
More informationMobius Functions, Legendre Symbols, and Discriminants
Mobius Functions, Legendre Symbols, and Discriminants 1 Introduction Zev Chonoles, Erick Knight, Tim Kunisky Over the integers, there are two key number-theoretic functions that take on values of 1, 1,
More informationON THE LEAST SIGNIFICANT p ADIC DIGITS OF CERTAIN LUCAS NUMBERS
#A13 INTEGERS 14 (014) ON THE LEAST SIGNIFICANT ADIC DIGITS OF CERTAIN LUCAS NUMBERS Tamás Lengyel Deartment of Mathematics, Occidental College, Los Angeles, California lengyel@oxy.edu Received: 6/13/13,
More informationThe inverse Goldbach problem
1 The inverse Goldbach roblem by Christian Elsholtz Submission Setember 7, 2000 (this version includes galley corrections). Aeared in Mathematika 2001. Abstract We imrove the uer and lower bounds of the
More information#A47 INTEGERS 15 (2015) QUADRATIC DIOPHANTINE EQUATIONS WITH INFINITELY MANY SOLUTIONS IN POSITIVE INTEGERS
#A47 INTEGERS 15 (015) QUADRATIC DIOPHANTINE EQUATIONS WITH INFINITELY MANY SOLUTIONS IN POSITIVE INTEGERS Mihai Ciu Simion Stoilow Institute of Mathematics of the Romanian Academy, Research Unit No. 5,
More informationMAS 4203 Number Theory. M. Yotov
MAS 4203 Number Theory M. Yotov June 15, 2017 These Notes were comiled by the author with the intent to be used by his students as a main text for the course MAS 4203 Number Theory taught at the Deartment
More informationDistributed Rule-Based Inference in the Presence of Redundant Information
istribution Statement : roved for ublic release; distribution is unlimited. istributed Rule-ased Inference in the Presence of Redundant Information June 8, 004 William J. Farrell III Lockheed Martin dvanced
More informationMersenne and Fermat Numbers
NUMBER THEORY CHARLES LEYTEM Mersenne and Fermat Numbers CONTENTS 1. The Little Fermat theorem 2 2. Mersenne numbers 2 3. Fermat numbers 4 4. An IMO roblem 5 1 2 CHARLES LEYTEM 1. THE LITTLE FERMAT THEOREM
More information1 Random Experiments from Random Experiments
Random Exeriments from Random Exeriments. Bernoulli Trials The simlest tye of random exeriment is called a Bernoulli trial. A Bernoulli trial is a random exeriment that has only two ossible outcomes: success
More informationOn Wald-Type Optimal Stopping for Brownian Motion
J Al Probab Vol 34, No 1, 1997, (66-73) Prerint Ser No 1, 1994, Math Inst Aarhus On Wald-Tye Otimal Stoing for Brownian Motion S RAVRSN and PSKIR The solution is resented to all otimal stoing roblems of
More informationCERIAS Tech Report The period of the Bell numbers modulo a prime by Peter Montgomery, Sangil Nahm, Samuel Wagstaff Jr Center for Education
CERIAS Tech Reort 2010-01 The eriod of the Bell numbers modulo a rime by Peter Montgomery, Sangil Nahm, Samuel Wagstaff Jr Center for Education and Research Information Assurance and Security Purdue University,
More informationA FEW EQUIVALENCES OF WALL-SUN-SUN PRIME CONJECTURE
International Journal of Mathematics & Alications Vol 4, No 1, (June 2011), 77-86 A FEW EQUIVALENCES OF WALL-SUN-SUN PRIME CONJECTURE ARPAN SAHA AND KARTHIK C S ABSTRACT: In this aer, we rove a few lemmas
More informationShadow Computing: An Energy-Aware Fault Tolerant Computing Model
Shadow Comuting: An Energy-Aware Fault Tolerant Comuting Model Bryan Mills, Taieb Znati, Rami Melhem Deartment of Comuter Science University of Pittsburgh (bmills, znati, melhem)@cs.itt.edu Index Terms
More informationBilinear Entropy Expansion from the Decisional Linear Assumption
Bilinear Entroy Exansion from the Decisional Linear Assumtion Lucas Kowalczyk Columbia University luke@cs.columbia.edu Allison Bisho Lewko Columbia University alewko@cs.columbia.edu Abstract We develo
More informationAnalysis of Multi-Hop Emergency Message Propagation in Vehicular Ad Hoc Networks
Analysis of Multi-Ho Emergency Message Proagation in Vehicular Ad Hoc Networks ABSTRACT Vehicular Ad Hoc Networks (VANETs) are attracting the attention of researchers, industry, and governments for their
More informationCPSC 467b: Cryptography and Computer Security
Outline Authentication CPSC 467b: Cryptography and Computer Security Lecture 18 Michael J. Fischer Department of Computer Science Yale University March 29, 2010 Michael J. Fischer CPSC 467b, Lecture 18
More informationElementary Analysis in Q p
Elementary Analysis in Q Hannah Hutter, May Szedlák, Phili Wirth November 17, 2011 This reort follows very closely the book of Svetlana Katok 1. 1 Sequences and Series In this section we will see some
More informationAn Investigation on the Numerical Ill-conditioning of Hybrid State Estimators
An Investigation on the Numerical Ill-conditioning of Hybrid State Estimators S. K. Mallik, Student Member, IEEE, S. Chakrabarti, Senior Member, IEEE, S. N. Singh, Senior Member, IEEE Deartment of Electrical
More informationChapter 1: PROBABILITY BASICS
Charles Boncelet, obability, Statistics, and Random Signals," Oxford University ess, 0. ISBN: 978-0-9-0005-0 Chater : PROBABILITY BASICS Sections. What Is obability?. Exeriments, Outcomes, and Events.
More informationNotes on Instrumental Variables Methods
Notes on Instrumental Variables Methods Michele Pellizzari IGIER-Bocconi, IZA and frdb 1 The Instrumental Variable Estimator Instrumental variable estimation is the classical solution to the roblem of
More informationON POLYNOMIAL SELECTION FOR THE GENERAL NUMBER FIELD SIEVE
MATHEMATICS OF COMPUTATIO Volume 75, umber 256, October 26, Pages 237 247 S 25-5718(6)187-9 Article electronically ublished on June 28, 26 O POLYOMIAL SELECTIO FOR THE GEERAL UMBER FIELD SIEVE THORSTE
More informationJacobi symbols and application to primality
Jacobi symbols and alication to rimality Setember 19, 018 1 The grou Z/Z We review the structure of the abelian grou Z/Z. Using Chinese remainder theorem, we can restrict to the case when = k is a rime
More informationBasics in Cryptology. Outline. II Distributed Cryptography. Key Management. Outline. David Pointcheval. ENS Paris 2018
Basics in Cryptology II Distributed Cryptography David Pointcheval Ecole normale supérieure, CNRS & INRIA ENS Paris 2018 NS/CNRS/INRIA Cascade David Pointcheval 1/26ENS/CNRS/INRIA Cascade David Pointcheval
More informationAnalysis of some entrance probabilities for killed birth-death processes
Analysis of some entrance robabilities for killed birth-death rocesses Master s Thesis O.J.G. van der Velde Suervisor: Dr. F.M. Sieksma July 5, 207 Mathematical Institute, Leiden University Contents Introduction
More informationTowards understanding the Lorenz curve using the Uniform distribution. Chris J. Stephens. Newcastle City Council, Newcastle upon Tyne, UK
Towards understanding the Lorenz curve using the Uniform distribution Chris J. Stehens Newcastle City Council, Newcastle uon Tyne, UK (For the Gini-Lorenz Conference, University of Siena, Italy, May 2005)
More informationLecture 10. Public Key Cryptography: Encryption + Signatures. Identification
Lecture 10 Public Key Cryptography: Encryption + Signatures 1 Identification Public key cryptography can be also used for IDENTIFICATION Identification is an interactive protocol whereby one party: prover
More informationA random zoo: sloth, un corn, and trx
i A random zoo: sloth, un corn, and trx Arjen K. Lenstra and Benjamin Wesolowski EPFL IC LACAL, Station 14, CH-1015 Lausanne, Switzerland Abstract. Many alications require trustworthy generation of ublic
More informationA PROBABILISTIC POWER ESTIMATION METHOD FOR COMBINATIONAL CIRCUITS UNDER REAL GATE DELAY MODEL
A PROBABILISTIC POWER ESTIMATION METHOD FOR COMBINATIONAL CIRCUITS UNDER REAL GATE DELAY MODEL G. Theodoridis, S. Theoharis, D. Soudris*, C. Goutis VLSI Design Lab, Det. of Electrical and Comuter Eng.
More informationMulti-Operation Multi-Machine Scheduling
Multi-Oeration Multi-Machine Scheduling Weizhen Mao he College of William and Mary, Williamsburg VA 3185, USA Abstract. In the multi-oeration scheduling that arises in industrial engineering, each job
More informationPREDICTIVE CONTROL OF TIME-DELAY PROCESSES
PREDICIVE CONROL OF IME-DELAY PROCESSES Marek Kubalčík, Vladimír Bobál omas Bata Universit in Zlín Facult of Alied Informatics Nad Stráněmí 45 76 5 Zlín Czech Reublic E-mail: kubalcikl@fai.utb.cz KEYWORDS
More informationAlgorithms for Air Traffic Flow Management under Stochastic Environments
Algorithms for Air Traffic Flow Management under Stochastic Environments Arnab Nilim and Laurent El Ghaoui Abstract A major ortion of the delay in the Air Traffic Management Systems (ATMS) in US arises
More informationCOMMUNICATION BETWEEN SHAREHOLDERS 1
COMMUNICATION BTWN SHARHOLDRS 1 A B. O A : A D Lemma B.1. U to µ Z r 2 σ2 Z + σ2 X 2r ω 2 an additive constant that does not deend on a or θ, the agents ayoffs can be written as: 2r rθa ω2 + θ µ Y rcov
More informationOn generalizing happy numbers to fractional base number systems
On generalizing hay numbers to fractional base number systems Enriue Treviño, Mikita Zhylinski October 17, 018 Abstract Let n be a ositive integer and S (n) be the sum of the suares of its digits. It is
More informationOn the Rank of the Elliptic Curve y 2 = x(x p)(x 2)
On the Rank of the Ellitic Curve y = x(x )(x ) Jeffrey Hatley Aril 9, 009 Abstract An ellitic curve E defined over Q is an algebraic variety which forms a finitely generated abelian grou, and the structure
More information1. INTRODUCTION. Fn 2 = F j F j+1 (1.1)
CERTAIN CLASSES OF FINITE SUMS THAT INVOLVE GENERALIZED FIBONACCI AND LUCAS NUMBERS The beautiful identity R.S. Melham Deartment of Mathematical Sciences, University of Technology, Sydney PO Box 23, Broadway,
More informationOutline. CS21 Decidability and Tractability. Regular expressions and FA. Regular expressions and FA. Regular expressions and FA
Outline CS21 Decidability and Tractability Lecture 4 January 14, 2019 FA and Regular Exressions Non-regular languages: Puming Lemma Pushdown Automata Context-Free Grammars and Languages January 14, 2019
More informationA CONCRETE EXAMPLE OF PRIME BEHAVIOR IN QUADRATIC FIELDS. 1. Abstract
A CONCRETE EXAMPLE OF PRIME BEHAVIOR IN QUADRATIC FIELDS CASEY BRUCK 1. Abstract The goal of this aer is to rovide a concise way for undergraduate mathematics students to learn about how rime numbers behave
More informationMA3H1 TOPICS IN NUMBER THEORY PART III
MA3H1 TOPICS IN NUMBER THEORY PART III SAMIR SIKSEK 1. Congruences Modulo m In quadratic recirocity we studied congruences of the form x 2 a (mod ). We now turn our attention to situations where is relaced
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 18 November 3, 2014 CPSC 467, Lecture 18 1/43 Zero Knowledge Interactive Proofs (ZKIP) Secret cave protocol ZKIP for graph isomorphism
More informationImpossibility of a Quantum Speed-up with a Faulty Oracle
Imossibility of a Quantum Seed-u with a Faulty Oracle Oded Regev Liron Schiff Abstract We consider Grover s unstructured search roblem in the setting where each oracle call has some small robability of
More informationOnline Appendix to Accompany AComparisonof Traditional and Open-Access Appointment Scheduling Policies
Online Aendix to Accomany AComarisonof Traditional and Oen-Access Aointment Scheduling Policies Lawrence W. Robinson Johnson Graduate School of Management Cornell University Ithaca, NY 14853-6201 lwr2@cornell.edu
More informationConvex Analysis and Economic Theory Winter 2018
Division of the Humanities and Social Sciences Ec 181 KC Border Conve Analysis and Economic Theory Winter 2018 Toic 16: Fenchel conjugates 16.1 Conjugate functions Recall from Proosition 14.1.1 that is
More informationSets of Real Numbers
Chater 4 Sets of Real Numbers 4. The Integers Z and their Proerties In our revious discussions about sets and functions the set of integers Z served as a key examle. Its ubiquitousness comes from the fact
More information