225 research outputs found
New Complexity Results and Algorithms for the Minimum Tollbooth Problem
The inefficiency of the Wardrop equilibrium of nonatomic routing games can be
eliminated by placing tolls on the edges of a network so that the socially
optimal flow is induced as an equilibrium flow. A solution where the minimum
number of edges are tolled may be preferable over others due to its ease of
implementation in real networks. In this paper we consider the minimum
tollbooth (MINTB) problem, which seeks social optimum inducing tolls with
minimum support. We prove for single commodity networks with linear latencies
that the problem is NP-hard to approximate within a factor of through
a reduction from the minimum vertex cover problem. Insights from network design
motivate us to formulate a new variation of the problem where, in addition to
placing tolls, it is allowed to remove unused edges by the social optimum. We
prove that this new problem remains NP-hard even for single commodity networks
with linear latencies, using a reduction from the partition problem. On the
positive side, we give the first exact polynomial solution to the MINTB problem
in an important class of graphs---series-parallel graphs. Our algorithm solves
MINTB by first tabulating the candidate solutions for subgraphs of the
series-parallel network and then combining them optimally
Preimage Attacks on Reduced Troika with Divide-and-Conquer Methods
Troika is a recently proposed sponge-based hash function for IOTA\u27s ternary architecture and platform, which is developed by CYBERCRYPT. In this paper, we introduce the preimage attack on 2 and 3 rounds of Troika with a divide-and-conquer approach. Instead of directly matching a given hash value, we propose equivalent conditions to determine whether a message is the preimage before computing the complete hash value. As a result, for the two-round hash value that can be generated with one block, we can search the preimage only in a valid space and efficiently enumerate the messages which can satisfy most of the equivalent conditions with a guess-and-determine technique. For the three-round preimage attack, an MILP-based method is applied to separate the one-block message space into two parts in order to obtain the best advantage over brute force. Our experiments show that the time complexity of the preimage attack on 2 (out of 24) rounds of Troika can be improved to , which is times faster than the brute force. For the preimage attack on 3 (out of 24) rounds of Troika, we can obtain an advantage of over brute force. In addition, how to construct the second preimage for two-round Troika in seconds is presented as well. Our attacks do not threaten the security of Troika
Electromagnetic Excitations and Responses in Nuclei from First Principles
We discuss the role of clustering on monopole, dipole, and quadrupole
excitations in nuclei in the framework of the ab initio symmetry-adapted
no-core shell model (SA-NCSM). The SA-NCSM starts from nucleon-nucleon
potentials and, by exploring symmetries known to dominate the nuclear dynamics,
can reach nuclei up through the calcium region by accommodating ultra-large
model spaces critical to descriptions of clustering and collectivity. The
results are based on calculations of electromagnetic sum rules and discretized
responses using the Lanczos algorithm, that can be used to determine response
functions, and for 4He are benchmarked against exact solutions of the
hyperspherical harmonics method. In particular, we focus on He, Be, and O
isotopes, including giant resonances and monopole sum rules.Comment: 6 pages, 4 figures, Proceedings of the Fourth International Workshop
on State of the Art in Nuclear Cluster Physics, Galveston, TX, USA, May
13-18, 201
Electromagnetic Excitations and Responses in Nuclei from First Principles
We discuss the role of clustering on monopole, dipole, and quadrupole
excitations in nuclei in the framework of the ab initio symmetry-adapted
no-core shell model (SA-NCSM). The SA-NCSM starts from nucleon-nucleon
potentials and, by exploring symmetries known to dominate the nuclear dynamics,
can reach nuclei up through the calcium region by accommodating ultra-large
model spaces critical to descriptions of clustering and collectivity. The
results are based on calculations of electromagnetic sum rules and discretized
responses using the Lanczos algorithm, that can be used to determine response
functions, and for 4He are benchmarked against exact solutions of the
hyperspherical harmonics method. In particular, we focus on He, Be, and O
isotopes, including giant resonances and monopole sum rules.Comment: 6 pages, 4 figures, Proceedings of the Fourth International Workshop
on State of the Art in Nuclear Cluster Physics, Galveston, TX, USA, May
13-18, 201
Preimage Attacks on Round-reduced Keccak-224/256 via an Allocating Approach
We present new preimage attacks on standard Keccak-224 and Keccak-256 that are reduced to 3 and 4 rounds. An allocating approach is used in the attacks, and the whole complexity is allocated to two stages, such that fewer constraints are considered and the complexity is lowered in each stage. Specifically, we are trying to find a 2-block preimage, instead of a 1-block one, for a given hash value, and the first and second message blocks are found in two stages, respectively. Both the message blocks are constrained by a set of newly proposed conditions on the middle state, which are weaker than those brought by the initial values and the hash values. Thus, the complexities in the two stages are both lower than that of finding a 1-block preimage directly. Together with the basic allocating approach, an improved method is given to balance the complexities of two stages, and hence, obtains the optimal attacks. As a result, we present the best theoretical preimage attacks on Keccak-224 and Keccak-256 that are reduced to 3 and 4 rounds. Moreover, we practically found a (second) preimage for 3-round Keccak-224 with a complexity of 2^{39.39}
A Hypergraph Dictatorship Test with Perfect Completeness
A hypergraph dictatorship test is first introduced by Samorodnitsky and
Trevisan and serves as a key component in their unique games based \PCP
construction. Such a test has oracle access to a collection of functions and
determines whether all the functions are the same dictatorship, or all their
low degree influences are Their test makes queries and has
amortized query complexity but has an inherent loss of
perfect completeness. In this paper we give an adaptive hypergraph dictatorship
test that achieves both perfect completeness and amortized query complexity
.Comment: Some minor correction
An Experimentally Verified Attack on Full Grain-128 Using Dedicated Reconfigurable Hardware
In this paper we describe the first single-key attack which can recover the full key of the full version of Grain-128 for arbitrary keys by an algorithm which is significantly faster than exhaustive search (by a factor of about 238). It is based on a new version of a cube tester, which uses an improved choice of dynamic variables to eliminate the previously made assumption that ten particular key bits are zero. In addition, the new attack is much faster than the previous weak-key attack, and has a simpler key recovery process. Since it is extremely difficult to mathemat-ically analyze the expected behavior of such attacks, we implemented it on RIVYERA, which is a new massively parallel reconfigurable hardware, and tested its main components for dozens of random keys. These tests experimentally verified the correctness and expected complexity of the attack, by finding a very significant bias in our new cube tester for about 7.5 % of the keys we tested. This is the first time that the main compo-nents of a complex analytical attack are successfully realized against a full-size cipher with a special-purpose machine. Moreover, it is also the first attack that truly exploits the configurable nature of an FPGA-based cryptanalytical hardware
Cube Testers and Key Recovery Attacks On Reduced-Round MD6 and Trivium
CRYPTO 2008 saw the introduction of the hash function
MD6 and of cube attacks, a type of algebraic attack applicable to cryptographic
functions having a low-degree algebraic normal form over GF(2).
This paper applies cube attacks to reduced round MD6, finding the full
128-bit key of a 14-round MD6 with complexity 2^22 (which takes less
than a minute on a single PC). This is the best key recovery attack announced
so far for MD6. We then introduce a new class of attacks called
cube testers, based on efficient property-testing algorithms, and apply
them to MD6 and to the stream cipher Trivium. Unlike the standard
cube attacks, cube testers detect nonrandom behavior rather than performing
key extraction, but they can also attack cryptographic schemes
described by nonrandom polynomials of relatively high degree. Applied
to MD6, cube testers detect nonrandomness over 18 rounds in 2^17 complexity;
applied to a slightly modified version of the MD6 compression
function, they can distinguish 66 rounds from random in 2^24 complexity.
Cube testers give distinguishers on Trivium reduced to 790 rounds from
random with 2^30 complexity and detect nonrandomness over 885 rounds
in 2^27, improving on the original 767-round cube attack
Algebraic Theory of Promise Constraint Satisfaction Problems, First Steps
What makes a computational problem easy (e.g., in P, that is, solvable in
polynomial time) or hard (e.g., NP-hard)? This fundamental question now has a
satisfactory answer for a quite broad class of computational problems, so
called fixed-template constraint satisfaction problems (CSPs) -- it has turned
out that their complexity is captured by a certain specific form of symmetry.
This paper explains an extension of this theory to a much broader class of
computational problems, the promise CSPs, which includes relaxed versions of
CSPs such as the problem of finding a 137-coloring of a 3-colorable graph
- …