Provably weak instances of Ring-LWE revisited
|
|
- Justin Boyd
- 5 years ago
- Views:
Transcription
1 Provably weak instances of Ring-LWE revisited Wouter Castryck 1,2, Ilia Iliashenko 1, Frederik Vercauteren 1,3 1 COSIC, KU Leuven 2 Ghent University 3 Open Security Research EUROCRYPT, May 9, 2016 Provably weak instances of Ring-LWE revisited 1/1
2 Abstract We revisit the paper Provably weak instances of Ring-LWE by Y. Elias, K. Lauter, E. Ozman, K. Stange, CRYPTO 2015 in which the authors investigate if evaluation-at-1-attacks apply to Ring-LWE, EUROCRYPT, May 9, 2016 Provably weak instances of Ring-LWE revisited 2/1
3 Abstract We revisit the paper Provably weak instances of Ring-LWE by Y. Elias, K. Lauter, E. Ozman, K. Stange, CRYPTO 2015 in which the authors investigate if evaluation-at-1-attacks apply to Ring-LWE, claim to have indeed found vulnerable instances. EUROCRYPT, May 9, 2016 Provably weak instances of Ring-LWE revisited 2/1
4 Abstract We revisit the paper Provably weak instances of Ring-LWE by Y. Elias, K. Lauter, E. Ozman, K. Stange, CRYPTO 2015 in which the authors investigate if evaluation-at-1-attacks apply to Ring-LWE, claim to have indeed found vulnerable instances. Vulnerable meaning: leak partial information about the secret with non-negligible probability. EUROCRYPT, May 9, 2016 Provably weak instances of Ring-LWE revisited 2/1
5 Abstract We revisit the paper Provably weak instances of Ring-LWE by Y. Elias, K. Lauter, E. Ozman, K. Stange, CRYPTO 2015 in which the authors investigate if evaluation-at-1-attacks apply to Ring-LWE, claim to have indeed found vulnerable instances. Vulnerable meaning: leak partial information about the secret with non-negligible probability. However, they did not set up Ring-LWE as described in [LPR]. EUROCRYPT, May 9, 2016 Provably weak instances of Ring-LWE revisited 2/1
6 Abstract We revisit the paper Provably weak instances of Ring-LWE by Y. Elias, K. Lauter, E. Ozman, K. Stange, CRYPTO 2015 in which the authors investigate if evaluation-at-1-attacks apply to Ring-LWE, claim to have indeed found vulnerable instances. Vulnerable meaning: leak partial information about the secret with non-negligible probability. However, they did not set up Ring-LWE as described in [LPR]. Their instantiation generates many noise-free equations EUROCRYPT, May 9, 2016 Provably weak instances of Ring-LWE revisited 2/1
7 Abstract We revisit the paper Provably weak instances of Ring-LWE by Y. Elias, K. Lauter, E. Ozman, K. Stange, CRYPTO 2015 in which the authors investigate if evaluation-at-1-attacks apply to Ring-LWE, claim to have indeed found vulnerable instances. Vulnerable meaning: leak partial information about the secret with non-negligible probability. However, they did not set up Ring-LWE as described in [LPR]. Their instantiation generates many noise-free equations allowing to recover the entire secret with near certainty. EUROCRYPT, May 9, 2016 Provably weak instances of Ring-LWE revisited 2/1
8 Abstract We revisit the paper Provably weak instances of Ring-LWE by Y. Elias, K. Lauter, E. Ozman, K. Stange, CRYPTO 2015 in which the authors investigate if evaluation-at-1-attacks apply to Ring-LWE, claim to have indeed found vulnerable instances. Vulnerable meaning: leak partial information about the secret with non-negligible probability. However, they did not set up Ring-LWE as described in [LPR]. Their instantiation generates many noise-free equations allowing to recover the entire secret with near certainty. Currently no threat to Ring-LWE. EUROCRYPT, May 9, 2016 Provably weak instances of Ring-LWE revisited 2/1
9 1. Learning With Errors (LWE) The LWE problem (O. Regev, 05): solve a linear system b 0 a 10 a a 1,n 1 s 0 b 1. a 20 a a 2,n s 1. b m 1 a m0 a m1... a m,n 1 s n 1 over a finite field F p for a secret (s 0, s 1,..., s n 1 ) F n p where EUROCRYPT, May 9, 2016 Provably weak instances of Ring-LWE revisited 3/1
10 1. Learning With Errors (LWE) The LWE problem (O. Regev, 05): solve a linear system b 0 a 10 a a 1,n 1 s 0 b 1. a 20 a a 2,n s 1. b m 1 a m0 a m1... a m,n 1 s n 1 over a finite field F p for a secret (s 0, s 1,..., s n 1 ) F n p where each equation is perturbed by a small error, i.e. b i = a i0 s 0 + a i1 s a i,n 1 s n 1 + e i, EUROCRYPT, May 9, 2016 Provably weak instances of Ring-LWE revisited 3/1
11 1. Learning With Errors (LWE) The LWE problem (O. Regev, 05): solve a linear system b 0 a 10 a a 1,n 1 s 0 b 1. a 20 a a 2,n s 1. b m 1 a m0 a m1... a m,n 1 s n 1 over a finite field F p for a secret (s 0, s 1,..., s n 1 ) F n p where each equation is perturbed by a small error, i.e. b i = a i0 s 0 + a i1 s a i,n 1 s n 1 + e i, the a ij F p are chosen uniformly randomly, EUROCRYPT, May 9, 2016 Provably weak instances of Ring-LWE revisited 3/1
12 1. Learning With Errors (LWE) The LWE problem (O. Regev, 05): solve a linear system b 0 a 10 a a 1,n 1 s 0 b 1. a 20 a a 2,n s 1. b m 1 a m0 a m1... a m,n 1 s n 1 over a finite field F p for a secret (s 0, s 1,..., s n 1 ) F n p where each equation is perturbed by a small error, i.e. b i = a i0 s 0 + a i1 s a i,n 1 s n 1 + e i, the a ij F p are chosen uniformly randomly, an adversary can ask for new equations (m > n). EUROCRYPT, May 9, 2016 Provably weak instances of Ring-LWE revisited 3/1
13 1. Learning With Errors (LWE) The LWE problem (O. Regev, 05): solve a linear system b 0 a 10 a a 1,n 1 s 0 e 0 b 1. = a 20 a a 2,n s 1. + e 1. b m 1 a m0 a m1... a m,n 1 s n 1 e n 1 over a finite field F p for a secret (s 0, s 1,..., s n 1 ) F n p where each equation is perturbed by a small error, i.e. b i = a i0 s 0 + a i1 s a i,n 1 s n 1 + e i, the a ij F p are chosen uniformly randomly, an adversary can ask for new equations (m > n). EUROCRYPT, May 9, 2016 Provably weak instances of Ring-LWE revisited 3/1
14 1. Learning With Errors (LWE) Features: hardness reduction from classical lattice problems, versatile building block for cryptography, enabling exciting applications (FHE, PQ crypto,... ) EUROCRYPT, May 9, 2016 Provably weak instances of Ring-LWE revisited 4/1
15 1. Learning With Errors (LWE) Features: hardness reduction from classical lattice problems, versatile building block for cryptography, enabling exciting applications (FHE, PQ crypto,... ) Drawback: key size. To hide the secret one needs an entire linear system: b 0 a 10 a a 1,n 1 s 0 b 1. a 20 a a 2,n s 1.. b m 1 a m0 a m1... a m,n 1 s n 1 m log p mn log p n log p EUROCRYPT, May 9, 2016 Provably weak instances of Ring-LWE revisited 4/1
16 2. Ring-based LWE Solution: Identify key space F n p with Z[x] (p, f (x)) for some monic deg n polynomial f (x) Z[x], by viewing (s 0, s 1,..., s n 1 ) as s 0 + s 1 x + s 2 x s n 1 x n 1. EUROCRYPT, May 9, 2016 Provably weak instances of Ring-LWE revisited 5/1
17 2. Ring-based LWE Solution: Identify key space F n p with Z[x] (p, f (x)) for some monic deg n polynomial f (x) Z[x], by viewing (s 0, s 1,..., s n 1 ) as s 0 + s 1 x + s 2 x s n 1 x n 1. Use samples of the form b 0 s 0 b 1. A s 1 a. b n 1 s n 1 with A a the matrix of multiplication by some random a(x) = a 0 + a 1 x + + a n 1 x n 1. EUROCRYPT, May 9, 2016 Provably weak instances of Ring-LWE revisited 5/1
18 2. Ring-based LWE Solution: Identify key space F n p with Z[x] (p, f (x)) for some monic deg n polynomial f (x) Z[x], by viewing (s 0, s 1,..., s n 1 ) as s 0 + s 1 x + s 2 x s n 1 x n 1. Use samples of the form b 0 s 0 b 1. A s 1 a. b n 1 s n 1 with A a the matrix of multiplication by some random a(x) = a 0 + a 1 x + + a n 1 x n 1. Store a(x) rather than A a : saves factor n. EUROCRYPT, May 9, 2016 Provably weak instances of Ring-LWE revisited 5/1
19 2. Ring-based LWE Example: if f (x) = x n 1, then A a is the circulant matrix a 0 a n 1... a 2 a 1 a 1 a 0... a 3 a 2 a 2 a 1... a 4 a a n 1 a n 2... a 1 a 0 of which it suffices to store the first column. EUROCRYPT, May 9, 2016 Provably weak instances of Ring-LWE revisited 6/1
20 2. Ring-based LWE Example: if f (x) = x n 1, then A a is the circulant matrix a 0 a n 1... a 2 a 1 a 1 a 0... a 3 a 2 a 2 a 1... a 4 a a n 1 a n 2... a 1 a 0 of which it suffices to store the first column. Bad example, because of... EUROCRYPT, May 9, 2016 Provably weak instances of Ring-LWE revisited 6/1
21 3. Evaluation-at-1 attack Potential threat: Suppose f (1) 0 mod p, then Z[x] (p, f (x)) F p : r(x) r(1) = r 0 + r r n 1, is a well-defined ring homomorphism. EUROCRYPT, May 9, 2016 Provably weak instances of Ring-LWE revisited 7/1
22 3. Evaluation-at-1 attack Potential threat: Suppose f (1) 0 mod p, then Z[x] (p, f (x)) F p : r(x) r(1) = r 0 + r r n 1, is a well-defined ring homomorphism. Our ring-based LWE samples b(x) = a(x) s(x) + e(x) evaluate to b(1) = a(1) s(1) + e(1). EUROCRYPT, May 9, 2016 Provably weak instances of Ring-LWE revisited 7/1
23 3. Evaluation-at-1 attack Potential threat: Suppose f (1) 0 mod p, then Z[x] (p, f (x)) F p : r(x) r(1) = r 0 + r r n 1, is a well-defined ring homomorphism. Our ring-based LWE samples b(x) = a(x) s(x) + e(x) evaluate to b(1) = a(1) s(1) + e(1). For each guess for s(1) F p, analyze distribution of e(1). EUROCRYPT, May 9, 2016 Provably weak instances of Ring-LWE revisited 7/1
24 3. Evaluation-at-1 attack Potential threat: Suppose f (1) 0 mod p, then Z[x] (p, f (x)) F p : r(x) r(1) = r 0 + r r n 1, is a well-defined ring homomorphism. Our ring-based LWE samples b(x) = a(x) s(x) + e(x) evaluate to b(1) = a(1) s(1) + e(1). For each guess for s(1) F p, analyze distribution of e(1). Non-uniformity might reveal s(1), and maybe more... EUROCRYPT, May 9, 2016 Provably weak instances of Ring-LWE revisited 7/1
25 3. Evaluation-at-1 attack Potential threat: Suppose f (1) 0 mod p, then Z[x] (p, f (x)) F p : r(x) r(1) = r 0 + r r n 1, is a well-defined ring homomorphism. Our ring-based LWE samples b(x) = a(x) s(x) + e(x) evaluate to b(1) = a(1) s(1) + e(1). For each guess for s(1) F p, analyze distribution of e(1). Non-uniformity might reveal s(1), and maybe more... Safety measure: restrict to irreducible f (x) Z[x]. EUROCRYPT, May 9, 2016 Provably weak instances of Ring-LWE revisited 7/1
26 4. Ring-LWE Direct ring-based analogue of LWE-sample would read b 0 s 0 e 0 b 1. = A s 1 a. + A f (x) B 1 e 1. b n 1 s n 1 with the e i sampled independently from N(0, σ) for some fixed small σ = σ(n). e n 1 EUROCRYPT, May 9, 2016 Provably weak instances of Ring-LWE revisited 8/1
27 4. Ring-LWE Direct ring-based analogue of LWE-sample would read b 0 s 0 e 0 b 1. = A s 1 a. + A f (x) B 1 e 1. b n 1 s n 1 with the e i sampled independently from N(0, σ) for some fixed small σ = σ(n). This is not Ring-LWE! e n 1 EUROCRYPT, May 9, 2016 Provably weak instances of Ring-LWE revisited 8/1
28 4. Ring-LWE Direct ring-based analogue of LWE-sample would read b 0 s 0 e 0 b 1. = A s 1 a. + A f (x) B 1 e 1. b n 1 s n 1 with the e i sampled independently from N(0, σ) for some fixed small σ = σ(n). e n 1 This is not Ring-LWE! Not backed up by hardness statement. Evaluation-at-1 known to work in special cases [ELS]. EUROCRYPT, May 9, 2016 Provably weak instances of Ring-LWE revisited 8/1
29 4. Ring-LWE Direct ring-based analogue of LWE-sample would read b 0 s 0 e 0 b 1. = A s 1 a. + A f (x) B 1 e 1. b n 1 s n 1 with the e i sampled independently from N(0, σ) for some fixed small σ = σ(n). e n 1 This is not Ring-LWE! Not backed up by hardness statement. Evaluation-at-1 known to work in special cases [ELS]. Sometimes called Poly-LWE. EUROCRYPT, May 9, 2016 Provably weak instances of Ring-LWE revisited 8/1
30 4. Ring-LWE So what is Ring-LWE according to [LPR]? Samples look like b 0 s 0 e 0 b 1. = A s 1 a. + A f (x) B 1 e 1. b n 1 s n 1 e n 1 EUROCRYPT, May 9, 2016 Provably weak instances of Ring-LWE revisited 9/1
31 4. Ring-LWE So what is Ring-LWE according to [LPR]? Samples look like b 0 s 0 e 0 b 1. = A s 1 a. + A f (x) B 1 e 1. where b n 1 s n 1 B is the canonical embedding matrix, A f (x) compensates for the fact that one actually picks secrets from the dual. e n 1 EUROCRYPT, May 9, 2016 Provably weak instances of Ring-LWE revisited 9/1
32 4. Ring-LWE So what is Ring-LWE according to [LPR]? Samples look like b 0 s 0 e 0 b 1. = A s 1 a. + A f (x) B 1 e 1. where b n 1 s n 1 B is the canonical embedding matrix, A f (x) compensates for the fact that one actually picks secrets from the dual. Hardness reduction from ideal lattice problems. e n 1 EUROCRYPT, May 9, 2016 Provably weak instances of Ring-LWE revisited 9/1
33 4. Ring-LWE So what is Ring-LWE according to [LPR]? Samples look like b 0 s 0 e 0 b 1. = A s 1 a. + A f (x) B 1 e 1. where b n 1 s n 1 B is the canonical embedding matrix, A f (x) compensates for the fact that one actually picks secrets from the dual. Hardness reduction from ideal lattice problems. Note: e n 1 factor A f (x) B 1 might skew the error distribution, EUROCRYPT, May 9, 2016 Provably weak instances of Ring-LWE revisited 9/1
34 4. Ring-LWE So what is Ring-LWE according to [LPR]? Samples look like b 0 s 0 e 0 b 1. = A s 1 a. + A f (x) B 1 e 1. where b n 1 s n 1 B is the canonical embedding matrix, A f (x) compensates for the fact that one actually picks secrets from the dual. Hardness reduction from ideal lattice problems. Note: e n 1 factor A f (x) B 1 might skew the error distribution, but also scales it! EUROCRYPT, May 9, 2016 Provably weak instances of Ring-LWE revisited 9/1
35 4. Ring-LWE... but also scales it! b 0 b 1. = A a b n 1 Indeed, one has det A f (x) = with s 0 s 1. s n 1 + A f (x) B 1 e 0 e 1. e n 1 = disc f (x), could be huge EUROCRYPT, May 9, 2016 Provably weak instances of Ring-LWE revisited 10/1
36 4. Ring-LWE... but also scales it! b 0 b 1. = A a b n 1 Indeed, one has det A f (x) = with s 0 s 1. s n 1 + A f (x) B 1 e 0 e 1. e n 1 = disc f (x), could be huge det B 1 = 1/. EUROCRYPT, May 9, 2016 Provably weak instances of Ring-LWE revisited 10/1
37 4. Ring-LWE... but also scales it! b 0 b 1. = A a b n 1 Indeed, one has det A f (x) = with s 0 s 1. s n 1 + A f (x) B 1 e 0 e 1. e n 1 = disc f (x), could be huge det B 1 = 1/. So on average, each e i is scaled up by 1/n but remember: skewness. EUROCRYPT, May 9, 2016 Provably weak instances of Ring-LWE revisited 10/1
38 5. Provably weak instances of Ring-LWE revisited [ELOS] constructed families of polynomials f (x) that are vulnerable to an evaluation-at-1 attack. For convenience they picked non-dual secrets: b 0 s 0 e 0 b 1. = A s 1 a. + A f (x) B 1 e 1. b n 1 s n 1 e n 1. EUROCRYPT, May 9, 2016 Provably weak instances of Ring-LWE revisited 11/1
39 5. Provably weak instances of Ring-LWE revisited [ELOS] constructed families of polynomials f (x) that are vulnerable to an evaluation-at-1 attack. For convenience they picked non-dual secrets: b 0 s 0 e 0 b 1. = A s 1 a. + A f (x) B 1 e 1. b n 1 s n 1 e n 1. Recall: det B 1 = 1/, so the errors get squeezed. EUROCRYPT, May 9, 2016 Provably weak instances of Ring-LWE revisited 11/1
40 5. Provably weak instances of Ring-LWE revisited [ELOS] constructed families of polynomials f (x) that are vulnerable to an evaluation-at-1 attack. For convenience they picked non-dual secrets: b 0 s 0 e 0 b 1. = A s 1 a. + A f (x) B 1 e 1. b n 1 s n 1 e n 1. Recall: det B 1 = 1/, so the errors get squeezed. To compensate, they scale up the errors by a factor 1/n. EUROCRYPT, May 9, 2016 Provably weak instances of Ring-LWE revisited 11/1
41 5. Provably weak instances of Ring-LWE revisited [ELOS] constructed families of polynomials f (x) that are vulnerable to an evaluation-at-1 attack. For convenience they picked non-dual secrets: b 0 s 0 e 0 b 1. = A s 1 a. + 1/n B 1 e 1. b n 1 s n 1 e n 1. Recall: det B 1 = 1/, so the errors get squeezed. To compensate, they scale up the errors by a factor 1/n. EUROCRYPT, May 9, 2016 Provably weak instances of Ring-LWE revisited 11/1
42 5. Provably weak instances of Ring-LWE revisited Issue: b 0 b 1. b n 1 = A a s 0 s 1. s n 1 + 1/n B 1 e 0 e 1. e n 1. The factor 1/n compensates for B 1 only on average. EUROCRYPT, May 9, 2016 Provably weak instances of Ring-LWE revisited 12/1
43 5. Provably weak instances of Ring-LWE revisited Issue: b 0 b 1. b n 1 = A a s 0 s 1. s n 1 + 1/n B 1 e 0 e 1. e n 1. The factor 1/n compensates for B 1 only on average. In some coordinates B 1 could scale down much more. Compensation factor is insufficient merely rounding yields exact equations in the secret! EUROCRYPT, May 9, 2016 Provably weak instances of Ring-LWE revisited 12/1
44 5. Provably weak instances of Ring-LWE revisited All instances from [ELOS] suffer from this skewness. Example: f (x) = x , p = note: f (1) 0 mod p Standard deviations even form a geometric series! Error distribution in each coordinate (experimental): 3σ 1,200 1, σ µ coordinate index EUROCRYPT, May 9, 2016 Provably weak instances of Ring-LWE revisited 13/1
45 5. Provably weak instances of Ring-LWE revisited All instances from [ELOS] suffer from this skewness. Example: f (x) = x , p = note: f (1) 0 mod p Standard deviations even form a geometric series! Error distribution in each coordinate (experimental): 3σ 6 4 σ 1 2 µ coordinate index EUROCRYPT, May 9, 2016 Provably weak instances of Ring-LWE revisited 13/1
46 5. Provably weak instances of Ring-LWE revisited Evaluation-at-1 allowed [ELOS] to recover s(1), using about 20 samples with a success rate of 20%. EUROCRYPT, May 9, 2016 Provably weak instances of Ring-LWE revisited 14/1
47 5. Provably weak instances of Ring-LWE revisited Evaluation-at-1 allowed [ELOS] to recover s(1), using about 20 samples with a success rate of 20%. But after rounding, the last n/7 equations become exact, so 7 or 8 samples suffice to recover s(x) exactly. EUROCRYPT, May 9, 2016 Provably weak instances of Ring-LWE revisited 14/1
48 5. Provably weak instances of Ring-LWE revisited Evaluation-at-1 allowed [ELOS] to recover s(1), using about 20 samples with a success rate of 20%. But after rounding, the last n/7 equations become exact, so 7 or 8 samples suffice to recover s(x) exactly. Similar remarks apply to the other instances from [ELOS]. EUROCRYPT, May 9, 2016 Provably weak instances of Ring-LWE revisited 14/1
49 5. Provably weak instances of Ring-LWE revisited Concluding thoughts/remarks: EUROCRYPT, May 9, 2016 Provably weak instances of Ring-LWE revisited 15/1
50 5. Provably weak instances of Ring-LWE revisited Concluding thoughts/remarks: Currently, evaluation-at-1 is not a threat to Ring-LWE. EUROCRYPT, May 9, 2016 Provably weak instances of Ring-LWE revisited 15/1
51 5. Provably weak instances of Ring-LWE revisited Concluding thoughts/remarks: Currently, evaluation-at-1 is not a threat to Ring-LWE. Both B 1 and A f (x) B 1 can be very skew, so mostly a matter of insufficient scaling, rather than dual vs. non-dual. EUROCRYPT, May 9, 2016 Provably weak instances of Ring-LWE revisited 15/1
52 5. Provably weak instances of Ring-LWE revisited Concluding thoughts/remarks: Currently, evaluation-at-1 is not a threat to Ring-LWE. Both B 1 and A f (x) B 1 can be very skew, so mostly a matter of insufficient scaling, rather than dual vs. non-dual. To compensate for A f (x) a factor 1/n makes more sense. Does scaling this way lead to a provably hard problem? EUROCRYPT, May 9, 2016 Provably weak instances of Ring-LWE revisited 15/1
53 5. Provably weak instances of Ring-LWE revisited Concluding thoughts/remarks: Currently, evaluation-at-1 is not a threat to Ring-LWE. Both B 1 and A f (x) B 1 can be very skew, so mostly a matter of insufficient scaling, rather than dual vs. non-dual. To compensate for A f (x) a factor 1/n makes more sense. Does scaling this way lead to a provably hard problem? If one does scale the [ELOS] examples sufficiently, then the error coordinates of low index become uniform. EUROCRYPT, May 9, 2016 Provably weak instances of Ring-LWE revisited 15/1
54 5. Provably weak instances of Ring-LWE revisited Concluding thoughts/remarks: Currently, evaluation-at-1 is not a threat to Ring-LWE. Both B 1 and A f (x) B 1 can be very skew, so mostly a matter of insufficient scaling, rather than dual vs. non-dual. To compensate for A f (x) a factor 1/n makes more sense. Does scaling this way lead to a provably hard problem? If one does scale the [ELOS] examples sufficiently, then the error coordinates of low index become uniform. The cyclotomic case seems naturally protected against geometric growth. EUROCRYPT, May 9, 2016 Provably weak instances of Ring-LWE revisited 15/1
Public Key Cryptography Great Ideas in Theoretical Computer Science Saarland University, Summer 2014
7 Public Key Cryptography Great Ideas in Theoretical Computer Science Saarland University, Summer 2014 Cryptography studies techniques for secure communication in the presence of third parties. A typical
More informationThe number theory behind cryptography
The University of Vermont May 16, 2017 What is cryptography? Cryptography is the practice and study of techniques for secure communication in the presence of adverse third parties. What is cryptography?
More informationGeneric Attacks on Feistel Schemes
Generic Attacks on Feistel Schemes -Extended Version- Jacques Patarin PRiSM, University of Versailles, 45 av. des États-Unis, 78035 Versailles Cedex, France This paper is the extended version of the paper
More informationSecure Distributed Computation on Private Inputs
Secure Distributed Computation on Private Inputs David Pointcheval ENS - CNRS - INRIA Foundations & Practice of Security Clermont-Ferrand, France - October 27th, 2015 The Cloud David Pointcheval Introduction
More informationAn interesting class of problems of a computational nature ask for the standard residue of a power of a number, e.g.,
Binary exponentiation An interesting class of problems of a computational nature ask for the standard residue of a power of a number, e.g., What are the last two digits of the number 2 284? In the absence
More informationMAT 302: ALGEBRAIC CRYPTOGRAPHY. Department of Mathematical and Computational Sciences University of Toronto, Mississauga.
MAT 302: ALGEBRAIC CRYPTOGRAPHY Department of Mathematical and Computational Sciences University of Toronto, Mississauga February 27, 2013 Mid-term Exam INSTRUCTIONS: The duration of the exam is 100 minutes.
More informationVisual Cryptography. Frederik Vercauteren. University of Bristol, Merchant Venturers Building, Woodland Road, Bristol BS8 1UB.
Visual Cryptography Frederik Vercauteren University of Bristol, Merchant Venturers Building, Woodland Road, Bristol BS8 1UB frederik@cs.bris.ac.uk Frederik Vercauteren 1 University of Bristol 21 November
More informationCOS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2017
COS433/Math 473: Cryptography Mark Zhandry Princeton University Spring 2017 Previously Pseudorandom Functions and Permutaitons Modes of Operation Pseudorandom Functions Functions that look like random
More informationGeneric Attacks on Feistel Schemes
Generic Attacks on Feistel Schemes Jacques Patarin 1, 1 CP8 Crypto Lab, SchlumbergerSema, 36-38 rue de la Princesse, BP 45, 78430 Louveciennes Cedex, France PRiSM, University of Versailles, 45 av. des
More informationLecture 4 : Monday April 6th
Lecture 4 : Monday April 6th jacques@ucsd.edu Key concepts : Tangent hyperplane, Gradient, Directional derivative, Level curve Know how to find equation of tangent hyperplane, gradient, directional derivatives,
More informationEnhanced Efficient Halftoning Technique used in Embedded Extended Visual Cryptography Strategy for Effective Processing
Enhanced Efficient Halftoning Technique used in Embedded Extended Visual Cryptography Strategy for Effective Processing M.Desiha Department of Computer Science and Engineering, Jansons Institute of Technology
More informationAssignment 2. Due: Monday Oct. 15, :59pm
Introduction To Discrete Math Due: Monday Oct. 15, 2012. 11:59pm Assignment 2 Instructor: Mohamed Omar Math 6a For all problems on assignments, you are allowed to use the textbook, class notes, and other
More informationSelf-Scrambling Anonymizer. Overview
Financial Cryptography 2000 21-25 february 2000 - Anguilla Self-Scrambling Anonymizers Département d Informatique ENS - CNRS David.Pointcheval@ens.fr http://www.di.ens.fr/~pointche Overview Introduction
More informationSignal Recovery from Random Measurements
Signal Recovery from Random Measurements Joel A. Tropp Anna C. Gilbert {jtropp annacg}@umich.edu Department of Mathematics The University of Michigan 1 The Signal Recovery Problem Let s be an m-sparse
More informationDue Friday February 17th before noon in the TA drop box, basement, AP&M. HOMEWORK 3 : HAND IN ONLY QUESTIONS: 2, 4, 8, 11, 13, 15, 21, 24, 27
Exercise Sheet 3 jacques@ucsd.edu Due Friday February 17th before noon in the TA drop box, basement, AP&M. HOMEWORK 3 : HAND IN ONLY QUESTIONS: 2, 4, 8, 11, 13, 15, 21, 24, 27 1. A six-sided die is tossed.
More informationCryptography CS 555. Topic 20: Other Public Key Encryption Schemes. CS555 Topic 20 1
Cryptography CS 555 Topic 20: Other Public Key Encryption Schemes Topic 20 1 Outline and Readings Outline Quadratic Residue Rabin encryption Goldwasser-Micali Commutative encryption Homomorphic encryption
More informationCryptography. 2. decoding is extremely difficult (for protection against eavesdroppers);
18.310 lecture notes September 2, 2013 Cryptography Lecturer: Michel Goemans 1 Public Key Cryptosystems In these notes, we will be concerned with constructing secret codes. A sender would like to encrypt
More informationPractice Midterm 2 Solutions
Practice Midterm 2 Solutions May 30, 2013 (1) We want to show that for any odd integer a coprime to 7, a 3 is congruent to 1 or 1 mod 7. In fact, we don t need the assumption that a is odd. By Fermat s
More information18.S34 (FALL, 2007) PROBLEMS ON PROBABILITY
18.S34 (FALL, 2007) PROBLEMS ON PROBABILITY 1. Three closed boxes lie on a table. One box (you don t know which) contains a $1000 bill. The others are empty. After paying an entry fee, you play the following
More informationIntroduction to Cryptography CS 355
Introduction to Cryptography CS 355 Lecture 25 Mental Poker And Semantic Security CS 355 Fall 2005 / Lecture 25 1 Lecture Outline Review of number theory The Mental Poker Protocol Semantic security Semantic
More informationChapter 11. Sampling Distributions. BPS - 5th Ed. Chapter 11 1
Chapter 11 Sampling Distributions BPS - 5th Ed. Chapter 11 1 Sampling Terminology Parameter fixed, unknown number that describes the population Statistic known value calculated from a sample a statistic
More informationA Novel (2,n) Secret Image Sharing Scheme
Available online at www.sciencedirect.com Procedia Technology 4 (2012 ) 619 623 C3IT-2012 A Novel (2,n) Secret Image Sharing Scheme Tapasi Bhattacharjee a, Jyoti Prakash Singh b, Amitava Nag c a Departmet
More informationCongruence. Solving linear congruences. A linear congruence is an expression in the form. ax b (modm)
Congruence Solving linear congruences A linear congruence is an expression in the form ax b (modm) a, b integers, m a positive integer, x an integer variable. x is a solution if it makes the congruence
More informationTime-Memory Trade-Offs for Side-Channel Resistant Implementations of Block Ciphers. Praveen Vadnala
Time-Memory Trade-Offs for Side-Channel Resistant Implementations of Block Ciphers Praveen Vadnala Differential Power Analysis Implementations of cryptographic systems leak Leaks from bit 1 and bit 0 are
More informationFunctions of several variables
Chapter 6 Functions of several variables 6.1 Limits and continuity Definition 6.1 (Euclidean distance). Given two points P (x 1, y 1 ) and Q(x, y ) on the plane, we define their distance by the formula
More informationAntennas and Propagation. Chapter 5c: Array Signal Processing and Parametric Estimation Techniques
Antennas and Propagation : Array Signal Processing and Parametric Estimation Techniques Introduction Time-domain Signal Processing Fourier spectral analysis Identify important frequency-content of signal
More informationParallel Postulate. Perpendicular Postulate PARALLEL AND SKEW LINES WITH PARALLEL PLANES. Lines m and n are. Lines m and k are. Planes T and U are.
Unit 6: Parallel and Perpendicular Lines Lesson 6.1: Identify Pairs of Lines and Angles Lesson 3.1 from textbook Objectives Identify relationships between lines such as parallel and skew. Understand and
More informationLocal Algorithms & Error-correction
Local Algorithms & Error-correction Madhu Sudan Microsoft Research July 25, 2011 Local Error-Correction 1 Prelude Algorithmic Problems in Coding Theory New Paradigm in Algorithms The Marriage: Local Error-Detection
More informationCard-Based Protocols for Securely Computing the Conjunction of Multiple Variables
Card-Based Protocols for Securely Computing the Conjunction of Multiple Variables Takaaki Mizuki Tohoku University tm-paper+cardconjweb[atmark]g-mailtohoku-universityjp Abstract Consider a deck of real
More informationDiversity and Freedom: A Fundamental Tradeoff in Multiple Antenna Channels
Diversity and Freedom: A Fundamental Tradeoff in Multiple Antenna Channels Lizhong Zheng and David Tse Department of EECS, U.C. Berkeley Feb 26, 2002 MSRI Information Theory Workshop Wireless Fading Channels
More informationExercises to Chapter 2 solutions
Exercises to Chapter 2 solutions 1 Exercises to Chapter 2 solutions E2.1 The Manchester code was first used in Manchester Mark 1 computer at the University of Manchester in 1949 and is still used in low-speed
More informationGeometric Distribution
Geometric Distribution Review Binomial Distribution Properties The experiment consists of n repeated trials. Each trial can result in just two possible outcomes. The probability of success is the same
More informationUNIT 2: FACTOR QUADRATIC EXPRESSIONS. By the end of this unit, I will be able to:
UNIT 2: FACTOR QUADRATIC EXPRESSIONS UNIT 2 By the end of this unit, I will be able to: o Represent situations using quadratic expressions in one variable o Expand and simplify quadratic expressions in
More informationDynamic Programming in Real Life: A Two-Person Dice Game
Mathematical Methods in Operations Research 2005 Special issue in honor of Arie Hordijk Dynamic Programming in Real Life: A Two-Person Dice Game Henk Tijms 1, Jan van der Wal 2 1 Department of Econometrics,
More informationSymmetric-key encryption scheme based on the strong generating sets of permutation groups
Symmetric-key encryption scheme based on the strong generating sets of permutation groups Ara Alexanyan Faculty of Informatics and Applied Mathematics Yerevan State University Yerevan, Armenia Hakob Aslanyan
More informationConstructions of Coverings of the Integers: Exploring an Erdős Problem
Constructions of Coverings of the Integers: Exploring an Erdős Problem Kelly Bickel, Michael Firrisa, Juan Ortiz, and Kristen Pueschel August 20, 2008 Abstract In this paper, we study necessary conditions
More informationo Broken by using frequency analysis o XOR is a polyalphabetic cipher in binary
We spoke about defense challenges Crypto introduction o Secret, public algorithms o Symmetric, asymmetric crypto, one-way hashes Attacks on cryptography o Cyphertext-only, known, chosen, MITM, brute-force
More informationPrivacy preserving data mining multiplicative perturbation techniques
Privacy preserving data mining multiplicative perturbation techniques Li Xiong CS573 Data Privacy and Anonymity Outline Review and critique of randomization approaches (additive noise) Multiplicative data
More informationChapter 3 PRINCIPLE OF INCLUSION AND EXCLUSION
Chapter 3 PRINCIPLE OF INCLUSION AND EXCLUSION 3.1 The basics Consider a set of N obects and r properties that each obect may or may not have each one of them. Let the properties be a 1,a,..., a r. Let
More informationAsymptotically Optimal Two-Round Perfectly Secure Message Transmission
Asymptotically Optimal Two-Round Perfectly Secure Message Transmission Saurabh Agarwal 1, Ronald Cramer 2 and Robbert de Haan 3 1 Basic Research in Computer Science (http://www.brics.dk), funded by Danish
More informationThe Classification of Quadratic Rook Polynomials of a Generalized Three Dimensional Board
Global Journal of Pure and Applied Mathematics. ISSN 0973-1768 Volume 13, Number 3 (2017), pp. 1091-1101 Research India Publications http://www.ripublication.com The Classification of Quadratic Rook Polynomials
More informationGame Theory. Chapter 2 Solution Methods for Matrix Games. Instructor: Chih-Wen Chang. Chih-Wen NCKU. Game Theory, Ch2 1
Game Theory Chapter 2 Solution Methods for Matrix Games Instructor: Chih-Wen Chang Chih-Wen Chang @ NCKU Game Theory, Ch2 1 Contents 2.1 Solution of some special games 2.2 Invertible matrix games 2.3 Symmetric
More informationDiscrete Mathematics and Probability Theory Spring 2018 Ayazifar and Rao Midterm 2 Solutions
CS 70 Discrete Mathematics and Probability Theory Spring 2018 Ayazifar and Rao Midterm 2 Solutions PRINT Your Name: Oski Bear SIGN Your Name: OS K I PRINT Your Student ID: CIRCLE your exam room: Pimentel
More informationContents of this Document [ntc2]
Contents of this Document [ntc2] 2. Probability: Intuition - Ambiguity - Absurdity - Puzzles Regular versus random schedules [nln40] Pick the winning die [nex2] Educated guess [nex4] Coincident birthdays
More informationImplementation and Performance Testing of the SQUASH RFID Authentication Protocol
Implementation and Performance Testing of the SQUASH RFID Authentication Protocol Philip Koshy, Justin Valentin and Xiaowen Zhang * Department of Computer Science College of n Island n Island, New York,
More informationXor. Isomorphisms. CS70: Lecture 9. Outline. Is public key crypto possible? Cryptography... Public key crypography.
CS70: Lecture 9. Outline. 1. Public Key Cryptography 2. RSA system 2.1 Efficiency: Repeated Squaring. 2.2 Correctness: Fermat s Theorem. 2.3 Construction. 3. Warnings. Cryptography... m = D(E(m,s),s) Alice
More informationUniversal permuton limits of substitution-closed permutation classes
Universal permuton limits of substitution-closed permutation classes Adeline Pierrot LRI, Univ. Paris-Sud, Univ. Paris-Saclay Permutation Patterns 2017 ArXiv: 1706.08333 Joint work with Frédérique Bassino,
More informationSecure Function Evaluation
Secure Function Evaluation 1) Use cryptography to securely compute a function/program. 2) Secure means a) Participant s inputs stay secret even though they are used in the computation. b) No participant
More informationDUBLIN CITY UNIVERSITY
DUBLIN CITY UNIVERSITY SEMESTER ONE EXAMINATIONS 2013/2014 MODULE: CA642/A Cryptography and Number Theory PROGRAMME(S): MSSF MCM ECSA ECSAO MSc in Security & Forensic Computing M.Sc. in Computing Study
More informationPublic-key Cryptography: Theory and Practice
Public-key Cryptography Theory and Practice Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Chapter 5: Cryptographic Algorithms Common Encryption Algorithms RSA
More informationCSE 373 DECEMBER 4 TH ALGORITHM DESIGN
CSE 373 DECEMBER 4 TH ALGORITHM DESIGN ASSORTED MINUTIAE P3P3 scripts running right now Pushing back resubmission to Friday Next Monday office hours 12:00-2:00 last minute exam questions Topics list and
More informationClassical Cryptography
Classical Cryptography CS 6750 Lecture 1 September 10, 2009 Riccardo Pucella Goals of Classical Cryptography Alice wants to send message X to Bob Oscar is on the wire, listening to all communications Alice
More informationName: Practice Exam 3B. April 16, 2015
Department of Mathematics University of Notre Dame Math 10120 Finite Math Spring 2015 Name: Instructors: Garbett & Migliore Practice Exam 3B April 16, 2015 This exam is in two parts on 12 pages and contains
More informationJournal of Discrete Mathematical Sciences & Cryptography Vol. ( ), No., pp. 1 10
Dynamic extended DES Yi-Shiung Yeh 1, I-Te Chen 2, Ting-Yu Huang 1, Chan-Chi Wang 1, 1 Department of Computer Science and Information Engineering National Chiao-Tung University 1001 Ta-Hsueh Road, HsinChu
More informationAn elementary study of Goldbach Conjecture
An elementary study of Goldbach Conjecture Denise Chemla 26/5/2012 Goldbach Conjecture (7 th, june 1742) states that every even natural integer greater than 4 is the sum of two odd prime numbers. If we
More informationIntroduction. and Z r1 Z rn. This lecture aims to provide techniques. CRT during the decription process in RSA is explained.
THE CHINESE REMAINDER THEOREM INTRODUCED IN A GENERAL KONTEXT Introduction The rst Chinese problem in indeterminate analysis is encountered in a book written by the Chinese mathematician Sun Tzi. The problem
More informationYale University Department of Computer Science
LUX ETVERITAS Yale University Department of Computer Science Secret Bit Transmission Using a Random Deal of Cards Michael J. Fischer Michael S. Paterson Charles Rackoff YALEU/DCS/TR-792 May 1990 This work
More informationLESSON 2: THE INCLUSION-EXCLUSION PRINCIPLE
LESSON 2: THE INCLUSION-EXCLUSION PRINCIPLE The inclusion-exclusion principle (also known as the sieve principle) is an extended version of the rule of the sum. It states that, for two (finite) sets, A
More informationPublic Key Cryptography
Public Key Cryptography How mathematics allows us to send our most secret messages quite openly without revealing their contents - except only to those who are supposed to read them The mathematical ideas
More informationSudoku an alternative history
Sudoku an alternative history Peter J. Cameron p.j.cameron@qmul.ac.uk Talk to the Archimedeans, February 2007 Sudoku There s no mathematics involved. Use logic and reasoning to solve the puzzle. Instructions
More informationCitation for published version (APA): Nutma, T. A. (2010). Kac-Moody Symmetries and Gauged Supergravity Groningen: s.n.
University of Groningen Kac-Moody Symmetries and Gauged Supergravity Nutma, Teake IMPORTANT NOTE: You are advised to consult the publisher's version (publisher's PDF) if you wish to cite from it. Please
More informationTHE SIGN OF A PERMUTATION
THE SIGN OF A PERMUTATION KEITH CONRAD 1. Introduction Throughout this discussion, n 2. Any cycle in S n is a product of transpositions: the identity (1) is (12)(12), and a k-cycle with k 2 can be written
More informationA New Image Steganography Depending On Reference & LSB
A New Image Steganography Depending On & LSB Saher Manaseer 1*, Asmaa Aljawawdeh 2 and Dua Alsoudi 3 1 King Abdullah II School for Information Technology, Computer Science Department, The University of
More informationMSI: Anatomy (of integers and permutations)
MSI: Anatomy (of integers and permutations) Andrew Granville (Université de Montréal) There have been two homicides An integer: There have been two homicides And a permutation anatomy [a-nat-o-my] noun
More informationIntroduction to Algorithms / Algorithms I Lecturer: Michael Dinitz Topic: Algorithms and Game Theory Date: 12/4/14
600.363 Introduction to Algorithms / 600.463 Algorithms I Lecturer: Michael Dinitz Topic: Algorithms and Game Theory Date: 12/4/14 25.1 Introduction Today we re going to spend some time discussing game
More informationThe number of mates of latin squares of sizes 7 and 8
The number of mates of latin squares of sizes 7 and 8 Megan Bryant James Figler Roger Garcia Carl Mummert Yudishthisir Singh Working draft not for distribution December 17, 2012 Abstract We study the number
More informationMA/CSSE 473 Day 9. The algorithm (modified) N 1
MA/CSSE 473 Day 9 Primality Testing Encryption Intro The algorithm (modified) To test N for primality Pick positive integers a 1, a 2,, a k < N at random For each a i, check for a N 1 i 1 (mod N) Use the
More informationCS70: Lecture 8. Outline.
CS70: Lecture 8. Outline. 1. Finish Up Extended Euclid. 2. Cryptography 3. Public Key Cryptography 4. RSA system 4.1 Efficiency: Repeated Squaring. 4.2 Correctness: Fermat s Theorem. 4.3 Construction.
More informationCSE 312 Midterm Exam May 7, 2014
Name: CSE 312 Midterm Exam May 7, 2014 Instructions: You have 50 minutes to complete the exam. Feel free to ask for clarification if something is unclear. Please do not turn the page until you are instructed
More information14.4. Tangent Planes. Tangent Planes. Tangent Planes. Tangent Planes. Partial Derivatives. Tangent Planes and Linear Approximations
14 Partial Derivatives 14.4 and Linear Approximations Copyright Cengage Learning. All rights reserved. Copyright Cengage Learning. All rights reserved. Suppose a surface S has equation z = f(x, y), where
More informationTiling Problems. This document supersedes the earlier notes posted about the tiling problem. 1 An Undecidable Problem about Tilings of the Plane
Tiling Problems This document supersedes the earlier notes posted about the tiling problem. 1 An Undecidable Problem about Tilings of the Plane The undecidable problems we saw at the start of our unit
More informationGame Theory and Randomized Algorithms
Game Theory and Randomized Algorithms Guy Aridor Game theory is a set of tools that allow us to understand how decisionmakers interact with each other. It has practical applications in economics, international
More informationMulti-Instance Security and its Application to Password- Based Cryptography
Multi-Instance Security and its Application to Password- Based Cryptography Stefano Tessaro MIT Joint work with Mihir Bellare (UC San Diego) Thomas Ristenpart (Univ. of Wisconsin) Scenario: File encryption
More informationComputational aspects of two-player zero-sum games Course notes for Computational Game Theory Section 3 Fall 2010
Computational aspects of two-player zero-sum games Course notes for Computational Game Theory Section 3 Fall 21 Peter Bro Miltersen November 1, 21 Version 1.3 3 Extensive form games (Game Trees, Kuhn Trees)
More informationLocal prediction based reversible watermarking framework for digital videos
Local prediction based reversible watermarking framework for digital videos J.Priyanka (M.tech.) 1 K.Chaintanya (Asst.proff,M.tech(Ph.D)) 2 M.Tech, Computer science and engineering, Acharya Nagarjuna University,
More informationTMA4155 Cryptography, Intro
Trondheim, December 12, 2006. TMA4155 Cryptography, Intro 2006-12-02 Problem 1 a. We need to find an inverse of 403 modulo (19 1)(31 1) = 540: 540 = 1 403 + 137 = 17 403 50 540 + 50 403 = 67 403 50 540
More informationMultiple Input Multiple Output (MIMO) Operation Principles
Afriyie Abraham Kwabena Multiple Input Multiple Output (MIMO) Operation Principles Helsinki Metropolia University of Applied Sciences Bachlor of Engineering Information Technology Thesis June 0 Abstract
More informationOrganization Team Team ID# If each of the congruent figures has area 1, what is the area of the square?
1. [4] A square can be divided into four congruent figures as shown: If each of the congruent figures has area 1, what is the area of the square? 2. [4] John has a 1 liter bottle of pure orange juice.
More informationSOLUTIONS TO PROBLEM SET 5. Section 9.1
SOLUTIONS TO PROBLEM SET 5 Section 9.1 Exercise 2. Recall that for (a, m) = 1 we have ord m a divides φ(m). a) We have φ(11) = 10 thus ord 11 3 {1, 2, 5, 10}. We check 3 1 3 (mod 11), 3 2 9 (mod 11), 3
More informationCryptography Math 1580 Silverman First Hour Exam Mon Oct 2, 2017
Name: Cryptography Math 1580 Silverman First Hour Exam Mon Oct 2, 2017 INSTRUCTIONS Read Carefully Time: 50 minutes There are 5 problems. Write your name legibly at the top of this page. No calculators
More information1 Interference Cancellation
Massachusetts Institute of Technology Department of Electrical Engineering and Computer Science 6.829 Fall 2017 Problem Set 1 September 19, 2017 This problem set has 7 questions, each with several parts.
More informationThis page intentionally left blank
Appendix E Labs This page intentionally left blank Dice Lab (Worksheet) Objectives: 1. Learn how to calculate basic probabilities of dice. 2. Understand how theoretical probabilities explain experimental
More informationMA 180/418 Midterm Test 1, Version B Fall 2011
MA 80/48 Midterm Test, Version B Fall 20 Student Name (PRINT):............................................. Student Signature:................................................... The test consists of 0
More informationFOOLING SMART MACHINES: SECURITY CHALLENGES FOR MACHINE LEARNING
FOOLING SMART MACHINES: SECURITY CHALLENGES FOR MACHINE LEARNING JOPPE W. BOS OCTOBER 2018 INTERNET & MOBILE WORLD 2018 Bucharest PUBLIC Developing Solutions Close to Where Our Customers and Partners Operate
More informationSpatial variations in field data
Chapter 2 Spatial variations in field data This chapter illustrates strong spatial variability in a multi-component surface seismic data set. One of the simplest methods for analyzing variability is looking
More informationSome Cryptanalysis of the Block Cipher BCMPQ
Some Cryptanalysis of the Block Cipher BCMPQ V. Dimitrova, M. Kostadinoski, Z. Trajcheska, M. Petkovska and D. Buhov Faculty of Computer Science and Engineering Ss. Cyril and Methodius University, Skopje,
More informationMath 319 Problem Set #7 Solution 18 April 2002
Math 319 Problem Set #7 Solution 18 April 2002 1. ( 2.4, problem 9) Show that if x 2 1 (mod m) and x / ±1 (mod m) then 1 < (x 1, m) < m and 1 < (x + 1, m) < m. Proof: From x 2 1 (mod m) we get m (x 2 1).
More informationCOMP Online Algorithms. Paging and k-server Problem. Shahin Kamali. Lecture 11 - Oct. 11, 2018 University of Manitoba
COMP 7720 - Online Algorithms Paging and k-server Problem Shahin Kamali Lecture 11 - Oct. 11, 2018 University of Manitoba COMP 7720 - Online Algorithms Paging and k-server Problem 1 / 19 Review & Plan
More informationPermutation Groups. Every permutation can be written as a product of disjoint cycles. This factorization is unique up to the order of the factors.
Permutation Groups 5-9-2013 A permutation of a set X is a bijective function σ : X X The set of permutations S X of a set X forms a group under function composition The group of permutations of {1,2,,n}
More informationLECTURE 7: POLYNOMIAL CONGRUENCES TO PRIME POWER MODULI
LECTURE 7: POLYNOMIAL CONGRUENCES TO PRIME POWER MODULI 1. Hensel Lemma for nonsingular solutions Although there is no analogue of Lagrange s Theorem for prime power moduli, there is an algorithm for determining
More informationNumber Theory and Security in the Digital Age
Number Theory and Security in the Digital Age Lola Thompson Ross Program July 21, 2010 Lola Thompson (Ross Program) Number Theory and Security in the Digital Age July 21, 2010 1 / 37 Introduction I have
More informationInterference: An Information Theoretic View
Interference: An Information Theoretic View David Tse Wireless Foundations U.C. Berkeley ISIT 2009 Tutorial June 28 Thanks: Changho Suh. Context Two central phenomena in wireless communications: Fading
More information(b) In the position given in the figure below, find a winning move, if any. (b) In the position given in Figure 4.2, find a winning move, if any.
Math 5750-1: Game Theory Midterm Exam Mar. 6, 2015 You have a choice of any four of the five problems. (If you do all 5, each will count 1/5, meaning there is no advantage.) This is a closed-book exam,
More informationSingle-Image Shape from Defocus
Single-Image Shape from Defocus José R.A. Torreão and João L. Fernandes Instituto de Computação Universidade Federal Fluminense 24210-240 Niterói RJ, BRAZIL Abstract The limited depth of field causes scene
More informationMath 412: Number Theory Lecture 6: congruence system and
Math 412: Number Theory Lecture 6: congruence system and classes Gexin Yu gyu@wm.edu College of William and Mary Chinese Remainder Theorem Chinese Remainder Theorem: let m 1, m 2,..., m k be pairwise coprimes.
More informationStudent Exploration: Quadratics in Factored Form
Name: Date: Student Exploration: Quadratics in Factored Form Vocabulary: factored form of a quadratic function, linear factor, parabola, polynomial, quadratic function, root of an equation, vertex of a
More informationand problem sheet 7
1-18 and 15-151 problem sheet 7 Solutions to the following five exercises and optional bonus problem are to be submitted through gradescope by 11:30PM on Friday nd November 018. Problem 1 Let A N + and
More informationElevation Matrices of Surfaces
Elevation Matrices of Surfaces Frank Uhlig, Mesgana Hawando Department of Mathematics, Auburn University Auburn, AL 36849 5310, USA uhligfd@auburn.edu www.auburn.edu/ uhligfd hawanmt@auburn.edu [coimbraelmatr04.tex]
More informationAd Hoc Networks - Routing and Security Issues
Ad Hoc Networks - Routing and Security Issues Mahalingam Ramkumar Mississippi State University, MS January 25, 2005 1 2 Some Basic Terms Basic Terms Ad Hoc vs Infrastructured AHN MANET (Mobile Ad hoc NETwork)
More informationMathematics Explorers Club Fall 2012 Number Theory and Cryptography
Mathematics Explorers Club Fall 2012 Number Theory and Cryptography Chapter 0: Introduction Number Theory enjoys a very long history in short, number theory is a study of integers. Mathematicians over
More information