29 research outputs found
Compilability of Abduction
Abduction is one of the most important forms of reasoning; it has been
successfully applied to several practical problems such as diagnosis. In this
paper we investigate whether the computational complexity of abduction can be
reduced by an appropriate use of preprocessing. This is motivated by the fact
that part of the data of the problem (namely, the set of all possible
assumptions and the theory relating assumptions and manifestations) are often
known before the rest of the problem. In this paper, we show some complexity
results about abduction when compilation is allowed
Comment on "Turbulent heat transport near critical points: Non-Boussinesq effects" (cond-mat/0601398)
In a recent preprint (cond-mat/0601398), D. Funfschilling and G. Ahlers
describe a new effect, that they interpret as non-Boussinesq, in a convection
cell working with ethane, near its critical point. They argue that such an
effect could have spoiled the Chavanne {\it et al.} (Phys. Rev. Lett. {\bf 79}
3648, 1997) results, and not the Niemela {\it et al.} (Nature, {\bf 404}, 837,
2000) ones, which would explain the differences between these two experiments.
We show that:-i)Restricting the Chavanne's data to situations as far from the
critical point than the Niemela's one, the same discrepancy remains.-ii)The
helium data of Chavanne show no indication of the effect observed by D.
Funfschilling and G. Ahlers.Comment: comment on cond-mat/060139
Cryptographic Aspects of Real Hyperelliptic Curves
In this paper, we give an overview of cryptographic applications using real hyperelliptic curves. We review previously proposed cryptographic protocols, and discuss the infrastructure of a real hyperelliptic curve, the mathematical structure underlying all these protocols. We then describe recent improvements to infrastructure arithmetic, including explicit formulas for divisor arithmetic in genus 2; and advances in solving the infrastructure discrete logarithm problem, whose presumed intractability is the basis of security for the related cryptographic protocols
Model Assessment Tools for a Model False World
A standard goal of model evaluation and selection is to find a model that
approximates the truth well while at the same time is as parsimonious as
possible. In this paper we emphasize the point of view that the models under
consideration are almost always false, if viewed realistically, and so we
should analyze model adequacy from that point of view. We investigate this
issue in large samples by looking at a model credibility index, which is
designed to serve as a one-number summary measure of model adequacy. We define
the index to be the maximum sample size at which samples from the model and
those from the true data generating mechanism are nearly indistinguishable. We
use standard notions from hypothesis testing to make this definition precise.
We use data subsampling to estimate the index. We show that the definition
leads us to some new ways of viewing models as flawed but useful. The concept
is an extension of the work of Davies [Statist. Neerlandica 49 (1995)
185--245].Comment: Published in at http://dx.doi.org/10.1214/09-STS302 the Statistical
Science (http://www.imstat.org/sts/) by the Institute of Mathematical
Statistics (http://www.imstat.org
Imaginary Quadratic Class Groups and a Survey of Time-Lock Cryptographic Applications
Imaginary quadratic class groups have been proposed as one of the main hidden-order group candidates for time-lock cryptographic applications such as verifiable delay functions (VDFs). They have the advantage over RSA groups that they do \emph{not} need a trusted setup. However, they have historically been significantly less studied by the cryptographic research community. This survey provides an introduction to the theory of imaginary quadratic class groups and discusses several considerations that need to be taken into account for practical applications. In particular, we describe the relevant computational problems and the main classical and quantum algorithms that can be used to solve them. From this discussion, it follows that choosing a discriminant with prime is one of the most promising ways to pick a class group \CL(\Delta) without the need for a trusted setup, while simultaneously making sure that there are no easy to find elements of low order in \CL(\Delta). We provide experimental data on class groups belonging to discriminants of this form, and compare them to the Cohen-Lenstra heuristics which predict the average behaviour of \CL(\Delta) belonging to a random \emph{fundamental} discriminant. Afterwards, we describe the most prominent constructions of VDFs based on hidden-order groups, and discuss their soundness and sequentiality when implemented in imaginary quadratic class groups. Finally, we briefly touch upon the post-quantum security of VDFs in imaginary quadratic class groups, where the time on can use a fixed group is upper bounded by the runtime of quantum polynomial time order computation algorithms
On the Static Diffie-Hellman Problem on Elliptic Curves over Extension Fields
Recent work by Koblitz and Menezes has highlighted the existence, in some cases, of apparent separations between the hardness of breaking discrete logarithms in a particular group, and the hardness of solving in that group problems to which the security of certain cryptosystems are provably related. We consider one such problem in the context of elliptic curves over extension fields, and report potential weaknesses of the Galbraith-Lin-Scott curves from EUROCRYPT 2009, as well as two very different practical attacks on the Oakley Key Determination Protocol curves
On the Static Diffie-Hellman Problem on Elliptic Curves over Extension Fields
We show that for any elliptic curve E(Fqn ), if an adversary has access to a Static Diffie-Hellman Problem (Static DHP) oracle, then by making O(q1− 1/n+1) Static DHP oracle queries during an initial learning phase, for fixed n > 1 and q → ∞ the adversary can solve any further instance of the Static DHP in heuristic time O˜(q1− 1/n+1). Our proposal also solves the Delayed Target DHP as defined by Freeman, and naturally extends to provide algorithms for solving the Delayed Target DLP, the One-More DHP and One-More DLP, as studied by Koblitz and Menezes in the context of Jacobians of hyperelliptic curves of small genus. We also argue that for any group in which index calculus can be effectively applied, the above problems have a natural relationship, and will always be easier than the DLP. While practical only for very small n, our algorithm reduces the security provided by the elliptic curves defined over Fp2 and Fp4 proposed by Galbraith, Lin and Scott at EUROCRYPT 2009, should they be used in any protocol where a user can be made to act as a proxy Static DHP oracle, or if used in protocols whose security is related to any of the above problems
Explicit Formulas for Real Hyperelliptic Curves of Genus 2 in Affine Representation
We present a complete set of efficient explicit formulas for arithmetic in the degree 0 divisor class group of a genus two real hyperelliptic curve given in affine coordinates. In addition to formulas suitable for curves defined over an arbitrary finite field, we give simplified versions for both the odd and the even characteristic cases. Formulas for baby steps, inverse baby steps, divisor addition, doubling, and special cases such as adding a degenerate divisor are provided, with variations for divisors given in reduced and adapted basis. We describe the improvements and the correctness together with a comprehensive analysis of the number of field operations for each operation. Finally, we perform a direct comparison of cryptographic protocols using explicit formulas for real hyperelliptic curves with the corresponding protocols presented in the imaginary model