Analysis and Design of Multiple Threshold Changeable Secret Sharing Schemes
|
|
- Noel Rice
- 5 years ago
- Views:
Transcription
1 Analyss and Desgn of Multple Threshold Changeable Secret Sharng Schemes Tancheng Lou 1 and Chrstophe Tartary 1,2 1 Insttute for Theoretcal Computer Scence Tsnghua Unversty Bejng, People s Republc of Chna 2 Dvson of Mathematcal Scences School of Physcal and Mathematcal Scences Nanyang Technologcal Unversty Sngapore loutancheng860214@gmal.com ctartary@ntu.edu.sg Abstract In a r, n)-threshold secret sharng scheme, no group of r 1) colludng members can recover the secret value s. However, the number of colluders s lely to ncrease over tme. In order to deal wth ths ssue, one may also requre to have the ablty to ncrease the threshold value from r to r > r), such an ncrement s lely to happen several tmes. In ths paper, we study the problem of threshold changeablty n a dealer-free envronment. Frst, we compute a theoretcal bound on the nformaton and securty rate for such a secret sharng. Second, we show how to acheve multple threshold change for a Chnese Remander Theorem le scheme. We prove that the parameters of ths new scheme asymptotcally reach the prevous bound. Keywords: Secret Sharng Scheme, Threshold Changeablty, Informaton Rate, Securty Rate, Chnese Remander Theorem, Dealer Free Update. 1 Introducton A r, n)-threshold secret-sharng TSS) scheme s a cryptographc prmtve, allowng a dealer to dvde a secret s nto n peces of nformaton called shares or shadows), dstrbute them among a group of n partcpants n such a way that the secret s reconstructble from any r shares whle any set of r 1 shadows cannot unquely determne s. Classcal constructons for threshold secret-sharng schemes nclude the polynomal-based Shamr scheme [12], geometry-based Blaley scheme [3] and the nteger-based Chnese Remander Theorem CRT) scheme [1]. A common applcaton for TSS schemes s to acheve robustness of dstrbuted securty systems. A dstrbuted system s called robust f ts securty s mantaned aganst an attacer who manages to brea nto a certan number of components of the system. In many settngs, the attacer capabltes are lely to change over tme. Ths threat requres the securty level.e. the threshold value) to vary as well. There s a trval soluton to the problem of ncreasng the threshold parameter of a r, n)-tss scheme. The partcpants smply dscard ther old shares whle the dealer dstrbute shadows of a r,n)-tss scheme to all partcpants. However, ths soluton s not very attractve snce t requres the dealer to be nvolved after the setup stage as well as the avalablty of a secure channel between the dealer and each one of the n group members. Such secure channels may not exst or may be dffcult to establsh after the ntal setup phase. There already exst TSS schemes allowng the threshold parameters to be changed after the ntal setup. Usng secret redstrbuton [6, 11] nvolves communcaton amongst the partcpants n order to redstrbute the secret usng a new threshold parameter. Although ths technque can be appled to standard secret-sharng schemes, ts dsadvantage s the need of secure channels for communcaton between partcpants. Constructons from [2, 5, 9] do not need such secure The orgnal verson of ths paper appears n the proceedngs of the 7th Internatonal Conference on Cryptology and Networ Securty CANS 2008), Lecture Notes n Computer Scence, vol. 5339, pp , Sprnger - Verlag. 1
2 channels, but they all requre the ntal secret-sharng scheme to be a non-standard one,.e. t must specally be desgned for threshold ncrease. Ramp schemes [4, 8] use optmal sze of shares but they are not perfect. Other technques [13, 14] can be appled to exstng schemes even f they were set up wthout consderaton to future threshold ncreases. Unfortunately, those approaches have worse securty than the constructon presented n [2, 5, 9]. The secret schemes desgned n [10, 16] acheve perfect securty before and after threshold modfcaton. However, the share sze has to be at least twce of the sze of secret. Moreover, f we change to threshold c tmes, the sze of the ntal shares needs to be at least c + 1) tmes as large as the secret s. In ths paper, we frst construct an upper-bound on the securty rate rato between the entropy of a largest unauthorzed group and the entropy of the secret) and nformaton rate rato between the share sze and the secret sze) of a changeable-threshold scheme. Second, we propose a new CRT-based secret sharng scheme allowng multple threshold updates. Our constructon allows to choose the securty rate of the scheme whle havng an nformaton rate meetng the prevous bound. We wll show that our scheme can acheves perfect securty, deal ntal scheme and optmal ramp-scheme the ramp-scheme uses optmal sze of shares) easly. In Secton 2, we brefly recall some defntons about TSS schemes. In Secton 3, we dscuss the defnton of the changeable-threshold secret-sharng scheme as well as the upper-bound on the securty rate and nformaton rate for threshold change. In Secton 4, we present our constructon allowng to ncrease the threshold parameter c 1) tmes. After provng ts correctness and effcency, we present two examples: one for standard ntal scheme and one for optmal ramp-scheme. The last secton concludes the paper. 2 Prelmnares In ths secton, we revew some basc defntons related to secret sharng. Defnton 1 TSS Scheme [13]) Denote P = {P 1,P 2,,P n } a group of n partcpants. Let S be the set of secrets and let the share of P come from a set S. Denote R a set of random strngs. A r,n)-threshold Secret-Sharng TSS) scheme s a par of algorthms called the dealer and the combner worng as follows: For a gven secret from S and some random strng from R, the dealer algorthm apples the mappng: to assgn shares to partcpants from P. D r,n : S R S 1 S 2 S n The shares of a subset A P of partcpants can be nput nto the combner algorthm. Denote S A the set of shares of partcpants from A. The mappng: C r,n : S A S unquely determnes the secret when A r. Otherwse, t fals to unquely determne the secret value. The prevous defnton s rather general and t does not specfy what can occur when the secret s not reconstructed. As a consequence, one of the basc problems n the feld of secret sharng schemes s to derve bounds on the amount of nformaton revealed by at most r 1 shares. Defnton 2 Securty Rate [15]) For a r, n)-tss scheme wth secret s, the securty rate φ s the real number defned as: { } HS S1,...,S m ) φ = mn : { 1,..., m } {1,...,n} and m < r HS) where S s the -th share for {1,...,n}). Defnton 3 Perfect TSS Scheme [15]) Consder a r,n)-tss scheme wth the followng propertes: 1. f A r then HS S A ) = 0 2. f A < r then HS S A ) = HS) where s denote the secret and H s the entropy functon. Then, ths secret sharng s called perfect. Note that, for a perfect scheme, we have: φ = 1. A perfect r,n)-tss scheme allows the dealer to dstrbute a secret s amongst a group of n partcpants n such a way that any r-subgroup of members can reconstruct t whle no subsets of less than r partcpants can gan any nformaton about s. Another effcency parameter of secret sharng schemes s the amount of nformaton that the partcpants must eep secret. 2
3 Defnton 4 Informaton Rate [15]) For a r, n)-tss scheme wth secret s, we call nformaton rate of the scheme ρ, the value ρ defned as: { } HS) ρ = mn HS ) : 1 n where S s the -th share for {1,...,n}). Note that, for any perfect secret sharng scheme, we have: ρ 1 [15]. The followng defnton characterze the property that the nformaton rate s n optmal stuaton. Defnton 5 Ideal TSS Scheme [15]) A perfect r,n)-tss scheme s called deal f and only f ρ = 1. In other words, a perfect threshold scheme s deal when the sze of the shares s the same as the secret s. We can easly see that Shamr s scheme s deal. An example of non-perfect threshold scheme s gven by ramp schemes [4]. Such constructons offer a trade-off between securty and share sze. We frst revew the defntons of ramp-schemes as well as optmal ramp-schemes [7]. Defnton 6 Ramp Scheme [4]) A T, n)-threshold secret sharng scheme wth secret s s sad to be a C, T, n)-ramp scheme f t satsfes the followng propertes: 1. If A T, then HS A) = If C < A < T, then 0 < HS A) < HS). 3. If A C, then HS A) = HS). In a ramp scheme, each share sze can be smaller than the secret sze. However, the smaller the share sze gets, the more nformaton about the secret s revealed. We have the followng theorem presented n [7]. Theorem 1 [7]) For any C, T,n)-ramp scheme, we have: HS S A ) T R T C HS) and {1,...,n} HS ) HS) T C Defnton 7 Optmal Ramp Scheme [7]) A C, T, n)-ramp scheme s sad to be optmal, f t has the property that HS S A ) = T R HS) hold for any A {1,2,...,n} such that A = R and C R T and shares are of mnmal T C sze HS ) = HS) T C. 3 Threshold Changeablty for Secret-Sharng Scheme 3.1 Defnton and Effcency Measures As sad n Secton 1, t sometmes occurs that the securty level be changed before the secret s to be reconstructed. Let P = {P 1,...,P n } be a group of n partcpants and denote S the set of secrets. Defnton 8 Threshold Changeablty) A r,n)-threshold changeable scheme s a threshold scheme where the threshold can be ncreased c 1) tmes, r = r 1,...,r c ) wth r 1 < r for {1,...,c}. The ntal,n)-threshold scheme s denoted Π 0 and the th derved r,n)-threshold scheme s denoted Π. For any {0,...,c} and any j {1,...,n}, we let S,j denote the set of j-th shares of Π. There exsts one dealer algorthm, c combner sub-share combner) algorthms and cn sub-share generaton algorthms wth the followng propertes: For a gven secret from S and some random strng from R, the dealer algorthm apples the mappng: to assgn shares to partcpants from P. D r0,n : S R S 0,1 S 0,n For any share from S,j, there exsts a sub-share generaton algorthm: E r0 r,,j : S,j S +1,j to modfy shares for ncreasng the threshold parameter from r to r +1 for any {0,...,c 1}. 3
4 For any {0,...,c}, the shares of a subset A P of partcpants can be nput nto the combner algorthm. Let S,A denote the set of shares of A n Π, f A r then the mappng: C r0 r, : S,A S reconstructs the secret. And for any r 1 partcpants, t always faled to recover the secret. In the defntons gven above, the sub-share generaton algorthms can be probablstc dealer free). The thrd pont of Defnton 8 nvolves that, for any r -group G, there exsts j 0 G such that Hs,j0 s +1,j0 ) > 0. Indeed, n the opposte stuaton, there would be a r -group G such that: P j G Hs,j s +1,j ) = 0. Ths would mply that each of the r members of G could reconstruct hs share related to threshold r from hs share related to the new value r +1 > r ). Thus, we would not have a r +1,n)-threshold scheme after threshold update whch contradcts the defnton of threshold changeablty. Remar. We would le to call the reader s attenton to the fact that old shares are assumed to be deleted after performng any threshold update. That s, after updatng the threshold value from r to r r+1, each of the n partcpants eeps the share related to the new value r +1 and dscards the shadow related to r for {0,...,c 1}). The effcency of a TSS scheme can be measured by ts securty rate and nformaton rate. We generalze those defntons to the case of a threshold changeable scheme. Defnton 9 Securty and Informaton Rates) Let Π 0,...,Π c be a r,n)-threshold changeable scheme where r = r 1,...,r c ) wth r 1 < r for {1,...,c}. Let φ denote the securty rate of Π. The securty rate φ of the changeable scheme Π 0,...,Π c s defned as mn {φ }. Let ρ denote the nformaton rate of Π. The nformaton {0,...,c} rate ρ of the changeable scheme Π 0,...,Π c s defned as mn {ρ }. {0,...,c} We wll present the defnton of determnstc r,n)-threshold changeable scheme, where r = r 1,r 2 r c ). Defnton 10 Determnstc Threshold Changeable Scheme) Let Π 0,...,Π c be a r,n)-threshold changeable scheme. The scheme Π 0,...,Π c s called determnstc, f all the c sub-share generaton algorthms are determnstc. In other words, there exst determnstc functons h,j, such that s +1,j = h,j s,j ), where s,j s j-th shadow of Π for {0,...,c 1} and j {1,...,n}. Many exstng secret-sharng schemes le Shamr s constructon [12] and the CRT-based secret sharng [1]) are deal. We have the followng result. Lemma 1 Let Π 0,...,Π c be a determnstc r,n)-threshold changeable scheme. If the ntal,n)-tss scheme Π 0 s deal then the fnal r c,n)-tss scheme Π c cannot be deal. Proof. We demonstrate ths result by contradcton. Assume the r c,n)-tss scheme Π c s deal. We fx {1,...,n}. We have: So, we get: IS 0, ;S c, ) = HS 0, ) HS 0, S c, ) = HS c, ) HS c, S 0, ) HS 0, S c, ) = HS 0, ) HS c, ) + HS c, S 0, ) = HS c, S 0, ) Snce the algorthm to update the threshold s determnstc, we have: HS 0, S c, ) = HS c, S 0, ) = 0. Ths means that one can recover S 0, from S c, for any {1,...,n}. Thus, the resultng scheme Π c s also a,n)-threshold secretsharng scheme, whch s mpossble. 3.2 Upper Bounds on the Securty Rate and the Informaton Rate Defnton 11 Suppose T s a r, n)-tss scheme wth secret s. It s called a φ, ρ) Sem-Random Dealer and Complete Randomness Recovery Combner SRDCRRC) scheme f t has the followng propertes: 1. T has securty rate φ. Ths means that we have HS S 1,...,S m ) φhs) for any { 1,..., m } {1,...,n} and m < r. 2. T has nformaton rate ρ. Ths means that we have HS ) HS) ρ for any {1,...,n}. 3. When the dealer of T wants to share s, he secretly chooses one random strng a and uses the par α = s,a) to construct the n shares. The method to output n shares usng α s determnstc. 4
5 4. The combner of T can recover the secret s f and only f t can unquely determne α. In other words, by any r shares, the combner can reconstruct not only the secret s but also all random bts a. Lemma 2 Suppose T s a r,n)-threshold secret-sharng scheme as well as a φ,ρ) SRDCRRC-scheme. Let S denote -th share of T. We have: Hα) = HS 1,...,S r ). Proof. Snce the dealer algorthm s determnstc, we have: HS 1,...,S r α) = 0. On the other hand, usng S 1,...,S r, the combner can recover the vector α. So, we have: Hα S 1,...,S r ) = 0. As a consequence, we get: Hα) = HS 1,...,S r ). Remar. The prevous result s vald for any r shares. We focused on S 1,...,S r as ths wll be used to demonstrate the followng lemma. Lemma 3 Suppose T s a r, n)-threshold secret-sharng scheme wth secret s as well as a φ, ρ) SRDCRRC-scheme. Then: Hα) rφhs). Proof. Let S denote the -th share of T. Accordng to Lemma 2, we have: We get: Hα) Hα) = HS 1,...,S r ) = HS 1 ) + HS 2,...,S n S 1 ) = HS 1 ) + HS 2 S 1 ) + HS 3,...,S n S 1,S 2 ) r = HS S 1,...,S 1 ) =1 r HS {S 1,...,S r } \ {S }). =1 Let A be a r-subset and choose any partcpant from A, defne B = A \ {} and the sze of B s r 1. Let S B denote the shares of all partcpants n B. Snce T has a securty rate φ, we have HS S B ) φhs). Usng S B, we get a set of possble secrets S S) such that s S and HS ) = φhs) where S s the set of all secrets. Hence, for each s S, there s a dstrbuton rule[15] dsts ) such that the shares of B are the same. Snce A s authorzed, we must have: S dsts1) S dsts2) when s 1 s 2 and s 1,s 2 S. Thus: HS S B ) HS ) φhs). Thus: {1,...,r} HS {S 1,...,S r } \ {S }) φhs). Ths acheves our proof. Theorem 2 Suppose that there exsts a determnstc algorthm for changng a r,n)-tss scheme T 1 to r,n)-tss scheme T 2. Assume that T 1 s a φ 1,ρ 1 ) SRDCRRC-scheme and T 2 s a φ 2,ρ 2 ) SRDCRRC-scheme. We have: mnρ 1,ρ 2 ) mnφ 1,φ 2 ) r r Proof. The dealer algorthm of T 2 s the dealer algorthm of T 1 followed by the determnstc algorthm A to change the threshold. Accordng to Lemma 3, we have: Hα) r φ 2 HS). Let S 1, denote the -th share of T 1. Accordng to Lemma 2, we have: So: Thus, we get: Therefore, we have: max HS 1,) max HS 1,) 1 1 n 1 r r HS 1,1,...,S 1,r ) = Hα) r φ 2 HS) ρ 1 r =1 HS) max HS 1,) 1 n HS 1, ) 1 r HS 1,1,...,S 1,r ) r φ 2 r HS) HS) r φ 2 r HS) r r φ 2 mnρ 1,ρ 2 ) mnφ 1,φ 2 ) ρ 1 φ 2 r r 5
6 Remar. Note that f both T 1 and T 2 are perfect secret-sharng schemes, then the nformaton rate of T 1, T 2 s at most r r. Smlarly, f both T 1 and T 2 have shares as large as the secret, then the securty rate of T 1, T 2 s at most r r. 4 Threshold Changeablty for CRT Secret-Sharng Schemes 4.1 CRT Secret Sharng Scheme We now descrbe the CRT secret sharng scheme presented n [1]. Denote S the set of -subsets of {1,...,n}. A set of parwse coprme ntegers {p,m 1,...,m n } s chosen subject to the followng: ) ) M : S S r m M and S S r 1 m M p The reader may notce that the orgnal defnton by [1] s slghtly dfferent. However, t can be shown that both defntons are equvalent. Dealer. Suppose the secret value s s, we can assume that 0 s < p. Selectng a random nteger A n [0, M p y = s + Ap. The set of shadows s y 1,...,y n ), where y = y mod m for {1,...,n}. 1] and set Combner. To recover secret s, t clearly suffces to fnd y. If y 1,...,y r are nown, then y s nown modulo N 1 = r m j CRT). As N 1 M, ths unquely determnes y and thus s. On the other hand, f only r 1 shadows were nown, j=1 essentally no nformaton about the ey can be recovered. If y 1,...,y r 1 are nown, then we have the value of y modulo N 2 = r 1 m j. Snce M N 2 p and gcdn 2,p) = 1, the collecton of numbers n wth n y mod N 2 ) and n M cover j=1 all congruence classes modulo p, wth each class contanng at most one more or one less n than any other class. The CRT sharng scheme descrbed above s perfect. However, the constructon that we wll present n the next secton wll not as ts securty rate wll not be equal to A New CRT-Based Secret Sharng Scheme In ths secton, we present our constructon whch s a modfcaton of the CRT secret sharng scheme. Let n be the number of partcpants, we choose a set of ntegers {p,q,m 1,...,m n,w 1,...,w n } as follows: 1. gcdm w,m wj j ) =gcdm,m j ) = 1 for j, 2. gcdp,m w ) =gcdp,m ) = 1 for all and q p, ) 3. M : S S r M and S S r 1 m w m w M q ). Share Constructon. Suppose the secret value s s, we can assume that 0 s < p. Selectng a random nteger A n [0, M p 1], and set y = s + Ap. The set of shadows are y 1,...,y n ), where y = y mod m w. Secret Recovery. To recover secret s, t clearly suffces to fnd y. If y 1,...,y r are nown, then y s nown modulo N 1 = r m w j j CRT). As N 1 M, ths unquely determnes y and thus s. j=1 On the other hand, f only r 1 shadows were nown, we can not unquely determne the secret s. If y 1,...,y r 1 are nown, then we have the value of y modulo N 2 = r 1 m w j. Snce M N 2 q and gcdn 2,p) = 1, the collecton of numbers j=1 j n wth n y mod N 2 ) and n M cover all congruence classes modulo q, wth each class contanng at most one more or one less n than any other class. So, the securty rate of the scheme: φ = Hx y 1,y 2,...,y r 1 ) Hx) 6 = log q log p = log p q
7 The nformaton rate of the scheme s: log p ρ = log max{m w : 1 n}) = log p max{w log m : 1 n} Remar. If the parameters p and q are equal, we can set m = mw secret sharng scheme set of parameters as defned n Secton 4.1. such that {p,m 1,...,m n} became a standard CRT 4.3 Constructon of a Multple Threshold Changeable Secret Sharng Scheme For the threshold ncrease problem, the basc dea of our method s the followng one: to ncrease the threshold parameter from r to r > r, the partcpants decrease values from w to w < w. For any φ 0,1], we can get a r,n)-threshold changeable scheme, such that the securty rate s at least φ and the nformaton rate ρ s at least. So, the bound constructed n Theorem 2 s met wth equalty. r c φ Suppose the secret value s s, we can assume that 0 s < B. Let w,j denote the value of w after the j-th transtons the -th share of scheme Π j ), for 1 n and 0 j c. Let φ be any element of 0,1]. We construct our scheme as follows: 1. GCs)Publc Parameter Generaton) r 2 c a) Pc any nteger u, set = u and d = r c. b) Pc any nteger l r c + φ log 2 B + 2log 2 n, choose n + 1 dstnct prmes m 0 < m 1 < < m n from the nterval [2 l,2 l+1 ]. Estmates of the densty of prmes show that one could easly fnd prmes m. c) Pc a prme ˆm from the nterval [2 l rc,2 l+1 rc ]. d) Set M = m d 0, q = ˆm and p = ˆm φ we have: p 2 l rc) φ 2 log 2 B B). e) Pc unformly at random a number A n [0, M p 1]. 2. Ds,A)Dealer Setup) To share secret s, set y = s + Ap. Set w,0 = d, and the -th ntal share s s,0 = y mod m w,0 3. Es,j )Sub-share Generaton) To generate sub-shares, let s,j denote the -th share of Π j the scheme afte changes). Set w,j+1 = the sub-share s: s,j+1 = s,j mod m w,j+1.. d Cs,S,j )Combner) To recover s, t clearly suffces to fnd y. Suppose S = {v 1,...,v rj }, f s v1,j,...,s vrj,j are nown, by the Chnese remander theorem, y s nown modulo N = m wv v,j =1. We wll prove that N p n the next secton. In ths settngs, only p,q,m 1,...,m n,,r c need to be publcly nown when settng up the orgnal scheme. When the partcpants want to ncrease the threshold value r, they smply need to agree on the new value r +1. Each of them can compute hs new share wthout any other nteracton. 4.4 Scheme Analyss In ths secton, we want to proof that our scheme satsfes the followng three condtons at any step j {0,...,c}. C1 :, ) {1,...,n} {1,...,n} gcdm w,j,m w,j ) = 1 for, and C2 : {1,...,n} gcdp,m w,j ) = 1 and q p, ) C3 : S S rj : m w,j M and S S rj 1 : m w,j M q ). For any j {0,...,c}, condtons C1 and C2 are trvally satsfed due to the choce of p,q,m 1,...,m n by the dealer. The proofs of the followng two lemmas can be found n Appendx A and Appendx B respectvely. 7
8 Lemma 4 For any j {0,...,c}, Condton C3 s satsfed f the followng two nequaltes are satsfed: S S rj w,j d 1) S S rj 1 Lemma 5 For any j {0,...,c}, Inequalty 1) and Inequalty 2) hold. w,j d 2) Combnng Lemma 4 and Lemma 5, we can prove that the scheme satsfes the three condtons C1, C2, C3 for any j {0,...,c}. Our constructon s a r,n)-threshold changeable scheme. The followng theorem shows that t has securty rate φ and the nformaton rate of the scheme ρ asymptotcally equals to r0 r c φ for any 0 < φ 1. Theorem 3 Securty and Informaton Rate) For any 0 < φ 1, the r,n)-threshold changeable scheme has securty rate φ. In addton, t asymptotcally meets wth equalty the upper bounds n Theorem 2. Proof. For any 0 < φ 1, the securty rate of the scheme s: The nformaton rate ρ of the scheme s: Therefore, we have: { } HS) ρ mn 1 n HS ) ρ l r c) φ d l + 1) log p q = log q log ˆm = log p log ˆm φ log max 1 n, 0 j c l r c l + 1 ˆm φ ) = { log m w,j log ˆm = φ log ˆm φ l r c ) φ )} max {l + 1)w,j} 1 n,0 j c r c φ r c φ l r c l r0 1) r c For any j {0,,c}, t s easy to see that Π j s a SRDCRRC-scheme as defned n Secton 3.2). So, we have: ρ r c φ If l and are asymptotcally large, then we have: ρ = r c φ Note that "l large" means that u s large. So, the upper bound n Theorem 2 s met wth equalty. 4.5 Comparson In ths secton, we want to compare our constructon wth prevous methods from [7, 10, 13, 14, 16]. It should be remembered that φ s to be chosen durng the set-up phase. We wll see that for dfferent values of φ, Π 0,...,Π c can be perfectly secure φ = 1), an asymptotcally optmal ramp-scheme φ = 1 T C ) or t can use a standard ntal scheme as Π 0. The secret sharng schemes desgned n [10, 16] acheve perfect securty before and after threshold modfcaton. However, the share sze has to be at least twce of the sze of secret. Moreover, f we change to threshold c tmes, the 1 nformaton rate s at most c+1. We have the followng result for our constructon whch s a drect consequence of Theorem 3. Proposton 1 Perfect Secure Changeable Scheme) Let Π 0,...,Π c be a r,n)-threshold changeable scheme where r = r 1,...,r c )) as constructed n Secton 4.3. If we set φ = 1, then Π 0,...,Π c has securty rate 1 and nformaton rate ρ such that: r c l r c l + 1 ρ + r0 1) r c r c 8
9 Ths proposton nvolves that each,n)-tss scheme Π j acheves perfect secrecy for any j {1,...,c}). Ths means that the secret s s reconstructble from any shares whle no nformaton about s leas out from any set of r 1 shadows. Technques n [13, 14] can be appled to exstng schemes even f they were set up wthout consderaton of future threshold ncreases. Ths s called the standard ntal scheme approach. Unfortunately, those constructons have worse securty. In addton, the secret recovery s only probablstc. Our constructon always guarantees s to be recovered. We wll show how to construct a threshold changeable secret sharng scheme Π 0,...,Π c, where Π 0 s a standard CRT scheme as defned n Secton 4.1), for any gven r,n) and r =,...,r c ) wth = r. Our dea s to use the constructon from Secton 4.3 whch s vald for any n,,...,r c ). We smply need to choose the constructon parameter φ of Π 0,...,Π c so that Π 0 s standard scheme. We use the next two lemmas, the proofs of whch are n Appendx C and Appendx D respectvely. Lemma 6 For a r,n)-threshold changeable scheme Π 0,...,Π c where r = r 1,...,r c ), f we set φ = r0 r c, then the ntal scheme Π 0 has perfect securty. Lemma 7 For a r,n)-threshold changeable scheme Π 0,...,Π c where r = r 1,...,r c ), f we set φ = r0 r c, then the ntal scheme Π 0 s a standard CRT scheme. When a secret sharng s set-up, the dealer gnores what securty level wll be requred n the future. Thus, the value r c s a pror unnown. We would le to emphaszed that ths ssue can be overcome easly. Indeed, when settng-up the scheme the dealer smply consder the par,r c ) where r c = n. He can construct Π 0,Π c. When the dfferent threshold updates occur, the partcpants can recursvely construct Π 0,Π 1,Π c, Π 0,Π 1,Π 2,Π c,..., Π 0,Π 1,Π 2,...,Π c wthout nteractng wth the dealer. Note that ths technque allows to desgn an ntermedate) SSS for any threshold value from { + 1,...,n}. We can use our method to construct an asymptotcally optmal C, T,n)-ramp scheme Π. The dea of our constructon s the followng one. Set φ = 1 T C, and use our method from Secton 4.3 to construct a C 1) T,n)-threshold changeable scheme ˆπ = Π 0,Π 1 where Π = Π 1. We have the followng result, the proof of whch s n Appendx E. Theorem 4 The secret sharng scheme Π constructed by the prevous method s asymptotcally an optmal C, T, n)-ramp scheme. 5 Concluson In ths paper, we frst studed the propertes of threshold changeable schemes. We deduced some bounds on the nformaton and securty rates for these constructons. Second, we ntroduce a new CRT-based secret sharng, allowng multple threshold changes after the orgnal set-up phase wthout requrng any nteractons wth the dealer. One beneft of our constructon s that the secret s always guaranteed to be recovered after any threshold update contrary to [13, 14] where recovery s only probablstc. We also demonstrated that a sutable choce of the securty rate φ led to a perfectly secure constructon. As n [13, 14], a pont of nterest to further nvestgate s to deal wth malcous partcpants who devate from the threshold update protocol. Acnowledgments The authors would le to than Professor Xaomng Sun for valuable dscussons on secret sharng. The authors are also grateful to the anonymous revewers for ther comments to mprove the qualty of ths paper. The two authors wor was supported by the Natonal Natural Scence Foundaton of Chna grant and the Natonal Basc Research Program of Chna grants 2007CB and 2007CB Chrstophe Tartary s research was also fnanced by the Mnstry of Educaton of Sngapore under grant T206B2204. References [1] Charles Asmuth and John Bloom. A modular approach to ey safeguardng. IEEE Transactons on Informaton Theory, IT-292): , March [2] Susan G. Barwc, Wen-A Jacson, and Keth M. Martn. Updatng the parameters of a threshold scheme by mnmal broadcast. IEEE Transactons on Informaton Theory, 512): , February
10 [3] George Robert Blaley. Safeguardng cryptographc eys. In AFIPS 1979 Natonal Computer Conference, pages , New Yor, USA, June AFIPS Press. [4] George Robert Blaley and Catherne Meadows. Securty of ramp schemes. In Advances n Cryptology - Crypto 84, volume 196 of Lecture Notes n Computer Scence, pages , Santa Barbara, USA, August Sprnger - Verlag. [5] Carlo Blundo, Antonella Crest, Alfredo De Sants, and Ugo Vaccaro. Fully dynamc secret sharng schemes. In Advances n Cryptology - Crypto 93, volume 773 of Lecture Notes n Computer Scence, pages , Santa Barbara, USA, August Sprnger - Verlag. [6] Yvo Desmedt and Sushl Jajoda. Redstrbutng secret shares to new access structures and ts applcatons. Techncal Report ISSE TR-97-01, George Mason unversty, [7] Wen-A Jacson and Keth M. Martn. A combnatoral nterpretaton of ramp schemes. Australasan Journal of Combnatorcs, 14:51 60, September [8] Ayao Maeda, Atsuo Myaj, and Mtsuru Tada. Effcent and uncondtonally secure verfable threshold changeable scheme. In 6th Australasan Conference on Informaton Securty and Prvacy, volume 2119 of Lecture Notes n Computer Scence, pages , Sydney, Australa, July Sprnger - Verlag. [9] Keth Martn. Untrustworthy partcpants n secret sharng schemes. In Cryptography and Codng III, volume 45, pages Oxford Unversty Press, [10] Keth M. Martn, Josef Peprzy, Re Safav-Nan, and Huaxong Wang. Changng thresholds n the absence of secure channels. Australan Computer Journal, 31:34 43, [11] Keth M. Martn, Re Safav-Nan, and Huaxong Wang. Bounds and technques for effcent redstrbuton of secret shares to new access structures. The Computer Journal, 428): , September [12] Ad Shamr. How to share a secret. Communcatons of the ACM, 2211): , November [13] Ron Stenfeld, Josef Peprzy, and Huaxong Wang. Lattce-based threshold-changeablty for standard CRT secretsharng schemes. Fnte Feld and ther Applcatons, 12: , [14] Ron Stenfeld, Huaxong Wang, and Josef Peprzy. Lattce-based threshold-changeablty for standard Shamr secret-sharng schemes. In Advances n Cryptology - Asacrypt 04, volume 3329 of Lecture Notes n Computer Scence, pages , Jeju Island, Korea, December Sprnger - Verlag. [15] Douglas R. Stnson. Cryptography: Theory and Practce Thrd Edton). Chapman & Hall/CRC, [16] Y. Tamura, M.Tada, and Ej Oamoto. Update of access structure n Shamr s, n) threshold scheme. In The 1999 Symposum on Cryptography and Informaton Securty, volume I, pages , Kobe, Japan, January A Proof of Lemma 4 Let S be any element of S rj. We have: {1,...,n}m > m 0. Thus, f we have w,j d then we obtan: m w,j m d 0 M. Let S be any element of S r 1. Assume that w,j d. We get: m w,j 2 l+1 ) w,j 2 l+1),j w 2 l+1)d ) 2 ld 2 l+1 d ) 2 ld 2 l+1 rc ) So, we have:. m w,j M q 10
11 B Proof of Lemma 5 We frst demonstrate that Inequalty 1) holds. Let j be any element of {0,...,c} and let S be any element of S rj. We have: d w,j d Now, we want to demonstrate Inequalty 2). We consde = c. Let S be any element of S rc. We have: d w,j = r c 1) = r c 1) = d Assume that j {0,...,c 1}. We have: r 2 r c 0 1r0 r c 1 1) 2 r c 1 1) 2 1) 2 r c r c 1 r c r c 1 r c In addton, we have the followng bound: d r c d + rj 1 d + 1 Let S be any element of S rj, we have: d w,j 1) 1) d + 1 1) r c + 1) r c r c r 2 j d r c 1) 2 rc d 1) 2 ) If = 1 then, we have: Otherwse, we have: w,j d r c d w,j d r c 1) 2 d r j 1) 2 r c C Proof of Lemma 6 Let S be any element of S r0 1. Frstly, we want to prove that m w,0 d w,0 = = d M p. Snce, we have d. Therefore: We get: We obtan: m w,0 w,0 = 1) d = d d = d r c 2 l+1 ) w,0 2 l+1) w,0 2 l+1)d rc r ) 0 2 ld ) rc l+1 d rc ) 2 11
12 Fnally, we have: m w,0 2 ld 2 l+1 d ) φ M p If only 1 shares y 1,...,y were nown, then have have the value of y modulo N r0 1 3 = r0 1 m w λ λ λ=1. Snce N 3 M p and gcdn 3,p) = 1, the collecton of numbers n wth n y mod N 3 and n M cover all congruence classes mod p, wth each class contanng at most one more or one less n than any other class. Thus, no useful nformatoneven probablstc) s avalable wthout r shares. Therefore, the ntal scheme Π 0 s perfect. D Proof of Lemma 7 Set m = mw,0. Snce {p,m 1,...,m n } are parwse coprme, we always have parwse coprme ntegers {p,m 1,...,m n}. Now, we want to prove that the ntegers {p,m 1,...,m n} satsfy the followng condtons: ) ) S S r m M and S S r 1 m M p Accordng to Lemma 4 and Lemma 5, we have: S S r Usng the result n the proof of Lemma 6, we get: S S r 1 m M m M p Therefore, Π 0 s a standard CRT scheme. E Proof of Theorem 4 Let S denote the -th share of Π. For A = R, C R T, we have: log M A HS S A ) = mn 1, log ˆm φ m HS) = mn 1, d log m 0 log m ) A φ log ˆm HS) So, we have: and: HS S A ) mn { 1, { HS S A ) mn 1, If l s asymptotcally large, then we have: Therefore, the nformaton rate: So, we have: } { ld R l + 1) HS) mn 1, l T + 1)T C) } { l + 1)d R l HS) mn 1, l T )T C) HS S A ) HS) ρ = HS ) HS) = log m log ˆm φ = T R T C = log m log ˆm φ HS ) HS) l T C)l T + 1) 12 } l T Rl + 1) HS) l T + 1)T C) } l + 1) T Rl HS) l T )T C)
13 and: HS ) HS) l + 1 T C)l T ) Fnally, we deduce that, when l s asymptotcally large, we have: Therefore, the scheme Π s an optmal ramp scheme. HS ) HS) = 1 T C 13
Foundations of Arithmetic
Foundatons of Arthmetc Notaton We shall denote the sum and product of numbers n the usual notaton as a 2 + a 2 + a 3 + + a = a, a 1 a 2 a 3 a = a The notaton a b means a dvdes b,.e. ac = b where c s an
More informationCryptanalysis of pairing-free certificateless authenticated key agreement protocol
Cryptanalyss of parng-free certfcateless authentcated key agreement protocol Zhan Zhu Chna Shp Development Desgn Center CSDDC Wuhan Chna Emal: zhuzhan0@gmal.com bstract: Recently He et al. [D. He J. Chen
More informationSpeeding up Computation of Scalar Multiplication in Elliptic Curve Cryptosystem
H.K. Pathak et. al. / (IJCSE) Internatonal Journal on Computer Scence and Engneerng Speedng up Computaton of Scalar Multplcaton n Ellptc Curve Cryptosystem H. K. Pathak Manju Sangh S.o.S n Computer scence
More informationTHE CHINESE REMAINDER THEOREM. We should thank the Chinese for their wonderful remainder theorem. Glenn Stevens
THE CHINESE REMAINDER THEOREM KEITH CONRAD We should thank the Chnese for ther wonderful remander theorem. Glenn Stevens 1. Introducton The Chnese remander theorem says we can unquely solve any par of
More informationCOMPARISON OF SOME RELIABILITY CHARACTERISTICS BETWEEN REDUNDANT SYSTEMS REQUIRING SUPPORTING UNITS FOR THEIR OPERATIONS
Avalable onlne at http://sck.org J. Math. Comput. Sc. 3 (3), No., 6-3 ISSN: 97-537 COMPARISON OF SOME RELIABILITY CHARACTERISTICS BETWEEN REDUNDANT SYSTEMS REQUIRING SUPPORTING UNITS FOR THEIR OPERATIONS
More informationFinding Dense Subgraphs in G(n, 1/2)
Fndng Dense Subgraphs n Gn, 1/ Atsh Das Sarma 1, Amt Deshpande, and Rav Kannan 1 Georga Insttute of Technology,atsh@cc.gatech.edu Mcrosoft Research-Bangalore,amtdesh,annan@mcrosoft.com Abstract. Fndng
More informationModule 3 LOSSY IMAGE COMPRESSION SYSTEMS. Version 2 ECE IIT, Kharagpur
Module 3 LOSSY IMAGE COMPRESSION SYSTEMS Verson ECE IIT, Kharagpur Lesson 6 Theory of Quantzaton Verson ECE IIT, Kharagpur Instructonal Objectves At the end of ths lesson, the students should be able to:
More informationProblem Set 9 Solutions
Desgn and Analyss of Algorthms May 4, 2015 Massachusetts Insttute of Technology 6.046J/18.410J Profs. Erk Demane, Srn Devadas, and Nancy Lynch Problem Set 9 Solutons Problem Set 9 Solutons Ths problem
More informationECE559VV Project Report
ECE559VV Project Report (Supplementary Notes Loc Xuan Bu I. MAX SUM-RATE SCHEDULING: THE UPLINK CASE We have seen (n the presentaton that, for downlnk (broadcast channels, the strategy maxmzng the sum-rate
More informationFinding Primitive Roots Pseudo-Deterministically
Electronc Colloquum on Computatonal Complexty, Report No 207 (205) Fndng Prmtve Roots Pseudo-Determnstcally Ofer Grossman December 22, 205 Abstract Pseudo-determnstc algorthms are randomzed search algorthms
More informationThe Minimum Universal Cost Flow in an Infeasible Flow Network
Journal of Scences, Islamc Republc of Iran 17(2): 175-180 (2006) Unversty of Tehran, ISSN 1016-1104 http://jscencesutacr The Mnmum Unversal Cost Flow n an Infeasble Flow Network H Saleh Fathabad * M Bagheran
More informationCollege of Computer & Information Science Fall 2009 Northeastern University 20 October 2009
College of Computer & Informaton Scence Fall 2009 Northeastern Unversty 20 October 2009 CS7880: Algorthmc Power Tools Scrbe: Jan Wen and Laura Poplawsk Lecture Outlne: Prmal-dual schema Network Desgn:
More informationMore metrics on cartesian products
More metrcs on cartesan products If (X, d ) are metrc spaces for 1 n, then n Secton II4 of the lecture notes we defned three metrcs on X whose underlyng topologes are the product topology The purpose of
More informationLecture 4: Universal Hash Functions/Streaming Cont d
CSE 5: Desgn and Analyss of Algorthms I Sprng 06 Lecture 4: Unversal Hash Functons/Streamng Cont d Lecturer: Shayan Oves Gharan Aprl 6th Scrbe: Jacob Schreber Dsclamer: These notes have not been subjected
More informationThe Order Relation and Trace Inequalities for. Hermitian Operators
Internatonal Mathematcal Forum, Vol 3, 08, no, 507-57 HIKARI Ltd, wwwm-hkarcom https://doorg/0988/mf088055 The Order Relaton and Trace Inequaltes for Hermtan Operators Y Huang School of Informaton Scence
More informationPower law and dimension of the maximum value for belief distribution with the max Deng entropy
Power law and dmenson of the maxmum value for belef dstrbuton wth the max Deng entropy Bngy Kang a, a College of Informaton Engneerng, Northwest A&F Unversty, Yanglng, Shaanx, 712100, Chna. Abstract Deng
More informationSome Consequences. Example of Extended Euclidean Algorithm. The Fundamental Theorem of Arithmetic, II. Characterizing the GCD and LCM
Example of Extended Eucldean Algorthm Recall that gcd(84, 33) = gcd(33, 18) = gcd(18, 15) = gcd(15, 3) = gcd(3, 0) = 3 We work backwards to wrte 3 as a lnear combnaton of 84 and 33: 3 = 18 15 [Now 3 s
More informationAnti-van der Waerden numbers of 3-term arithmetic progressions.
Ant-van der Waerden numbers of 3-term arthmetc progressons. Zhanar Berkkyzy, Alex Schulte, and Mchael Young Aprl 24, 2016 Abstract The ant-van der Waerden number, denoted by aw([n], k), s the smallest
More informationOn the correction of the h-index for career length
1 On the correcton of the h-ndex for career length by L. Egghe Unverstet Hasselt (UHasselt), Campus Depenbeek, Agoralaan, B-3590 Depenbeek, Belgum 1 and Unverstet Antwerpen (UA), IBW, Stadscampus, Venusstraat
More informationPerron Vectors of an Irreducible Nonnegative Interval Matrix
Perron Vectors of an Irreducble Nonnegatve Interval Matrx Jr Rohn August 4 2005 Abstract As s well known an rreducble nonnegatve matrx possesses a unquely determned Perron vector. As the man result of
More informationEconomics 101. Lecture 4 - Equilibrium and Efficiency
Economcs 0 Lecture 4 - Equlbrum and Effcency Intro As dscussed n the prevous lecture, we wll now move from an envronment where we looed at consumers mang decsons n solaton to analyzng economes full of
More informationISSN: ISO 9001:2008 Certified International Journal of Engineering and Innovative Technology (IJEIT) Volume 3, Issue 1, July 2013
ISSN: 2277-375 Constructon of Trend Free Run Orders for Orthogonal rrays Usng Codes bstract: Sometmes when the expermental runs are carred out n a tme order sequence, the response can depend on the run
More informationStanford University CS359G: Graph Partitioning and Expanders Handout 4 Luca Trevisan January 13, 2011
Stanford Unversty CS359G: Graph Parttonng and Expanders Handout 4 Luca Trevsan January 3, 0 Lecture 4 In whch we prove the dffcult drecton of Cheeger s nequalty. As n the past lectures, consder an undrected
More informationEstimation: Part 2. Chapter GREG estimation
Chapter 9 Estmaton: Part 2 9. GREG estmaton In Chapter 8, we have seen that the regresson estmator s an effcent estmator when there s a lnear relatonshp between y and x. In ths chapter, we generalzed the
More informationIntroduction to Algorithms
Introducton to Algorthms 6.046J/8.40J Lecture 7 Prof. Potr Indyk Data Structures Role of data structures: Encapsulate data Support certan operatons (e.g., INSERT, DELETE, SEARCH) Our focus: effcency of
More informationA new Approach for Solving Linear Ordinary Differential Equations
, ISSN 974-57X (Onlne), ISSN 974-5718 (Prnt), Vol. ; Issue No. 1; Year 14, Copyrght 13-14 by CESER PUBLICATIONS A new Approach for Solvng Lnear Ordnary Dfferental Equatons Fawz Abdelwahd Department of
More informationLINEAR REGRESSION ANALYSIS. MODULE IX Lecture Multicollinearity
LINEAR REGRESSION ANALYSIS MODULE IX Lecture - 30 Multcollnearty Dr. Shalabh Department of Mathematcs and Statstcs Indan Insttute of Technology Kanpur 2 Remedes for multcollnearty Varous technques have
More informationOn the Multicriteria Integer Network Flow Problem
BULGARIAN ACADEMY OF SCIENCES CYBERNETICS AND INFORMATION TECHNOLOGIES Volume 5, No 2 Sofa 2005 On the Multcrtera Integer Network Flow Problem Vassl Vasslev, Marana Nkolova, Maryana Vassleva Insttute of
More informationRecover plaintext attack to block ciphers
Recover plantext attac to bloc cphers L An-Png Bejng 100085, P.R.Chna apl0001@sna.com Abstract In ths paper, we wll present an estmaton for the upper-bound of the amount of 16-bytes plantexts for Englsh
More information3.1 Expectation of Functions of Several Random Variables. )' be a k-dimensional discrete or continuous random vector, with joint PMF p (, E X E X1 E X
Statstcs 1: Probablty Theory II 37 3 EPECTATION OF SEVERAL RANDOM VARIABLES As n Probablty Theory I, the nterest n most stuatons les not on the actual dstrbuton of a random vector, but rather on a number
More informationOrientation Model of Elite Education and Mass Education
Proceedngs of the 8th Internatonal Conference on Innovaton & Management 723 Orentaton Model of Elte Educaton and Mass Educaton Ye Peng Huanggang Normal Unversty, Huanggang, P.R.Chna, 438 (E-mal: yepeng@hgnc.edu.cn)
More informationValuated Binary Tree: A New Approach in Study of Integers
Internatonal Journal of Scentfc Innovatve Mathematcal Research (IJSIMR) Volume 4, Issue 3, March 6, PP 63-67 ISS 347-37X (Prnt) & ISS 347-34 (Onlne) wwwarcournalsorg Valuated Bnary Tree: A ew Approach
More informationLecture 4. Instructor: Haipeng Luo
Lecture 4 Instructor: Hapeng Luo In the followng lectures, we focus on the expert problem and study more adaptve algorthms. Although Hedge s proven to be worst-case optmal, one may wonder how well t would
More informationJ. Number Theory 130(2010), no. 4, SOME CURIOUS CONGRUENCES MODULO PRIMES
J. Number Theory 30(200, no. 4, 930 935. SOME CURIOUS CONGRUENCES MODULO PRIMES L-Lu Zhao and Zh-We Sun Department of Mathematcs, Nanjng Unversty Nanjng 20093, People s Republc of Chna zhaollu@gmal.com,
More informationAmusing Properties of Odd Numbers Derived From Valuated Binary Tree
IOSR Journal of Mathematcs (IOSR-JM) e-iss: 78-578, p-iss: 19-765X. Volume 1, Issue 6 Ver. V (ov. - Dec.016), PP 5-57 www.osrjournals.org Amusng Propertes of Odd umbers Derved From Valuated Bnary Tree
More informationFACTORIZATION IN KRULL MONOIDS WITH INFINITE CLASS GROUP
C O L L O Q U I U M M A T H E M A T I C U M VOL. 80 1999 NO. 1 FACTORIZATION IN KRULL MONOIDS WITH INFINITE CLASS GROUP BY FLORIAN K A I N R A T H (GRAZ) Abstract. Let H be a Krull monod wth nfnte class
More informationPerfect Competition and the Nash Bargaining Solution
Perfect Competton and the Nash Barganng Soluton Renhard John Department of Economcs Unversty of Bonn Adenauerallee 24-42 53113 Bonn, Germany emal: rohn@un-bonn.de May 2005 Abstract For a lnear exchange
More informationOn a direct solver for linear least squares problems
ISSN 2066-6594 Ann. Acad. Rom. Sc. Ser. Math. Appl. Vol. 8, No. 2/2016 On a drect solver for lnear least squares problems Constantn Popa Abstract The Null Space (NS) algorthm s a drect solver for lnear
More informationAffine transformations and convexity
Affne transformatons and convexty The purpose of ths document s to prove some basc propertes of affne transformatons nvolvng convex sets. Here are a few onlne references for background nformaton: http://math.ucr.edu/
More informationGames of Threats. Elon Kohlberg Abraham Neyman. Working Paper
Games of Threats Elon Kohlberg Abraham Neyman Workng Paper 18-023 Games of Threats Elon Kohlberg Harvard Busness School Abraham Neyman The Hebrew Unversty of Jerusalem Workng Paper 18-023 Copyrght 2017
More informationMaximizing the number of nonnegative subsets
Maxmzng the number of nonnegatve subsets Noga Alon Hao Huang December 1, 213 Abstract Gven a set of n real numbers, f the sum of elements of every subset of sze larger than k s negatve, what s the maxmum
More informationComparison of the Population Variance Estimators. of 2-Parameter Exponential Distribution Based on. Multiple Criteria Decision Making Method
Appled Mathematcal Scences, Vol. 7, 0, no. 47, 07-0 HIARI Ltd, www.m-hkar.com Comparson of the Populaton Varance Estmators of -Parameter Exponental Dstrbuton Based on Multple Crtera Decson Makng Method
More informationRandić Energy and Randić Estrada Index of a Graph
EUROPEAN JOURNAL OF PURE AND APPLIED MATHEMATICS Vol. 5, No., 202, 88-96 ISSN 307-5543 www.ejpam.com SPECIAL ISSUE FOR THE INTERNATIONAL CONFERENCE ON APPLIED ANALYSIS AND ALGEBRA 29 JUNE -02JULY 20, ISTANBUL
More informationTHERE ARE INFINITELY MANY FIBONACCI COMPOSITES WITH PRIME SUBSCRIPTS
Research and Communcatons n Mathematcs and Mathematcal Scences Vol 10, Issue 2, 2018, Pages 123-140 ISSN 2319-6939 Publshed Onlne on November 19, 2018 2018 Jyot Academc Press http://jyotacademcpressorg
More informationNumerical Heat and Mass Transfer
Master degree n Mechancal Engneerng Numercal Heat and Mass Transfer 06-Fnte-Dfference Method (One-dmensonal, steady state heat conducton) Fausto Arpno f.arpno@uncas.t Introducton Why we use models and
More informationThe lower and upper bounds on Perron root of nonnegative irreducible matrices
Journal of Computatonal Appled Mathematcs 217 (2008) 259 267 wwwelsevercom/locate/cam The lower upper bounds on Perron root of nonnegatve rreducble matrces Guang-Xn Huang a,, Feng Yn b,keguo a a College
More informationSystem in Weibull Distribution
Internatonal Matheatcal Foru 4 9 no. 9 94-95 Relablty Equvalence Factors of a Seres-Parallel Syste n Webull Dstrbuton M. A. El-Dacese Matheatcs Departent Faculty of Scence Tanta Unversty Tanta Egypt eldacese@yahoo.co
More informationOn the size of quotient of two subsets of positive integers.
arxv:1706.04101v1 [math.nt] 13 Jun 2017 On the sze of quotent of two subsets of postve ntegers. Yur Shtenkov Abstract We obtan non-trval lower bound for the set A/A, where A s a subset of the nterval [1,
More informationAPPENDIX A Some Linear Algebra
APPENDIX A Some Lnear Algebra The collecton of m, n matrces A.1 Matrces a 1,1,..., a 1,n A = a m,1,..., a m,n wth real elements a,j s denoted by R m,n. If n = 1 then A s called a column vector. Smlarly,
More informationOn the Repeating Group Finding Problem
The 9th Workshop on Combnatoral Mathematcs and Computaton Theory On the Repeatng Group Fndng Problem Bo-Ren Kung, Wen-Hsen Chen, R.C.T Lee Graduate Insttute of Informaton Technology and Management Takmng
More informationChapter 5. Solution of System of Linear Equations. Module No. 6. Solution of Inconsistent and Ill Conditioned Systems
Numercal Analyss by Dr. Anta Pal Assstant Professor Department of Mathematcs Natonal Insttute of Technology Durgapur Durgapur-713209 emal: anta.bue@gmal.com 1 . Chapter 5 Soluton of System of Lnear Equatons
More informationHMMT February 2016 February 20, 2016
HMMT February 016 February 0, 016 Combnatorcs 1. For postve ntegers n, let S n be the set of ntegers x such that n dstnct lnes, no three concurrent, can dvde a plane nto x regons (for example, S = {3,
More informationComments on a secure dynamic ID-based remote user authentication scheme for multiserver environment using smart cards
Comments on a secure dynamc ID-based remote user authentcaton scheme for multserver envronment usng smart cards Debao He chool of Mathematcs tatstcs Wuhan nversty Wuhan People s Republc of Chna Emal: hedebao@63com
More informationA PROBABILITY-DRIVEN SEARCH ALGORITHM FOR SOLVING MULTI-OBJECTIVE OPTIMIZATION PROBLEMS
HCMC Unversty of Pedagogy Thong Nguyen Huu et al. A PROBABILITY-DRIVEN SEARCH ALGORITHM FOR SOLVING MULTI-OBJECTIVE OPTIMIZATION PROBLEMS Thong Nguyen Huu and Hao Tran Van Department of mathematcs-nformaton,
More informationModule 9. Lecture 6. Duality in Assignment Problems
Module 9 1 Lecture 6 Dualty n Assgnment Problems In ths lecture we attempt to answer few other mportant questons posed n earler lecture for (AP) and see how some of them can be explaned through the concept
More informationarxiv: v1 [math.co] 1 Mar 2014
Unon-ntersectng set systems Gyula O.H. Katona and Dánel T. Nagy March 4, 014 arxv:1403.0088v1 [math.co] 1 Mar 014 Abstract Three ntersecton theorems are proved. Frst, we determne the sze of the largest
More informationAppendix B. The Finite Difference Scheme
140 APPENDIXES Appendx B. The Fnte Dfference Scheme In ths appendx we present numercal technques whch are used to approxmate solutons of system 3.1 3.3. A comprehensve treatment of theoretcal and mplementaton
More informationLecture Space-Bounded Derandomization
Notes on Complexty Theory Last updated: October, 2008 Jonathan Katz Lecture Space-Bounded Derandomzaton 1 Space-Bounded Derandomzaton We now dscuss derandomzaton of space-bounded algorthms. Here non-trval
More informationUsing T.O.M to Estimate Parameter of distributions that have not Single Exponential Family
IOSR Journal of Mathematcs IOSR-JM) ISSN: 2278-5728. Volume 3, Issue 3 Sep-Oct. 202), PP 44-48 www.osrjournals.org Usng T.O.M to Estmate Parameter of dstrbutons that have not Sngle Exponental Famly Jubran
More informationIntroductory Cardinality Theory Alan Kaylor Cline
Introductory Cardnalty Theory lan Kaylor Clne lthough by name the theory of set cardnalty may seem to be an offshoot of combnatorcs, the central nterest s actually nfnte sets. Combnatorcs deals wth fnte
More informationNUMERICAL DIFFERENTIATION
NUMERICAL DIFFERENTIATION 1 Introducton Dfferentaton s a method to compute the rate at whch a dependent output y changes wth respect to the change n the ndependent nput x. Ths rate of change s called the
More informationAn (almost) unbiased estimator for the S-Gini index
An (almost unbased estmator for the S-Gn ndex Thomas Demuynck February 25, 2009 Abstract Ths note provdes an unbased estmator for the absolute S-Gn and an almost unbased estmator for the relatve S-Gn for
More informationRemarks on the Properties of a Quasi-Fibonacci-like Polynomial Sequence
Remarks on the Propertes of a Quas-Fbonacc-lke Polynomal Sequence Brce Merwne LIU Brooklyn Ilan Wenschelbaum Wesleyan Unversty Abstract Consder the Quas-Fbonacc-lke Polynomal Sequence gven by F 0 = 1,
More informationNotes on Frequency Estimation in Data Streams
Notes on Frequency Estmaton n Data Streams In (one of) the data streamng model(s), the data s a sequence of arrvals a 1, a 2,..., a m of the form a j = (, v) where s the dentty of the tem and belongs to
More informationAttacks on RSA The Rabin Cryptosystem Semantic Security of RSA Cryptology, Tuesday, February 27th, 2007 Nils Andersen. Complexity Theoretic Reduction
Attacks on RSA The Rabn Cryptosystem Semantc Securty of RSA Cryptology, Tuesday, February 27th, 2007 Nls Andersen Square Roots modulo n Complexty Theoretc Reducton Factorng Algorthms Pollard s p 1 Pollard
More informationThe Study of Teaching-learning-based Optimization Algorithm
Advanced Scence and Technology Letters Vol. (AST 06), pp.05- http://dx.do.org/0.57/astl.06. The Study of Teachng-learnng-based Optmzaton Algorthm u Sun, Yan fu, Lele Kong, Haolang Q,, Helongang Insttute
More informationVQ widely used in coding speech, image, and video
at Scalar quantzers are specal cases of vector quantzers (VQ): they are constraned to look at one sample at a tme (memoryless) VQ does not have such constrant better RD perfomance expected Source codng
More informationOn quasiperfect numbers
Notes on Number Theory and Dscrete Mathematcs Prnt ISSN 1310 5132, Onlne ISSN 2367 8275 Vol. 23, 2017, No. 3, 73 78 On quasperfect numbers V. Sva Rama Prasad 1 and C. Suntha 2 1 Nalla Malla Reddy Engneerng
More information(1 ) (1 ) 0 (1 ) (1 ) 0
Appendx A Appendx A contans proofs for resubmsson "Contractng Informaton Securty n the Presence of Double oral Hazard" Proof of Lemma 1: Assume that, to the contrary, BS efforts are achevable under a blateral
More informationGraph Reconstruction by Permutations
Graph Reconstructon by Permutatons Perre Ille and Wllam Kocay* Insttut de Mathémathques de Lumny CNRS UMR 6206 163 avenue de Lumny, Case 907 13288 Marselle Cedex 9, France e-mal: lle@ml.unv-mrs.fr Computer
More informationEdge Isoperimetric Inequalities
November 7, 2005 Ross M. Rchardson Edge Isopermetrc Inequaltes 1 Four Questons Recall that n the last lecture we looked at the problem of sopermetrc nequaltes n the hypercube, Q n. Our noton of boundary
More informationConvexity preserving interpolation by splines of arbitrary degree
Computer Scence Journal of Moldova, vol.18, no.1(52), 2010 Convexty preservng nterpolaton by splnes of arbtrary degree Igor Verlan Abstract In the present paper an algorthm of C 2 nterpolaton of dscrete
More informationYong Joon Ryang. 1. Introduction Consider the multicommodity transportation problem with convex quadratic cost function. 1 2 (x x0 ) T Q(x x 0 )
Kangweon-Kyungk Math. Jour. 4 1996), No. 1, pp. 7 16 AN ITERATIVE ROW-ACTION METHOD FOR MULTICOMMODITY TRANSPORTATION PROBLEMS Yong Joon Ryang Abstract. The optmzaton problems wth quadratc constrants often
More informationThe Multiple Classical Linear Regression Model (CLRM): Specification and Assumptions. 1. Introduction
ECONOMICS 5* -- NOTE (Summary) ECON 5* -- NOTE The Multple Classcal Lnear Regresson Model (CLRM): Specfcaton and Assumptons. Introducton CLRM stands for the Classcal Lnear Regresson Model. The CLRM s also
More informationFREQUENCY DISTRIBUTIONS Page 1 of The idea of a frequency distribution for sets of observations will be introduced,
FREQUENCY DISTRIBUTIONS Page 1 of 6 I. Introducton 1. The dea of a frequency dstrbuton for sets of observatons wll be ntroduced, together wth some of the mechancs for constructng dstrbutons of data. Then
More informationLecture 10: May 6, 2013
TTIC/CMSC 31150 Mathematcal Toolkt Sprng 013 Madhur Tulsan Lecture 10: May 6, 013 Scrbe: Wenje Luo In today s lecture, we manly talked about random walk on graphs and ntroduce the concept of graph expander,
More informationfind (x): given element x, return the canonical element of the set containing x;
COS 43 Sprng, 009 Dsjont Set Unon Problem: Mantan a collecton of dsjont sets. Two operatons: fnd the set contanng a gven element; unte two sets nto one (destructvely). Approach: Canoncal element method:
More informationCryptanalysis of Threshold Proxy Signature Schemes 1)
MM Research Preprnts, 226 233 MMRC, AMSS, Academa Snca No. 23, December 24 Cryptanalyss of Threshold Proxy Sgnature Schemes 1) Zuo-Wen Tan and Zhuo-Jun Lu Key Laboratory of Mathematcs Mechanzaton Insttute
More informationVoting Games with Positive Weights and. Dummy Players: Facts and Theory
Appled Mathematcal Scences, Vol 10, 2016, no 53, 2637-2646 HIKARI Ltd, wwwm-hkarcom http://dxdoorg/1012988/ams201667209 Votng Games wth Postve Weghts and Dummy Players: Facts and Theory Zdravko Dmtrov
More informationU.C. Berkeley CS294: Spectral Methods and Expanders Handout 8 Luca Trevisan February 17, 2016
U.C. Berkeley CS94: Spectral Methods and Expanders Handout 8 Luca Trevsan February 7, 06 Lecture 8: Spectral Algorthms Wrap-up In whch we talk about even more generalzatons of Cheeger s nequaltes, and
More informationMaximizing Overlap of Large Primary Sampling Units in Repeated Sampling: A comparison of Ernst s Method with Ohlsson s Method
Maxmzng Overlap of Large Prmary Samplng Unts n Repeated Samplng: A comparson of Ernst s Method wth Ohlsson s Method Red Rottach and Padrac Murphy 1 U.S. Census Bureau 4600 Slver Hll Road, Washngton DC
More informationprinceton univ. F 17 cos 521: Advanced Algorithm Design Lecture 7: LP Duality Lecturer: Matt Weinberg
prnceton unv. F 17 cos 521: Advanced Algorthm Desgn Lecture 7: LP Dualty Lecturer: Matt Wenberg Scrbe: LP Dualty s an extremely useful tool for analyzng structural propertes of lnear programs. Whle there
More information20. Mon, Oct. 13 What we have done so far corresponds roughly to Chapters 2 & 3 of Lee. Now we turn to Chapter 4. The first idea is connectedness.
20. Mon, Oct. 13 What we have done so far corresponds roughly to Chapters 2 & 3 of Lee. Now we turn to Chapter 4. The frst dea s connectedness. Essentally, we want to say that a space cannot be decomposed
More informationVolume 18 Figure 1. Notation 1. Notation 2. Observation 1. Remark 1. Remark 2. Remark 3. Remark 4. Remark 5. Remark 6. Theorem A [2]. Theorem B [2].
Bulletn of Mathematcal Scences and Applcatons Submtted: 016-04-07 ISSN: 78-9634, Vol. 18, pp 1-10 Revsed: 016-09-08 do:10.1805/www.scpress.com/bmsa.18.1 Accepted: 016-10-13 017 ScPress Ltd., Swtzerland
More informationNP-Completeness : Proofs
NP-Completeness : Proofs Proof Methods A method to show a decson problem Π NP-complete s as follows. (1) Show Π NP. (2) Choose an NP-complete problem Π. (3) Show Π Π. A method to show an optmzaton problem
More informationChristian Aebi Collège Calvin, Geneva, Switzerland
#A7 INTEGERS 12 (2012) A PROPERTY OF TWIN PRIMES Chrstan Aeb Collège Calvn, Geneva, Swtzerland chrstan.aeb@edu.ge.ch Grant Carns Department of Mathematcs, La Trobe Unversty, Melbourne, Australa G.Carns@latrobe.edu.au
More informationON A DETERMINATION OF THE INITIAL FUNCTIONS FROM THE OBSERVED VALUES OF THE BOUNDARY FUNCTIONS FOR THE SECOND-ORDER HYPERBOLIC EQUATION
Advanced Mathematcal Models & Applcatons Vol.3, No.3, 2018, pp.215-222 ON A DETERMINATION OF THE INITIAL FUNCTIONS FROM THE OBSERVED VALUES OF THE BOUNDARY FUNCTIONS FOR THE SECOND-ORDER HYPERBOLIC EUATION
More informationMatrix Approximation via Sampling, Subspace Embedding. 1 Solving Linear Systems Using SVD
Matrx Approxmaton va Samplng, Subspace Embeddng Lecturer: Anup Rao Scrbe: Rashth Sharma, Peng Zhang 0/01/016 1 Solvng Lnear Systems Usng SVD Two applcatons of SVD have been covered so far. Today we loo
More informationSection 3.6 Complex Zeros
04 Chapter Secton 6 Comple Zeros When fndng the zeros of polynomals, at some pont you're faced wth the problem Whle there are clearly no real numbers that are solutons to ths equaton, leavng thngs there
More informationn α j x j = 0 j=1 has a nontrivial solution. Here A is the n k matrix whose jth column is the vector for all t j=0
MODULE 2 Topcs: Lnear ndependence, bass and dmenson We have seen that f n a set of vectors one vector s a lnear combnaton of the remanng vectors n the set then the span of the set s unchanged f that vector
More informationSUCCESSIVE MINIMA AND LATTICE POINTS (AFTER HENK, GILLET AND SOULÉ) M(B) := # ( B Z N)
SUCCESSIVE MINIMA AND LATTICE POINTS (AFTER HENK, GILLET AND SOULÉ) S.BOUCKSOM Abstract. The goal of ths note s to present a remarably smple proof, due to Hen, of a result prevously obtaned by Gllet-Soulé,
More informationRestricted divisor sums
ACTA ARITHMETICA 02 2002) Restrcted dvsor sums by Kevn A Broughan Hamlton) Introducton There s a body of work n the lterature on varous restrcted sums of the number of dvsors of an nteger functon ncludng
More informationLectures - Week 4 Matrix norms, Conditioning, Vector Spaces, Linear Independence, Spanning sets and Basis, Null space and Range of a Matrix
Lectures - Week 4 Matrx norms, Condtonng, Vector Spaces, Lnear Independence, Spannng sets and Bass, Null space and Range of a Matrx Matrx Norms Now we turn to assocatng a number to each matrx. We could
More informationSmarandache-Zero Divisors in Group Rings
Smarandache-Zero Dvsors n Group Rngs W.B. Vasantha and Moon K. Chetry Department of Mathematcs I.I.T Madras, Chenna The study of zero-dvsors n group rngs had become nterestng problem snce 1940 wth the
More informationBeyond Zudilin s Conjectured q-analog of Schmidt s problem
Beyond Zudln s Conectured q-analog of Schmdt s problem Thotsaporn Ae Thanatpanonda thotsaporn@gmalcom Mathematcs Subect Classfcaton: 11B65 33B99 Abstract Usng the methodology of (rgorous expermental mathematcs
More informationDiscussion 11 Summary 11/20/2018
Dscusson 11 Summary 11/20/2018 1 Quz 8 1. Prove for any sets A, B that A = A B ff B A. Soluton: There are two drectons we need to prove: (a) A = A B B A, (b) B A A = A B. (a) Frst, we prove A = A B B A.
More informationLecture 12: Discrete Laplacian
Lecture 12: Dscrete Laplacan Scrbe: Tanye Lu Our goal s to come up wth a dscrete verson of Laplacan operator for trangulated surfaces, so that we can use t n practce to solve related problems We are mostly
More informationNumerical Solution of Ordinary Differential Equations
Numercal Methods (CENG 00) CHAPTER-VI Numercal Soluton of Ordnar Dfferental Equatons 6 Introducton Dfferental equatons are equatons composed of an unknown functon and ts dervatves The followng are examples
More informationMAXIMUM A POSTERIORI TRANSDUCTION
MAXIMUM A POSTERIORI TRANSDUCTION LI-WEI WANG, JU-FU FENG School of Mathematcal Scences, Peng Unversty, Bejng, 0087, Chna Center for Informaton Scences, Peng Unversty, Bejng, 0087, Chna E-MIAL: {wanglw,
More information2E Pattern Recognition Solutions to Introduction to Pattern Recognition, Chapter 2: Bayesian pattern classification
E395 - Pattern Recognton Solutons to Introducton to Pattern Recognton, Chapter : Bayesan pattern classfcaton Preface Ths document s a soluton manual for selected exercses from Introducton to Pattern Recognton
More information