scholarly journals The Exact Security of PMAC with Two Powering-Up Masks

2019 ◽  
pp. 125-145 ◽  
Author(s):  
Yusuke Naito
Keyword(s):  
Lower Bound ◽  
Upper Bound ◽  
Open Problem ◽  
Random Function ◽  
Block Cipher ◽  
Random Permutation ◽  
Authentication Code ◽  
Open Problems ◽  
Main Research ◽  
Main Research Topic

PMAC is a rate-1, parallelizable, block-cipher-based message authentication code (MAC), proposed by Black and Rogaway (EUROCRYPT 2002). Improving the security bound is a main research topic for PMAC. In particular, showing a tight bound is the primary goal of the research, since Luykx et al.’s paper (EUROCRYPT 2016). Regarding the pseudo-random-function (PRF) security of PMAC, a collision of the hash function, or the difference between a random permutation and a random function offers the lower bound Ω(q2/2n) for q queries and the block cipher size n. Regarding the MAC security (unforgeability), a hash collision for MAC queries, or guessing a tag offers the lower bound Ω(q2m /2n + qv/2n) for qm MAC queries and qv verification queries (forgery attempts). The tight upper bound of the PRF-security O(q2/2n) of PMAC was given by Gaži et el. (ToSC 2017, Issue 1), but their proof requires a 4-wise independent masking scheme that uses 4 n-bit random values. Open problems from their work are: (1) find a masking scheme with three or less random values with which PMAC has the tight upper bound for PRF-security; (2) find a masking scheme with which PMAC has the tight upper bound for MAC-security.In this paper, we consider PMAC with two powering-up masks that uses two random values for the masking scheme. Using the structure of the powering-up masking scheme, we show that the PMAC has the tight upper bound O(q2/2n) for PRF-security, which answers the open problem (1), and the tight upper bound O(q2m /2n + qv/2n) for MAC-security, which answers the open problem (2). Note that these results deal with two-key PMACs, thus showing tight upper bounds of PMACs with single-key and/or with one powering-up mask are open problems.

scholarly journals Polynomial Mixing of the Edge-Flip Markov Chain for Unbiased Dyadic Tilings

2018 ◽  
Vol 28 (3) ◽  
pp. 365-387
Author(s):  
S. CANNON ◽  
D. A. LEVIN ◽  
A. STAUFFER
Keyword(s):  
Markov Chain ◽  
Relaxation Time ◽  
Lower Bound ◽  
Upper Bound ◽  
Open Problem ◽  
Mixing Time ◽  
Perpendicular Bisector ◽  
Unit Square

We give the first polynomial upper bound on the mixing time of the edge-flip Markov chain for unbiased dyadic tilings, resolving an open problem originally posed by Janson, Randall and Spencer in 2002 [14]. A dyadic tiling of size n is a tiling of the unit square by n non-overlapping dyadic rectangles, each of area 1/n, where a dyadic rectangle is any rectangle that can be written in the form [a2−s, (a + 1)2−s] × [b2−t, (b + 1)2−t] for a, b, s, t ∈ ℤ⩾ 0. The edge-flip Markov chain selects a random edge of the tiling and replaces it with its perpendicular bisector if doing so yields a valid dyadic tiling. Specifically, we show that the relaxation time of the edge-flip Markov chain for dyadic tilings is at most O(n4.09), which implies that the mixing time is at most O(n5.09). We complement this by showing that the relaxation time is at least Ω(n1.38), improving upon the previously best lower bound of Ω(n log n) coming from the diameter of the chain.

ESTIMATE OF THE HAUSDORFF MEASURE OF THE SIERPINSKI TRIANGLE

Fractals ◽  
2009 ◽  
Vol 17 (02) ◽  
pp. 137-148
Author(s):  
PÉTER MÓRA
Keyword(s):  
Lower Bound ◽  
Hausdorff Dimension ◽  
Hausdorff Measure ◽  
Upper Bound ◽  
Open Problem ◽  
Dimensional Hausdorff Measure ◽  
Sierpinski Triangle ◽  
The One

It is well-known that the Hausdorff dimension of the Sierpinski triangle Λ is s = log 3/ log 2. However, it is a long standing open problem to compute the s-dimensional Hausdorff measure of Λ denoted by [Formula: see text]. In the literature the best existing estimate is [Formula: see text] In this paper we improve significantly the lower bound. We also give an upper bound which is weaker than the one above but everybody can check it easily. Namely, we prove that [Formula: see text] holds.

The complexity of concatenation on deterministic and alternating finite automata

2018 ◽  
Vol 52 (2-3-4) ◽  
pp. 153-168
Author(s):  
Michal Hospodár ◽  
Galina Jirásková
Keyword(s):  
Lower Bound ◽  
Upper Bound ◽  
Open Problem ◽  
Finite Automata ◽  
The State ◽  
Regular Languages ◽  
Final States ◽  
State Complexity ◽  
Deterministic Automata

We study the state complexity of the concatenation operation on regular languages represented by deterministic and alternating finite automata. For deterministic automata, we show that the upper bound m2n − k2n−1 on the state complexity of concatenation can be met by ternary languages, the first of which is accepted by an m-state DFA with k final states, and the second one by an n-state DFA with ℓ final states for arbitrary integers m, n, k, ℓ with 1 ≤ k ≤ m − 1 and 1 ≤ ℓ ≤ n − 1. In the case of k ≤ m − 2, we are able to provide appropriate binary witnesses. In the case of k = m − 1 and ℓ ≥ 2, we provide a lower bound which is smaller than the upper bound just by one. We use our binary witnesses for concatenation on deterministic automata to describe binary languages meeting the upper bound 2m + n + 1 for the concatenation on alternating finite automata. This solves an open problem stated by Fellah et al. [Int. J. Comput. Math. 35 (1990) 117–132].

scholarly journals The Exact Security of PMAC

2017 ◽  
pp. 145-161
Author(s):  
Peter Gaži ◽  
Krzysztof Pietrzak ◽  
Michal Rybár
Keyword(s):  
Random Function ◽  
Block Cipher ◽  
Gray Code ◽  
Random Permutation ◽  
Simple Extension ◽  
Original Distribution ◽  
Mode Of Operation ◽  
Independent Distribution ◽  
Exact Security ◽  
Provably Secure

PMAC is a simple and parallel block-cipher mode of operation, which was introduced by Black and Rogaway at Eurocrypt 2002. If instantiated with a (pseudo)random permutation over n-bit strings, PMAC constitutes a provably secure variable input-length (pseudo)random function. For adversaries making q queries, each of length at most l (in n-bit blocks), and of total length σ ≤ ql, the original paper proves an upper bound on the distinguishing advantage of Ο(σ2/2n), while the currently best bound is Ο (qσ/2n).In this work we show that this bound is tight by giving an attack with advantage Ω (q2l/2n). In the PMAC construction one initially XORs a mask to every message block, where the mask for the ith block is computed as τi := γi·L, where L is a (secret) random value, and γi is the i-th codeword of the Gray code. Our attack applies more generally to any sequence of γi’s which contains a large coset of a subgroup of GF(2n). We then investigate if the security of PMAC can be further improved by using τi’s that are k-wise independent, for k > 1 (the original distribution is only 1-wise independent). We observe that the security of PMAC will not increase in general, even if the masks are chosen from a 2-wise independent distribution, and then prove that the security increases to O(q<2/2n), if the τi are 4-wise independent. Due to simple extension attacks, this is the best bound one can hope for, using any distribution on the masks. Whether 3-wise independence is already sufficient to get this level of security is left as an open problem.

Secure Cloud Quantum Computing with Verification Based on Quantum Interactive Proof

Impact ◽  
2019 ◽  
Vol 2019 (10) ◽  
pp. 30-32
Author(s):  
Tomoyuki Morimae
Keyword(s):  
Quantum Computing ◽  
Quantum Information ◽  
Theoretical Physics ◽  
View Point ◽  
Research Subjects ◽  
Interactive Proof ◽  
Open Problems ◽  
Main Research ◽  
Proof Systems ◽  
Information Group

In cloud quantum computing, a classical client delegate quantum computing to a remote quantum server. An important property of cloud quantum computing is the verifiability: the client can check the integrity of the server. Whether such a classical verification of quantum computing is possible or not is one of the most important open problems in quantum computing. We tackle this problem from the view point of quantum interactive proof systems. Dr Tomoyuki Morimae is part of the Quantum Information Group at the Yukawa Institute for Theoretical Physics at Kyoto University, Japan. He leads a team which is concerned with two main research subjects: quantum supremacy and the verification of quantum computing.

SIGACT News Online Algorithms Column 37

2021 ◽  
Vol 52 (2) ◽  
pp. 71-71
Author(s):  
Rob van Stee
Keyword(s):  
Lower Bound ◽  
Online Algorithms ◽  
Packet Scheduling ◽  
Open Problems ◽  
Competitive Algorithm ◽  
Long Time ◽  
News Online

For this issue, Pavel Vesely has contributed a wonderful overview of the ideas that were used in his SODA paper on packet scheduling with Marek Chrobak, Lukasz Jez and Jiri Sgall. This is a problem for which a 2-competitive algorithm as well as a lower bound of ϕ ≈ 1:618 was known already twenty years ago, but which resisted resolution for a long time. It is great that this problem has nally been resolved and that Pavel was willing to explain more of the ideas behind it for this column. He also provides an overview of open problems in this area.

scholarly journals Multiple closed orbits for N-body-type problems

1998 ◽  
Vol 58 (1) ◽  
pp. 1-13 ◽  
Author(s):  
Shiqing Zhang
Keyword(s):  
Lower Bound ◽  
Periodic Solutions ◽  
Upper Bound ◽  
Critical Value ◽  
Body Type ◽  
Fixed Energy ◽  
Closed Orbits

Using the equivariant Ljusternik-Schnirelmann theory and the estimate of the upper bound of the critical value and lower bound for the collision solutions, we obtain some new results in the large concerning multiple geometrically distinct periodic solutions of fixed energy for a class of planar N-body type problems.

Limit Cycle Bifurcations for Piecewise Smooth Hamiltonian Systems with a Generalized Eye-Figure Loop

2016 ◽  
Vol 26 (12) ◽  
pp. 1650204 ◽  
Author(s):  
Jihua Yang ◽  
Liqin Zhao
Keyword(s):  
Lower Bound ◽  
Limit Cycle ◽  
Hamiltonian Systems ◽  
Limit Cycles ◽  
Upper Bound ◽  
Melnikov Function ◽  
Piecewise Smooth ◽  
First Order ◽  
Period Annulus

This paper deals with the limit cycle bifurcations for piecewise smooth Hamiltonian systems. By using the first order Melnikov function of piecewise near-Hamiltonian systems given in [Liu & Han, 2010], we give a lower bound and an upper bound of the number of limit cycles that bifurcate from the period annulus between the center and the generalized eye-figure loop up to the first order of Melnikov function.

Isolated minima of the product of n linear forms

1953 ◽  
Vol 49 (1) ◽  
pp. 59-62 ◽  
Author(s):  
E. S. Barnes
Keyword(s):  
Lower Bound ◽  
Upper Bound ◽  
Linear Forms ◽  
Image Position

Letbe n linear forms with real coefficients and determinant Δ = ∥ aij∥ ≠ 0; and denote by M(X) the lower bound of | X1X2 … Xn| over all integer sets (u) ≠ (0). It is well known that γn, the upper bound of M(X)/|Δ| over all sets of forms Xi, is finite, and the value of γn has been determined when n = 2 and n = 3.

scholarly journals The Algebraic Degree of Phase-Type Distributions

2010 ◽  
Vol 47 (03) ◽  
pp. 611-629
Author(s):  
Mark Fackrell ◽  
Qi-Ming He ◽  
Peter Taylor ◽  
Hanqin Zhang
Keyword(s):  
Lower Bound ◽  
Upper Bound ◽  
Polynomial Algorithm ◽  
Algebraic Degree ◽  
Nonnegative Matrices ◽  
Stieltjes Transform ◽  
Special Cases ◽  
Phase Type ◽  
Phase Type Distributions ◽  
The Matrix

This paper is concerned with properties of the algebraic degree of the Laplace-Stieltjes transform of phase-type (PH) distributions. The main problem of interest is: given a PH generator, how do we find the maximum and the minimum algebraic degrees of all irreducible PH representations with that PH generator? Based on the matrix exponential (ME) order of ME distributions and the spectral polynomial algorithm, a method for computing the algebraic degree of a PH distribution is developed. The maximum algebraic degree is identified explicitly. Using Perron-Frobenius theory of nonnegative matrices, a lower bound and an upper bound on the minimum algebraic degree are found, subject to some conditions. Explicit results are obtained for special cases.

Sign in / Sign up

Export Citation Format

Share Document