Proceeding seminar ICABS di Malaysia

proceeding seminar internasiona

How to Sequentialize Independent Parallel Attacks? - Biased Distributions Have a Phase Transition

We assume a scenario where an attacker can mount several independent attacks on a single CPU. Each attack can be run several times in independent ways. Each attack can succeed after a given number of steps with some given and known probability. A natural question is to wonder what is the optimal strategy to run steps of the attacks in a sequence. In this paper, we develop a formalism to tackle this problem. When the number of attacks is infinite, we show that there is a magic number of steps m such that the optimal strategy is to run an attack for m steps and to try again with another attack until one succeeds. We also study the case of a finite number of attacks. We describe this problem when the attacks are exhaustive key searches, but the result is more general. We apply our result to the learning parity with noise (LPN) problem and the password search problem. Although the optimal m decreases as the distribution is more biased, we observe a phase transition in all cases: the decrease is very abrupt from m corresponding to exhaustive search on a single target to m = 1 corresponding to running a single step of the attack on each target. For all practical biased examples, we show that the best strategy is to use m = 1. For LPN, this means to guess that the noise vector is 0 and to solve the secret by Gaussian elimination. This is actually better than all variants of the Blum-Kalai-Wasserman (BKW) algorithm

Pseudorandom sequence generation using binary cellular automata

Tezin basılısı İstanbul Şehir Üniversitesi Kütüphanesi'ndedir.Random numbers are an integral part of many applications from computer simulations, gaming, security protocols to the practices of applied mathematics and physics. As randomness plays more critical roles, cheap and fast generation methods are becoming a point of interest for both scientific and technological use. Cellular Automata (CA) is a class of functions which attracts attention mostly due to the potential it holds in modeling complex phenomena in nature along with its discreteness and simplicity. Several studies are available in the literature expressing its potentiality for generating randomness and presenting its advantages over commonly used random number generators. Most of the researches in the CA field focus on one-dimensional 3-input CA rules. In this study, we perform an exhaustive search over the set of 5-input CA to find out the rules with high randomness quality. As the measure of quality, the outcomes of NIST Statistical Test Suite are used. Since the set of 5-input CA rules is very large (including more than 4.2 billions of rules), they are eliminated by discarding poor-quality rules before testing. In the literature, generally entropy is used as the elimination criterion, but we preferred mutual information. The main motive behind that choice is to find out a metric for elimination which is directly computed on the truth table of the CA rule instead of the generated sequence. As the test results collected on 3- and 4-input CA indicate, all rules with very good statistical performance have zero mutual information. By exploiting this observation, we limit the set to be tested to the rules with zero mutual information. The reasons and consequences of this choice are discussed. In total, more than 248 millions of rules are tested. Among them, 120 rules show out- standing performance with all attempted neighborhood schemes. Along with these tests, one of them is subjected to a more detailed testing and test results are included. Keywords: Cellular Automata, Pseudorandom Number Generators, Randomness TestsContents Declaration of Authorship ii Abstract iii Öz iv Acknowledgments v List of Figures ix List of Tables x 1 Introduction 1 2 Random Number Sequences 4 2.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.2 Theoretical Approaches to Randomness . . . . . . . . . . . . . . . . . . . 5 2.2.1 Information Theory . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.2.2 Complexity Theory . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 2.2.3 Computability Theory . . . . . . . . . . . . . . . . . . . . . . . . . 6 2.3 Random Number Generator Classification . . . . . . . . . . . . . . . . . . 7 2.3.1 Physical TRNGs . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 2.3.2 Non-Physical TRNGs . . . . . . . . . . . . . . . . . . . . . . . . . 9 2.3.3 Pseudorandom Number Generators . . . . . . . . . . . . . . . . . . 10 2.3.3.1 Generic Design of Pseudorandom Number Generators . . 10 2.3.3.2 Cryptographically Secure Pseudorandom Number Gener- ators . . . . . . . . . . . . . .11 2.3.4 Hybrid Random Number Generators . . . . . . . . . . . . . . . . . 13 2.4 A Comparison between True and Pseudo RNGs . . . . . . . . . . . . . . . 14 2.5 General Requirements on Random Number Sequences . . . . . . . . . . . 14 2.6 Evaluation Criteria of PRNGs . . . . . . . . . . . . . . . . . . . . . . . . . 16 2.7 Statistical Test Suites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 2.8 NIST Test Suite . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 2.8.1 Hypothetical Testing . . . . . . . . . . . . . . . . . . . . . . . . . . 18 2.8.2 Tests in NIST Test Suite . . . . . . . . . . . . . . . . . . . . . . . . 20 2.8.2.1 Frequency Test . . . . . . . . . . . . . . . . . . . . . . . . 20 2.8.2.2 Block Frequency Test . . . . . . . . . . . . . . . . . . . . 20 2.8.2.3 Runs Test . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 2.8.2.4 Longest Run of Ones in a Block . . . . . . . . . . . . . . 21 2.8.2.5 Binary Matrix Rank Test . . . . . . . . . . . . . . . . . . 21 2.8.2.6 Spectral Test . . . . . . . . . . . . . . . . . . . . . . . . . 22 2.8.2.7 Non-overlapping Template Matching Test . . . . . . . . . 22 2.8.2.8 Overlapping Template Matching Test . . . . . . . . . . . 22 2.8.2.9 Universal Statistical Test . . . . . . . . . . . . . . . . . . 23 2.8.2.10 Linear Complexity Test . . . . . . . . . . . . . . . . . . . 23 2.8.2.11 Serial Test . . . . . . . . . . . . . . . . . . . . . . . . . . 24 2.8.2.12 Approximate Entropy Test . . . . . . . . . . . . . . . . . 24 2.8.2.13 Cumulative Sums Test . . . . . . . . . . . . . . . . . . . . 24 2.8.2.14 Random Excursions Test . . . . . . . . . . . . . . . . . . 24 2.8.2.15 Random Excursions Variant Test . . . . . . . . . . . . . . 25 3 Cellular Automata 26 3.1 History of Cellular Automata . . . . . . . . . . . . . . . . . . . . . . . .26 3.1.1 von Neumann’s Work . . . . . . . . . . . . . . . . . . . . . . . . . 27 3.1.2 Conway’s Life . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 3.1.3 Wolfram’s Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 3.2 Cellular Automata and the Definitive Parameters . . . . . . . . . . . . . . 31 3.2.1 Lattice Geometry . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 3.2.2 Cell Content . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 3.2.3 Guiding Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 3.2.4 Neighborhood Scheme . . . . . . . . . . . . . . . . . . . . . . . . . 36 3.3 A Formal Definition of Cellular Automata . . . . . . . . . . . . . . . . . . 37 3.4 Elementary Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 3.5 Rule Families . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 3.6 Producing Randomness via Cellular Automata . . . . . . . . . . . . . . . 42 3.6.1 CA-Based PRNGs . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 3.6.2 Balancedness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 3.6.3 Mutual Information . . . . . . . . . . . . . . . . . . . . . . . . . . 44 3.6.4 Entropy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 4 Test Results 47 4.1 Output of a Statistical Test . . . . . . . . . . . . . . . . . . . . . . . . . . 48 4.2 Testing Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 4.3 Interpretation of the Test Results . . . . . . . . . . . . . . . . . . . . . . . 49 4.3.1 Rate of success over all trials . . . . . . . . . . . . . . . . . . . . . 49 4.3.2 Distribution of P-values . . . . . . . . . . . . . . . . . . . . . . . . 50 4.4 Testing over a big space of functions . . . . . . . . . . . . . . . . . . . . . 50 4.5 Our Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 4.6 Results and Observations . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 4.6.1 Change in State Width . . . . . . . . . . . . . . . . . . . . . . . . 53 4.6.2 Change in Neighborhood Scheme . . . . . . . . . . . . . . . . . . . 53 4.6.3 Entropy vs. Statistical Quality . . . . . . . . . . . . . . . . . . . . 58 4.6.4 Mutual Information vs. Statistical Quality . . . . . . . . . . . . . . 60 4.6.5 Entropy vs. Mutual Information . . . . . . . . . . . . . . . . . . . 62 4.6.6 Overall Test Results of 4- and 5-input CA . . . . . . . . . . . . . . 6 4.7 The simplest rule: 1435932310 . . . . . . . . . . . . . . . . . . . . . . . . . 68 5 Conclusion 74 A Test Results for Rule 30 and Rule 45 77 B 120 Rules with their Shortest Boolean Formulae 80 Bibliograph

LPN in Cryptography:an Algorithmic Study

The security of public-key cryptography relies on well-studied hard problems, problems for which we do not have efficient algorithms. Factorization and discrete logarithm are the two most known and used hard problems. Unfortunately, they can be easily solved on a quantum computer by Shor's algorithm. Also, the research area of cryptography demands for crypto-diversity which says that we should offer a range of hard problems for public-key cryptography. If one hard problem proves to be easy, we should be able to provide alternative solutions. Some of the candidates for post-quantum hard problems, i.e. problems which are believed to be hard even on a quantum computer, are the Learning Parity with Noise (LPN), the Learning with Errors (LWE) and the Shortest Vector Problem (SVP). A thorough study of these problems is needed in order to assess their hardness. In this thesis we focus on the algorithmic study of LPN. LPN is a hard problem that is attractive, as it is believed to be post-quantum resistant and suitable for lightweight devices. In practice, it has been employed in several encryption schemes and authentication protocols. At the beginning of this thesis, we take a look at the existing LPN solving algorithms. We provide the theoretical analysis that assesses their complexity. We compare the theoretical results with practice by implementing these algorithms. We study the efficiency of all LPN solving algorithms which allow us to provide secure parameters that can be used in practice. We push further the state of the art by improving the existing algorithms with the help of two new frameworks. In the first framework, we split an LPN solving algorithm into atomic steps. We study their complexity, how they impact the other steps and we construct an algorithm that optimises their use. Given an LPN instance that is characterized by the noise level and the secret size, our algorithm provides the steps to follow in order to solve the instance with optimal complexity. In this way, we can assess if an LPN instance provides the security we require and we show what are the secure instances for the applications that rely on LPN. The second framework handles problems that can be decomposed into steps of equal complexity. Here, we assume that we have an adversary that has access to a finite or infinite number of instances of the same problem. The goal of the adversary is to succeed in just one instance as soon as possible. Our framework provides the strategy that achieves this. We characterize an LPN solving algorithm in this framework and show that we can improve its complexity in the scenario where the adversary is restricted. We show that other problems, like password guessing, can be modeled in the same framework