Efficient computing of n-dimensional simultaneous Diophantine approximation problems

In this paper we consider two algorithmic problems of simultaneous Diophantine approximations. The first algorithm produces a full solution set for approximating an irrational number with rationals with common denominators from a given interval. The second one aims at finding as many simultaneous solutions as possible in a given time unit. All the presented algorithms are implemented, tested and the PariGP version made publicly available

Self-healing high-dimensional quantum key distribution using hybrid spin-orbit Bessel states

Using spatial modes for quantum key distribution (QKD) has become highly topical due to their infinite dimensionality, promising high information capacity per photon. However, spatial distortions reduce the feasible secret key rates and compromise the security of a quantum channel. In an extreme form such a distortion might be a physical obstacle, impeding line-of-sight for free-space channels. Here, by controlling the radial degree of freedom of a photon's spatial mode, we are able to demonstrate hybrid high-dimensional QKD through obstacles with self-reconstructing single photons. We construct high-dimensional mutually unbiased bases using spin-orbit hybrid states that are radially modulated with a non-diffracting Bessel-Gaussian (BG) profile, and show secure transmission through partially obstructed quantum links. Using a prepare-measure protocol we report higher quantum state self-reconstruction and information retention for the non-diffracting BG modes as compared to Laguerre-Gaussian modes, obtaining a quantum bit error rate (QBER) that is up to 3 times lower. This work highlights the importance of controlling the radial mode of single photons in quantum information processing and communication as well as the advantages of QKD with hybrid states.Comment: Published version, 15 pages, 6 figures, 2 table

TOPICS IN COMPUTATIONAL NUMBER THEORY AND CRYPTANALYSIS - On Simultaneous Chinese Remaindering, Primes, the MiNTRU Assumption, and Functional Encryption

This thesis reports on four independent projects that lie in the intersection of mathematics, computer science, and cryptology: Simultaneous Chinese Remaindering: The classical Chinese Remainder Problem asks to find all integer solutions to a given system of congruences where each congruence is defined by one modulus and one remainder. The Simultaneous Chinese Remainder Problem is a direct generalization of its classical counterpart where for each modulus the single remainder is replaced by a non-empty set of remainders. The solutions of a Simultaneous Chinese Remainder Problem instance are completely defined by a set of minimal positive solutions, called primitive solutions, which are upper bounded by the lowest common multiple of the considered moduli. However, contrary to its classical counterpart, which has at most one primitive solution, the Simultaneous Chinese Remainder Problem may have an exponential number of primitive solutions, so that any general-purpose solving algorithm requires exponential time. Furthermore, through a direct reduction from the 3-SAT problem, we prove first that deciding whether a solution exists is NP-complete, and second that if the existence of solutions is guaranteed, then deciding whether a solution of a particular size exists is also NP-complete. Despite these discouraging results, we studied methods to find the minimal solution to Simultaneous Chinese Remainder Problem instances and we discovered some interesting statistical properties. A Conjecture On Primes In Arithmetic Progressions And Geometric Intervals: Dirichlet’s theorem on primes in arithmetic progressions states that for any positive integer q and any coprime integer a, there are infinitely many primes in the arithmetic progression a + nq (n ∈ N), however, it does not indicate where those primes can be found. Linnik’s theorem predicts that the first such prime p0 can be found in the interval [0;q^L] where L denotes an absolute and explicitly computable constant. Albeit only L = 5 has been proven, it is widely believed that L ≤ 2. We generalize Linnik’s theorem by conjecturing that for any integers q ≥ 2, 1 ≤ a ≤ q − 1 with gcd(q, a) = 1, and t ≥ 1, there exists a prime p such that p ∈ [q^t;q^(t+1)] and p ≡ a mod q. Subsequently, we prove the conjecture for all sufficiently large exponent t, we computationally verify it for all sufficiently small modulus q, and we investigate its relation to other mathematical results such as Carmichael’s totient function conjecture. On The (M)iNTRU Assumption Over Finite Rings: The inhomogeneous NTRU (iNTRU) assumption is a recent computational hardness assumption, which claims that first adding a random low norm error vector to a known gadget vector and then multiplying the result with a secret vector is sufficient to obfuscate the considered secret vector. The matrix inhomogeneous NTRU (MiNTRU) assumption essentially replaces vectors with matrices. Albeit those assumptions strongly remind the well-known learning-with-errors (LWE) assumption, their hardness has not been studied in full detail yet. We provide an elementary analysis of the corresponding decision assumptions and break them in their basis case using an elementary q-ary lattice reduction attack. Concretely, we restrict our study to vectors over finite integer rings, which leads to a problem that we call (M)iNTRU. Starting from a challenge vector, we construct a particular q-ary lattice that contains an unusually short vector whenever the challenge vector follows the (M)iNTRU distribution. Thereby, elementary lattice reduction allows us to distinguish a random challenge vector from a synthetically constructed one. A Conditional Attack Against Functional Encryption Schemes: Functional encryption emerged as an ambitious cryptographic paradigm supporting function evaluations over encrypted data revealing the result in plain. Therein, the result consists either in a valid output or a special error symbol. We develop a conditional selective chosen-plaintext attack against the indistinguishability security notion of functional encryption. Intuitively, indistinguishability in the public-key setting is based on the premise that no adversary can distinguish between the encryptions of two known plaintext messages. As functional encryption allows us to evaluate functions over encrypted messages, the adversary is restricted to evaluations resulting in the same output only. To ensure consistency with other primitives, the decryption procedure of a functional encryption scheme is allowed to fail and output an error. We observe that an adversary may exploit the special role of these errors to craft challenge messages that can be used to win the indistinguishability game. Indeed, the adversary can choose the messages such that their functional evaluation leads to the common error symbol, but their intermediate computation values differ. A formal decomposition of the underlying functionality into a mathematical function and an error trigger reveals this dichotomy. Finally, we outline the impact of this observation on multiple DDH-based inner-product functional encryption schemes when we restrict them to bounded-norm evaluations only

Time-Delay Switch Attack on Networked Control Systems, Effects and Countermeasures

In recent years, the security of networked control systems (NCSs) has been an important challenge for many researchers. Although the security schemes for networked control systems have advanced in the past several years, there have been many acknowledged cyber attacks. As a result, this dissertation proposes the use of a novel time-delay switch (TDS) attack by introducing time delays into the dynamics of NCSs. Such an attack has devastating effects on NCSs if prevention techniques and countermeasures are not considered in the design of these systems. To overcome the stability issue caused by TDS attacks, this dissertation proposes a new detector to track TDS attacks in real time. This method relies on an estimator that will estimate and track time delays introduced by a hacker. Once a detector obtains the maximum tolerable time delay of a plant’s optimal controller (for which the plant remains secure and stable), it issues an alarm signal and directs the system to its alarm state. In the alarm state, the plant operates under the control of an emergency controller that can be local or networked to the plant and remains in this stable mode until the networked control system state is restored. In another effort, this dissertation evaluates different control methods to find out which one is more stable when under a TDS attack than others. Also, a novel, simple and effective controller is proposed to thwart TDS attacks on the sensing loop (SL). The modified controller controls the system under a TDS attack. Also, the time-delay estimator will track time delays introduced by a hacker using a modified model reference-based control with an indirect supervisor and a modified least mean square (LMS) minimization technique. Furthermore, here, the demonstration proves that the cryptographic solutions are ineffective in the recovery from TDS attacks. A cryptography-free TDS recovery (CF-TDSR) communication protocol enhancement is introduced to leverage the adaptive channel redundancy techniques, along with a novel state estimator to detect and assist in the recovery of the destabilizing effects of TDS attacks. The conclusion shows how the CF-TDSR ensures the control stability of linear time invariant systems

On the hardness of the shortest vector problem

Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 1998.Includes bibliographical references (p. 77-84).An n-dimensional lattice is the set of all integral linear combinations of n linearly independent vectors in Rm. One of the most studied algorithmic problems on lattices is the shortest vector problem (SVP): given a lattice, find the shortest non-zero vector in it. We prove that the shortest vector problem is NP-hard (for randomized reductions) to approximate within some constant factor greater than 1 in any 1, norm (p >\=1). In particular, we prove the NP-hardness of approximating SVP in the Euclidean norm 12 within any factor less than [square root of]2. The same NP-hardness results hold for deterministic non-uniform reductions. A deterministic uniform reduction is also given under a reasonable number theoretic conjecture concerning the distribution of smooth numbers. In proving the NP-hardness of SVP we develop a number of technical tools that might be of independent interest. In particular, a lattice packing is constructed with the property that the number of unit spheres contained in an n-dimensional ball of radius greater than 1 + [square root of] 2 grows exponentially in n, and a new constructive version of Sauer's lemma (a combinatorial result somehow related to the notion of VC-dimension) is presented, considerably simplifying all previously known constructions.by Daniele Micciancio.Ph.D

Numerical computing of extremely large values of the Riemann-Siegel Z-function

A PhD értekezés egy olyan hatékony algoritmust mutat be, amely a Riemann-Siegel Z-függvény kiugró értékeinek meghatározására szolgál. A Riemann-féle zeta függvény nagyon fontos szerepet játszik a matematika és a fizika különböző területein. A zeta függvény kritikus egyenesen elhelyezkedő nagy értékeinek meghatározása hozzásegíthet minket a prímszámok eloszlásának sokkal jobb megértéséhez. A doktori értekezés első részében egy olyan algoritmust készítettünk, amelynek segítségével gyorsan és hatékonyan tudjuk a Riemann-Siegel-Z függvényben szereplő többváltozós függvényt közelíteni nagyon sok n egészre. Módszerünk többdimenziós szimultán Diofantikus egyenletek approximációján alapul, melynek megoldására hatékony algoritmust mutattunk be (MAFRA algoritmus). Ezt az algoritmust felhasználva kidolgoztunk egy új algoritmust (RS-PEAK), amelynek segítségével gyorsan és hatékonyan lehet meghatározni a Riemann-féle zeta függvény kritikus egyenesen elhelyezkedő kiugró értékeit. Az RS-PEAK algoritmus segítségével az MTA SZTAKI Desktop GRID hálózatát felhasználva sikerült nagyon nagy Z(t) értékeket publikálni, köztük a ma ismert legnagyobbat is, ahol t=310678833629083965667540576593682.05-ra a Z(t) =16874.202 értéket kapjuk. A disszertáció írásának időpontjában ez a legnagyobb publikált Z(t) érték. A doktori értekezésben több a Z(t) értékhez kapcsolódó számítási rekordot publikáltunk