Ruhr- Universität Bochum Fakultät für Mathematik Informationssicherheit und Kryptologie Solving Systems of Equations with Incompatible Operations CITS.

Slides:



Advertisements
Similar presentations
Which Hash Functions will survive?
Advertisements

Ruhr- Universität Bochum Fakultät für Mathematik Informationssicherheit und Kryptologie Cryptanalysis of Hash Functions of the MD4-Family CITS – Cryptology.
Lower Bounds for Local Search by Quantum Arguments Scott Aaronson.
Hybrid BDD and All-SAT Method for Model Checking Orna Grumberg Joint work with Assaf Schuster and Avi Yadgar Technion – Israel Institute of Technology.
Problems and Their Classes
18-Dec-14 Pruning. 2 Exponential growth How many leaves are there in a complete binary tree of depth N? This is easy to demonstrate: Count “going left”
Analysis of Algorithms CS 477/677
Representing Boolean Functions for Symbolic Model Checking Supratik Chakraborty IIT Bombay.
GRAPH BALANCING. Scheduling on Unrelated Machines J1 J2 J3 J4 J5 M1 M2 M3.
Michael Alves, Patrick Dugan, Robert Daniels, Carlos Vicuna
Chapter 6: Transform and Conquer
Algorithms Recurrences. Definition – a recurrence is an equation or inequality that describes a function in terms of its value on smaller inputs Example.
Computational Complexity 1. Time Complexity 2. Space Complexity.
Compression & Huffman Codes
DAST, Spring © L. Joskowicz 1 Data Structures – LECTURE 1 Introduction Motivation: algorithms and abstract data types Easy problems, hard problems.
Course Review COMP171 Spring Hashing / Slide 2 Elementary Data Structures * Linked lists n Types: singular, doubly, circular n Operations: insert,
Backtracking Reading Material: Chapter 13, Sections 1, 2, 4, and 5.
Hardness Results for Problems
1 Section 2.3 Complexity of Algorithms. 2 Computational Complexity Measure of algorithm efficiency in terms of: –Time: how long it takes computer to solve.
DAST, Spring © L. Joskowicz 1 Data Structures – LECTURE 1 Introduction Motivation: algorithms and abstract data types Easy problems, hard problems.
Algebra 1 Notes Lesson 7-2 Substitution. Mathematics Standards -Patterns, Functions and Algebra: Solve real- world problems that can be modeled using.
1.3 Solving Equations Using a Graphing Utility; Solving Linear and Quadratic Equations.
Tractable Symmetry Breaking Using Restricted Search Trees Colva M. Roney-Dougal, Ian P. Gent, Tom Kelsey, Steve Linton Presented by: Shant Karakashian.
Fixed Parameter Complexity Algorithms and Networks.
Identifying Reversible Functions From an ROBDD Adam MacDonald.
Binary Decision Diagrams (BDDs)
1 Chapter 1 Analysis Basics. 2 Chapter Outline What is analysis? What to count and consider Mathematical background Rates of growth Tournament method.
Theory of Computing Lecture 15 MAS 714 Hartmut Klauck.
Algorithms  Al-Khwarizmi, arab mathematician, 8 th century  Wrote a book: al-kitab… from which the word Algebra comes  Oldest algorithm: Euclidian algorithm.
Logic Circuits Chapter 2. Overview  Many important functions computed with straight-line programs No loops nor branches Conveniently described with circuits.
MINATO ZDD Project Efficient Enumeration of the Directed Binary Perfect Phylogenies from Incomplete Data Toshiki Saitoh (ERATO) Joint work with Masashi.
1Computer Sciences Department. Book: Introduction to Algorithms, by: Thomas H. Cormen Charles E. Leiserson Ronald L. Rivest Clifford Stein Electronic:
Daniel Kroening and Ofer Strichman 1 Decision Procedures An Algorithmic Point of View BDDs.
Learning Task/Big Idea: Students will learn how to find roots(x-intercepts) of a quadratic function and use the roots to graph the parabola.
Notes on Sequence Binary Decision Diagrams: Relationship to Acyclic Automata and Complexities of Binary Set Operations Shuhei Denzumi1, Ryo Yoshinaka2,
Daniel Kroening and Ofer Strichman 1 Decision Procedures An Algorithmic Point of View BDDs.
CSCE350 Algorithms and Data Structure Lecture 19 Jianjun Hu Department of Computer Science and Engineering University of South Carolina
Implicit Hitting Set Problems Richard M. Karp Erick Moreno Centeno DIMACS 20 th Anniversary.
Ruhr University Bochum Faculty of Mathematics Information-Security and Cryptology On the Security of HFE, HFEv- and Quartz Nicolas T. CourtoisMagnus DaumPatrick.
CES 592 Theory of Software Systems B. Ravikumar (Ravi) Office: 124 Darwin Hall.
BDDs1 Binary Tree Representation The recursive Shannon expansion corresponds to a binary tree Example: Each path from the root to a leaf corresponds to.
Ruhr University Bochum Faculty of Mathematics Information-Security and Cryptology An Algorithm for Checking Normality of Boolean Functions Magnus DaumHans.
CSCI 115 Course Review.
Lecture 2-3 Basic Number Theory and Algebra. In modern cryptographic systems, the messages are represented by numerical values prior to being encrypted.
TU/e Algorithms (2IL15) – Lecture 12 1 Linear Programming.
Ruhr University Bochum Faculty of Mathematics Information-Security and Cryptology Some new aspects concerning the Analysis of HFE type Cryptosystems Magnus.
Binary Decision Diagrams Prof. Shobha Vasudevan ECE, UIUC ECE 462.
TU/e Algorithms (2IL15) – Lecture 12 1 Linear Programming.
Secret Sharing Schemes: A Short Survey Secret Sharing 2.
3.5 Solving systems of equations in three variables Main Ideas Solve systems of linear equations in three variables. Solve real-world problems using systems.
CMPT 438 Algorithms.
P & NP.
Theoretical analysis of time efficiency
Tries 07/28/16 11:04 Text Compression
Integer Programming An integer linear program (ILP) is defined exactly as a linear program except that values of variables in a feasible solution have.
Hans Bodlaender, Marek Cygan and Stefan Kratsch
Complex integers? Here a and b are integers.
Circuit Lower Bounds A combinatorial approach to P vs NP
Solving Systems of Quadratic Equations
If a polynomial q(x) is divided by x – 4, the quotient is 2
Fast Computation of Symmetries in Boolean Functions Alan Mishchenko
Graphing systems of linear equations and inequalities
Md. Abul Kashem, Chowdhury Sharif Hasan, and Anupam Bhattacharjee
Chapter 6: Transform and Conquer
Computation Basics & NP-Completeness
Branch and Bound Searching Strategies
Pruning 24-Feb-19.
Ideas for testing Transformations of cds 4/27/2019 AOO/Demeter.
Complexity Theory: Foundations
Presentation transcript:

Ruhr- Universität Bochum Fakultät für Mathematik Informationssicherheit und Kryptologie Solving Systems of Equations with Incompatible Operations CITS – Cryptology and Information Security Fakultät für Mathematik Ruhr-Universität Bochum Magnus Daum

Ruhr- Universität Bochum Fakultät für Mathematik Informationssicherheit und Kryptologie Daum - Solving Systems of Equations with Incompatible Operations2 Overview Motivation Dobbertins Algorithm Solution Graphs Algorithms for Solution Graphs Conclusions

Ruhr- Universität Bochum Fakultät für Mathematik Informationssicherheit und Kryptologie Daum - Solving Systems of Equations with Incompatible Operations3 Systems of Equations Cryptanalysis often uses systems of equations, e.g. –linear equations –quadratic equations (e.g. algebraic attack) But many cryptosystems include different, mathematically incompatible kinds of operations: –integer operations modulo 2 n –bitwise defined functions –bitrotations / -shifts could be also represented by polynomial equations better to have tools for directly solving equations involving such different operations

Ruhr- Universität Bochum Fakultät für Mathematik Informationssicherheit und Kryptologie Daum - Solving Systems of Equations with Incompatible Operations4 Motivation/Application Dobbertins attacks on hash functions: –e.g. solve where f is a bitwise defined function –Idea: X k,…,0 solution for least significant k+1 bit ) X k-1,…,0 solution for least significant k bit –Solve from right to left T-functions (Klimov/Shamir): –f T-function, k-th output bit of f depends only on least significant k-1 input bits –solvable from right to left

Ruhr- Universität Bochum Fakultät für Mathematik Informationssicherheit und Kryptologie Daum - Solving Systems of Equations with Incompatible Operations5 Dobbertins Algorithm tree of solutions

Ruhr- Universität Bochum Fakultät für Mathematik Informationssicherheit und Kryptologie Daum - Solving Systems of Equations with Incompatible Operations6 Dobbertins Algorithm tree of solutions Often possible to stop early Faster than exhaustive search For each solution there exists a leaf in the tree Complexity directly related to the number of solutions Problem: We are mainly interested in equations with many solutions.

Ruhr- Universität Bochum Fakultät für Mathematik Informationssicherheit und Kryptologie Daum - Solving Systems of Equations with Incompatible Operations7 Improvement: Exploiting Redundancy Idea: Combine redundant subtrees Problem: Detect redundancy during the construction of the graph Only the carrybit is relevant for the solution for the third bit Labeling the vertices with the carrybits makes it possible to detect redundancies on the fly tree of solutions

Ruhr- Universität Bochum Fakultät für Mathematik Informationssicherheit und Kryptologie Daum - Solving Systems of Equations with Incompatible Operations8 Example Tree of solutions from Dobbertins algorithm

Ruhr- Universität Bochum Fakultät für Mathematik Informationssicherheit und Kryptologie Daum - Solving Systems of Equations with Incompatible Operations9 Example solution graph

Ruhr- Universität Bochum Fakultät für Mathematik Informationssicherheit und Kryptologie Daum - Solving Systems of Equations with Incompatible Operations10 solution graph Example Compact representation of the set of solutions Can be simplified even more

Ruhr- Universität Bochum Fakultät für Mathematik Informationssicherheit und Kryptologie Daum - Solving Systems of Equations with Incompatible Operations11 Solution Graphs One root and one sink Labelling of the edges describes solutions: Each path from the root to the sink represents a solution (and vice versa) Also possible to consider equations with more than one variable: –E.g. label edges with X i Y i Z i instead of only X i sink root

Ruhr- Universität Bochum Fakultät für Mathematik Informationssicherheit und Kryptologie Daum - Solving Systems of Equations with Incompatible Operations12 Size of Solution Graphs possible to minimize size: –delete dead-ends –merge equivalent vertices Size is hardly predictable in general worst-Case: exponential size here: upper bounds –because of labelling with carrybits –T-functions: narrowness gives upper bound on possible labels

Ruhr- Universität Bochum Fakultät für Mathematik Informationssicherheit und Kryptologie Daum - Solving Systems of Equations with Incompatible Operations13 T-functions: Narrowness general T-function: w-narrow T-function:

Ruhr- Universität Bochum Fakultät für Mathematik Informationssicherheit und Kryptologie Daum - Solving Systems of Equations with Incompatible Operations14 Algorithms for Solution Graphs Solution graphs are closely related to binary decision diagrams (BDDs) Further efficient algorithms from the theory of BDDs deriveable: –computing the number of solutions –choosing random solutions –combining solution graphs (e.g. intersecting two sets of solutions)

Ruhr- Universität Bochum Fakultät für Mathematik Informationssicherheit und Kryptologie Daum - Solving Systems of Equations with Incompatible Operations15 Computing the Number of Solutions Counting the number of ways to reach the sink from each of the vertices Complexity: linear in der size of the graph allows choosing solutions uniformly at random 2+3= = =2 4+5=9 solutions

Ruhr- Universität Bochum Fakultät für Mathematik Informationssicherheit und Kryptologie Daum - Solving Systems of Equations with Incompatible Operations16 Intersection Complexity: roughly quadratic in the sizes

Ruhr- Universität Bochum Fakultät für Mathematik Informationssicherheit und Kryptologie Daum - Solving Systems of Equations with Incompatible Operations17 Generalized Solution Graphs Use variables, which are not represented explicitly in the graph (allows representing 9 Y:...-like statements)

Ruhr- Universität Bochum Fakultät für Mathematik Informationssicherheit und Kryptologie Daum - Solving Systems of Equations with Incompatible Operations18 Generalized Solution Graphs Use variables, which are not represented explicitly in the graph (allows representing 9 Y:...-like statements) Allow similar, but more sophisticated algorithms right bit shifts and bit rotations can be integrated

Ruhr- Universität Bochum Fakultät für Mathematik Informationssicherheit und Kryptologie Daum - Solving Systems of Equations with Incompatible Operations19 Conclusion presented a new data structure, a solution graph closely related to BDDs allows efficient computation and representation of special systems of equations with incompatible operations especially for T-functions with small narrowness

Ruhr- Universität Bochum Fakultät für Mathematik Informationssicherheit und Kryptologie Daum - Solving Systems of Equations with Incompatible Operations20 Thank you! Questions???

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.