On Formal Expressions of BRW-polynomials

Algebraic expressions of the Bernstein-Rabin-Winograd-polynomials, when defined over the field of the rational numbers, are obtained by recursion

Continuous Family of Invariant Subspaces for R-diagonal Operators

We show that every R-diagonal operator x has a continuous family of invariant subspaces relative to the von Neumann algebra generated by x. This allows us to find the Brown measure of x and to find a new conceptual proof that Voiculescu's S-transform is multiplicative. Our considerations base on a new concept of R-diagonality with amalgamation, for which we give several equivalent characterizations.Comment: 35 page

Deformation Quantization: Genesis, Developments and Metamorphoses

We start with a short exposition of developments in physics and mathematics that preceded, formed the basis for, or accompanied, the birth of deformation quantization in the seventies. We indicate how the latter is at least a viable alternative, autonomous and conceptually more satisfactory, to conventional quantum mechanics and mention related questions, including covariance and star representations of Lie groups. We sketch Fedosov's geometric presentation, based on ideas coming from index theorems, which provided a beautiful frame for developing existence and classification of star-products on symplectic manifolds. We present Kontsevich's formality, a major metamorphosis of deformation quantization, which implies existence and classification of star-products on general Poisson manifolds and has numerous ramifications. Its alternate proof using operads gave a new metamorphosis which in particular showed that the proper context is that of deformations of algebras over operads, while still another is provided by the extension from differential to algebraic geometry. In this panorama some important aspects are highlighted by a more detailed account.Comment: Latex file. 40 pages with 2 figures. To appear in: Proceedings of the meeting between mathematicians and theoretical physicists, Strasbourg, 2001. IRMA Lectures in Math. Theoret. Phys., vol. 1, Walter De Gruyter, Berlin 2002, pp. 9--5

FAST: Disk Encryption and Beyond

This work introduces \sym{FAST} which is a new family of tweakable enciphering schemes. Several instantiations of \sym{FAST} are described. These are targeted towards two goals, the specific task of disk encryption and a more general scheme suitable for a wide variety of practical applications. A major contribution of this work is to present detailed and careful software implementations of all of these instantiations. For disk encryption, the results from the implementations show that \sym{FAST} compares very favourably to the IEEE disk encryption standards XCB and EME2 as well as the more recent proposal AEZ. \sym{FAST} is built using a fixed input length pseudo-random function and an appropriate hash function. It uses a single-block key, is parallelisable and can be instantiated using only the encryption function of a block cipher. The hash function can be instantiated using either the Horner\u27s rule based usual polynomial hashing or hashing based on the more efficient Bernstein-Rabin-Winograd polynomials. Security of \sym{FAST} has been rigorously analysed using the standard provable security approach and concrete security bounds have been derived. Based on our implementation results, we put forward \sym{FAST} as a serious candidate for standardisation and deployment

Ubiquitous Weak-key Classes of BRW-polynomial Function

BRW-polynomial function is suggested as a preferred alternative of polynomial function, owing to its high efficiency and seemingly non-existent weak keys. In this paper we investigate the weak-key issue of BRW-polynomial function as well as BRW-instantiated cryptographic schemes. Though, in BRW-polynomial evaluation, the relationship between coefficients and input blocks is indistinct, we give out a recursive algorithm to compute another $(2^{v+1}-1)$-block message, for any given $(2^{v+1}-1)$-block message, such that their output-differential through BRW-polynomial evaluation, equals any given $s$-degree polynomial, where $v\ge\lfloor\log_2(s+1)\rfloor$. With such algorithm, we illustrate that any non-empty key subset is a weak-key class in BRW-polynomial function. Moreover any key subset of BRW-polynomial function, consisting of at least $2$ keys, is a weak-key class in BRW-instantiated cryptographic schemes like the Wegman-Carter scheme, the UHF-then-PRF scheme, DCT, etc. Especially in the AE scheme DCT, its confidentiality, as well as its integrity, collapses totally, when using weak keys of BRW-polynomial function, which are ubiquitous

Consistent Estimation of Linear Regression Models Using Matched Data

Economists often use matched samples, especially when dealing with earnings data where a number of missing observations need to be imputed. In this paper, we demonstrate that the ordinary least squares estimator of the linear regression model using matched samples is inconsistent and has a nonstandard convergence rate to its probability limit. If only a few variables are used to impute the missing data, then it is possible to correct for the bias. We propose two semiparametric bias-corrected estimators and explore their asymptotic properties. The estimators have an indirect-inference interpretation and they attain the parametric convergence rate if the number of matching variables is no greater than three. Monte Carlo simulations confirm that the bias correction works very well in such cases

A Uniform Class of Weak Keys for Universal Hash Functions

In this paper we investigate weak keys of universal hash functions (UHFs) from their combinatorial properties. We find that any UHF has a general class of keys, which makes the combinatorial properties totally disappear, and even compromises the security of the UHF-based schemes, such as the Wegman-Carter scheme, the UHF-then-PRF scheme, etc. By this class of keys, we actually get a general method to search weak-key classes of UHFs, which is able to derive all previous weak-key classes of UHFs found by intuition or experience. Moreover we give a weak-key class of the BRW polynomial function which was once believed to have no weak-key issue, and exploit such weak keys to implement a distinguish attack and a forgery attack against DTC - a BRW-based authentication encryption scheme. Furthermore in Grain-128a, with the linear structure revealed by weak-key classes of its UHF, we can recover any first $(32+b)$ bits of the UHF key, spending no more than $1$ encryption and $(2^{32} + b)$ decryption queries