Anyon trajectories and the systematics of the three-anyon spectrum

We develop the concept of trajectories in anyon spectra, i.e., the continuous dependence of energy levels on the kinetic angular momentum. It provides a more economical and unified description, since each trajectory contains an infinite number of points corresponding to the same statistics. For a system of non-interacting anyons in a harmonic potential, each trajectory consists of two infinite straight line segments, in general connected by a nonlinear piece. We give the systematics of the three-anyon trajectories. The trajectories in general cross each other at the bosonic/fermionic points. We use the (semi-empirical) rule that all such crossings are true crossings, i.e.\ the order of the trajectories with respect to energy is opposite to the left and to the right of a crossing.Comment: 15 pages LaTeX + 1 attached uuencoded gzipped file with 7 figure

Interpolation and Approximation of Polynomials in Finite Fields over a Short Interval from Noisy Values

Motivated by a recently introduced HIMMO key distribution scheme, we consider a modification of the noisy polynomial interpolation problem of recovering an unknown polynomial $f(X) \in Z[X]$ from approximate values of the residues of $f(t)$ modulo a prime $p$ at polynomially many points $t$ taken from a short interval

spKEX: An optimized lattice-based key exchange

The advent of large-scale quantum computers has resulted in significant interest in quantum-safe cryptographic primitives. Lattice-based cryptography is one of the most attractive post-quantum cryptographic families due to its well-understood security, efficient operation and versatility. However, LWE-based schemes are still relatively bulky and slow. In this work, we present spKEX, a forward-secret, post-quantum, unauthenticated lattice-based key-exchange scheme that combines four techniques to optimize performance. spKEX relies on Learning with Rounding (LWR) to reduce bandwidth; it uses sparse and ternary secrets to speed up computations and reduce failure probability; it applies an improved key reconciliation scheme to reduce bandwidth and failure probability; and computes the public matrix A by means of a permutation to improve performance while allowing for a fresh A in each key exchange. For a quantum security level of 128 bits, our scheme requires 30% lesser bandwidth than the LWE-based key-exchange proposal Frodo [9] and allows for a fast implementation of the key exchange

Results on polynomial interpolation with mixed modular operations and unknown moduli

Motivated by a recently introduced HIMMO key predistribution scheme, we investigate the limits of various attacks on the polynomial interpolation problem with mixedmodular operations and hidden moduli. We firstly review the classical attack and consider itin a quantum-setting. Then, we introduce new techniques for finding out the secret moduli and consider quantum speed-ups

HIMMO - A lightweight collusion-resistant key predistribution scheme

In this paper we introduce HIMMO as a truly practical and lightweight collusion-resistant key predistribution scheme. The scheme is reminiscent ofBlundo et al\u27s elegant key predistribution scheme, in which the master key is a symmetric bivariate polynomial over a finite field, and a unique common key is defined for every pair of nodes as the evaluation of the polynomial at the finite field elements associated with the nodes. Unlike Blundo et al\u27s scheme, however, which completely breaks down once the number of colluding nodes exceeds the degree of the polynomial, the new scheme is designed to tolerateany number of colluding nodes. Key establishment in HIMMO amounts to the evaluation of a single low-degree univariate polynomial involving reasonably sized numbers, thus exhibiting excellent performance even for constrained devices such as 8-bit CPUs, as we demonstrate. On top of this, the scheme is very versatile, as it not only supports implicit authentication of the nodes like any key predistribution scheme, but also supports identity-based key predistribution in a natural and efficient way. The latter property derives from the fact that HIMMO supports long node identifiers at a reasonable cost, allowing outputs of a collision-resistant hash function to be used as node identifiers. Moreover, HIMMO allows for a transparent way to split the master key between multiple parties. The new scheme is superior to any of the existing alternatives due to the intricate way it combines the use of multiple symmetric bivariate polynomials evaluated over ``different\u27\u27 finite rings. We have extensively analyzed the security of HIMMO against two attacks. For these attacks, we have identified the Hiding Information (HI) problem and the Mixing Modular Operations (MMO) problem as the underlying problems. These problems are closely related to some well-defined lattice problems, and therefore the best attacks on HIMMO are dependent on lattice-basis reduction. Based on these connections, we propose concrete values for all relevant parameters, for which we conjecture that the scheme is secure

Shorter Messages and Faster Post-Quantum Encryption with Round5 on Cortex M

Round5 is a Public Key Encryption and Key Encapsulation Mechanism (KEM) based on General Learning with Rounding (GLWR), a lattice problem. We argue that the ring variant of GLWR is better suited for embedded targets than the more common RLWE (Ring Learning With Errors) due to significantly shorter keys and messages. Round5 incorporates GLWR with error correction, building on design features from NIST Post-Quantum Standardization candidates Round2 and Hila5. The proposal avoids Number Theoretic Transforms (NTT), allowing more flexibility in parameter selection and making it simpler to implement. We discuss implementation techniques of Round5 ring variants and compare them to other NIST PQC candidates on lightweight Cortex M4 platform. We show that the current development version of Round5 offers not only the shortest key and ciphertext sizes among Lattice-based candidates, but also has leading performance and implementation size characteristics