1,930 research outputs found
An Improved Affine Equivalence Algorithm for Random Permutations
In this paper we study the affine equivalence problem, where given two functions , the goal is to determine whether there exist invertible affine transformations over such that . Algorithms for this problem have several well-known applications in the design and analysis of Sboxes, cryptanalysis of white-box ciphers and breaking a generalized Even-Mansour scheme.
We describe a new algorithm for the affine equivalence problem and focus on the variant where are permutations over -bit words, as it has the widest applicability. The complexity of our algorithm is about bit operations with very high probability whenever (or is a random permutation. This improves upon the best known algorithms for this problem (published by Biryukov et al. at EUROCRYPT 2003), where the first algorithm has time complexity of and the second has time complexity of about and roughly the same memory complexity.
Our algorithm is based on a new structure (called a \emph{rank table}) which is used to analyze particular algebraic properties of a function that remain invariant under invertible affine transformations. Besides its standard application in our new algorithm, the rank table is of independent interest and we discuss several of its additional potential applications
Generalized Permutohedra from Probabilistic Graphical Models
A graphical model encodes conditional independence relations via the Markov
properties. For an undirected graph these conditional independence relations
can be represented by a simple polytope known as the graph associahedron, which
can be constructed as a Minkowski sum of standard simplices. There is an
analogous polytope for conditional independence relations coming from a regular
Gaussian model, and it can be defined using multiinformation or relative
entropy. For directed acyclic graphical models and also for mixed graphical
models containing undirected, directed and bidirected edges, we give a
construction of this polytope, up to equivalence of normal fans, as a Minkowski
sum of matroid polytopes. Finally, we apply this geometric insight to construct
a new ordering-based search algorithm for causal inference via directed acyclic
graphical models.Comment: Appendix B is expanded. Final version to appear in SIAM J. Discrete
Mat
On the Derivative Imbalance and Ambiguity of Functions
In 2007, Carlet and Ding introduced two parameters, denoted by and
, quantifying respectively the balancedness of general functions
between finite Abelian groups and the (global) balancedness of their
derivatives , (providing an
indicator of the nonlinearity of the functions). These authors studied the
properties and cryptographic significance of these two measures. They provided
for S-boxes inequalities relating the nonlinearity to ,
and obtained in particular an upper bound on the nonlinearity which unifies
Sidelnikov-Chabaud-Vaudenay's bound and the covering radius bound. At the
Workshop WCC 2009 and in its postproceedings in 2011, a further study of these
parameters was made; in particular, the first parameter was applied to the
functions where is affine, providing more nonlinearity parameters.
In 2010, motivated by the study of Costas arrays, two parameters called
ambiguity and deficiency were introduced by Panario \emph{et al.} for
permutations over finite Abelian groups to measure the injectivity and
surjectivity of the derivatives respectively. These authors also studied some
fundamental properties and cryptographic significance of these two measures.
Further studies followed without that the second pair of parameters be compared
to the first one.
In the present paper, we observe that ambiguity is the same parameter as
, up to additive and multiplicative constants (i.e. up to rescaling). We
make the necessary work of comparison and unification of the results on ,
respectively on ambiguity, which have been obtained in the five papers devoted
to these parameters. We generalize some known results to any Abelian groups and
we more importantly derive many new results on these parameters
Quantum Sign Permutation Polytopes
Convex polytopes are convex hulls of point sets in the -dimensional space
\E^n that generalize 2-dimensional convex polygons and 3-dimensional convex
polyhedra. We concentrate on the class of -dimensional polytopes in \E^n
called sign permutation polytopes. We characterize sign permutation polytopes
before relating their construction to constructions over the space of quantum
density matrices. Finally, we consider the problem of state identification and
show how sign permutation polytopes may be useful in addressing issues of
robustness
An efficient implementation of a test for EA-equivalence
We implement an algorithm for testing EA-equivalence between vectorial Boolean functions proposed by Kaleyski in the C programming language, and observe that it reduces the running time (as opposed to the original Magma implementation of the algorithm) necessary to decide equivalence up to 300 times in many cases. Our implementation also significantly reduces the memory usage, and makes it possible to run the algorithms for dimensions from 10 onwards, which was impossible using the original implementation due to its memory consumption. Our approach allows us to reconstruct the exact form of the equivalence and to prove that two given functions are equivalent (for comparison, computing invariants for the functions, which is the approach typically used in practice, only allows us to show that two functions are not equivalent). Furthermore, our approach works for functions of any algebraic degree, while most existing approaches (such as invariants and other algorithms for EA-equivalence) are restricted to the quadratic case. We then adapt Kaleyskiâs algorithm to test for linear and affine equivalence instead of EA-equivalence. We supply an implementation in C of this procedure as well. As an application, we show how this method can be used to test quadratic APN functions for EA-equivalence through the linear equivalence of their orthoderivatives. We observe that by taking this approach, we can reduce the time necessary for deciding EA-equivalence up to 20 times (as compared with our efficient C implementation from the previous paragraph). The downside compared to Kaleyskiâs original algorithm is that this faster method makes it difficult to recover the exact form of the EA-equivalence between the tested APN functions. We confirm this by running some computational experiments in dimension 6, and observing that only one out of all possible linear equivalences between the orthoderivatives corresponds to the EA-equivalence between the APN functions in question. To the best of our knowledge, this is the first investigation into the exact relationship between the EA-equivalence of quadratic APN functions and the affine equivalence of their orthoderivatives given in the literature.Masteroppgave i informatikkINF399MAMN-INFMAMN-PRO
- âŚ