Guaranteeing the diversity of number generators

A major problem in using iterative number generators of the form x_i=f(x_{i-1}) is that they can enter unexpectedly short cycles. This is hard to analyze when the generator is designed, hard to detect in real time when the generator is used, and can have devastating cryptanalytic implications. In this paper we define a measure of security, called_sequence_diversity_, which generalizes the notion of cycle-length for non-iterative generators. We then introduce the class of counter assisted generators, and show how to turn any iterative generator (even a bad one designed or seeded by an adversary) into a counter assisted generator with a provably high diversity, without reducing the quality of generators which are already cryptographically strong.Comment: Small update

EFFICIENT COMPUTER SEARCH FOR MULTIPLE RECURSIVE GENERATORS

Pseudo-random numbers (PRNs) are the basis for almost any statistical simulation and thisdepends largely on the quality of the pseudo-random number generator(PRNG) used. In this study, we used some results from number theory to propose an efficient method to accelerate the computer search of super-order maximum period multiple recursive generators (MRGs). We conduct efficient computer searches and successfully found prime modulus p, and the associated order k; (k = 40751; k = 50551; k = 50873) such that R(k; p) is a prime. Using these values of ks, together with the generalized Mersenne prime algorithm, we found and listed many efficient, portable, and super-order MRGs with period lengths of approximately 10e 380278.1;10e 471730.6; and 10e 474729.3. In other words, using the generalized Mersenne prime algorithm, we extended some known results of some efficient, portable, and maximum period MRGs. In particular, the DX/DL/DS/DT large order generators are extended to super-order generators.For r k, super-order generators in MRG(k,p) are quite close to an ideal generator. Forr \u3e k; the r-dimensional points lie on a relatively small family of equidistant parallel hyperplanesin a high dimensional space. The goodness of these generators depend largely on the distance between these hyperplanes. For LCGs, MRGs, and other generators with lattice structures, the spectral test, which is a theoretical test that gives some measure of uniformity greater than the order k of the MRG, is the most perfect figure of merit. A drawback of the spectral test is its computational complexity. We used a simple and intuitive method that employs the LLL algorithm, to calculate the spectral test. Using this method, we extended the search for better DX-k-s-t farther than the known value of k = 25013: In particular, we searched and listed better super-order DX-k-s-t generators for k = 40751; k = 50551, and k = 50873.Finally, we examined, another special class of MRGs with many nonzero terms known as the DW-k generator. The DW-k generators iteration can be implemented efficiently and in parallel, using a k-th order matrix congruential generator (MCG) sharing the same characteristic polynomial. We extended some known results, by searching for super-order DW-k generators, using our super large k values that we obtained in this study. Using extensive computer searches, we found and listed some super-order, maximum period DW(k; A, B, C, p = 2e 31 - v) generators

When Can Limited Randomness Be Used in Repeated Games?

The central result of classical game theory states that every finite normal form game has a Nash equilibrium, provided that players are allowed to use randomized (mixed) strategies. However, in practice, humans are known to be bad at generating random-like sequences, and true random bits may be unavailable. Even if the players have access to enough random bits for a single instance of the game their randomness might be insufficient if the game is played many times. In this work, we ask whether randomness is necessary for equilibria to exist in finitely repeated games. We show that for a large class of games containing arbitrary two-player zero-sum games, approximate Nash equilibria of the $n$-stage repeated version of the game exist if and only if both players have $\Omega(n)$ random bits. In contrast, we show that there exists a class of games for which no equilibrium exists in pure strategies, yet the $n$-stage repeated version of the game has an exact Nash equilibrium in which each player uses only a constant number of random bits. When the players are assumed to be computationally bounded, if cryptographic pseudorandom generators (or, equivalently, one-way functions) exist, then the players can base their strategies on "random-like" sequences derived from only a small number of truly random bits. We show that, in contrast, in repeated two-player zero-sum games, if pseudorandom generators \emph{do not} exist, then $\Omega(n)$ random bits remain necessary for equilibria to exist

Using classifiers to predict linear feedback shift registers

Proceeding of: IEEE 35th International Carnahan Conference on Security Technology. October 16-19, 2001, LondonPreviously (J.C. Hernandez et al., 2000), some new ideas that justify the use of artificial intelligence techniques in cryptanalysis are presented. The main objective of that paper was to show that the theoretical next bit prediction problem can be transformed into a classification problem, and this classification problem could be solved with the aid of some AI algorithms. In particular, they showed how a well-known classifier called c4.5 could predict the next bit generated by a linear feedback shift register (LFSR, a widely used model of pseudorandom number generator) very efficiently and, most importantly, without any previous knowledge over the model used. The authors look for other classifiers, apart from c4.5, that could be useful in the prediction of LFSRs. We conclude that the selection of c4.5 by Hernandez et al. was adequate, because it shows the best accuracy of all the classifiers tested. However, we have found other classifiers that produce interesting results, and we suggest that these algorithms must be taken into account in the future when trying to predict more complex LFSR-based models. Finally, we show some other properties that make the c4.5 algorithm the best choice for this particular cryptanalytic problem.Publicad

Exploiting chordal structure in polynomial ideals: a Gr\"obner bases approach

Chordal structure and bounded treewidth allow for efficient computation in numerical linear algebra, graphical models, constraint satisfaction and many other areas. In this paper, we begin the study of how to exploit chordal structure in computational algebraic geometry, and in particular, for solving polynomial systems. The structure of a system of polynomial equations can be described in terms of a graph. By carefully exploiting the properties of this graph (in particular, its chordal completions), more efficient algorithms can be developed. To this end, we develop a new technique, which we refer to as chordal elimination, that relies on elimination theory and Gr\"obner bases. By maintaining graph structure throughout the process, chordal elimination can outperform standard Gr\"obner basis algorithms in many cases. The reason is that all computations are done on "smaller" rings, of size equal to the treewidth of the graph. In particular, for a restricted class of ideals, the computational complexity is linear in the number of variables. Chordal structure arises in many relevant applications. We demonstrate the suitability of our methods in examples from graph colorings, cryptography, sensor localization and differential equations.Comment: 40 pages, 5 figure

Approximate Randomization of Quantum States With Fewer Bits of Key

Randomization of quantum states is the quantum analogue of the classical one-time pad. We present an improved, efficient construction of an approximately randomizing map that uses O(d/epsilon^2) Pauli operators to map any d-dimensional state to a state that is within trace distance epsilon of the completely mixed state. Our bound is a log d factor smaller than that of Hayden, Leung, Shor, and Winter (2004), and Ambainis and Smith (2004). Then, we show that a random sequence of essentially the same number of unitary operators, chosen from an appropriate set, with high probability form an approximately randomizing map for d-dimensional states. Finally, we discuss the optimality of these schemes via connections to different notions of pseudorandomness, and give a new lower bound for small epsilon.Comment: 18 pages, Quantum Computing Back Action, IIT Kanpur, March 2006, volume 864 of AIP Conference Proceedings, pages 18--36. Springer, New Yor

Partial-indistinguishability obfuscation using braids

An obfuscator is an algorithm that translates circuits into functionally-equivalent similarly-sized circuits that are hard to understand. Efficient obfuscators would have many applications in cryptography. Until recently, theoretical progress has mainly been limited to no-go results. Recent works have proposed the first efficient obfuscation algorithms for classical logic circuits, based on a notion of indistinguishability against polynomial-time adversaries. In this work, we propose a new notion of obfuscation, which we call partial-indistinguishability. This notion is based on computationally universal groups with efficiently computable normal forms, and appears to be incomparable with existing definitions. We describe universal gate sets for both classical and quantum computation, in which our definition of obfuscation can be met by polynomial-time algorithms. We also discuss some potential applications to testing quantum computers. We stress that the cryptographic security of these obfuscators, especially when composed with translation from other gate sets, remains an open question.Comment: 21 pages,Proceedings of TQC 201