12,590 research outputs found
Guaranteeing the diversity of number generators
A major problem in using iterative number generators of the form
x_i=f(x_{i-1}) is that they can enter unexpectedly short cycles. This is hard
to analyze when the generator is designed, hard to detect in real time when the
generator is used, and can have devastating cryptanalytic implications. In this
paper we define a measure of security, called_sequence_diversity_, which
generalizes the notion of cycle-length for non-iterative generators. We then
introduce the class of counter assisted generators, and show how to turn any
iterative generator (even a bad one designed or seeded by an adversary) into a
counter assisted generator with a provably high diversity, without reducing the
quality of generators which are already cryptographically strong.Comment: Small update
EFFICIENT COMPUTER SEARCH FOR MULTIPLE RECURSIVE GENERATORS
Pseudo-random numbers (PRNs) are the basis for almost any statistical simulation and thisdepends largely on the quality of the pseudo-random number generator(PRNG) used. In this study, we used some results from number theory to propose an efficient method to accelerate the computer search of super-order maximum period multiple recursive generators (MRGs). We conduct efficient computer searches and successfully found prime modulus p, and the associated order k; (k = 40751; k = 50551; k = 50873) such that R(k; p) is a prime. Using these values of ks, together with the generalized Mersenne prime algorithm, we found and listed many efficient, portable, and super-order MRGs with period lengths of approximately 10e 380278.1;10e 471730.6; and 10e 474729.3. In other words, using the generalized Mersenne prime algorithm, we extended some known results of some efficient, portable, and maximum period MRGs. In particular, the DX/DL/DS/DT large order generators are extended to super-order generators.For r k, super-order generators in MRG(k,p) are quite close to an ideal generator. Forr \u3e k; the r-dimensional points lie on a relatively small family of equidistant parallel hyperplanesin a high dimensional space. The goodness of these generators depend largely on the distance between these hyperplanes. For LCGs, MRGs, and other generators with lattice structures, the spectral test, which is a theoretical test that gives some measure of uniformity greater than the order k of the MRG, is the most perfect figure of merit. A drawback of the spectral test is its computational complexity. We used a simple and intuitive method that employs the LLL algorithm, to calculate the spectral test. Using this method, we extended the search for better DX-k-s-t farther than the known value of k = 25013: In particular, we searched and listed better super-order DX-k-s-t generators for k = 40751; k = 50551, and k = 50873.Finally, we examined, another special class of MRGs with many nonzero terms known as the DW-k generator. The DW-k generators iteration can be implemented efficiently and in parallel, using a k-th order matrix congruential generator (MCG) sharing the same characteristic polynomial. We extended some known results, by searching for super-order DW-k generators, using our super large k values that we obtained in this study. Using extensive computer searches, we found and listed some super-order, maximum period DW(k; A, B, C, p = 2e 31 - v) generators
When Can Limited Randomness Be Used in Repeated Games?
The central result of classical game theory states that every finite normal
form game has a Nash equilibrium, provided that players are allowed to use
randomized (mixed) strategies. However, in practice, humans are known to be bad
at generating random-like sequences, and true random bits may be unavailable.
Even if the players have access to enough random bits for a single instance of
the game their randomness might be insufficient if the game is played many
times.
In this work, we ask whether randomness is necessary for equilibria to exist
in finitely repeated games. We show that for a large class of games containing
arbitrary two-player zero-sum games, approximate Nash equilibria of the
-stage repeated version of the game exist if and only if both players have
random bits. In contrast, we show that there exists a class of
games for which no equilibrium exists in pure strategies, yet the -stage
repeated version of the game has an exact Nash equilibrium in which each player
uses only a constant number of random bits.
When the players are assumed to be computationally bounded, if cryptographic
pseudorandom generators (or, equivalently, one-way functions) exist, then the
players can base their strategies on "random-like" sequences derived from only
a small number of truly random bits. We show that, in contrast, in repeated
two-player zero-sum games, if pseudorandom generators \emph{do not} exist, then
random bits remain necessary for equilibria to exist
Using classifiers to predict linear feedback shift registers
Proceeding of: IEEE 35th International Carnahan Conference on Security Technology. October 16-19, 2001, LondonPreviously (J.C. Hernandez et al., 2000), some new ideas that justify the use of artificial intelligence techniques in cryptanalysis are presented. The main objective of that paper was to show that the theoretical next bit prediction problem can be transformed into a classification problem, and this classification problem could be solved with the aid of some AI algorithms. In particular, they showed how a well-known classifier called c4.5 could predict the next bit generated by a linear feedback shift register (LFSR, a widely used model of pseudorandom number generator) very efficiently and, most importantly, without any previous knowledge over the model used. The authors look for other classifiers, apart from c4.5, that could be useful in the prediction of LFSRs. We conclude that the selection of c4.5 by Hernandez et al. was adequate, because it shows the best accuracy of all the classifiers tested. However, we have found other classifiers that produce interesting results, and we suggest that these algorithms must be taken into account in the future when trying to predict more complex LFSR-based models. Finally, we show some other properties that make the c4.5 algorithm the best choice for this particular cryptanalytic problem.Publicad
Exploiting chordal structure in polynomial ideals: a Gr\"obner bases approach
Chordal structure and bounded treewidth allow for efficient computation in
numerical linear algebra, graphical models, constraint satisfaction and many
other areas. In this paper, we begin the study of how to exploit chordal
structure in computational algebraic geometry, and in particular, for solving
polynomial systems. The structure of a system of polynomial equations can be
described in terms of a graph. By carefully exploiting the properties of this
graph (in particular, its chordal completions), more efficient algorithms can
be developed. To this end, we develop a new technique, which we refer to as
chordal elimination, that relies on elimination theory and Gr\"obner bases. By
maintaining graph structure throughout the process, chordal elimination can
outperform standard Gr\"obner basis algorithms in many cases. The reason is
that all computations are done on "smaller" rings, of size equal to the
treewidth of the graph. In particular, for a restricted class of ideals, the
computational complexity is linear in the number of variables. Chordal
structure arises in many relevant applications. We demonstrate the suitability
of our methods in examples from graph colorings, cryptography, sensor
localization and differential equations.Comment: 40 pages, 5 figure
Approximate Randomization of Quantum States With Fewer Bits of Key
Randomization of quantum states is the quantum analogue of the classical
one-time pad. We present an improved, efficient construction of an
approximately randomizing map that uses O(d/epsilon^2) Pauli operators to map
any d-dimensional state to a state that is within trace distance epsilon of the
completely mixed state. Our bound is a log d factor smaller than that of
Hayden, Leung, Shor, and Winter (2004), and Ambainis and Smith (2004).
Then, we show that a random sequence of essentially the same number of
unitary operators, chosen from an appropriate set, with high probability form
an approximately randomizing map for d-dimensional states. Finally, we discuss
the optimality of these schemes via connections to different notions of
pseudorandomness, and give a new lower bound for small epsilon.Comment: 18 pages, Quantum Computing Back Action, IIT Kanpur, March 2006,
volume 864 of AIP Conference Proceedings, pages 18--36. Springer, New Yor
Partial-indistinguishability obfuscation using braids
An obfuscator is an algorithm that translates circuits into
functionally-equivalent similarly-sized circuits that are hard to understand.
Efficient obfuscators would have many applications in cryptography. Until
recently, theoretical progress has mainly been limited to no-go results. Recent
works have proposed the first efficient obfuscation algorithms for classical
logic circuits, based on a notion of indistinguishability against
polynomial-time adversaries. In this work, we propose a new notion of
obfuscation, which we call partial-indistinguishability. This notion is based
on computationally universal groups with efficiently computable normal forms,
and appears to be incomparable with existing definitions. We describe universal
gate sets for both classical and quantum computation, in which our definition
of obfuscation can be met by polynomial-time algorithms. We also discuss some
potential applications to testing quantum computers. We stress that the
cryptographic security of these obfuscators, especially when composed with
translation from other gate sets, remains an open question.Comment: 21 pages,Proceedings of TQC 201
- âŠ