6 research outputs found
A Class of Reversible Primitive Recursive Functions
AbstractReversible computing is bi-deterministic which means that its execution is both forward and backward deterministic, i.e. next/previous computational step is uniquely determined. Various approaches exist to catch its extensional or intensional aspects and properties. We present a class RPRF of reversible functions which holds at bay intensional aspects and emphasizes the extensional side of the reversible computation by following the style of Dedekind-Robinson Primitive Recursive Functions. The class RPRF is closed by inversion, can only express bijections on integers — not only natural numbers —, and it is expressive enough to simulate Primitive Recursive Functions, of course, in an effective way
Sofic-Dyck shifts
We define the class of sofic-Dyck shifts which extends the class of
Markov-Dyck shifts introduced by Inoue, Krieger and Matsumoto. Sofic-Dyck
shifts are shifts of sequences whose finite factors form unambiguous
context-free languages. We show that they correspond exactly to the class of
shifts of sequences whose sets of factors are visibly pushdown languages. We
give an expression of the zeta function of a sofic-Dyck shift
Behavioural Preorders on Stochastic Systems - Logical, Topological, and Computational Aspects
Computer systems can be found everywhere: in space, in our homes, in our
cars, in our pockets, and sometimes even in our own bodies. For concerns of
safety, economy, and convenience, it is important that such systems work
correctly. However, it is a notoriously difficult task to ensure that the
software running on computers behaves correctly.
One approach to ease this task is that of model checking, where a model of
the system is made using some mathematical formalism. Requirements expressed in
a formal language can then be verified against the model in order to give
guarantees that the model satisfies the requirements.
For many computer systems, time is an important factor. As such, we need our
formalisms and requirement languages to be able to incorporate real time.
We therefore develop formalisms and algorithms that allow us to compare and
express properties about real-time systems. We first introduce a logical
formalism for reasoning about upper and lower bounds on time, and study the
properties of this formalism, including axiomatisation and algorithms for
checking when a formula is satisfied.
We then consider the question of when a system is faster than another system.
We show that this is a difficult question which can not be answered in general,
but we identify special cases where this question can be answered. We also show
that under this notion of faster-than, a local increase in speed may lead to a
global decrease in speed, and we take step towards avoiding this.
Finally, we consider how to compare the real-time behaviour of systems not
just qualitatively, but also quantitatively. Thus, we are interested in knowing
how much one system is faster or slower than another system. This is done by
introducing a distance between systems. We show how to compute this distance
and that it behaves well with respect to certain properties.Comment: PhD dissertation from Aalborg Universit
Round and computational efficiency of two-party protocols
2016 - 2017A cryptographic protocol is defined by the behaviour of the involved parties and the messages
that those parties send to each other. Beside the functionality and the security that a cryptographic
protocol provides, it is also important that the protocol is efficient. In this thesis
we focus on the efficiency parameters of a cryptographic protocol related to the computational
and round complexity. That is, we are interested in the computational cost that the parties
involved in the protocol have to pay and how many interactions between the parties are required
to securely implement the functionality which we are interested in. Another important aspect
of a cryptographic protocol is related to the computational assumptions required to prove that
the protocol is secure. The aim of this thesis is to improve the state of the art with respect to
some cryptographic functionalities where two parties are involved, by providing new techniques
to construct more efficient cryptographic protocols whose security can be proven by relying on
better cryptographic assumptions.
The thesis is divided in three parts. In the first part we consider Secure Two-Party Computation
(2PC), a cryptographic technique that allows to compute a functionality in a secure
way. More precisely, there are two parties, Alice and Bob, willing to compute the output of a
function f given x and y as input. The values x and y represent the inputs of Alice and Bob
respectively. Moreover, each party wants to keep the input secret while allowing the other party
to correctly compute f(x, y). As a first result, we show the first secure 2PC protocol with black
box simulation, secure under standard and generic assumption, with optimal round complexity
in the simultaneous message exchange model. In the simultaneous message exchange model both
parties can send a message in each round; in the rest of this thesis we assume the in each round
only one party can send a message.
We advance the state of the art in secure 2PC also in a relaxed setting. More precisely, in this
setting a malicious party that attacks the protocol to understand the secret input of the honest
party, is forced to follow the protocol description. Moreover, we consider the case in which the
parties want to compute in a secure way the Set-Membership functionality. Such a functionality
allows to check whether an element belongs to a set or not. The proposed protocol improves the
state of the art both in terms of performance and generality. In the second part of the thesis
we show the first 4-round concurrent non-malleable commitment under one-way functions. A
commitment scheme allows the sender to send an encrypted message, called commitment, in
such a way that the message inside the commitment cannot be opened until that an opening
information is provided by the sender. Moreover, there is a unique way in which the commitment
can be open. In this thesis we consider the case in which the sender sends the commitment (e.g.
trough a computer network) that can be eavesdropped by an adversary. In this setting the
adversary can catch the commitment C and modify it thus obtaining a new commitment C0
that contains a message related to the content of C. A non-malleable commitment scheme
prevents such attack, and our scheme can be proved secure even in the case that the adversary
can eavesdrop multiple commitments and in turn, compute and send multiple commitments.
The last part of the thesis concerns proof systems. Let us consider an NP-language, like
the language of graph Hamiltonicity. A proof system allows an entity called prover to prove
that a certain graph (instance) contains a Hamiltonian cycle (witness) to another entity called
verifier. A proof system can be easily instantiated in one round by letting the prover to send
the cycle to the verifier. What we actually want though, is a protocol in which the prover is able
to convince the verifier that a certain graph belongs to the language of graph Hamiltonicity, but
in such a way that no information about the cycle is leaked to the verifier. This kind of proof
systems are called Zero Knowledge. In this thesis we show a non-interactive Zero-Knowledge
proof system, under the assumption that both prover and verifier have access to some honestly
generated common reference string (CRS). The provided construction improves the state of the
art both in terms of efficiency and generality. We consider also the scenario in which prover
and verifier do not have access to some honestly generated information and study the notion of
Witness Indistinguishability. This notion considers instances that admit more than one witness,
e.g. graphs that admit two distinct Hamiltonian cycle (as for the notion of Zero Knowledge,
the notion of Witness Indistinguishability makes sense for all the languages in NP, but for
ease of exposition we keep focusing our attention of the language of graph Hamiltonicity). The
security notion of Witness-Indistinguishability ensures that a verifier, upon receiving a proof
from a prover, is not able to figure out which one of the two Hamiltonian cycles has been used
by the prover to compute the proof. Even though the notion of Witness Indistinguishability is
weaker than the notion of Zero Knowledge, Witness Indistinguishability is widely used in many
cryptographic applications. Moreover, given that a Witness-Indistinguishable protocol can be
constructed using just three rounds of communication compared to the four rounds required to
obtain Zero Knowledge (with black-box simulation), the use of Zero-Knowledge as a building
block to construct a protocol with an optimal number of rounds is sometimes prohibitive. Always
in order to provide a good building block to construct more complicated cryptographic protocols
with a nice round complexity, a useful property is the so called Delayed-Input property. This
property allows the prover to compute all but the last round of the protocol without knowing
the instance nor the witness. Also, the Delayed-Input property allows the verifier to interact
with the prover without knowing the instance at all (i.e. the verifier needs the instance just to
decide whether to accept or not the proof received by the prover). In this thesis we provide the
first efficient Delayed-Input Witness-Indistinguishable proof system that consists of just three
round of communication. [edited by author]XVI n.s