Cryptography, winter term 16/17: Sample solution to assignment 2
|
|
- Melinda Jenkins
- 5 years ago
- Views:
Transcription
1 U N S A R I V E R S A V I E I T A S N I S S Cryptography, winter term 6/7: Sample solution to assignment Cornelius Brand, Mar Roth Exerise. (Messing up the one-time pad) Consider the following modifiation of the one-time pad: K = M = {0, } l, C = {0, } l+ GEN generates a uniform key ENC outputs := (m k) Parity(k) (on input (k, m)) DEC outputs m := (... l ) k (on input ( =,... l l+, k) ) where is the bitwise exlusive-or, is string onatenation and Parity(k) is defined as the number of s in k modulo. We give an example: Let l = 6, m = 000 and assume GEN did output the key k = 000. As the number of s in k is odd, it holds that Parity(k) =. Therefore and ENC k (m) = (m k) Parity(k) = 0000 = 0000 DEC k () = ( ) k = = 000 Prove that this modifiation of the one-time pad is not perfetly seret. Hint: A ommon way to show that a sheme is not perfetly seret is to onstrut an adversary A and to show that A wins the adversarial indistinguishability experiment with probability >. Solution. (Messing up the one-time pad) We onstrut an adversary A that will always win: A sends messages m = 0 l and m = 0 l. After A reieves the hallenge text =... l l+, it heks whether Parity(... l m ) = l+. If this is the ase it outputs otherwise it outputs 0. We show that A is always right. If b = then = (m k) Parity(k) Parity(... l m ) = Parity(m k m ) = Parity(k) = l+. It follows that A outputs whih is right. If b = 0 then = (m k) Parity(k) = (m 0 l k) Parity(k) Parity(... l m ) = Parity(m 0 l k m ) = Parity(0 l k) Parity(k) = l+. It follows that A outputs 0 whih is right. Therefore A,Π = ] = >
2 Exerise. (Negligible funtions) Reall the definition of a negligible funtion (Definition 3.4). (a) Let be a onstant. Whih of the following two funtions is negligible? Prove your answer. ) (i) f(n) := ( n (ii) g(n) := (log n) log n (b) Prove Proposition 3.6. Solution. (Negligible funtions) (a) (i) Not negligible: It holds that ( n ) n ( n ) n (ii) Negligible: Fix a onstant. It holds that for all n suh that log log n >. g(n) = (log n) log n = (b) Let p be an arbitrary but fixed polynomial. n log log n < n (i) As p is a polynomial, p (x) := p(x) is also a polynomial. As negl and negl are negligible, there are N and N suh that n N : negl (n) < p (n) and n N : negl (n) < p (n). Therefore n max{n, N } : negl (n) + negl (n) < (ii) We have to show that for a fixed polynomial q, it holds that there is an N suh that forall n N we have q(n) negl (n) < As q is a polynomial, q p is also and as negl is negligible we have that there exists an N suh that Therefore n > N : negl (n) < n > N : q(n) negl (n) < q(n) q(n) q(n) =
3 Exerise.3 (Perfet serey) Reall Lemma.4. One diretion was proven in the leture. In this exerise it is your task to prove the other diretion, i.e., show that perfet serey of (GEN, ENC, DEC) implies for all m, m M, C. Pr [ENC k (m) = ] = Pr [ ENC k (m ) = ] () Solution.3 (Perfet serey) Let m, m and be arbitrary but fixed and onsider the following probability distribution over the message spae M: { Pr [M = m] = if m = m or m = m 0 otherwise Furthermore, let If P = 0 we are done. Otherwise we have P := Pr [ENC k (m ) = ] + Pr [ENC k (m ) = ] Pr [ENC k (m ) = ] = P Pr [ENC k(m ) = ] P Pr [ENC k (m ) = ] = P (Pr [ENC k(m ) = ] + Pr [ENC k (m ) = ]) Pr [ENC k (m ) = ] Pr [M = m ] = P m M Pr [ENC k(m) = ] Pr [M = m] Pr [ENC k (M) = M = m ] Pr [M = m ] = P m M Pr [ENC k(m) = M = m] Pr [M = m] Pr [C = M = m ] Pr [M = m ] = P Pr [C = M = m] Pr [M = m] m M = P Pr [C = M = m ] Pr [M = m ] Pr [C = ] = P Pr [M = m C = ] = P Pr [M = m ] = P Similary, with the same omputation we get Pr [ENC k (m ) = ] = P Pr [ENC k (m ) = ] = Pr [ENC k (m ) = ] Exerise.4 (Perfet indistinguishability) Reall Lemma.6: An enryption sheme Π is perfetly seret if and only if it is perfetly indistinguishable. Prove one diretion of your hoie. Hint: It may be advisable to use the equivalent definition of perfet serey as stated in Lemma.4. Bonus: Prove the other diretion as well. 3
4 Solution.4 (Perfet indistinguishability) First we show that perfet serey implies perfet indistinguishability. Therefore let A be an arbitrary but fixed adversary. Consider an exeution of the adversarial indistinguishability experiment. Let B be the bit that was hosen uniformly at random, Chal be the iphertext (the hallenge) A reieved and B the output of A. We laim that A,Π = B = ] = A,Π = 0 B = 0 ] whih an be proven as follows: A,Π = B = ] = Pr [ B = Chal = ENC k (m ) ] Pr [ B = Chal = ENC k (m ), ENC k (m ) = ] Pr [ENC k (m ) = ] Pr [ B = Chal = ] Pr [ENC k (m ) = ] Pr [ B = Chal = ] Pr [ENC k (m 0 ) = ] Pr [ B = Chal = ENC k (m 0 ), ENC k (m 0 ) = ] Pr [ENC k (m 0 ) = ] = Pr [ B = Chal = ENC k (m 0 ) ] = A,Π = 0 B = 0 ] where the fourth equation follows from perfet serey. Similary we an prove that A,Π = B = 0 ] = A,Π = 0 B = ] It follows that A,Π = ] = A,Π = B = ] Pr [B = ] + A,Π = B = 0 ] Pr [B = 0] = ( A,Π = B = ] + A,Π = B = 0 ] ) = ( A,Π = 0 B = 0 ] + A,Π = 0 B = ] ) = A,Π = 0 B = 0 ] Pr [B = 0] + A,Π = 0 B = ] Pr [B = ] = A,Π = ] = Now we show the that perfet indistinguishability implies perfet serey. Atually we show the ontraposition, i.e., we assume that the enryption sheme is not perfet. In this ase there are messages m 0, m and a iphertext and an ɛ > 0 suh that Pr [ENC k (m ) = ] = Pr [ENC k (m 0 ) = ] + ɛ () 4
5 We onstrut an adversary A as follows: A outputs m and m 0 in the first step and as soon as it reieves a hallenge it heks whether =. If this is the ase then A outputs and otherwise it outputs a bit at random. The intuition behind the following omputation an easily be seen by drawing the tree for the different ases of the experiment. Let B, and B as before. It holds that A,Π = B = ] = ( A,Π = B =, ENC k (m ) = ] Pr [ENC k (m ) = ] + A,Π = B =, ENC k (m ) ] Pr [ENC k (m ) ]) = ( Pr [ENC k (m ) = ] + Pr [ENC k(m ) ]) = Pr [ENC k (m ) = ] + Pr [ENC k(m ) ] And furthermore we have A,Π = B = 0 ] = ( A,Π = B = 0, ENC k (m 0 ) = ] Pr [ENC k (m 0 ) = ] + A,Π = B = 0, ENC k (m 0 ) ] Pr [ENC k (m 0 ) ]) = (0 Pr [ENC k (m 0 ) = ] + Pr [ENC k(m 0 ) ]) = Pr [ENC k(m 0 ) ] Putting these two together we get that A,Π = ] = A,Π = B = ] + A,Π = B = 0 ] = Pr [ENC k(m ) = ] + 4 Pr [ENC k(m ) ] + 4 Pr [ENC k(m 0 ) ] A similar omputation yields = Pr [ENC k(m 0 ) = ] + 4 Pr [ENC k(m 0 ) ] + 4 Pr [ENC k(m ) ] Using Equation we onlude A,Π = ] = ( Pr [ENC k(m ) = ] ) Pr [ENC k(m 0 ) = ] = ɛ > 0 A,Π = ] > 5
Block ciphers And modes of operation. Table of contents
Block ciphers And modes of operation Foundations of Cryptography Computer Science Department Wellesley College Table of contents Introduction Pseudorandom permutations Block Ciphers Modes of Operation
More informationCPA-Security. Definition: A private-key encryption scheme
CPA-Security The CPA Indistinguishability Experiment PrivK cpa A,Π n : 1. A key k is generated by running Gen 1 n. 2. The adversary A is given input 1 n and oracle access to Enc k, and outputs a pair of
More informationLecture 23: Cryptography. 2 Symmetric-Key Cryptography
A Theorist's Toolkit (CMU 18-859T, Fall 2013) Leturer: Ryan O'Donnell Leture 23: Cryptography November 25, 2013 Sribe: Linus Hamilton 1 Introdution Alie wants to send a seret message m to Bob, but doesn't
More informationCTR mode of operation
CSA E0 235: Cryptography 13 March, 2015 Dr Arpita Patra CTR mode of operation Divya and Sabareesh 1 Overview In this lecture, we formally prove that the counter mode of operation is secure against chosen-plaintext
More informationLecture 2: Perfect Secrecy and its Limitations
CS 4501-6501 Topics in Cryptography 26 Jan 2018 Lecture 2: Perfect Secrecy and its Limitations Lecturer: Mohammad Mahmoody Scribe: Mohammad Mahmoody 1 Introduction Last time, we informally defined encryption
More informationLecture 13: Private Key Encryption
COM S 687 Introduction to Cryptography October 05, 2006 Instructor: Rafael Pass Lecture 13: Private Key Encryption Scribe: Ashwin Machanavajjhala Till this point in the course we have learnt how to define
More informationG /G Advanced Cryptography 10/21/2009. Lecture 7
G22.3220-001/G63.2180 Advaned Cryptography 10/21/2009 Leturer: Yevgeniy Dodis Leture 7 Sribe: Aris Tentes In this leture we will over the following topis: Witness Hiding Σ-protools Alternative Constrution
More informationLecture 18: Identification Schemes, Schnorr Signatures
CS 7880 Graduate Cryptography November 8, 2017 Leture 18: Identifiation Shemes, Shnorr Signatures Leturer: Daniel Wihs Sribe: Vikrant Singhal 1 Topi Covered Identifiation Shemes Shnorr Identifiation Sheme
More informationEl Gamal A DDH based encryption scheme. Table of contents
El Gamal A DDH based encryption scheme Foundations of Cryptography Computer Science Department Wellesley College Fall 2016 Table of contents Introduction El Gamal Practical Issues The El Gamal encryption
More informationBlock Ciphers/Pseudorandom Permutations
Block Ciphers/Pseudorandom Permutations Definition: Pseudorandom Permutation is exactly the same as a Pseudorandom Function, except for every key k, F k must be a permutation and it must be indistinguishable
More informationLecture 09: Next-bit Unpredictability. Lecture 09: Next-bit Unpredictability
Indistinguishability Consider two distributions X and Y over the sample space Ω. The distributions X and Y are ε-indistinguishable from each other if: For all algorithms A: Ω {0, 1} the following holds
More informationmax min z i i=1 x j k s.t. j=1 x j j:i T j
AM 221: Advaned Optimization Spring 2016 Prof. Yaron Singer Leture 22 April 18th 1 Overview In this leture, we will study the pipage rounding tehnique whih is a deterministi rounding proedure that an be
More informationComputational security & Private key encryption
Computational security & Private key encryption Emma Arfelt Stud. BSc. Software Development Frederik Madsen Stud. MSc. Software Development March 2017 Recap Perfect Secrecy Perfect indistinguishability
More informationChapter 2 : Perfectly-Secret Encryption
COMP547 Claude Crépeau INTRODUCTION TO MODERN CRYPTOGRAPHY _ Second Edition _ Jonathan Katz Yehuda Lindell Chapter 2 : Perfectly-Secret Encryption 1 2.1 Definitions and Basic Properties We refer to probability
More informationThe Effectiveness of the Linear Hull Effect
The Effetiveness of the Linear Hull Effet S. Murphy Tehnial Report RHUL MA 009 9 6 Otober 009 Department of Mathematis Royal Holloway, University of London Egham, Surrey TW0 0EX, England http://www.rhul.a.uk/mathematis/tehreports
More informationLecture 19: Public-key Cryptography (Diffie-Hellman Key Exchange & ElGamal Encryption) Public-key Cryptography
Lecture 19: (Diffie-Hellman Key Exchange & ElGamal Encryption) Recall In private-key cryptography the secret-key sk is always established ahead of time The secrecy of the private-key cryptography relies
More informationIndistinguishability and Pseudo-Randomness
Chapter 3 Indistinguishability and Pseudo-Randomness Recall that one main drawback of the One-time pad encryption scheme and its simple encryption operation Enc k (m) = m k is that the key k needs to be
More informationIII. Pseudorandom functions & encryption
III. Pseudorandom functions & encryption Eavesdropping attacks not satisfactory security model - no security for multiple encryptions - does not cover practical attacks new and stronger security notion:
More informationCS 282A/MATH 209A: Foundations of Cryptography Prof. Rafail Ostrosky. Lecture 4
CS 282A/MATH 209A: Foundations of Cryptography Prof. Rafail Ostrosky Lecture 4 Lecture date: January 26, 2005 Scribe: Paul Ray, Mike Welch, Fernando Pereira 1 Private Key Encryption Consider a game between
More informationCS 290G (Fall 2014) Introduction to Cryptography Oct 23rdd, Lecture 5: RSA OWFs. f N,e (x) = x e modn
CS 290G (Fall 2014) Introduction to Cryptography Oct 23rdd, 2014 Instructor: Rachel Lin 1 Recap Lecture 5: RSA OWFs Scribe: Tiawna Cayton Last class we discussed a collection of one-way functions (OWFs),
More informationLecture 7: Pseudo Random Generators
Introduction to ryptography 02/06/2018 Lecture 7: Pseudo Random Generators Instructor: Vipul Goyal Scribe: Eipe Koshy 1 Introduction Randomness is very important in modern computational systems. For example,
More informationChapter 8 Hypothesis Testing
Leture 5 for BST 63: Statistial Theory II Kui Zhang, Spring Chapter 8 Hypothesis Testing Setion 8 Introdution Definition 8 A hypothesis is a statement about a population parameter Definition 8 The two
More informationLecture 15 & 16: Trapdoor Permutations, RSA, Signatures
CS 7810 Graduate Cryptography October 30, 2017 Lecture 15 & 16: Trapdoor Permutations, RSA, Signatures Lecturer: Daniel Wichs Scribe: Willy Quach & Giorgos Zirdelis 1 Topic Covered. Trapdoor Permutations.
More informationPerfectly-Secret Encryption
Perfectly-Secret Encryption CSE 5351: Introduction to Cryptography Reading assignment: Read Chapter 2 You may sip proofs, but are encouraged to read some of them. 1 Outline Definition of encryption schemes
More informationPERFECT SECRECY AND ADVERSARIAL INDISTINGUISHABILITY
PERFECT SECRECY AND ADVERSARIAL INDISTINGUISHABILITY BURTON ROSENBERG UNIVERSITY OF MIAMI Contents 1. Perfect Secrecy 1 1.1. A Perfectly Secret Cipher 2 1.2. Odds Ratio and Bias 3 1.3. Conditions for Perfect
More informationScribe for Lecture #5
CSA E0 235: Cryptography 28 January 2016 Scribe for Lecture #5 Instructor: Dr. Arpita Patra Submitted by: Nidhi Rathi 1 Pseudo-randomness and PRG s We saw that computational security introduces two relaxations
More informationLecture 28: Public-key Cryptography. Public-key Cryptography
Lecture 28: Recall In private-key cryptography the secret-key sk is always established ahead of time The secrecy of the private-key cryptography relies on the fact that the adversary does not have access
More informationJournal of Inequalities in Pure and Applied Mathematics
Journal of Inequalities in Pure and Applied Mathematis A NEW ARRANGEMENT INEQUALITY MOHAMMAD JAVAHERI University of Oregon Department of Mathematis Fenton Hall, Eugene, OR 97403. EMail: javaheri@uoregon.edu
More informationLecture 4: Computationally secure cryptography
CS 7880 Graduate Cryptography September 18, 017 Lecture 4: Computationally secure cryptography Lecturer: Daniel Wichs Scribe: Lucianna Kiffer 1 Topic Covered ε-security Computationally secure cryptography
More information1 Number Theory Basics
ECS 289M (Franklin), Winter 2010, Crypto Review 1 Number Theory Basics This section has some basic facts about number theory, mostly taken (or adapted) from Dan Boneh s number theory fact sheets for his
More informationLecture 5, CPA Secure Encryption from PRFs
CS 4501-6501 Topics in Cryptography 16 Feb 2018 Lecture 5, CPA Secure Encryption from PRFs Lecturer: Mohammad Mahmoody Scribe: J. Fu, D. Anderson, W. Chao, and Y. Yu 1 Review Ralling: CPA Security and
More informationWhere as discussed previously we interpret solutions to this partial differential equation in the weak sense: b
Consider the pure initial value problem for a homogeneous system of onservation laws with no soure terms in one spae dimension: Where as disussed previously we interpret solutions to this partial differential
More informationHOW TO FACTOR. Next you reason that if it factors, then the factorization will look something like,
HOW TO FACTOR ax bx I now want to talk a bit about how to fator ax bx where all the oeffiients a, b, and are integers. The method that most people are taught these days in high shool (assuming you go to
More informationChapter 11 : Private-Key Encryption
COMP547 Claude Crépeau INTRODUCTION TO MODERN CRYPTOGRAPHY _ Second Edition _ Jonathan Katz Yehuda Lindell Chapter 11 : Private-Key Encryption 1 Chapter 11 Public-Key Encryption Apologies: all numbering
More informationTechnische Universität München (I7) Winter 2013/14 Dr. M. Luttenberger / M. Schlund SOLUTION. Cryptography Endterm
Technische Universität München (I7) Winter 2013/14 Dr. M. Luttenberger / M. Schlund SOLUTION Cryptography Endterm Exercise 1 One Liners 1.5P each = 12P For each of the following statements, state if it
More informationSequence Analysis, WS 14/15, D. Huson & R. Neher (this part by D. Huson & J. Fischer) January 21,
Sequene Analysis, WS 14/15, D. Huson & R. Neher (this part by D. Huson & J. Fisher) January 21, 201511 9 Suffix Trees and Suffix Arrays This leture is based on the following soures, whih are all reommended
More informationLecture 1: Perfect Secrecy and Statistical Authentication. 2 Introduction - Historical vs Modern Cryptography
CS 7880 Graduate Cryptography September 10, 2015 Lecture 1: Perfect Secrecy and Statistical Authentication Lecturer: Daniel Wichs Scribe: Matthew Dippel 1 Topic Covered Definition of perfect secrecy One-time
More informationModal Horn Logics Have Interpolation
Modal Horn Logis Have Interpolation Marus Kraht Department of Linguistis, UCLA PO Box 951543 405 Hilgard Avenue Los Angeles, CA 90095-1543 USA kraht@humnet.ula.de Abstrat We shall show that the polymodal
More informationHankel Optimal Model Order Reduction 1
Massahusetts Institute of Tehnology Department of Eletrial Engineering and Computer Siene 6.245: MULTIVARIABLE CONTROL SYSTEMS by A. Megretski Hankel Optimal Model Order Redution 1 This leture overs both
More informationConstructing secure MACs Message authentication in action. Table of contents
Constructing secure MACs Message authentication in action Foundations of Cryptography Computer Science Department Wellesley College Fall 2016 Table of contents From last time Recall the definition of message
More informationNotes for Lecture A can repeat step 3 as many times as it wishes. We will charge A one unit of time for every time it repeats step 3.
COS 533: Advanced Cryptography Lecture 2 (September 18, 2017) Lecturer: Mark Zhandry Princeton University Scribe: Mark Zhandry Notes for Lecture 2 1 Last Time Last time, we defined formally what an encryption
More informationCSA E0 235: Cryptography March 16, (Extra) Lecture 3
CSA E0 235: Cryptography March 16, 2015 Instructor: Arpita Patra (Extra) Lecture 3 Submitted by: Ajith S 1 Chosen Plaintext Attack A chosen-plaintext attack (CPA) is an attack model for cryptanalysis which
More informationIntroduction to Cryptology. Lecture 3
Introduction to Cryptology Lecture 3 Announcements No Friday Office Hours. Instead will hold Office Hours on Monday, 2/6 from 3-4pm. HW1 due on Tuesday, 2/7 For problem 1, can assume key is of length at
More informationLecture 17: Constructions of Public-Key Encryption
COM S 687 Introduction to Cryptography October 24, 2006 Lecture 17: Constructions of Public-Key Encryption Instructor: Rafael Pass Scribe: Muthu 1 Secure Public-Key Encryption In the previous lecture,
More informationModern Cryptography Lecture 4
Modern Cryptography Lecture 4 Pseudorandom Functions Block-Ciphers Modes of Operation Chosen-Ciphertext Security 1 October 30th, 2018 2 Webpage Page for first part, Homeworks, Slides http://pub.ist.ac.at/crypto/moderncrypto18.html
More informationSolutions for week 1, Cryptography Course - TDA 352/DIT 250
Solutions for week, Cryptography Course - TDA 352/DIT 250 In this weekly exercise sheet: you will use some historical ciphers, the OTP, the definition of semantic security and some combinatorial problems.
More informationAdvanced Computational Fluid Dynamics AA215A Lecture 4
Advaned Computational Fluid Dynamis AA5A Leture 4 Antony Jameson Winter Quarter,, Stanford, CA Abstrat Leture 4 overs analysis of the equations of gas dynamis Contents Analysis of the equations of gas
More informationLattice Cryptography
CSE 06A: Lattice Algorithms and Applications Winter 01 Instructor: Daniele Micciancio Lattice Cryptography UCSD CSE Many problems on point lattices are computationally hard. One of the most important hard
More informationMath 225B: Differential Geometry, Homework 6
ath 225B: Differential Geometry, Homework 6 Ian Coley February 13, 214 Problem 8.7. Let ω be a 1-form on a manifol. Suppose that ω = for every lose urve in. Show that ω is exat. We laim that this onition
More informationMost results in this section are stated without proof.
Leture 8 Level 4 v2 he Expliit formula. Most results in this setion are stated without proof. Reall that we have shown that ζ (s has only one pole, a simple one at s =. It has trivial zeros at the negative
More informationPrivately Constraining and Programming PRFs, the LWE Way
Privately Constraining and Programming PRFs, the LWE Way Chris Peikert Sina Shiehian January 10, 2018 Abstrat Constrained pseudorandom funtions allow for delegating onstrained seret keys that let one ompute
More informationBetter Security for Deterministic Public-Key Encryption: The Auxiliary-Input Setting
Better Seurity for Deterministi Publi-Key Enryption: The Auxiliary-Input Setting Zvika Brakerski Gil Segev Abstrat Deterministi publi-key enryption, introdued by Bellare, Boldyreva, and O Neill CRYPTO
More informationOblivious Transfer Is Symmetric
Oblivious Transfer Is Symmetri Stefan Wolf and Jürg Wullshleger Computer Siene Department, ETH Zürih, Switzerland {wolf, wjuerg}@inf.ethz.h bstrat. We show that oblivious transfer of bits from to an be
More informationCMSC 451: Lecture 9 Greedy Approximation: Set Cover Thursday, Sep 28, 2017
CMSC 451: Leture 9 Greedy Approximation: Set Cover Thursday, Sep 28, 2017 Reading: Chapt 11 of KT and Set 54 of DPV Set Cover: An important lass of optimization problems involves overing a ertain domain,
More informationA Generic Hybrid Encryption Construction in the Quantum Random Oracle Model
A Generic Hybrid Encryption Construction in the Quantum Random Oracle Model Presented by: Angela Robinson Department of Mathematical Sciences, Florida Atlantic University April 4, 2018 Motivation Quantum-resistance
More informationLecture 7: CPA Security, MACs, OWFs
CS 7810 Graduate Cryptography September 27, 2017 Lecturer: Daniel Wichs Lecture 7: CPA Security, MACs, OWFs Scribe: Eysa Lee 1 Topic Covered Chosen Plaintext Attack (CPA) MACs One Way Functions (OWFs)
More informationOrdered fields and the ultrafilter theorem
F U N D A M E N T A MATHEMATICAE 59 (999) Ordered fields and the ultrafilter theorem by R. B e r r (Dortmund), F. D e l o n (Paris) and J. S h m i d (Dortmund) Abstrat. We prove that on the basis of ZF
More informationLECTURE NOTES FOR , FALL 2004
LECTURE NOTES FOR 18.155, FALL 2004 83 12. Cone support and wavefront set In disussing the singular support of a tempered distibution above, notie that singsupp(u) = only implies that u C (R n ), not as
More informationarxiv:physics/ v1 14 May 2002
arxiv:physis/0205041 v1 14 May 2002 REPLY TO CRITICISM OF NECESSITY OF SIMULTANEOUS CO-EXISTENCE OF INSTANTANEOUS AND RETARDED INTERACTIONS IN CLASSICAL ELECTRODYNAMICS by J.D.Jakson ANDREW E. CHUBYKALO
More informationThe perverse t-structure
The perverse t-struture Milan Lopuhaä Marh 15, 2017 1 The perverse t-struture The goal of today is to define the perverse t-struture and perverse sheaves, and to show some properties of both. In his talk
More informationMethods of evaluating tests
Methods of evaluating tests Let X,, 1 Xn be i.i.d. Bernoulli( p ). Then 5 j= 1 j ( 5, ) T = X Binomial p. We test 1 H : p vs. 1 1 H : p>. We saw that a LRT is 1 if t k* φ ( x ) =. otherwise (t is the observed
More informationQuantum algorithms (CO 781/CS 867/QIC 823, Winter 2013) Andrew Childs, University of Waterloo LECTURE 13: Query complexity and the polynomial method
Quantum algorithms (CO 781/CS 867/QIC 823, Winter 2013) Andrew Childs, University of Waterloo LECTURE 13: Query complexity and the polynomial method So far, we have discussed several different kinds of
More informationLecture 6. Winter 2018 CS 485/585 Introduction to Cryptography. Constructing CPA-secure ciphers
1 Winter 2018 CS 485/585 Introduction to Cryptography Lecture 6 Portland State University Jan. 25, 2018 Lecturer: Fang Song Draft note. Version: February 4, 2018. Email fang.song@pdx.edu for comments and
More informationNPTEL STRUCTURAL RELIABILITY
NTEL Course On STRUCTURL RELIBILITY Module # 02 Leture 2 Course Format: Web Instrutor: Dr. runasis Chakraborty Department of Civil Engineering Indian Institute of Tehnology Guwahati 2. Leture 02: Theory
More informationLecture 5: Pseudo-Random Generators and Pseudo-Random Functions
CS 276 Cryptography Sept 22, 2014 Lecture 5: Pseudo-Random Generators and Pseudo-Random Functions Instructor: Sanjam Garg Scribe: Peihan Miao 1 PRG (Pseudo-Random Generator) extension In this section we
More informationLecture 4 Chiu Yuen Koo Nikolai Yakovenko. 1 Summary. 2 Hybrid Encryption. CMSC 858K Advanced Topics in Cryptography February 5, 2004
CMSC 858K Advanced Topics in Cryptography February 5, 2004 Lecturer: Jonathan Katz Lecture 4 Scribe(s): Chiu Yuen Koo Nikolai Yakovenko Jeffrey Blank 1 Summary The focus of this lecture is efficient public-key
More informationCOS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2017
COS433/Math 473: Cryptography Mark Zhandry Princeton University Spring 2017 Announcements Reminder: Homework 1 due tomorrow 11:59pm Submit through Blackboard Homework 2 will hopefully be posted tonight
More informationFORMAL METHODS LECTURE VI BINARY DECISION DIAGRAMS (BDD S)
Alessandro Artale (FM First Semester 2009/2010) p. 1/38 FORMAL METHODS LECTURE VI BINARY DECISION DIAGRAMS (BDD S) Alessandro Artale Faulty of Computer Siene Free University of Bolzano artale@inf.unibz.it
More informationModern symmetric-key Encryption
Modern symmetric-key Encryption Citation I would like to thank Claude Crepeau for allowing me to use his slide from his crypto course to mount my course. Some of these slides are taken directly from his
More informationLectures 2+3: Provable Security
Lectures 2+3: Provable Security Contents 1 Motivation 1 2 Syntax 3 3 Correctness 5 4 Security Definitions 6 5 Important Cryptographic Primitives 8 6 Proofs of Security 10 7 Limitations of Provable Security
More informationComputer Science 786S - Statistical Methods in Natural Language Processing and Data Analysis Page 1
Computer Siene 786S - Statistial Methods in Natural Language Proessing and Data Analysis Page 1 Hypothesis Testing A statistial hypothesis is a statement about the nature of the distribution of a random
More informationSYMMETRIC ENCRYPTION. Mihir Bellare UCSD 1
SYMMETRIC ENCRYPTION Mihir Bellare UCSD 1 Syntax A symmetric encryption scheme SE = (K, E, D) consists of three algorithms: K and E may be randomized, but D must be deterministic. Mihir Bellare UCSD 2
More informationOn the power of non-adaptive quantum chosen-ciphertext attacks
On the power of non-adaptive quantum chosen-ciphertext attacks joint work with Gorjan Alagic (UMD, NIST), Stacey Jeffery (QuSoft, CWI), and Maris Ozols (QuSoft, UvA) Alexander Poremba August 29, 2018 Heidelberg
More informationControl Theory association of mathematics and engineering
Control Theory assoiation of mathematis and engineering Wojieh Mitkowski Krzysztof Oprzedkiewiz Department of Automatis AGH Univ. of Siene & Tehnology, Craow, Poland, Abstrat In this paper a methodology
More informationZero-Knowledge Protocols
he People Zero-Knowlege Protools 2 he wars Prover (Peggy) Claim I Verifier (Vi) S Seret Deision 2 {true, false} zero-knowlege protool allows Peggy to Convine Vi that her laim is true an that she knows
More informationQuestion 2.1. Show that. is non-negligible. 2. Since. is non-negligible so is μ n +
Homework #2 Question 2.1 Show that 1 p n + μ n is non-negligible 1. μ n + 1 p n > 1 p n 2. Since 1 p n is non-negligible so is μ n + 1 p n Question 2.1 Show that 1 p n - μ n is non-negligible 1. μ n O(
More informationA Characterization of Wavelet Convergence in Sobolev Spaces
A Charaterization of Wavelet Convergene in Sobolev Spaes Mark A. Kon 1 oston University Louise Arakelian Raphael Howard University Dediated to Prof. Robert Carroll on the oasion of his 70th birthday. Abstrat
More informationLecture 18: Message Authentication Codes & Digital Signa
Lecture 18: Message Authentication Codes & Digital Signatures MACs and Signatures Both are used to assert that a message has indeed been generated by a party MAC is the private-key version and Signatures
More informationProduct Policy in Markets with Word-of-Mouth Communication. Technical Appendix
rodut oliy in Markets with Word-of-Mouth Communiation Tehnial Appendix August 05 Miro-Model for Inreasing Awareness In the paper, we make the assumption that awareness is inreasing in ustomer type. I.e.,
More informationMEASURE AND INTEGRATION: LECTURE 15. f p X. < }. Observe that f p
L saes. Let 0 < < and let f : funtion. We define the L norm to be ( ) / f = f dµ, and the sae L to be C be a measurable L (µ) = {f : C f is measurable and f < }. Observe that f = 0 if and only if f = 0
More informationEx1 Ex2 Ex3 Ex4 Ex5 Ex6
Technische Universität München (I7) Winter 2012/13 Dr. M. Luttenberger / M. Schlund Cryptography Endterm Last name: First name: Student ID no.: Signature: If you feel ill, let us know immediately. Please,
More informationLattice Cryptography
CSE 206A: Lattice Algorithms and Applications Winter 2016 Lattice Cryptography Instructor: Daniele Micciancio UCSD CSE Lattice cryptography studies the construction of cryptographic functions whose security
More information1 Cryptographic hash functions
CSCI 5440: Cryptography Lecture 6 The Chinese University of Hong Kong 23 February 2011 1 Cryptographic hash functions Last time we saw a construction of message authentication codes (MACs) for fixed-length
More informationPacking Plane Spanning Trees into a Point Set
Paking Plane Spanning Trees into a Point Set Ahmad Biniaz Alfredo Garía Abstrat Let P be a set of n points in the plane in general position. We show that at least n/3 plane spanning trees an be paked into
More information8 Security against Chosen Plaintext
8 Security against Chosen Plaintext Attacks We ve already seen a definition that captures security of encryption when an adversary is allowed to see just one ciphertext encrypted under the key. Clearly
More informationCryptography. Lecture 2: Perfect Secrecy and its Limitations. Gil Segev
Cryptography Lecture 2: Perfect Secrecy and its Limitations Gil Segev Last Week Symmetric-key encryption (KeyGen, Enc, Dec) Historical ciphers that are completely broken The basic principles of modern
More informationProbabilistic Graphical Models
Probabilisti Graphial Models David Sontag New York University Leture 12, April 19, 2012 Aknowledgement: Partially based on slides by Eri Xing at CMU and Andrew MCallum at UMass Amherst David Sontag (NYU)
More informationPractice Exam Winter 2018, CS 485/585 Crypto March 14, 2018
Practice Exam Name: Winter 2018, CS 485/585 Crypto March 14, 2018 Portland State University Prof. Fang Song Instructions This exam contains 8 pages (including this cover page) and 5 questions. Total of
More informationOn the (Im)possibility of Privately Outsourcing Linear Programming
On the (Im)possibility of Privately Outsouring Linear Programming ABSTRACT Peeter Laud Cybernetia AS peeter.laud@yber.ee In this paper we study the seurity definitions and methods for transformation-based
More informationKatz, Lindell Introduction to Modern Cryptrography
Katz, Lindell Introduction to Modern Cryptrography Slides Chapter 12 Markus Bläser, Saarland University Digital signature schemes Goal: integrity of messages Signer signs a message using a private key
More informationCryptography and Security Midterm Exam
Cryptography and Security Midterm Exam Serge Vaudenay 23.11.2017 duration: 1h45 no documents allowed, except one 2-sided sheet of handwritten notes a pocket calculator is allowed communication devices
More informationTECHNISCHE UNIVERSITEIT EINDHOVEN Faculty of Mathematics and Computer Science Exam Cryptology, Friday 25 January 2019
Faculty of Mathematics and Computer Science Exam Cryptology, Friday 25 January 2019 Name : TU/e student number : Exercise 1 2 3 4 5 total points Notes: Please hand in all sheets at the end of the exam.
More informationLecture 9 - Symmetric Encryption
0368.4162: Introduction to Cryptography Ran Canetti Lecture 9 - Symmetric Encryption 29 December 2008 Fall 2008 Scribes: R. Levi, M. Rosen 1 Introduction Encryption, or guaranteeing secrecy of information,
More informationFully Homomorphic Encryption
Fully Homomorphic Encryption Boaz Barak February 9, 2011 Achieving fully homomorphic encryption, under any kind of reasonable computational assumptions (and under any reasonable definition of reasonable..),
More informationarxiv: v2 [math.pr] 9 Dec 2016
Omnithermal Perfet Simulation for Multi-server Queues Stephen B. Connor 3th Deember 206 arxiv:60.0602v2 [math.pr] 9 De 206 Abstrat A number of perfet simulation algorithms for multi-server First Come First
More informationPublic-Key Cryptography. Lecture 9 Public-Key Encryption Diffie-Hellman Key-Exchange
Public-Key Cryptography Lecture 9 Public-Key Encryption Diffie-Hellman Key-Exchange Shared/Symmetric-Key Encryption (a.k.a. private-key encryption) SKE: Syntax KeyGen outputs K K E scheme E Syntax a.k.a.
More informationJohn Hancock enters the 21th century Digital signature schemes. Table of contents
John Hancock enters the 21th century Digital signature schemes Foundations of Cryptography Computer Science Department Wellesley College Fall 2016 Table of contents From last time: Good news and bad There
More informationLectures One Way Permutations, Goldreich Levin Theorem, Commitments
Lectures 11 12 - One Way Permutations, Goldreich Levin Theorem, Commitments Boaz Barak March 10, 2010 From time immemorial, humanity has gotten frequent, often cruel, reminders that many things are easier
More informationLecture 4: Perfect Secrecy: Several Equivalent Formulations
Cryptology 18 th August 015 Lecture 4: Perfect Secrecy: Several Equivalent Formulations Instructor: Goutam Paul Scribe: Arka Rai Choudhuri 1 Notation We shall be using the following notation for this lecture,
More informationHow many rounds can Random Selection handle?
How many rounds can Random Selection handle? Shengyu Zhang Abstract The construction of zero-knowledge proofs can be greatly simplified if the protocol is only required be secure against the honest verifier.
More information