Computational analogues of entropy

Abstract. Min-entropy is a statistical measure of the amount of randomness that a particular distribution contains. In this paper we investigate the notion of computational min-entropy which is the computational analog of statistical min-entropy. We consider three possible definitions for this notion, and show equivalence and separation results for these definitions in various computational models. We also study whether or not certain properties of statistical min-entropy have a computational analog. In particular, we consider the following questions: 1. Let X be a distribution with high computational min-entropy. Does one get a pseudo-random distribution when applying a “randomness extractor ” on X? 2. Let X and Y be (possibly dependent) random variables. Is the computational min-entropy of (X, Y) at least as large as the computational min-entropy of X? 3. Let X be a distribution over {0, 1} n that is “weakly unpredictable” in the sense that it is hard to predict a constant fraction of the coordinates of X with a constant bias. Does X have computational min-entropy Ω(n)? We show that the answers to these questions depend on the computational model considered. In some natural models the answer is false and in others the answer is true. Our positive results for the third question exhibit models in which the “hybrid argument bottleneck ” in “moving from a distinguisher to a predictor ” can be avoided.

Guard Games on Graphs: Keep the Intruder Out!

A team of mobile agents, called guards, tries to keep an intruder out of an assigned area by blocking all possible attacks. In a graph model for this setting, the guards and the intruder are located on the vertices of a graph, and they move from node to node via connecting edges. The area protected by the guards is an induced subgraph of the given graph. We investigate the algorithmic aspects the guarding problem, which is to find the minimum number of guards sufficient to patrol the area. We show that the guarding problem is PSPACE-hard and provide a set of approximation algorithms. All approximation algorithms are based on the study of a variant of the game where the intruder must reach the guarded area in a single step in order to win. This variant of the game appears to be a 2-approximation for the guarding problem, and for graphs without cycles of length 5 the minimum number of required guards in both games coincides. We give a polynomial time algorithm for solving the one-step guarding problem in graphs of bounded treewidth, and complement this result by showing that the problem is W[1]-hard parameterized by the treewidth of the input graph. We also show that the problem is fixed parameter tractable (FPT) parameterized by the treewidth and maximum degree of the input graph. Finally, we turn our attention to a large class of sparse graphs, including plana

Domain Extension for Enhanced Target Collision-Resistant Hash Functions

Abstract. We answer the question of Reyhanitabar et al. from FSE’09 of constructing a domain extension scheme for enhanced target collisionresistant(eTCR)hashfunctionswithsublinearkeyexpansion.TheeTCR property, introduced by Halevi and Krawczyk [HK06], is a natural fit for hash-and-sign signature schemes, offering an attractive alternative to collision-resistant hash functions. We prove a new composition theorem for eTCR, and demonstrate that eTCR compression functions exist if and only if one-way functions do.

Verified Indifferentiable Hashing into Elliptic Curves

Abstract. Many cryptographic systems based on elliptic curves are proven secure in the Random Oracle Model, assuming there exist probabilistic functions that map elements in some domain (e.g. bitstrings) onto uniformly and independently distributed points in a curve. When implementing such systems, and in order for the proof to carry over to the implementation, those mappings must be instantiated with concrete constructions whose behavior does not deviate significantly from random oracles. In contrast to other approaches to public-key cryptography, where candidates to instantiate random oracles have been known for some time, the first generic construction for hashing into ordinary elliptic curves indifferentiable from a random oracle was put forward only recently by Brier et al. We present a machine-checked proof of this construction. The proof is based on an extension of the CertiCrypt framework with logics and mechanized tools for reasoning about approximate forms of observational equivalence, and integrates mathematical libraries of group theory and elliptic curves.

Diagnóstico da raiva canina: I. comparação entre amostras de saliva e de encéfalo Diagnosis of canine rabies: I. comparison of saliva and encephalon samples

Foram examinadas mediante as técnicas de inoculação em camundongos e de imunofluorescência, 30 amostras de saliva e 30 amostras de encéfalo, colhidas de 30 cães raivosos. Todas as amostras, tanto de saliva como de encéfalo, apresentaram resultados positivos frente às duas técnicas usadas, demonstrando uma perfeita correlação entre os métodos e os espécimens utilizados. Foi ressaltada a importância da saliva para o estabelecimento de um diagnóstico mais precoce da raiva.<br>Thirty saliva samples and 30 encephalon samples, collected from an equal number of rabid dogs, were examined by both the mouse inoculation and immunoflluorescent techniques. The results for each sample were positive with both techniques, showing perfect correlation in the methods and specimens used. The importance of saliva for early diagnosis was stressed

Practical Cryptanalysis of the Identification Scheme Based on the Isomorphism of Polynomial with One Secret Problem

Abstract. This paper presents a practical cryptanalysis of the Identification Scheme proposed by Patarin at Crypto 1996. This scheme relies on the hardness of the Isomorphism of Polynomial with One Secret (IP1S), and enjoys shorter key than many other schemes based on the hardness of a combinatorial problem (as opposed to numbertheoretic problems). Patarin proposed concrete parameters that have not been broken faster than exhaustive search so far. On the theoretical side, IP1S has been shown to be harder than Graph Isomorphism, which makes it an interesting target. We present two new deterministic algorithms to attack the IP1S problem, and we rigorously analyze their complexity and success probability. We show that they can solve a (big) constant fraction of all the instances of degree two in polynomial time. We verified that our algorithms are very efficient in practice. All the parameters with degree two proposed by Patarin are now broken in a few seconds. The parameters with degree three can be broken in less than a CPU-month. The identification scheme is thus quite badly broken.