Solving a Class of Modular Polynomial Equations and its Relation to Modular Inversion Hidden Number Problem and Inversive Congruential Generator

In this paper we revisit the modular inversion hidden number problem (MIHNP) and the inversive congruential generator (ICG) and consider how to attack them more efficiently. We consider systems of modular polynomial equations of the form a_{ij}+b_{ij}x_i+c_{ij}x_j+x_ix_j=0 (mod p) and show the relation between solving such equations and attacking MIHNP and ICG. We present three heuristic strategies using Coppersmith\u27s lattice-based root-finding technique for solving the above modular equations. In the first strategy, we use the polynomial number of samples and get the same asymptotic bound on attacking ICG proposed in PKC 2012, which is the best result so far. However, exponential number of samples is required in the work of PKC 2012. In the second strategy, a part of polynomials chosen for the involved lattice are linear combinations of some polynomials and this enables us to achieve a larger upper bound for the desired root. Corresponding to the analysis of MIHNP we give an explicit lattice construction of the second attack method proposed by Boneh, Halevi and Howgrave-Graham in Asiacrypt 2001. We provide better bound than that in the work of PKC 2012 for attacking ICG. Moreover, we propose the third strategy in order to give a further improvement in the involved lattice construction in the sense of requiring fewer samples

Improving Bounds on Elliptic Curve Hidden Number Problem for ECDH Key Exchange

Elliptic Curve Hidden Number Problem (EC-HNP) was first introduced by Boneh, Halevi and Howgrave-Graham at Asiacrypt 2001. To rigorously assess the bit security of the Diffie--Hellman key exchange with elliptic curves (ECDH), the Diffie--Hellman variant of EC-HNP, regarded as an elliptic curve analogy of the Hidden Number Problem (HNP), was presented at PKC 2017. This variant can also be used for practical cryptanalysis of ECDH key exchange in the situation of side-channel attacks. In this paper, we revisit the Coppersmith method for solving the involved modular multivariate polynomials in the Diffie--Hellman variant of EC-HNP and demonstrate that, for any given positive integer $d$, a given sufficiently large prime $p$, and a fixed elliptic curve over the prime field $\mathbb{F}_p$, if there is an oracle that outputs about $\frac{1}{d+1}$ of the most (least) significant bits of the $x$-coordinate of the ECDH key, then one can give a heuristic algorithm to compute all the bits within polynomial time in $\log_2 p$. When $d>1$, the heuristic result $\frac{1}{d+1}$ significantly outperforms both the rigorous bound $\frac{5}{6}$ and heuristic bound $\frac{1}{2}$. Due to the heuristics involved in the Coppersmith method, we do not get the ECDH bit security on a fixed curve. However, we experimentally verify the effectiveness of the heuristics on NIST curves for small dimension lattices

Modeling and simulation of value -at -risk in the financial market area

Value-at-Risk (VaR) is a statistical approach to measure market risk. It is widely used by banks, securities firms, commodity and energy merchants, and other trading organizations. The main focus of this research is measuring and analyzing market risk by modeling and simulation of Value-at-Risk for portfolios in the financial market area. The objectives are (1) predicting possible future loss for a financial portfolio from VaR measurement, and (2) identifying how the distributions of the risk factors affect the distribution of the portfolio. Results from (1) and (2) provide valuable information for portfolio optimization and risk management. The model systems chosen for this study are multi-factor models that relate risk factors to the portfolio\u27s value. Regression analysis techniques are applied to derive linear and quadratic multifactor models for the assets in the portfolio. Time series models, such as ARIMA and state-space, are used to forecast the risk factors of the portfolio. The Monte Carlo simulation process is developed to comprehensively simulate the risk factors according to the four major distributions used to describe data in the financial market. These distributions are: multivariate normal, multivariate t, multivariate skew-normal, and multivariate skew t. The distribution of the portfolio is characterized by combining the multifactor models with the Monte Carlo simulation process. Based on the characterization of the portfolio distribution, any VaR measure of the portfolio can be calculated. The results of the modeling and simulation show that (1) a portfolio may not have the same kind of distribution as the risk factors if the relationship between the portfolio and the risk factors is expressed as a quadratic function; (2) the normal distribution underestimates risk if the real data have a heavy tail and a high peak; and (3) diversification is the best strategy of investment since it reduces the VaR by combining assets together. The computational approach developed in this dissertation can be used for any VaR measurement in any area as long as the relationship between an asset and risk factors can be modeled and the joint distribution of risk factors can be characterized

Relevance of accurate Monte Carlo modeling in nuclear medical imaging

Monte Carlo techniques have become popular in different areas of medical physics with advantage of powerful computing systems. In particular, they have been extensively applied to simulate processes involving random behavior and to quantify physical parameters that are difficult or even impossible to calculate by experimental measurements. Recent nuclear medical imaging innovations such as single-photon emission computed tomography (SPECT), positron emission tomography (PET), and multiple emission tomography (MET) are ideal for Monte Carlo modeling techniques because of the stochastic nature of radiation emission, transport and detection processes. Factors which have contributed to the wider use include improved models of radiation transport processes, the practicality of application with the development of acceleration schemes and the improved speed of computers. This paper presents derivation and methodological basis for this approach and critically reviews their areas of application in nuclear imaging. An overview of existing simulation programs is provided and illustrated with examples of some useful features of such sophisticated tools in connection with common computing facilities and more powerful multiple-processor parallel processing systems. Current and future trends in the field are also discussed

New results on modular inversion hidden number problem and inversive congruential generator

The Modular Inversion Hidden Number Problem (MIHNP), introduced by Boneh, Halevi and Howgrave-Graham in Asiacrypt 2001, is briefly described as follows: Let MSB() refer to the δ most significant bits of z. Given many samples(,MSB((+)−1mod))(ti,MSBδ((α+ti)−1modp)) for random ∈ℤ, the goal is to recover the hidden number ∈ℤ . MIHNP is an important class of Hidden Number Problem. In this paper, we revisit the Coppersmith technique for solving a class of modular polynomial equations, which is respectively derived from the recovering problem of the hidden number α in MIHNP. For any positive integer constant d, let integer =3+(1) . Given a sufficiently large modulus p, n+1 samples of MIHNP, we present a heuristic algorithm to recover the hidden number$$\alpha$$ with a probability close to 1 when/log2>1+1+(1). The overall time complexity of attack is polynomial in log2, where the complexity of the LLL algorithm grows as dO(d) and the complexity of the Gröbner basis computation grows as(2d)O(n2). When >2, this asymptotic bound outperforms /log2>1/3 which is the asymptotic bound proposed by Boneh, Halevi and Howgrave-Graham in Asiacrypt 2001. It is the first time that a better bound for solving MIHNP is given, which implies that the conjecture that MIHNP is hard whenever /log2<1/3 is broken. Moreover, we also get the best result for attacking the Inversive Congruential Generator (ICG) up to now.NRF (Natl Research Foundation, S’pore)MOE (Min. of Education, S’pore)Accepted versio