scholarly journals Analysis of AES, SKINNY, and Others with Constraint Programming

2017 ◽  
pp. 281-306 ◽  
Author(s):  
Siwei Sun ◽  
David Gerault ◽  
Pascal Lafourcade ◽  
Qianqian Yang ◽  
Yosuke Todo ◽  
...  
Keyword(s):  
Lower Bound ◽  
Constraint Programming ◽  
Open Problem ◽  
Simple Application ◽  
Programming Technique ◽  
Constraint Solver ◽  
Zero Correlation ◽  
Different Types ◽  
Symmetric Key ◽  
Impossible Differentials

Search for different types of distinguishers are common tasks in symmetrickey cryptanalysis. In this work, we employ the constraint programming (CP) technique to tackle such problems. First, we show that a simple application of the CP approach proposed by Gerault et al. leads to the solution of the open problem of determining the exact lower bound of the number of active S-boxes for 6-round AES-128 in the related-key model. Subsequently, we show that the same approach can be applied in searching for integral distinguishers, impossible differentials, zero-correlation linear approximations, in both the single-key and related-(twea)key model. We implement the method using the open source constraint solver Choco and apply it to the block ciphers PRESENT, SKINNY, and HIGHT (ARX construction). As a result, we find 16 related-tweakey impossible differentials for 12-round SKINNY-64-128 based on which we construct an 18-round attack on SKINNY-64-128 (one target version for the crypto competition https://sites.google.com/site/skinnycipher announced at ASK 2016). Moreover, we show that in some cases, when equipped with proper strategies (ordering heuristic, restart and dynamic branching strategy), the CP approach can be very efficient. Therefore, we suggest that the constraint programming technique should become a convenient tool at hand of the symmetric-key cryptanalysts.

A note on derived connections from semi-symmetric metric connections

2017 ◽  
Vol 67 (1) ◽  
pp. 221-226
Author(s):  
Adela Mihai
Keyword(s):  
Open Problem ◽  
Complex Structure ◽  
Kaehler Manifold ◽  
Different Types ◽  
Metric Connection

Abstract In this paper we construct examples of different types of connections starting from a semi-symmetric metric connection g, for example a connection which is a symmetric metric connection with respect to a conformally related metric, but symmetric non-metric with respect to the initial metric. We formulate an open problem: to find a parallel complex structure on a Kaehler manifold with respect to such a new connection.

scholarly journals Polynomial Mixing of the Edge-Flip Markov Chain for Unbiased Dyadic Tilings

2018 ◽  
Vol 28 (3) ◽  
pp. 365-387
Author(s):  
S. CANNON ◽  
D. A. LEVIN ◽  
A. STAUFFER
Keyword(s):  
Markov Chain ◽  
Relaxation Time ◽  
Lower Bound ◽  
Upper Bound ◽  
Open Problem ◽  
Mixing Time ◽  
Perpendicular Bisector ◽  
Unit Square

We give the first polynomial upper bound on the mixing time of the edge-flip Markov chain for unbiased dyadic tilings, resolving an open problem originally posed by Janson, Randall and Spencer in 2002 [14]. A dyadic tiling of size n is a tiling of the unit square by n non-overlapping dyadic rectangles, each of area 1/n, where a dyadic rectangle is any rectangle that can be written in the form [a2−s, (a + 1)2−s] × [b2−t, (b + 1)2−t] for a, b, s, t ∈ ℤ⩾ 0. The edge-flip Markov chain selects a random edge of the tiling and replaces it with its perpendicular bisector if doing so yields a valid dyadic tiling. Specifically, we show that the relaxation time of the edge-flip Markov chain for dyadic tilings is at most O(n4.09), which implies that the mixing time is at most O(n5.09). We complement this by showing that the relaxation time is at least Ω(n1.38), improving upon the previously best lower bound of Ω(n log n) coming from the diameter of the chain.

Quantumness, generalized spherical 2-design, and symmetric informationally complete POVM

2007 ◽  
Vol 7 (8) ◽  
pp. 730-737
Author(s):  
I.H. Kim
Keyword(s):  
Hilbert Space ◽  
Lower Bound ◽  
Equivalence Relation ◽  
Open Problem ◽  
Natural Generalization ◽  
Quantum States ◽  
Minimal Set ◽  
Dimensional Hilbert Space

Fuchs and Sasaki defined the quantumness of a set of quantum states in \cite{Quantumness}, which is related to the fidelity loss in transmission of the quantum states through a classical channel. In \cite{Fuchs}, Fuchs showed that in $d$-dimensional Hilbert space, minimum quantumness is $\frac{2}{d+1}$, and this can be achieved by all rays in the space. He left an open problem, asking whether fewer than $d^2$ states can achieve this bound. Recently, in a different context, Scott introduced a concept of generalized $t$-design in \cite{GenSphet}, which is a natural generalization of spherical $t$-design. In this paper, we show that the lower bound on the quantumness can be achieved if and only if the states form a generalized 2-design. As a corollary, we show that this bound can be only achieved if the number of states are larger or equal to $d^2$, answering the open problem. Furthermore, we also show that the minimal set of such ensemble is Symmetric Informationally Complete POVM(SIC-POVM). This leads to an equivalence relation between SIC-POVM and minimal set of ensemble achieving minimal quantumness.

An answer to a conjecture on the sum of element orders

2020 ◽  
pp. 2250067
Author(s):  
Morteza Baniasad Azad ◽  
Behrooz Khosravi ◽  
Morteza Jafarpour
Keyword(s):  
Finite Group ◽  
Lower Bound ◽  
Nilpotent Group ◽  
Prime Number ◽  
Lower Bounds ◽  
Finite Groups ◽  
Open Problem ◽  
Element Orders ◽  
Equality Condition ◽  
A Finite Group

Let [Formula: see text] be a finite group and [Formula: see text], where [Formula: see text] denotes the order of [Formula: see text]. The function [Formula: see text] was introduced by Tărnăuceanu. In [M. Tărnăuceanu, Detecting structural properties of finite groups by the sum of element orders, Israel J. Math. (2020), https://doi.org/10.1007/s11856-020-2033-9 ], some lower bounds for [Formula: see text] are determined such that if [Formula: see text] is greater than each of them, then [Formula: see text] is cyclic, abelian, nilpotent, supersolvable and solvable. Also, an open problem aroused about finite groups [Formula: see text] such that [Formula: see text] is equal to the amount of each lower bound. In this paper, we give an answer to the equality condition which is a partial answer to the open problem posed by Tărnăuceanu. Also, in [M. Baniasad Azad and B. Khosravi, A criterion for p-nilpotency and p-closedness by the sum of element orders, Commun. Algebra (2020), https://doi.org/10.1080/00927872.2020.1788571 ], it is shown that: If [Formula: see text], where [Formula: see text] is a prime number, then [Formula: see text] and [Formula: see text] is cyclic. As the next result, we show that if [Formula: see text] is not a [Formula: see text]-nilpotent group and [Formula: see text], then [Formula: see text].

scholarly journals Monadic constraint programming

2009 ◽  
Vol 19 (6) ◽  
pp. 663-697 ◽  
Author(s):  
TOM SCHRIJVERS ◽  
PETER STUCKEY ◽  
PHILIP WADLER
Keyword(s):  
Search Engine ◽  
Constraint Programming ◽  
Search Strategies ◽  
Search Tree ◽  
Programming System ◽  
Constraint Solver ◽  
Constraint Program ◽  
Essential Components ◽  
Definition Of

AbstractA constraint programming system combines two essential components: a constraint solver and a search engine. The constraint solver reasons about satisfiability of conjunctions of constraints, and the search engine controls the search for solutions by iteratively exploring a disjunctive search tree defined by the constraint program. In this paper we give a monadic definition of constraint programming in which the solver is defined as a monad threaded through the monadic search tree. We are then able to define search and search strategies as first-class objects that can themselves be built or extended by composable search transformers. Search transformers give a powerful and unifying approach to viewing search in constraint programming, and the resulting constraint programming system is first class and extremely flexible.

scholarly journals Complexity of Weak Bisimilarity and Regularity for BPA and BPP

2000 ◽  
Vol 7 (16) ◽  
Author(s):  
Jirí Srba
Keyword(s):  
Lower Bound ◽  
Open Problem ◽  
Process Algebra ◽  
Basic Process ◽  
Restricted Class ◽  
Parallel Processes ◽  
Weak Regularity ◽  
Np Hardness

It is an open problem whether weak bisimilarity is decidable<br />for Basic Process Algebra (BPA) and Basic Parallel Processes (BPP). A<br />PSPACE lower bound for BPA and NP lower bound for BPP have been<br />demonstrated by Stribrna. Mayr achieved recently a result, saying that<br />weak bisimilarity for BPP is Pi^P_2-hard. We improve this lower bound to<br />PSPACE, moreover for the restricted class of normed BPP.<br />Weak regularity (finiteness) of BPA and BPP is not known to be decidable<br />either. In the case of BPP there is a Pi^P_2-hardness result by Mayr,<br />which we improve to PSPACE. No lower bound has previously been established<br />for BPA. We demonstrate DP-hardness, which in particular<br />implies both NP and co-NP-hardness.<br />In each of the bisimulation/regularity problems we consider also the<br />classes of normed processes.

scholarly journals The Exact Security of PMAC with Two Powering-Up Masks

2019 ◽  
pp. 125-145 ◽  
Author(s):  
Yusuke Naito
Keyword(s):  
Lower Bound ◽  
Upper Bound ◽  
Open Problem ◽  
Random Function ◽  
Block Cipher ◽  
Random Permutation ◽  
Authentication Code ◽  
Open Problems ◽  
Main Research ◽  
Main Research Topic

PMAC is a rate-1, parallelizable, block-cipher-based message authentication code (MAC), proposed by Black and Rogaway (EUROCRYPT 2002). Improving the security bound is a main research topic for PMAC. In particular, showing a tight bound is the primary goal of the research, since Luykx et al.’s paper (EUROCRYPT 2016). Regarding the pseudo-random-function (PRF) security of PMAC, a collision of the hash function, or the difference between a random permutation and a random function offers the lower bound Ω(q2/2n) for q queries and the block cipher size n. Regarding the MAC security (unforgeability), a hash collision for MAC queries, or guessing a tag offers the lower bound Ω(q2m /2n + qv/2n) for qm MAC queries and qv verification queries (forgery attempts). The tight upper bound of the PRF-security O(q2/2n) of PMAC was given by Gaži et el. (ToSC 2017, Issue 1), but their proof requires a 4-wise independent masking scheme that uses 4 n-bit random values. Open problems from their work are: (1) find a masking scheme with three or less random values with which PMAC has the tight upper bound for PRF-security; (2) find a masking scheme with which PMAC has the tight upper bound for MAC-security.In this paper, we consider PMAC with two powering-up masks that uses two random values for the masking scheme. Using the structure of the powering-up masking scheme, we show that the PMAC has the tight upper bound O(q2/2n) for PRF-security, which answers the open problem (1), and the tight upper bound O(q2m /2n + qv/2n) for MAC-security, which answers the open problem (2). Note that these results deal with two-key PMACs, thus showing tight upper bounds of PMACs with single-key and/or with one powering-up mask are open problems.

scholarly journals Distribution-sensitive set multi-partitioning

2005 ◽  
Vol DMTCS Proceedings vol. AD,... (Proceedings) ◽  
Author(s):  
Amr Elmasry
Keyword(s):  
Lower Bound ◽  
Decision Tree ◽  
Decision Tree Model ◽  
Tree Model ◽  
Different Types ◽  
International Audience ◽  
Partitioning Problem

International audience Given a set $\mathcal{S}$ with real-valued members, associated with each member one of two possible types; a multi-partitioning of $\mathcal{S}$ is a sequence of the members of $\mathcal{S}$ such that if $x,y \in \mathcal{S}$ have different types and $x < y$, $x$ precedes $y$ in the multi-partitioning of $\mathcal{S}$. We give two distribution-sensitive algorithms for the set multi-partitioning problem and a matching lower bound in the algebraic decision-tree model. One of the two algorithms can be made stable and can be implemented in place. We also give an output-sensitive algorithm for the problem.

scholarly journals Technical note: CO<sub>2</sub> is not like CH<sub>4</sub> – limits of and corrections to the headspace method to analyse <i>p</i>CO<sub>2</sub> in water

2020 ◽  
Author(s):  
Matthias Koschorreck ◽  
Yves T. Prairie ◽  
Jihyeon Kim ◽  
Rafael Marcé
Keyword(s):  
Systematic Error ◽  
Headspace Analysis ◽  
Technical Note ◽  
Simple Application ◽  
Carbonate System ◽  
Experimental Conditions ◽  
Potential Error ◽  
Chemical Theory ◽  
Different Types ◽  
Chemical Equilibration

Abstract. Headspace analysis of CO2 frequently has been used to quantify the concentration of CO2 in freshwater. According to basic chemical theory, not considering chemical equilibration of the carbonate system in the sample vials will result in a systematic error. In this paper we provide a method to quantify the potential error resulting from simple application of Henry's law to headspace CO2 samples. By analysing the potential error for different types of water and experimental conditions we conclude that the error incurred by headspace analysis of CO2 is less than 5 % for samples with pH 

ESTIMATE OF THE HAUSDORFF MEASURE OF THE SIERPINSKI TRIANGLE

Fractals ◽  
2009 ◽  
Vol 17 (02) ◽  
pp. 137-148
Author(s):  
PÉTER MÓRA
Keyword(s):  
Lower Bound ◽  
Hausdorff Dimension ◽  
Hausdorff Measure ◽  
Upper Bound ◽  
Open Problem ◽  
Dimensional Hausdorff Measure ◽  
Sierpinski Triangle ◽  
The One

It is well-known that the Hausdorff dimension of the Sierpinski triangle Λ is s = log 3/ log 2. However, it is a long standing open problem to compute the s-dimensional Hausdorff measure of Λ denoted by [Formula: see text]. In the literature the best existing estimate is [Formula: see text] In this paper we improve significantly the lower bound. We also give an upper bound which is weaker than the one above but everybody can check it easily. Namely, we prove that [Formula: see text] holds.

Sign in / Sign up

Export Citation Format

Share Document