Review of Elementary Cryptography. For more material, see my notes of CSE 5351, available on my webpage
|
|
- Jeffrey Nelson
- 5 years ago
- Views:
Transcription
1 Review of Elemetary Cryptography For more material, see my otes of CSE 5351, available o my webpage
2 Outlie Security (CPA, CCA, sematic security, idistiguishability) RSA ElGamal Homomorphic ecryptio 2
3 Two types of ecryptio schemes Private-key ecryptio schemes Also called symmetric-key ecryptio schemes Public-key ecryptio schemes Also called asymmetric-key ecryptio schemes We are more iterested i the latter. 3
4 Symmetric-key ecryptio scheme * Message space: M {0,1}. Key geeratio algorithm G: O iput 1, G(1 ) outputs a key k {0,1}. ( K = {0,1} ; ad is the security parameter.) Ecryptio algorithm E : O iput a key k ad a plaitext m M, Eoutputs a ciphertext c. We write c Ekm (, ) or c E ( m). k Decryptio algorithm D outputs a message ( ) D : O iput a key k ad a ciphertext c, m. We write m: = D( k, c) or m: = D ( c). Correctess requiremet: for each k K ad m M, D E ( m) = m. k k G, E, probabilistic algorithms. D, determiistic. All poly-time. k 4
5 Public-key ecryptio scheme Key geeratio algorithm ( pk sk ) G: O iput 1, G(1 ) outputs a pair of keys,,, each of legth at least Ecryptio algorithm E : O iput a public key pk ad a plaitext m M, E outputs a ciphertext c. We write c E ( m). pk (The message space may deped o pk.) Decryptio algorithm c, D outputs a message Correctess requiremet: ( ). D : O iput a secret key sk ad a ciphertext m. We write m: = D ( c). Pr Dsk Ep k( m) m: m M = pk = 1 except for a egligible portio of key pairs output by G( 1 ). sk pk
6 Symmetric vs. Asymmetric Symmetric ecryptios are much faster tha asymmetric oes. AES is typically 100 times faster tha RSA ecryptio ad 1000 times faster tha RSA decryptio. Use asymmetric cipher to set up a sessio key ad the use symmetric cipher to ecrypt data.
7 Security Issues What does it mea that a ecryptio scheme is secure (or isecure)? Sematic security Ciphertext-idistiguishability No-malleability
8 Differet types of attacks Differet types of attacks (classified by the amout of iformatio available to the attacker): Ciphertext-oly attack (eavesdropper) Kow-plaitext attack Chose-plaitext attack (CPA) Chose-ciphertext attack (CCA) 8
9 Negligible fuctios A oegative fuctio f : N R is said to be egligible if for every positive polyomial P ( ), there is a iteger 0 such that 1 f( ) < for all > 0 (i. e., for sufficietly large ). P ( ) log Examples: 2, 2, are egligible fuctios. Negligible fuctios approach zero faster tha the reciprocal of every polyomial. We write egl( ) to deote a uspecified egligible fuctio. 9
10 Security Parameter The security of a ecryptio scheme typically depeds o its key legth. Is RSA secure if N = 216, 512, or 1024? I geeral, a ecryptio scheme is associated with a iteger called its thik of it as key legth.) Whe we say that the beig broke security parameter λ. security parameter. (For ow, you may probability Pr( λ) of a ecryptio scheme is egligible, it is w. r.t. the ecryptio scheme's 10
11 Sematic Security (simplified) A private-key ecryptio scheme ( GED,, ) with sesutiry parameter is sematically secure agaist a eavesdropper if for every probabilistic polyomial-time (PPT) algorithm A there exists a PPT A such that for all polyomial-time computable fuctios f ad h: Pr ( ) A1, Ek ( m), hm ( ) f( m) : k G(1 ), m {0,1} = egl( ). ( 1, h( m ) Pr A ) = f( m) : m { 0,1} 11
12 Ciphertext-Idistiguishability Adversary: a polyomial-time eavesdropper. ( GED,, ) : a ecryptio scheme with security parameter. Imagie a game played by Bob ad Eve (adversary): Eve is give iput 1 ad outputs a pair of messages m, m of the same legth. 0 1 Bob chooses a key k G(1 ) ad m u { m0, m1}. He computes c Ek ( m) ad gives c to Eve. Eve tries to determie whether c is the ecryptio of m or m. 0 1 A ecryptio scheme is ciphertext-idistiguishable agaist eavesdroppers if o adversary ca succeed with probability o-egligibly greater tha
13 Defiitio: A ecryptio scheme is ciphertext-idistiguishable agaist eavesdroppers if for every PPT algorithm it holds: A ad all m, m M, m = m, Pr A(1, m0, m1, Ek( m)) = m: m u { m0, m1}, k G(1 ) 1 + egl( ) 2 13
14 Equivalece of sematic security ad ciphertext-idistiguishability Theorem: Agaist a eavesdropper, a ecryptio scheme is sematically secure iff it is ciphertext-idistiguishable. Theorem: Uder CPA, CCA1 or CCA2, a ecryptio scheme is sematically secure if ad oly if it is ciphertext-idistiguisha ble. 14
15 Chose-plaitext attacks (CPA) Iformally, we may describe CPA as follows: Give: ( m, c ), ( m, c ),, ( m, c ), where m, m,, m t t 1 2 t are chose by the adversary; ad a ew ciphertext c. Q : what is the plaitext of c? Adaptively-chose-plaitext attack : m, m,, m are chose adaptively. 1 2 Now we describe CPA i terms of oracle. t 15
16 Chose-plaitext attacks (CPA) A CPA o a ecryptio scheme ( GED,, ) is modeled as follows. 1. A key k G(1 ) is geerated. 2. The adversary is give iput 1 ad oracle access to E. She may request the oracle to ecrypt plaitexts of her choice. 3. The adversary chooses two message m, m with m = m ; ad is give a challege ciphertext c E ( m ), where b {0,1}. k b u 4. The adversary cotiues to have oracle access ad may request the ecryptios of additioal plaitexts of her choice, eve m ad m. 5. The adversary fially aswers 0 or 1. k 0 1 Note: The CPA here actually refers to a adaptive CPA. 16
17 Ciphertext-idistiguishability agaist CPA A ecryptio scheme ( GED,, ) is IND-CPA if o polyomial-time adversary ca aswer correctly with probability o-egligibly greater tha 1 2. Defiitio: a ecryptio scheme ( GED,, ) is IND-CPA if for ever polyomial adversary A it holds that: k ( ) k m E Pr A 1, m0, m1, E ( ) = m: k G(1 ), m u { m0, m1}, m, m 0 1 A M ] 1 + egl( ) 2 17
18 Chose-ciphertext attacks (CCA) Iformally we may describe CCA as follows: Give: ( m, c ), ( m, c ),, ( m, c ), where c, c,, c t t 1 2 t are chose by the adversary; ad a ew ciphertext c. Q : what is the plaitext of c? Adaptively-chose-plaitext attack : c, c,, c are chose adaptively. 1 2 Now we describe CCA i terms of oracle. We will allow a CCA adversary to also have CPA capability. (So, by CCA we mea CCA+CPA, rather tha pure CCA.) t 18
19 Chose-ciphertext attacks (CCA) A CCA o a ecryptio scheme ( GED,, ) is modeled as follow s. 1. A key k G(1 ) is geerated. 2. The adversary is give iput 1 ad oracle access to E ad D. She may request the oracles to perform ecryptios ad/or decryptios for her. 3. The adversary chooses two message m, m with m = m ; ad is give a challege ciphertext c E ( m ), where b {0,1}. 4. The k b u adversary cotiues to have oracle access to E ad D, but is ot allowed to request the decryptio of c. 5. The adversary fially aswers 0 or 1. k k k k 19
20 Ciphertext-idistiguishability agaist CCA A ecryptio scheme ( GED,, ) is IND-CCA if o polyomial-time adversary ca aswer correctly with probability o-egligibly greater tha 1 2. Defiitio: a ecryptio scheme ( GED,, ) is IND-CCA if for ever polyomial-time adversary A, it holds that: k ( ) k m E, Dk Pr A 1, m0, m1, E ( ) = m: k G(1 ), m u { m0, m1}, m, m 0 1 A M ] 1 + egl( ) 2 20
21 CCA1 vs. CCA2 The CCA described above is also called CCA2. If i item #4 the adversary has o access to the decryptio oracle, the CCA is called CCA1. 21
22 No-malleability A ecryptio scheme ( GED,, ) is o-malleable if give a ciphertext c= Em ( ), it is computatioally ifeasible for a adversary to produce a ciphertext c such that m = Dc ( ) has some kow relatio with m. RSA is malleable. malleable ot IND-CCA2. Every homomorphic ecryptio scheme is malleable, ad hece caot be IND-CCA2. Highest security level possible for homomorphic ecryptio scheme: IND-CCA1. 22
23 Homomorphic Ecryptio
24 RSA is homomorphic RSA( m m ) = RSA( m ) RSA( m ) * where is the multiplicatio i Z (i.e., modulo ). Easy to verify: ( ) RSA( m m ) = m m RSA( m ) = RSA( m ) e 1 1 e 2 = m2 e e RSA( m ) RSA( m ) = m m = ( m m ) 1 m e e
25 Homomorphic ecryptio M : message space C : ciphertext space M C : some biary operatio i M : some biary operatio i C Defiitio : A ecryptio scheme is if the ecryptio fuctio E satisfies E ( m m ) = E ( m ) E ( m ) pk 1 M 2 pk 1 C k 2 for all keys pk ad messages m, m M. 1 2 M -homomorphic Comm et: does't work for probabilistic ecryptios.
26 ElGamal ecryptio is homomorphic Em ( m) Em ( ) Em ( ), i the followig sese: Em ( ) Em ( ) is a valid ecryptio of mm. 1 2 Verificatio: ( k ) ( ) 1 k1 k2 k If Em ( ) = g, my ad Em ( ) = g, my, the ( k ) ( ) 1 k1 k2 k2 Em ( ) Em ( ) = g, my g, my = ( k ) 1+ k2 k1+ k2 g, m1m 2y is a valid ecryptio of m m
27 Homomorphic ecryptio redefied M : message space C : ciphertext space M C : some biary operatio i M : some biary operatio i C Defiitio : A ecryptio scheme is -homomorphic if the ecryptio fuctio E satisfies ( ( ) ( )) C m m = D E m Em 1 M 2 sk pk 1 2 for all messages m, m M ad all ecryptio/decryptio key pairs ( pk, sk). 1 2 M
28 A geeralized defiitio Defiiti o: A ecryptio scheme is homomorphic if there is a polyomial time algorithm A such that w.r.t M m m = D 1 M 2 sk ( ( ), ( )) ( A Em Em ) pk 1 2 for all messages m, m M ad all key pairs. 1 2 ecryptio/decryptio Questio: How to further geeralize it?
29 Various homomorphic ecryptios A ecryptio scheme is additively homomorphic if it is homomorphic w.r.t multiplicatively homomorphic if it is homomorphic w.r.t algebraicly + M ad M homomorphic if it is homomorphic w.r.t both + M M RSA (1977) ad ElGamal (1984) are homomorphic. multiplicatively Padded RSA is ot homomorphic. Goldwasser-Micali (1982): additively homomorphic
30 Fully homomorphic ecryptio I 2009, Craig Getry proposed a fully homomorphic ecryptio scheme. Iformally: A ecryptio scheme is homomorphic w. r.t if there is a polyomial time algorithm A such that C A M (, ( ) ( )) ( ) A ( m,, m ) = D A pk E m,, E m M 1 t pk C 1 t Iformally: A ecryptio scheme is fully homomorphic if it is homomorphic w.r.t. ay algorithm A M.
Message Authentication Codes. Reading: Chapter 4 of Katz & Lindell
Message Autheticatio Codes Readig: Chapter 4 of Katz & Lidell 1 Message autheticatio Bob receives a message m from Alice, he wats to ow (Data origi autheticatio) whether the message was really set by Alice.
More informationLecture 11: Pseudorandom functions
COM S 6830 Cryptography Oct 1, 2009 Istructor: Rafael Pass 1 Recap Lecture 11: Pseudoradom fuctios Scribe: Stefao Ermo Defiitio 1 (Ge, Ec, Dec) is a sigle message secure ecryptio scheme if for all uppt
More informationThe Paillier Cryptosystem
E-Votig Semiar The Paillier Cryptosystem Adreas Steffe Hochschule für Techik Rapperswil adreas.steffe@hsr.ch Adreas Steffe, 17.1.010, Paillier.pptx 1 Ageda Some mathematical properties Ecryptio ad decryptio
More informationFactoring Algorithms and Other Attacks on the RSA 1/12
Factorig Algorithms ad Other Attacks o the RSA T-79550 Cryptology Lecture 8 April 8, 008 Kaisa Nyberg Factorig Algorithms ad Other Attacks o the RSA / The Pollard p Algorithm Let B be a positive iteger
More informationLesson 10: Limits and Continuity
www.scimsacademy.com Lesso 10: Limits ad Cotiuity SCIMS Academy 1 Limit of a fuctio The cocept of limit of a fuctio is cetral to all other cocepts i calculus (like cotiuity, derivative, defiite itegrals
More informationLecture 11: Hash Functions and Random Oracle Model
CS 7810 Foudatios of Cryptography October 16, 017 Lecture 11: Hash Fuctios ad Radom Oracle Model Lecturer: Daiel Wichs Scribe: Akshar Varma 1 Topic Covered Defiitio of Hash Fuctios Merkle-Damgaård Theorem
More informationA Block Cipher Using Linear Congruences
Joural of Computer Sciece 3 (7): 556-560, 2007 ISSN 1549-3636 2007 Sciece Publicatios A Block Cipher Usig Liear Cogrueces 1 V.U.K. Sastry ad 2 V. Jaaki 1 Academic Affairs, Sreeidhi Istitute of Sciece &
More informationFurther More on Key Wrapping. 2011/2/17 SKEW2011 Lyngby Nagoya University Yasushi Osaki, Tetsu Iwata
Further More o Key Wrappig 011//17 SKEW011 Lygby Nagoya Uiversity Yasushi Osaki, Tetsu Iwata 1 What is key wrappig? Used to ecrypt specialized data, such as cryptographic keys A key wrappig that also esures
More information6 Integers Modulo n. integer k can be written as k = qn + r, with q,r, 0 r b. So any integer.
6 Itegers Modulo I Example 2.3(e), we have defied the cogruece of two itegers a,b with respect to a modulus. Let us recall that a b (mod ) meas a b. We have proved that cogruece is a equivalece relatio
More informationSecurity of Identity-based Encryption Schemes from Quadratic Residues
I: Bica I., Reyhaitabar R. eds Iovative Security Solutios for Iformatio Techology ad Commuicatios. SECITC 2016. Lecture Notes i Computer Sciece, vol 10006. pp 63-77, 2016,Spriger, Cham Security of Idetity-based
More informationSolutions to Math 347 Practice Problems for the final
Solutios to Math 347 Practice Problems for the fial 1) True or False: a) There exist itegers x,y such that 50x + 76y = 6. True: the gcd of 50 ad 76 is, ad 6 is a multiple of. b) The ifiimum of a set is
More informationTwo-Input Functional Encryption for Inner Products from Bilinear Maps
Two-Iput Fuctioal Ecryptio for Ier Products from Biliear Maps Kwagsu Lee Dog Hoo Lee Abstract Fuctioal ecryptio is a ew paradigm of public-key ecryptio that allows a user to compute f x o ecrypted data
More informationORTHOGONAL MATRIX IN CRYPTOGRAPHY
Orthogoal Matrix i Cryptography ORTHOGONAL MATRIX IN CRYPTOGRAPHY Yeray Cachó Sataa Member of CriptoRed (U.P.M.) ABSTRACT I this work is proposed a method usig orthogoal matrix trasform properties to ecrypt
More informationLecture 9: Pseudo-random generators against space bounded computation,
Lecture 9: Pseudo-radom geerators agaist space bouded computatio, Primality Testig Topics i Pseudoradomess ad Complexity (Sprig 2018) Rutgers Uiversity Swastik Kopparty Scribes: Harsha Tirumala, Jiyu Zhag
More information4.3 Growth Rates of Solutions to Recurrences
4.3. GROWTH RATES OF SOLUTIONS TO RECURRENCES 81 4.3 Growth Rates of Solutios to Recurreces 4.3.1 Divide ad Coquer Algorithms Oe of the most basic ad powerful algorithmic techiques is divide ad coquer.
More information7. Modern Techniques. Data Encryption Standard (DES)
7. Moder Techiques. Data Ecryptio Stadard (DES) The objective of this chapter is to illustrate the priciples of moder covetioal ecryptio. For this purpose, we focus o the most widely used covetioal ecryptio
More informationInfinite Sequences and Series
Chapter 6 Ifiite Sequeces ad Series 6.1 Ifiite Sequeces 6.1.1 Elemetary Cocepts Simply speakig, a sequece is a ordered list of umbers writte: {a 1, a 2, a 3,...a, a +1,...} where the elemets a i represet
More informationSquare-Congruence Modulo n
Square-Cogruece Modulo Abstract This paper is a ivestigatio of a equivalece relatio o the itegers that was itroduced as a exercise i our Discrete Math class. Part I - Itro Defiitio Two itegers are Square-Cogruet
More informationLossy Trapdoor Functions from Smooth Homomorphic Hash Proof Systems
Electroic Colloquium o Computatioal Complexity, Revisio 1 of Report No 127 (2009) Lossy Trapdoor Fuctios from Smooth Homomorphic Hash Proof Systems July 4, 2010 Abstract I STOC 08, Peikert ad Waters itroduced
More informationNotes for Lecture 5. 1 Grover Search. 1.1 The Setting. 1.2 Motivation. Lecture 5 (September 26, 2018)
COS 597A: Quatum Cryptography Lecture 5 (September 6, 08) Lecturer: Mark Zhadry Priceto Uiversity Scribe: Fermi Ma Notes for Lecture 5 Today we ll move o from the slightly cotrived applicatios of quatum
More informationThe picture in figure 1.1 helps us to see that the area represents the distance traveled. Figure 1: Area represents distance travelled
1 Lecture : Area Area ad distace traveled Approximatig area by rectagles Summatio The area uder a parabola 1.1 Area ad distace Suppose we have the followig iformatio about the velocity of a particle, how
More informationTest One (Answer Key)
CS395/Ma395 (Sprig 2005) Test Oe Name: Page 1 Test Oe (Aswer Key) CS395/Ma395: Aalysis of Algorithms This is a closed book, closed otes, 70 miute examiatio. It is worth 100 poits. There are twelve (12)
More informationRiemann Sums y = f (x)
Riema Sums Recall that we have previously discussed the area problem I its simplest form we ca state it this way: The Area Problem Let f be a cotiuous, o-egative fuctio o the closed iterval [a, b] Fid
More informationModern Algebra. Previous year Questions from 2017 to Ramanasri
Moder Algebra Previous year Questios from 017 to 199 Ramaasri 017 S H O P NO- 4, 1 S T F L O O R, N E A R R A P I D F L O U R M I L L S, O L D R A J E N D E R N A G A R, N E W D E L H I. W E B S I T E
More informationA Provably Secure Signature Scheme based on Factoring and Discrete Logarithms
Appl. Math. If. Sci. 8, No. 4, 1553-1558 2014) 1553 Applied Mathematics & Iformatio Scieces A Iteratioal Joural http://dx.doi.org/10.12785/amis/080408 A Provably Secure Sigature Scheme based o Factorig
More informationSimon Blackburn. Sean Murphy. Jacques Stern. Laboratoire d'informatique, Ecole Normale Superieure, Abstract
The Cryptaalysis of a Public Key Implemetatio of Fiite Group Mappigs Simo Blackbur Sea Murphy Iformatio Security Group, Royal Holloway ad Bedford New College, Uiversity of Lodo, Egham, Surrey TW20 0EX,
More informationARITHMETIC PROGRESSIONS
CHAPTER 5 ARITHMETIC PROGRESSIONS (A) Mai Cocepts ad Results A arithmetic progressio (AP) is a list of umbers i which each term is obtaied by addig a fixed umber d to the precedig term, except the first
More informationChapter 6 Infinite Series
Chapter 6 Ifiite Series I the previous chapter we cosidered itegrals which were improper i the sese that the iterval of itegratio was ubouded. I this chapter we are goig to discuss a topic which is somewhat
More informationGentry s ideal-lattice based encryption scheme. Gentry s STOC 09 paper - Part III
Getry s ideal-lattice based ecryptio scheme Getry s STOC 09 paper - Part 1 From Micciacio's paper Why ideal lattices --- as opposed to just ideals or lattices? We described a ideal-based ecryptio scheme
More informationSection 11.8: Power Series
Sectio 11.8: Power Series 1. Power Series I this sectio, we cosider geeralizig the cocept of a series. Recall that a series is a ifiite sum of umbers a. We ca talk about whether or ot it coverges ad i
More informationLecture Note 3 Date:
P.Lafourcade Lecture Note 3 Date: 28.09.2009 Security models 1st Semester 2007/2008 ROUAULT Boris GABIAM Amanda ARNEDO Pedro 1 Contents 1 Perfect Encryption 3 1.1 Notations....................................
More informationAdvanced Cryptography 1st Semester Public Encryption
Advanced Cryptography 1st Semester 2007-2008 Pascal Lafourcade Université Joseph Fourrier, Verimag Master: October 1st 2007 1 / 64 Last Time (I) Indistinguishability Negligible function Probabilities Indistinguishability
More information6.3 Testing Series With Positive Terms
6.3. TESTING SERIES WITH POSITIVE TERMS 307 6.3 Testig Series With Positive Terms 6.3. Review of what is kow up to ow I theory, testig a series a i for covergece amouts to fidig the i= sequece of partial
More informationPolynomial reduction. Outline Lecture. Non deterministic polynomial time. Example 1 : discrete log. Lecture: Polynomial reduction.
Outlie Lecture Part 1 : Asymmetric cryptography, oe way fuctio, complexity Part 2 : arithmetic complexity ad lower bouds : expoetiatio Part 3 : Provable security ad polyomial time reductio : P, NP classes.
More informationSequences A sequence of numbers is a function whose domain is the positive integers. We can see that the sequence
Sequeces A sequece of umbers is a fuctio whose domai is the positive itegers. We ca see that the sequece 1, 1, 2, 2, 3, 3,... is a fuctio from the positive itegers whe we write the first sequece elemet
More informationIP Reference guide for integer programming formulations.
IP Referece guide for iteger programmig formulatios. by James B. Orli for 15.053 ad 15.058 This documet is iteded as a compact (or relatively compact) guide to the formulatio of iteger programs. For more
More informationFLC Ch 8 & 9. Evaluate. Check work. a) b) c) d) e) f) g) h) i) j) k) l) m) n) o) 3. p) q) r) s) t) 3.
Math 100 Elemetary Algebra Sec 8.1: Radical Expressios List perfect squares ad evaluate their square root. Kow these perfect squares for test. Def The positive (pricipal) square root of x, writte x, is
More informationPROBABILISTIC SOLUTION OF YAO S MILLIONAIRES PROBLEM
PROBABILISTIC SOLUTION OF YAO S MILLIONAIRES PROBLEM MARIYA BESSONOV, DIMA GRIGORIEV, AND VLADIMIR SHPILRAIN ABSTRACT. We offer a probabilistic solutio of Yao s millioaires problem that gives correct aswer
More informationOblivious Transfer using Elliptic Curves
Oblivious Trasfer usig Elliptic Curves bhishek Parakh Louisiaa State Uiversity, ato Rouge, L May 4, 006 bstract: This paper proposes a algorithm for oblivious trasfer usig elliptic curves lso, we preset
More information, then cv V. Differential Equations Elements of Lineaer Algebra Name: Consider the differential equation. and y2 cos( kx)
Cosider the differetial equatio y '' k y 0 has particular solutios y1 si( kx) ad y cos( kx) I geeral, ay liear combiatio of y1 ad y, cy 1 1 cy where c1, c is also a solutio to the equatio above The reaso
More informationCHAPTER I: Vector Spaces
CHAPTER I: Vector Spaces Sectio 1: Itroductio ad Examples This first chapter is largely a review of topics you probably saw i your liear algebra course. So why cover it? (1) Not everyoe remembers everythig
More informationIntroduction to Cybersecurity Cryptography (Part 4)
Introduction to Cybersecurity Cryptography (Part 4) Review of Last Lecture Blockciphers Review of DES Attacks on Blockciphers Advanced Encryption Standard (AES) Modes of Operation MACs and Hashes Message
More informationCS151 Complexity Theory
Time ad Space CS151 Complexity Theory Lecture 2 April 1, 2004 A motivatig questio: Boolea formula with odes evaluate usig O(log ) space? depth-first traversal requires storig itermediate values idea: short-circuit
More informationAn extension of the RSA trapdoor in a KEM/DEM framework
A extesio of the RSA trapdoor i a KEM/DEM framework Bogda Groza Politehica Uiversity of Timisoara Faculty of Automatics ad Computers Bd. Vasile Parva r. 2, 300223 Timisoara, Romaia mail: bogda.groza@aut.upt.ro
More informationRoberto s Notes on Infinite Series Chapter 1: Sequences and series Section 3. Geometric series
Roberto s Notes o Ifiite Series Chapter 1: Sequeces ad series Sectio Geometric series What you eed to kow already: What a ifiite series is. The divergece test. What you ca le here: Everythig there is to
More informationMath 155 (Lecture 3)
Math 55 (Lecture 3) September 8, I this lecture, we ll cosider the aswer to oe of the most basic coutig problems i combiatorics Questio How may ways are there to choose a -elemet subset of the set {,,,
More information62. Power series Definition 16. (Power series) Given a sequence {c n }, the series. c n x n = c 0 + c 1 x + c 2 x 2 + c 3 x 3 +
62. Power series Defiitio 16. (Power series) Give a sequece {c }, the series c x = c 0 + c 1 x + c 2 x 2 + c 3 x 3 + is called a power series i the variable x. The umbers c are called the coefficiets of
More informationRearranging the Alternating Harmonic Series
Rearragig the Alteratig Harmoic Series Da Teague C School of Sciece ad Mathematics teague@cssm.edu 00 TCM Coferece CSSM, Durham, C Regroupig Ifiite Sums We kow that the Taylor series for l( x + ) is x
More informationASYMMETRIC ENCRYPTION
ASYMMETRIC ENCRYPTION 1 / 1 Recommended Book Steven Levy. Crypto. Penguin books. 2001. A non-technical account of the history of public-key cryptography and the colorful characters involved. 2 / 1 Recall
More informationn outcome is (+1,+1, 1,..., 1). Let the r.v. X denote our position (relative to our starting point 0) after n moves. Thus X = X 1 + X 2 + +X n,
CS 70 Discrete Mathematics for CS Sprig 2008 David Wager Note 9 Variace Questio: At each time step, I flip a fair coi. If it comes up Heads, I walk oe step to the right; if it comes up Tails, I walk oe
More informationIntroduction to Cybersecurity Cryptography (Part 4)
Introduction to Cybersecurity Cryptography (Part 4) Review of Last Lecture Blockciphers Review of DES Attacks on Blockciphers Advanced Encryption Standard (AES) Modes of Operation MACs and Hashes Message
More informationThe Growth of Functions. Theoretical Supplement
The Growth of Fuctios Theoretical Supplemet The Triagle Iequality The triagle iequality is a algebraic tool that is ofte useful i maipulatig absolute values of fuctios. The triagle iequality says that
More informationPolynomial identity testing and global minimum cut
CHAPTER 6 Polyomial idetity testig ad global miimum cut I this lecture we will cosider two further problems that ca be solved usig probabilistic algorithms. I the first half, we will cosider the problem
More informationMathematical Foundation. CSE 6331 Algorithms Steve Lai
Mathematical Foudatio CSE 6331 Algorithms Steve Lai Complexity of Algorithms Aalysis of algorithm: to predict the ruig time required by a algorithm. Elemetary operatios: arithmetic & boolea operatios:
More informationAxioms of Measure Theory
MATH 532 Axioms of Measure Theory Dr. Neal, WKU I. The Space Throughout the course, we shall let X deote a geeric o-empty set. I geeral, we shall ot assume that ay algebraic structure exists o X so that
More informationIn number theory we will generally be working with integers, though occasionally fractions and irrationals will come into play.
Number Theory Math 5840 otes. Sectio 1: Axioms. I umber theory we will geerally be workig with itegers, though occasioally fractios ad irratioals will come ito play. Notatio: Z deotes the set of all itegers
More informationMath 140A Elementary Analysis Homework Questions 1
Math 14A Elemetary Aalysis Homewor Questios 1 1 Itroductio 1.1 The Set N of Natural Numbers 1 Prove that 1 2 2 2 2 1 ( 1(2 1 for all atural umbers. 2 Prove that 3 11 (8 5 4 2 for all N. 4 (a Guess a formula
More informationBasic Sets. Functions. MTH299 - Examples. Example 1. Let S = {1, {2, 3}, 4}. Indicate whether each statement is true or false. (a) S = 4. (e) 2 S.
Basic Sets Example 1. Let S = {1, {2, 3}, 4}. Idicate whether each statemet is true or false. (a) S = 4 (b) {1} S (c) {2, 3} S (d) {1, 4} S (e) 2 S. (f) S = {1, 4, {2, 3}} (g) S Example 2. Compute the
More informationChapter 11 : Private-Key Encryption
COMP547 Claude Crépeau INTRODUCTION TO MODERN CRYPTOGRAPHY _ Second Edition _ Jonathan Katz Yehuda Lindell Chapter 11 : Private-Key Encryption 1 Chapter 11 Public-Key Encryption Apologies: all numbering
More informationChapter 6. Advanced Counting Techniques
Chapter 6 Advaced Coutig Techiques 6.: Recurrece Relatios Defiitio: A recurrece relatio for the sequece {a } is a equatio expressig a i terms of oe or more of the previous terms of the sequece: a,a2,a3,,a
More informationA sequence of numbers is a function whose domain is the positive integers. We can see that the sequence
Sequeces A sequece of umbers is a fuctio whose domai is the positive itegers. We ca see that the sequece,, 2, 2, 3, 3,... is a fuctio from the positive itegers whe we write the first sequece elemet as
More informationSets and Probabilistic Models
ets ad Probabilistic Models Berli Che Departmet of Computer ciece & Iformatio Egieerig Natioal Taiwa Normal Uiversity Referece: - D. P. Bertsekas, J. N. Tsitsiklis, Itroductio to Probability, ectios 1.1-1.2
More informationAlgebraic Geometry I
6.859/15.083 Iteger Programmig ad Combiatorial Optimizatio Fall 2009 Lecture 14: Algebraic Geometry I Today... 0/1-iteger programmig ad systems of polyomial equatios The divisio algorithm for polyomials
More informationFinite-length Discrete Transforms. Chapter 5, Sections
Fiite-legth Discrete Trasforms Chapter 5, Sectios 5.2-50 5.0 Dr. Iyad djafar Outlie The Discrete Fourier Trasform (DFT) Matrix Represetatio of DFT Fiite-legth Sequeces Circular Covolutio DFT Symmetry Properties
More information1 Summary: Binary and Logic
1 Summary: Biary ad Logic Biary Usiged Represetatio : each 1-bit is a power of two, the right-most is for 2 0 : 0110101 2 = 2 5 + 2 4 + 2 2 + 2 0 = 32 + 16 + 4 + 1 = 53 10 Usiged Rage o bits is [0...2
More informationTHE combination of quantum mechanics and information science forms a new science quantum information science, in
Block ecryptio of quatum messages Mi Liag ad Li Yag 1 arxiv:181.06050v1 [cs.cr] 14 Dec 018 Abstract I moder cryptography, block ecryptio is a fudametal cryptographic primitive. However, it is impossible
More informationLONG SNAKES IN POWERS OF THE COMPLETE GRAPH WITH AN ODD NUMBER OF VERTICES
J Lodo Math Soc (2 50, (1994, 465 476 LONG SNAKES IN POWERS OF THE COMPLETE GRAPH WITH AN ODD NUMBER OF VERTICES Jerzy Wojciechowski Abstract I [5] Abbott ad Katchalski ask if there exists a costat c >
More informationSums, products and sequences
Sums, products ad sequeces How to write log sums, e.g., 1+2+ (-1)+ cocisely? i=1 Sum otatio ( sum from 1 to ): i 3 = 1 + 2 + + If =3, i=1 i = 1+2+3=6. The ame ii does ot matter. Could use aother letter
More informationDiscrete-Time Systems, LTI Systems, and Discrete-Time Convolution
EEL5: Discrete-Time Sigals ad Systems. Itroductio I this set of otes, we begi our mathematical treatmet of discrete-time s. As show i Figure, a discrete-time operates or trasforms some iput sequece x [
More information6. Kalman filter implementation for linear algebraic equations. Karhunen-Loeve decomposition
6. Kalma filter implemetatio for liear algebraic equatios. Karhue-Loeve decompositio 6.1. Solvable liear algebraic systems. Probabilistic iterpretatio. Let A be a quadratic matrix (ot obligatory osigular.
More informationPublic-Key Cryptography. Lecture 9 Public-Key Encryption Diffie-Hellman Key-Exchange
Public-Key Cryptography Lecture 9 Public-Key Encryption Diffie-Hellman Key-Exchange Shared/Symmetric-Key Encryption (a.k.a. private-key encryption) SKE: Syntax KeyGen outputs K K E scheme E Syntax a.k.a.
More informationSome examples of vector spaces
Roberto s Notes o Liear Algebra Chapter 11: Vector spaces Sectio 2 Some examples of vector spaces What you eed to kow already: The te axioms eeded to idetify a vector space. What you ca lear here: Some
More informationGeneral Impossibility of Group Homomorphic Encryption in the Quantum World
General Impossibility of Group Homomorphic Encryption in the Quantum World Frederik Armknecht Tommaso Gagliardoni Stefan Katzenbeisser Andreas Peter PKC 2014, March 28th Buenos Aires, Argentina 1 An example
More informationIntro to Learning Theory
Lecture 1, October 18, 2016 Itro to Learig Theory Ruth Urer 1 Machie Learig ad Learig Theory Comig soo 2 Formal Framework 21 Basic otios I our formal model for machie learig, the istaces to be classified
More informationMa 530 Introduction to Power Series
Ma 530 Itroductio to Power Series Please ote that there is material o power series at Visual Calculus. Some of this material was used as part of the presetatio of the topics that follow. What is a Power
More informationSequences, Mathematical Induction, and Recursion. CSE 2353 Discrete Computational Structures Spring 2018
CSE 353 Discrete Computatioal Structures Sprig 08 Sequeces, Mathematical Iductio, ad Recursio (Chapter 5, Epp) Note: some course slides adopted from publisher-provided material Overview May mathematical
More information6.003 Homework #3 Solutions
6.00 Homework # Solutios Problems. Complex umbers a. Evaluate the real ad imagiary parts of j j. π/ Real part = Imagiary part = 0 e Euler s formula says that j = e jπ/, so jπ/ j π/ j j = e = e. Thus the
More information(A sequence also can be thought of as the list of function values attained for a function f :ℵ X, where f (n) = x n for n 1.) x 1 x N +k x N +4 x 3
MATH 337 Sequeces Dr. Neal, WKU Let X be a metric space with distace fuctio d. We shall defie the geeral cocept of sequece ad limit i a metric space, the apply the results i particular to some special
More informationInternational Journal of Advanced Research in Computer Science and Software Engineering
Volume 2, Issue 11, November 2012 ISSN: 2277 128X Iteratioal Joural of Advaced Research i Computer Sciece ad Software Egieerig Research Paper Available olie at: www.ijarcsse.com A Digital Sigature Algorim
More informationResampling Methods. X (1/2), i.e., Pr (X i m) = 1/2. We order the data: X (1) X (2) X (n). Define the sample median: ( n.
Jauary 1, 2019 Resamplig Methods Motivatio We have so may estimators with the property θ θ d N 0, σ 2 We ca also write θ a N θ, σ 2 /, where a meas approximately distributed as Oce we have a cosistet estimator
More informationChapter 7: The z-transform. Chih-Wei Liu
Chapter 7: The -Trasform Chih-Wei Liu Outlie Itroductio The -Trasform Properties of the Regio of Covergece Properties of the -Trasform Iversio of the -Trasform The Trasfer Fuctio Causality ad Stability
More informationTEACHER CERTIFICATION STUDY GUIDE
COMPETENCY 1. ALGEBRA SKILL 1.1 1.1a. ALGEBRAIC STRUCTURES Kow why the real ad complex umbers are each a field, ad that particular rigs are ot fields (e.g., itegers, polyomial rigs, matrix rigs) Algebra
More informationCS161: Algorithm Design and Analysis Handout #10 Stanford University Wednesday, 10 February 2016
CS161: Algorithm Desig ad Aalysis Hadout #10 Staford Uiversity Wedesday, 10 February 2016 Lecture #11: Wedesday, 10 February 2016 Topics: Example midterm problems ad solutios from a log time ago Sprig
More information11. FINITE FIELDS. Example 1: The following tables define addition and multiplication for a field of order 4.
11. FINITE FIELDS 11.1. A Field With 4 Elemets Probably the oly fiite fields which you ll kow about at this stage are the fields of itegers modulo a prime p, deoted by Z p. But there are others. Now although
More informationEnd-of-Year Contest. ERHS Math Club. May 5, 2009
Ed-of-Year Cotest ERHS Math Club May 5, 009 Problem 1: There are 9 cois. Oe is fake ad weighs a little less tha the others. Fid the fake coi by weighigs. Solutio: Separate the 9 cois ito 3 groups (A, B,
More informationLecture 1: Basic problems of coding theory
Lecture 1: Basic problems of codig theory Error-Correctig Codes (Sprig 016) Rutgers Uiversity Swastik Kopparty Scribes: Abhishek Bhrushudi & Aditya Potukuchi Admiistrivia was discussed at the begiig of
More informationCryptographic Hash Functions and Message Authentication Codes. Reading: Chapter 4 of Katz & Lindell
Cryptographic Hah Fuctio ad Meage Autheticatio Code Readig: Chapter 4 of Katz & Lidell 1 Hah fuctio A fuctio mappig from a domai to a maller rage (thu ot ijective). Applicatio: Fat looup (hah table) Error
More informationCSA E0 312: Secure Computation September 09, [Lecture 9-10]
CSA E0 312: Secure Computation September 09, 2015 Instructor: Arpita Patra [Lecture 9-10] Submitted by: Pratik Sarkar 1 Summary In this lecture we will introduce the concept of Public Key Samplability
More informationA LIMITED ARITHMETIC ON SIMPLE CONTINUED FRACTIONS - II 1. INTRODUCTION
A LIMITED ARITHMETIC ON SIMPLE CONTINUED FRACTIONS - II C. T. LONG J. H. JORDAN* Washigto State Uiversity, Pullma, Washigto 1. INTRODUCTION I the first paper [2 ] i this series, we developed certai properties
More informationAnalysis of Algorithms. Introduction. Contents
Itroductio The focus of this module is mathematical aspects of algorithms. Our mai focus is aalysis of algorithms, which meas evaluatig efficiecy of algorithms by aalytical ad mathematical methods. We
More informationMath 216A Notes, Week 5
Math 6A Notes, Week 5 Scribe: Ayastassia Sebolt Disclaimer: These otes are ot early as polished (ad quite possibly ot early as correct) as a published paper. Please use them at your ow risk.. Thresholds
More informationAchieving short ciphertexts or short secret-keys for adaptively secure general inner-product encryption
Des. Codes Cryptogr. (205) 77:725 77 DOI 0.007/s0623-05-03- chievig short ciphertexts or short secret-keys for adaptively secure geeral ier-product ecryptio Tatsuaki Okamoto Katsuyuki Takashima 2 Received:
More informationPosted-Price, Sealed-Bid Auctions
Posted-Price, Sealed-Bid Auctios Professors Greewald ad Oyakawa 207-02-08 We itroduce the posted-price, sealed-bid auctio. This auctio format itroduces the idea of approximatios. We describe how well this
More informationChapter 4. Fourier Series
Chapter 4. Fourier Series At this poit we are ready to ow cosider the caoical equatios. Cosider, for eample the heat equatio u t = u, < (4.) subject to u(, ) = si, u(, t) = u(, t) =. (4.) Here,
More informationComputability and computational complexity
Computability ad computatioal complexity Lecture 4: Uiversal Turig machies. Udecidability Io Petre Computer Sciece, Åbo Akademi Uiversity Fall 2015 http://users.abo.fi/ipetre/computability/ 21. toukokuu
More informationMath 609/597: Cryptography 1
Math 609/597: Cryptography 1 The Solovay-Strasse Primality Test 12 October, 1993 Burt Roseberg Revised: 6 October, 2000 1 Itroductio We describe the Solovay-Strasse primality test. There is quite a bit
More informationLast time, we talked about how Equation (1) can simulate Equation (2). We asserted that Equation (2) can also simulate Equation (1).
6896 Quatum Complexity Theory Sept 23, 2008 Lecturer: Scott Aaroso Lecture 6 Last Time: Quatum Error-Correctio Quatum Query Model Deutsch-Jozsa Algorithm (Computes x y i oe query) Today: Berstei-Vazirii
More informationIntroduction to Computational Biology Homework 2 Solution
Itroductio to Computatioal Biology Homework 2 Solutio Problem 1: Cocave gap pealty fuctio Let γ be a gap pealty fuctio defied over o-egative itegers. The fuctio γ is called sub-additive iff it satisfies
More informationIf a subset E of R contains no open interval, is it of zero measure? For instance, is the set of irrationals in [0, 1] is of measure zero?
2 Lebesgue Measure I Chapter 1 we defied the cocept of a set of measure zero, ad we have observed that every coutable set is of measure zero. Here are some atural questios: If a subset E of R cotais a
More informationRoberto s Notes on Series Chapter 2: Convergence tests Section 7. Alternating series
Roberto s Notes o Series Chapter 2: Covergece tests Sectio 7 Alteratig series What you eed to kow already: All basic covergece tests for evetually positive series. What you ca lear here: A test for series
More information