Probabilistic properties of modular addition. Victoria Vysotskaya

Relaterede dokumenter
Basic statistics for experimental medical researchers

Sign variation, the Grassmannian, and total positivity

Exercise 6.14 Linearly independent vectors are also affinely independent.

Besvarelser til Lineær Algebra Reeksamen Februar 2017

Linear Programming ١ C H A P T E R 2

SKRIFTLIG EKSAMEN I NUMERISK DYNAMIK Bygge- og Anlægskonstruktion, 7. semester Torsdag den 19. juni 2003 kl Alle hjælpemidler er tilladt

Multivariate Extremes and Dependence in Elliptical Distributions

On the complexity of drawing trees nicely: corrigendum

Skriftlig Eksamen Diskret matematik med anvendelser (DM72)

Vina Nguyen HSSP July 13, 2008

Curve Modeling B-Spline Curves. Dr. S.M. Malaek. Assistant: M. Younesi

Generalized Probit Model in Design of Dose Finding Experiments. Yuehui Wu Valerii V. Fedorov RSU, GlaxoSmithKline, US

DM549 Diskrete Metoder til Datalogi

Skriftlig Eksamen Kombinatorik, Sandsynlighed og Randomiserede Algoritmer (DM528)

University of Copenhagen Faculty of Science Written Exam April Algebra 3

PARALLELIZATION OF ATTILA SIMULATOR WITH OPENMP MIGUEL ÁNGEL MARTÍNEZ DEL AMOR MINIPROJECT OF TDT24 NTNU

Strings and Sets: set complement, union, intersection, etc. set concatenation AB, power of set A n, A, A +

User Manual for LTC IGNOU

University of Copenhagen Faculty of Science Written Exam - 3. April Algebra 3

Trolling Master Bornholm 2016 Nyhedsbrev nr. 3

applies equally to HRT and tibolone this should be made clear by replacing HRT with HRT or tibolone in the tibolone SmPC.

Statistik for MPH: 7

University of Copenhagen Faculty of Science Written Exam - 8. April Algebra 3

Computing the constant in Friedrichs inequality

Skriftlig Eksamen Beregnelighed (DM517)

Large Scale Sequencing By Hybridization. Tel Aviv University

CHAPTER 8: USING OBJECTS

Privat-, statslig- eller regional institution m.v. Andet Added Bekaempelsesudfoerende: string No Label: Bekæmpelsesudførende

Particle-based T-Spline Level Set Evolution for 3D Object Reconstruction with Range and Volume Constraints

Portal Registration. Check Junk Mail for activation . 1 Click the hyperlink to take you back to the portal to confirm your registration

Project Step 7. Behavioral modeling of a dual ported register set. 1/8/ L11 Project Step 5 Copyright Joanne DeGroat, ECE, OSU 1

Special VFR. - ved flyvning til mindre flyveplads uden tårnkontrol som ligger indenfor en kontrolzone

The X Factor. Målgruppe. Læringsmål. Introduktion til læreren klasse & ungdomsuddannelser Engelskundervisningen

Det er muligt at chekce følgende opg. i CodeJudge: og

The GAssist Pittsburgh Learning Classifier System. Dr. J. Bacardit, N. Krasnogor G53BIO - Bioinformatics

Skriftlig Eksamen Beregnelighed (DM517)

Statistik for MPH: oktober Attributable risk, bestemmelse af stikprøvestørrelse (Silva: , )

Noter til kursusgang 9, IMAT og IMATØ

28 April 2003 Retrospective: Semicore Visit

Adaptive Algorithms for Blind Separation of Dependent Sources. George V. Moustakides INRIA, Sigma 2

Trolling Master Bornholm 2014

Kurver og flader Aktivitet 15 Geodætiske kurver, Isometri, Mainardi-Codazzi, Teorema Egregium

Vores mange brugere på musskema.dk er rigtig gode til at komme med kvalificerede ønsker og behov.

Sampling real algebraic varieties for topological data analysis

A multimodel data assimilation framework for hydrology

CS 4390/5387 SOFTWARE V&V LECTURE 5 BLACK-BOX TESTING - 2

How Long Is an Hour? Family Note HOME LINK 8 2

Skriftlig Eksamen Automatteori og Beregnelighed (DM17)

Eric Nordenstam 1 Benjamin Young 2. FPSAC 12, Nagoya, Japan

DoodleBUGS (Hands-on)

Hvor er mine runde hjørner?

Engineering of Chemical Register Machines

UNISONIC TECHNOLOGIES CO.,

Trolling Master Bornholm 2012

South Baileygate Retail Park Pontefract

Fejlbeskeder i SMDB. Business Rules Fejlbesked Kommentar. Validate Business Rules. Request- ValidateRequestRegist ration (Rules :1)

Brug sømbrættet til at lave sjove figurer. Lav fx: Få de andre til at gætte, hvad du har lavet. Use the nail board to make funny shapes.

Richter 2013 Presentation Mentor: Professor Evans Philosophy Department Taylor Henderson May 31, 2013

Black Jack --- Review. Spring 2012

ArbejsskadeAnmeldelse

Løsning af skyline-problemet

DM549. Hvilke udsagn er sande? Which propositions are true? Svar 1.a: x Z: x > x 1. Svar 2.h: x Z: y Z: x + y = 5. Svar 1.e: x Z: y Z: x + y < x y

MM537 Introduktion til Matematiske Metoder

Aktivering af Survey funktionalitet

Trolling Master Bornholm 2014

Trolling Master Bornholm 2016 Nyhedsbrev nr. 5

ECE 551: Digital System * Design & Synthesis Lecture Set 5

RoE timestamp and presentation time in past

Design til digitale kommunikationsplatforme-f2013

Den nye Eurocode EC Geotenikerdagen Morten S. Rasmussen

Bilag. Resume. Side 1 af 12

Trolling Master Bornholm 2016 Nyhedsbrev nr. 8

WIO200A INSTALLATIONS MANUAL Rev Dato:

Trolling Master Bornholm 2014

IBM Network Station Manager. esuite 1.5 / NSM Integration. IBM Network Computer Division. tdc - 02/08/99 lotusnsm.prz Page 1

How Al-Anon Works - for Families & Friends of Alcoholics. Pris: kr. 130,00 Ikke på lager i øjeblikket Vare nr. 74 Produktkode: B-22.

Business Rules Fejlbesked Kommentar

APPENDIX E.3 SHADOW FLICKER CALCULATUIONS. 70 m TOWERS & 56 m BLADES

Titel: Hungry - Fedtbjerget

Fejlbeskeder i Stofmisbrugsdatabasen (SMDB)

OXFORD. Botley Road. Key Details: Oxford has an extensive primary catchment of 494,000 people

Differential Evolution (DE) "Biologically-inspired computing", T. Krink, EVALife Group, Univ. of Aarhus, Denmark

DM547 Diskret Matematik

Central Statistical Agency.

Engelsk. Niveau D. De Merkantile Erhvervsuddannelser September Casebaseret eksamen. og

Indhold 1. INDLEDNING...4

Unitel EDI MT940 June Based on: SWIFT Standards - Category 9 MT940 Customer Statement Message (January 2004)

Frequency Dispersion: Dielectrics, Conductors, and Plasmas

Trolling Master Bornholm 2016 Nyhedsbrev nr. 7

Angle Ini/al side Terminal side Vertex Standard posi/on Posi/ve angles Nega/ve angles. Quadrantal angle

Heuristics for Improving

ATEX direktivet. Vedligeholdelse af ATEX certifikater mv. Steen Christensen

DET KONGELIGE BIBLIOTEK NATIONALBIBLIOTEK OG KØBENHAVNS UNIVERSITETS- BIBLIOTEK. Index

Sikkerhed & Revision 2013

Help / Hjælp

19.3. Second Order ODEs. Introduction. Prerequisites. Learning Outcomes

Titel: Barry s Bespoke Bakery

Observation Processes:

Userguide. NN Markedsdata. for. Microsoft Dynamics CRM v. 1.0

Status på det trådløse netværk

Transkript:

Probabilistic properties of modular addition Victoria Vysotskaya JSC InfoTeCS, NPK Kryptonite CTCrypt 19 / June 4, 2019 vysotskaya.victory@gmail.com Victoria Vysotskaya (Infotecs, Kryptonite) Probabilistic properties of modular addition CTCrypt 19 1 / 23

Definitions Definition The table P n of shape 2 n 2 n indexed by x and f with elements pp n q x, f P n p x, f q, where and P n p x, f q 1 tpx, yq P Z 2 2 2n 2 n : f f px ` x, yq ` f px, yqu f px, yq x `n y is called Differential Distribution Table (DDT). Victoria Vysotskaya (Infotecs, Kryptonite) Probabilistic properties of modular addition CTCrypt 19 2 / 23

DDT has the following form P n = f x 0... j... 2 n 1 0......... i...... P n pi, jq. 2 n 1 P n pi, jq 1 2 2n! px, yq : j px ` iq `n y ` px `n yq). Victoria Vysotskaya (Infotecs, Kryptonite) Probabilistic properties of modular addition CTCrypt 19 3 / 23

Previous results [1] Lemma Let matrix P n have the form A P n C B D. Then matrix P n 1 has the form P n 1 1 2 2A B 0 B C D C D 0 B 2A B C D C D. [1] Vysotskaya V., Some properties of modular addition (Extended abstract), Cryptology eprint Archive https://eprint.iacr.org/2018/1103, 2018. Victoria Vysotskaya (Infotecs, Kryptonite) Probabilistic properties of modular addition CTCrypt 19 4 / 23

Problem statement Question How for a given x can we determine the minimum cardinality K c p xq of the set of numbers f 1,..., f Kcp xq such that K cp xq i1 P n p x, f i q c, 0 c 1? Note Attacker searches for a row with a small value K c. Victoria Vysotskaya (Infotecs, Kryptonite) Probabilistic properties of modular addition CTCrypt 19 5 / 23

Definition The entropy in i-th row of matrix P n is defined as Hypothesis Idea 2 n 1 Hn i P n pi, jq log 2 P n pi, jq, i 0,..., 2 n 1. j0 K 1 piq 2 Hi n for all P n rows indices i P t0,..., 2 n 1u. 2 Let s consider value 2 Hi n instead of K 1 2 piq. Victoria Vysotskaya (Infotecs, Kryptonite) Probabilistic properties of modular addition CTCrypt 19 6 / 23

Lemma H i n 1 #Hi mod 2n n 1, if i P r2 n 1, 2 n 1s Y r3 2 n 1, 2 n 1 1s, Hi mod 2n n βi mod 2n n, if i P r0, 2 n 1 1s Y r2 n, 3 2 n 1 1s, where 1 1 β n 0, lomon 2 n 1, 2 n 2, 1 looooomooooon 2 n 2,..., 1 8,..., 1, 1 looomooon 8 4,..., 1, 1 looomooon 4 2,..., 1. looomooon 2 1 2 2 n 4 2 n 3 2 n 2 Victoria Vysotskaya (Infotecs, Kryptonite) Probabilistic properties of modular addition CTCrypt 19 7 / 23

Theorem EH n 2 n Op1q as n Ñ 8. 3 Corollary E2 qhn Ω 2 2 nq 3. Victoria Vysotskaya (Infotecs, Kryptonite) Probabilistic properties of modular addition CTCrypt 19 8 / 23

Theorem There exist two sequences of recurrence relations qf k pnq k 1 l1 qα k,l q Fk pn lq and p Fk pnq k 1 l1 pα k,l p Fk pn lq and two sequences of positive numbers qc k, pc k such that: qf k pnq À E2 qhn À p Fk pnq as n Ñ 8 and log Fk q pnq log Fk q pnq lim Ñ 0 as k Ñ 8. nñ8 n Victoria Vysotskaya (Infotecs, Kryptonite) Probabilistic properties of modular addition CTCrypt 19 9 / 23

Lemma Characteristic polynomials Hk q pλq and Hk p pλq of these recurrences: 1 have no root in the annulus 1 λ 2, if q 1; 2 have no root λ such that λ 2 q 1 1, if q 1, 3 have exactly one root λ such that λ 2 q 1 1, if q 1. Note Both functions Hk p pλq and Hk q pλq have a real root on the segment r2 q 1, 3 2 q s which can be found by halving the segment. In this case, for m steps the root can be found with an accuracy Op2 m q. Victoria Vysotskaya (Infotecs, Kryptonite) Probabilistic properties of modular addition CTCrypt 19 10 / 23

Lemma qf k pnq qγ k qy n k pf k pnq pγ k py n k qρ kpnq, pρ kpnq, where qy k, py k are maximum (by the absolute value) roots of polynomials qh k pλq and Hk p pλq respectively, and # Op1q, if q 1, qρ k pnq O 2 q 1 1 as n Ñ 8 n, otherwise pthe same holds for pρ k pnqq. Lemma lim ppy k qy k q 0. kñ8 Victoria Vysotskaya (Infotecs, Kryptonite) Probabilistic properties of modular addition CTCrypt 19 11 / 23

Example For 0 ε 10 4 qα 1 2 p0.7265 εqn À E2 Hn À pα 1 2 p0.7265 εqn, qα 2 2 p1.5361 εqn À D2 Hn À pα 2 2 p1.5361 εqn. Victoria Vysotskaya (Infotecs, Kryptonite) Probabilistic properties of modular addition CTCrypt 19 12 / 23

Example By Chebyshev s inequality P 2 H n E2 Hn u n? D2 Hn 1 Ñ 0 as n Ñ 8, u 1. u2n Thus with probability tending to one 2 Hn E2 Hn u n? D2 Hn or, for example, 2 Hn o 2 0.76807n as n Ñ 8. Victoria Vysotskaya (Infotecs, Kryptonite) Probabilistic properties of modular addition CTCrypt 19 13 / 23

Note Last year we proved [1] that matrix P n rows are divided into classes of equivalence. Entropy is one and the same for all members of a class. Lemma Compact pof size Opnqq representations of classes of equivalence may be generated in time proportional to their number. This is b e π 2n 3 2? 2π? n O 2 3,7007? n as n Ñ 8. Victoria Vysotskaya (Infotecs, Kryptonite) Probabilistic properties of modular addition CTCrypt 19 14 / 23

Theorem For each number i the row of DDT-matrix with this number belongs to the equivalence class of size where ρ i 2 C s 1 K C c 1 s 1 C c 2 s 1 c 1... C c r 1 s 1 c 1 c r 2, 1 K is the number of 1 s in binary representation of i, 2 s is the number of groups of 0 s and 1 s in i, 3 c 1, c 2,... is the number of 0 s of size 1, 2,.... Victoria Vysotskaya (Infotecs, Kryptonite) Probabilistic properties of modular addition CTCrypt 19 15 / 23

Note Usually one needs Ωp2 3n q operations to calculate H n. For n 32 it is 2 96 p 6, 4 10 19 sec.q, for n 64 it is 2 192 p 4 10 48 sec.q. But using our approach for n 32 it takes 0,1 sec. and for n 64 it takes 62 sec. on a laptop. Victoria Vysotskaya (Infotecs, Kryptonite) Probabilistic properties of modular addition CTCrypt 19 16 / 23

Figure: Distribution of H 32 Victoria Vysotskaya (Infotecs, Kryptonite) Probabilistic properties of modular addition CTCrypt 19 17 / 23

Figure: Distribution of H 64 Victoria Vysotskaya (Infotecs, Kryptonite) Probabilistic properties of modular addition CTCrypt 19 18 / 23

Figure: Distribution of 2 H32 {K 1 2. Victoria Vysotskaya (Infotecs, Kryptonite) Probabilistic properties of modular addition CTCrypt 19 19 / 23

Figure: Distribution of 2 H64 {K 1 2. Victoria Vysotskaya (Infotecs, Kryptonite) Probabilistic properties of modular addition CTCrypt 19 20 / 23

Note For n 32 theoretical E2 Hn 9, 96 10 6, computed E2 Hn 5, 40 10 6. So real value is only 1,8 times smaller than calculated one. Note For n 32 and n 64 we showed that K 1 piq 2 Hi n 2 so our hypothesis is true for them. Besides, the relation is small. 2 Hi n{k 1 piq 2 Victoria Vysotskaya (Infotecs, Kryptonite) Probabilistic properties of modular addition CTCrypt 19 21 / 23

Conclusion In this work we 1 obtained an estimate (accurate up to an additive constant) of expected value of entropy H n in rows of DDT, 2 proved asymptotic inequalities describing the behavior of values E2 Hn and D2 Hn as long as other moments as n Ñ 8, 3 checked all results for n 32 and n 64. Victoria Vysotskaya (Infotecs, Kryptonite) Probabilistic properties of modular addition CTCrypt 19 22 / 23

Questions? Victoria Vysotskaya (Infotecs, Kryptonite) Probabilistic properties of modular addition CTCrypt 19 23 / 23

2024 © DocPlayer.dk Fortrolighedspolitik | Servicevilkår | Feedback