Improved Algebraic Cryptanalysis of QUAD, Bivium and Trivium via Graph Partitioning on Equation Systems
|
|
- Bartholomew Wilkinson
- 5 years ago
- Views:
Transcription
1 Improved Algebraic of QUAD, Bivium and Trivium via on Equation Systems Kenneth Koon-Ho Wong 1, Gregory V. Bard 2 1 Information Security Institute Queensland University of Technology, Brisbane, Australia 2 Mathematics Department Fordham University, The Bronx, NY, USA 5 July 2010, Algebraic, QUAD, Trivium
2 Acknowledgements Ed Dawson Information Security Institute Queensland University of Technology, Brisbane, Australia Gary Carter Information Security Institute Queensland University of Technology, Brisbane, Australia, Algebraic, QUAD, Trivium
3 Algebraic Attacks Our Contribution Equations Partitioning Partitioning Experiments QUAD Trivium, Algebraic, QUAD, Trivium
4 Algebraic Attacks Our Contribution Algebraic Attacks Algebraic attacks are a method of cryptanalysis primarily on symmetric ciphers Courtois and Meier (2003) The cipher is described as a system of equations relating its keys or internal states and its outputs Solving the system of equations means recovering the keys or internal states Very little keystream required compared to other attacks Solving the equations generated is the main bottleneck, Algebraic, QUAD, Trivium
5 Algebraic Attacks Our Contribution Algebraic Attacks Building Equations Multivariate polynomial equations Usually over GF(2) for stream ciphers Tradeoff between degree and number of variables via relabelling Example: {x 1 x 2 x 3 = 1} {x 4 = x 1 x 2, x 3 x 4 = 1} Solving Equations Time complexity is exponential in number of variables and maximum degree for general systems Linearisation, Gröbner basis, XL SAT, AIDA, Raddum-Samaev, Triangulation, Algebraic, QUAD, Trivium
6 Algebraic Attacks Our Contribution Our Contribution We develop a method of preprocessing systems of multivariate equations to reduce time spent in solving equation systems Introduce the concept of variable-sharing graphs Split equations and varaiables using these graphs into independent ones The resulting equations systems can be much easier to solve than the original Exponential reduction in time complexity with less variables Applications to algebraic cryptanalysis are presented Exploit weak parameters in QUAD under this technique Significantly improve partial key guess attacks for Trivium, Algebraic, QUAD, Trivium
7 Algebraic Attacks Our Contribution Variable-Sharing Graphs Converts an equation system in n variables to graph representation A vertex for each variable An edge between two vertices if both variables appear in an equation f 1 (x 0, x 1,..., x n 1 ) = 0 f 2 (x 0, x 1,..., x n 1 ) = 0. f m (x 0, x 1,..., x n 1 ) = 0 Graph represents links among variables in the equation system, Algebraic, QUAD, Trivium
8 Algebraic Attacks Our Contribution Variable-Sharing Graphs Example: x 1 x 3 + x 1 + x 5 = 1 x 2 x 4 + x 4 x 5 = 0 x 1 x 5 + x 3 x 5 = 1 x 2 x 5 + x 2 + x 4 = 0 x 2 + x 4 x 5 = 1 No equations involving the following pairs of variables v 1, v 2 v 1, v 4 v 2, v 3 v 3, v 4, Algebraic, QUAD, Trivium
9 Algebraic Attacks Our Contribution Variable-Sharing Graphs If the graph has disjoint subgraphs, the equation system can also be separated into individual ones which can be solved separately g 1 (y 0, y 1,..., y r 1 ) = 0 g m1 (y r, y r+1,..., y n 1 ) = 0. h 1 (y r, y r+1,..., y n 1 ) = 0 h m2 (y r, y r+1,..., y n 1 ) = 0., Algebraic, QUAD, Trivium
10 Algebraic Attacks Our Contribution Variable-Sharing Graphs Example: x 1 x 3 + x 1 = 0 x 2 x 4 + x 4 = 0 x 1 + x 3 = 1 x 2 + x 4 = 1 The variable-sharing graph can identify independent equation subsystems Some parallels to matrix row and column reordering on linear systems, Algebraic, QUAD, Trivium
11 Algebraic Attacks Our Contribution Partitioning Graphs and Separating Equations In reality, graphs from algebraic cryptanalysis do not usually have disjoint subgraphs All variables are often related to each other in a good cipher However, these equations are often sparse. Disjoint subgraphs could be obtained by removing a small number of vertices This is equivalent to guessing the values of the corresponding variables to eliminate them from the equation system Our aim is to find these sets of variables through graph theory techniques, Algebraic, QUAD, Trivium
12 Equations Partitioning Partitioning Experiments Graph Connectivity Let G = (V, E) be a graph with vertex set V and edge set E Definition A graph is connected if there is a path from a vertex to all other vertices. Otherwise, the graph is disconnected. Definition The vertex connectivity of κ of G is the minimum number of vertices that must be removed to disconnect G The complete graph K n with n vertices has vertex connectivity (n 1) A disconnected graph has zero vertex connectivity, Algebraic, QUAD, Trivium
13 Equations Partitioning Partitioning Experiments A graph can be made disconnected by removing certain vertices or edges This process is called vertex partitioning or edge partitioning Definition A vertex partition (V 1, C, V 2 ) of G is a partition of V into sets V 1, C, V 2 where V 1, V 2 are non-empty, and no edges exist between vertices in V 1 and vertices in V 2. The removal of C from V causes G to disconnect into subgraphs G 1, G 2 with vertex sets V 1, V 2 respectively The set C is called the vertex separator The size of C is at least κ(g), Algebraic, QUAD, Trivium
14 Equations Partitioning Partitioning Experiments Example: All non-trivial graphs can be partitioned by removing all connections to a single vertex This is not useful for solving equations A balanced vertex separator is needed where the resulting disjoint subgraphs have similar sizes, Algebraic, QUAD, Trivium
15 Equations Partitioning Partitioning Experiments Balanced Define the balance β of a vertex partition (V 1, C, V 2 ) of G as β = max( V 1, V 2 ) V 1 + V 2 = max( V 1, V 2 ) V C A balanced vertex partition is such that β 0.5, Algebraic, QUAD, Trivium
16 Equations Partitioning Partitioning Experiments Equation Systems Partitioning Definition Let F be the polynomial system {f 1 ( x) = 0, f 2 ( x) = 0,..., f m ( x) = 0} of m polynomial equations in the variables x 1, x 2,..., x n. The variable-sharing graph G = (V, E) of F is obtained by creating a vertex v i V for each variable x i, and creating an edge (v i, v j ) E if two variables x i, x j appear together in any polynomial f k. A vertex partition can then be computed from the graph The corresponding equation subsystems can be solved independently by guessing variables corresponding to vertices in the separator, Algebraic, QUAD, Trivium
17 Equations Partitioning Partitioning Experiments Partitioning Example Quadratic system in 5 variables x i GF(2) Balanced vertex partition with C = 1 x 1 x 3 + x 1 + x 5 = 1 x 2 x 4 + x 4 x 5 = 0 x 1 x 5 + x 3 x 5 = 1 x 2 x 5 + x 2 + x 4 = 0 x 2 + x 4 x 5 = 1, Algebraic, QUAD, Trivium
18 Equations Partitioning Partitioning Experiments Partitioning Example Split the original system into two with x 5 as the common variable x 1 x 3 + x 1 + x 5 = 1 x 2 x 4 + x 4 x 5 = 0 x 1 x 5 + x 3 x 5 = 1 x 2 x 5 + x 2 + x 4 = 0 x 2 + x 4 x 5 = 1 Guess each possible value of x 5 and compute solutions x 5 = 0 no solution x 5 = 1 (x 1, x 3 ) = (0, 1), (x 2, x 4 ) = (1, 0) x = (0, 1, 1, 0, 1) Same result as solving the full system, Algebraic, QUAD, Trivium
19 Equations Partitioning Partitioning Experiments Balanced Partitioning Algorithms Balanced graph partitioning is NP-hard Nevertheless, heuristic algorithms are very efficient Balanced edge partitioning is widely used Applications includes circuit design, matrix computations, finite element analysis Software packages includes Metis, Chaco, LINK, Goblin, SCOTCH, PARTY, JOSTLE Balanced vertex partitioning software is not readily available In this work, Metis is used with an algorithm to convert edge partitions into vertex partitions, Algebraic, QUAD, Trivium
20 Equations Partitioning Partitioning Experiments Experiments Vertex partitioning experiments was run to test the feasibility of this technique Random graphs of prescribed number of vertices, edges and average degree were generated Vertex partitions are computed using the Meshpart interface to the Metis partitioning software Experiments were run under a laptop on a Pentium M 1.4 GHz CPU with 1GB RAM running Windows XP SP2, Algebraic, QUAD, Trivium
21 Equations Partitioning Partitioning Experiments Vertex Partitioning Experiments V E density deg C V 1 V 2 β Time ms ms ms ms ms ms ms ms Balanced vertex partitions can be obtained very efficiently Balance parameter β roughly proportional to the average degree of graph, Algebraic, QUAD, Trivium
22 QUAD Trivium QUAD QUAD is a family of provably secure stream ciphers Berbain, Gilbert and Patarin (2006) Security is based on the Multivariate Quadratic (MQ) problem. The MQ equations form maps for state transition and keystream generation Solving these equations means key recovery Malicious host can generate weak systems with effective graph partitions Appears to be secure as a full system Check needs to be made for low vertex connectivity, Algebraic, QUAD, Trivium
23 QUAD Trivium Trivium Trivium is a bit-based stream cipher in the estream project hardware portfolio Cannière and Preneel (2007) 80 bit key, 80 bit initialisation vector, 288 bit internal state The cipher is secure against basic algebraic attacks 288 dense polynomial equations in 288 variables Raddum (2006) gave an alternative algebraic analysis with relabelling Obtained sparse quadratic system for Trivium Bivium-A and Bivium-B developed as reduced versions, Algebraic, QUAD, Trivium
24 QUAD Trivium Trivium Algebraic analysis with relabelling Trivium described as 954 quadratic equations in 954 variables Bivium-A and Bivium-B described as 399 equations in 399 variables Trivium Adjacency Matrix, Algebraic, QUAD, Trivium
25 QUAD Trivium Partitioning Bivium and Trivium Equations State Number of Cipher Size Variables C V 1 V 2 β Bivium-A Bivium-B Trivium Balanced partitions are obtained with reasonable vertex separators Guessing all bits in C is not useful as the cost is the same as exhaustive key search Guessing a subset of bits in C could yield a more effective attack, Algebraic, QUAD, Trivium
26 QUAD Trivium Partial Key Guessing with Vertex Separator All Guesses Number of Number of Cipher in C Guesses Equations Time Memory Bivium-A No s 843 MB Bivium-A Yes s 1200 MB Bivium-B No s 1044 MB Bivium-B Yes s 1569 MB Trivium No s 80 MB Trivium No s 554 MB Trivium No s 1569 MB Trivium Yes s 596 MB Trivium Yes s 1875 MB Trivium Yes s 3150 MB, Algebraic, QUAD, Trivium
27 QUAD Trivium Algebraic Attacks on Bivium and Trivium Choosing guesses entirely within vertex separators gives a significant efficiency gain in partial key guessing attacks Feasible attacks could be made against Bivium-A (14-bit guess) and Bivium-B (62-bit guess) Let T be the time required to solve a reduced system of Trivium The vertex separator technique roughly reduces the attack complexity from T to T A reduction in time complexity is achieved Best bits to guess are identified for Trivium, Algebraic, QUAD, Trivium
28 Summary and s Variable-sharing graphs can aid in solving multivariate equation systems Vertex partitions on the graph yield split equation systems that can be solved individually Significant efficiency gain over solving full systems Algebraic cryptanalysis can be improved using this technique Weak equations for QUAD can be tailored and need to be checked Partial key guess attacks on Trivium can be made much more efficient, Algebraic, QUAD, Trivium
29 Future Directions and Open Problems A new design criteria for ciphers? The graph partitioning technique is most effective on sparse equations whose graphs have very low vertex connectivity Graphs who are near complete provide maximum security against this technique The effects of relabelling in algebraic analysis on equation systems are unknown Most likely sparsity would increase and vertex connectivity would decrease Methods of ensuring high connectivity under relabelling may be developed, Algebraic, QUAD, Trivium
30 Thank You, Algebraic, QUAD, Trivium
CUBE-TYPE ALGEBRAIC ATTACKS ON WIRELESS ENCRYPTION PROTOCOLS
CUBE-TYPE ALGEBRAIC ATTACKS ON WIRELESS ENCRYPTION PROTOCOLS George W. Dinolt, James Bret Michael, Nikolaos Petrakos, Pantelimon Stanica Short-range (Bluetooth) and to so extent medium-range (WiFi) wireless
More informationBreaking Grain-128 with Dynamic Cube Attacks
Breaking Grain-128 with Dynamic Cube Attacks Itai Dinur and Adi Shamir Computer Science department The Weizmann Institute Rehovot 76100, Israel Abstract. We present a new variant of cube attacks called
More informationEfficient Implementation for QUAD Stream Cipher with GPUs
DOI: 10.2298/CSIS121102040T Efficient Implementation for QUAD Stream Cipher with GPUs Satoshi Tanaka 1, Takashi Nishide 2, and Kouichi Sakurai 2 1 Graduate School of Information Science and Electrical
More informationOn Covering a Graph Optimally with Induced Subgraphs
On Covering a Graph Optimally with Induced Subgraphs Shripad Thite April 1, 006 Abstract We consider the problem of covering a graph with a given number of induced subgraphs so that the maximum number
More informationAlgebraicDierential Cryptanalysis of DES
AlgebraicDierential Cryptanalysis of DES JeanCharles Faugère Ludovic Perret PierreJean Spaenlehauer UPMC LIP6 CNRS INRIA Paris - Rocquencourt SALSA team Journées C2 1/33 PJ Spaenlehauer Plan Introduction
More informationTrivium. 2 Specifications
Trivium Specifications Christophe De Cannière and Bart Preneel Katholieke Universiteit Leuven, Dept. ESAT/SCD-COSIC, Kasteelpark Arenberg 10, B 3001 Heverlee, Belgium {cdecanni, preneel}@esat.kuleuven.be
More informationCOZMO - A New Lightweight Stream Cipher
COZMO - A New Lightweight Stream Cipher Rhea Bonnerji 0000-0002-5825-8800, Simanta Sarkar 0000-0002-4210-2764, Krishnendu Rarhi 0000-0002-5794-215X, Abhishek Bhattacharya School of Information Technology,
More informationImproved Attack on Full-round Grain-128
Improved Attack on Full-round Grain-128 Ximing Fu 1, and Xiaoyun Wang 1,2,3,4, and Jiazhe Chen 5, and Marc Stevens 6, and Xiaoyang Dong 2 1 Department of Computer Science and Technology, Tsinghua University,
More informationStanford University CS359G: Graph Partitioning and Expanders Handout 1 Luca Trevisan January 4, 2011
Stanford University CS359G: Graph Partitioning and Expanders Handout 1 Luca Trevisan January 4, 2011 Lecture 1 In which we describe what this course is about. 1 Overview This class is about the following
More informationcube attack on stream cipher Trivium and quadraticity test
The cube attack on stream cipher Trivium and quadraticity tests Piotr Mroczkowski Janusz Szmidt Military Communication Institute Poland 17 sierpnia 2010 Cube Attack- Papers and Preprints Itai Dinur and
More informationGrain of Salt An Automated Way to Test Stream Ciphers through SAT Solvers
Grain of Salt An Automated Way to Test Stream Ciphers through SAT Solvers Mate Soos UPMC LIP6, PLANETE team INRIA, SALSA team INRIA Abstract. In this paper we describe Grain of Salt, a tool developed to
More informationPractical Algebraic Attacks on the HITAG2 TM Stream Cipher in RFID Transponders
Practical Algebraic Attacks on the HITAG2 TM Stream Cipher in RFID Transponders Nicolas T. Courtois 1 Sean O Neil 2 Jean-Jacques Quisquater 3 1 - University College London, UK 2 - VEST Corporation, France
More informationPractical Algebraic Attacks on the HITAG2 TM Stream Cipher
Practical Algebraic Attacks on the HITAG2 TM Stream Cipher Nicolas T. Courtois 1 Sean O Neil 2 Jean-Jacques Quisquater 3 1 - University College London, UK 2 - VEST Corporation, France 3 - Université Catholique
More informationExact Algorithms for NP-hard problems
24 mai 2012 1 Why do we need exponential algorithms? 2 3 Why the P-border? 1 Practical reasons (Jack Edmonds, 1965) For practical purposes the difference between algebraic and exponential order is more
More informationGrain of Salt An Automated Way to Test Stream Ciphers through SAT Solvers
Grain of Salt An Automated Way to Test Stream Ciphers through SAT Solvers Mate Soos UPMC LIP6, PLANETE team INRIA, SALSA team INRIA Abstract. In this paper we describe Grain of Salt, a tool developed to
More informationAn Overview of Cryptanalysis Research for the Advanced Encryption Standard
An Overview of Cryptanalysis Research for the Advanced Encryption Standard Alan Kaminsky, Rochester Institute of Technology Michael Kurdziel, Harris Corporation Stanisław Radziszowski, Rochester Institute
More informationImproved Multi-Dimensional Meet-in-the-Middle Cryptanalysis of KATAN
Improved Multi-Dimensional Meet-in-the-Middle Cryptanalysis of KATAN Shahram Rasoolzadeh and Håvard Raddum Simula Research Laboratory Abstract. We study multidimensional meet-in-the-middle attacks on the
More informationImproved Multi-Dimensional Meet-in-the-Middle Cryptanalysis of KATAN
Improved Multi-Dimensional Meet-in-the-Middle Cryptanalysis of KATAN Shahram Rasoolzadeh and Håvard Raddum Simula Research Laboratory {shahram,haavardr}@simula.no Abstract. We study multidimensional meet-in-the-middle
More informationVulnerability of Certain Stream Ciphers Based on k-normal Boolean Functions
Vulnerability of Certain Stream Ciphers Based on k-normal Boolean Functions Miodrag Mihaljevic RCIS-AIST, Tokyo A Seminar Lecture at CCRG School of Physics and Mathematical Sciences Nanyang Technological
More informationNP-complete Reductions
NP-complete Reductions 1. Prove that 3SAT P DOUBLE-SAT, i.e., show DOUBLE-SAT is NP-complete by reduction from 3SAT. The 3-SAT problem consists of a conjunction of clauses over n Boolean variables, where
More informationDifferential Fault Analysis of Trivium
Differential Fault Analysis of Trivium Michal Hojsík 1, 3 and Bohuslav Rudolf 2, 3 1 The Selmer Center, University of Bergen, Norway 2 National Security Authority, Czech Republic 3 Department of Algebra,
More informationParallelization of Shortest Path Graph Kernels on Multi-Core CPUs and GPU
Parallelization of Shortest Path Graph Kernels on Multi-Core CPUs and GPU Lifan Xu Wei Wang Marco A. Alvarez John Cavazos Dongping Zhang Department of Computer and Information Science University of Delaware
More informationCryptanalysis of Symmetric-Key Primitives: Automated Techniques
1 / 39 Cryptanalysis of Symmetric-Key Primitives: Automated Techniques Nicky Mouha ESAT/COSIC, KU Leuven, Belgium IBBT, Belgium Summer School on Tools, Mykonos Tuesday, May 29, 2012 2 / 39 Outline 1 2
More informationCorrelated Keystreams in Moustique
, Vincent Rijmen, Tor Bjørstad, Christian Rechberger, Matt Robshaw and Gautham Sekar K.U. Leuven, ESAT-COSIC The Selmer Center, University of Bergen Graz University of Technology France Télécom Research
More informationGraph Theory S 1 I 2 I 1 S 2 I 1 I 2
Graph Theory S I I S S I I S Graphs Definition A graph G is a pair consisting of a vertex set V (G), and an edge set E(G) ( ) V (G). x and y are the endpoints of edge e = {x, y}. They are called adjacent
More informationIntro to Random Graphs and Exponential Random Graph Models
Intro to Random Graphs and Exponential Random Graph Models Danielle Larcomb University of Denver Danielle Larcomb Random Graphs 1/26 Necessity of Random Graphs The study of complex networks plays an increasingly
More informationImproved Attacks on Full GOST
Improved Attacks on Full GOST Itai Dinur 1, Orr Dunkelman 1,2 and Adi Shamir 1 1 Computer Science department, The Weizmann Institute, ehovot, Israel 2 Computer Science Department, University of Haifa,
More informationAMS526: Numerical Analysis I (Numerical Linear Algebra)
AMS526: Numerical Analysis I (Numerical Linear Algebra) Lecture 5: Sparse Linear Systems and Factorization Methods Xiangmin Jiao Stony Brook University Xiangmin Jiao Numerical Analysis I 1 / 18 Sparse
More informationAssignment 4 Solutions of graph problems
Assignment 4 Solutions of graph problems 1. Let us assume that G is not a cycle. Consider the maximal path in the graph. Let the end points of the path be denoted as v 1, v k respectively. If either of
More informationBinary Decision Diagrams and Symbolic Model Checking
Binary Decision Diagrams and Symbolic Model Checking Randy Bryant Ed Clarke Ken McMillan Allen Emerson CMU CMU Cadence U Texas http://www.cs.cmu.edu/~bryant Binary Decision Diagrams Restricted Form of
More informationPrimitive Specification for SOBER-128
Primitive Specification for SOBER-128 Philip Hawkes and Gregory G. Rose {phawkes,ggr}@qualcomm.com Qualcomm Australia Level 3, 230 Victoria Rd Gladesville NSW 2111 Australia Tel: +61-2-9817-4188, Fax:
More informationDynamic programming. Trivial problems are solved first More complex solutions are composed from the simpler solutions already computed
Dynamic programming Solves a complex problem by breaking it down into subproblems Each subproblem is broken down recursively until a trivial problem is reached Computation itself is not recursive: problems
More informationAn Improved Cryptanalysis of Lightweight Stream Cipher Grain-v1
An Improved Cryptanalysis of Lightweight Stream Cipher Grain-v1 Miodrag J. Mihaljević 1, Nishant Sinha 2, Sugata Gangopadhyay 2, Subhamoy Maitra 3, Goutam Paul 3 and Kanta Matsuura 4 1 Mathematical Institute,
More informationAMS526: Numerical Analysis I (Numerical Linear Algebra)
AMS526: Numerical Analysis I (Numerical Linear Algebra) Lecture 20: Sparse Linear Systems; Direct Methods vs. Iterative Methods Xiangmin Jiao SUNY Stony Brook Xiangmin Jiao Numerical Analysis I 1 / 26
More informationEngineering Multilevel Graph Partitioning Algorithms
Engineering Multilevel Graph Partitioning Algorithms Manuel Holtgrewe, Vitaly Osipov, Peter Sanders, Christian Schulz Institute for Theoretical Computer Science, Algorithmics II 1 Mar. 3, 2011 Manuel Holtgrewe,
More informationMath 170- Graph Theory Notes
1 Math 170- Graph Theory Notes Michael Levet December 3, 2018 Notation: Let n be a positive integer. Denote [n] to be the set {1, 2,..., n}. So for example, [3] = {1, 2, 3}. To quote Bud Brown, Graph theory
More informationThe p-sized partitioning algorithm for fast computation of factorials of numbers
J Supercomput (2006) 38:73 82 DOI 10.1007/s11227-006-7285-5 The p-sized partitioning algorithm for fast computation of factorials of numbers Ahmet Ugur Henry Thompson C Science + Business Media, LLC 2006
More informationConnectivity, Graph Minors, and Subgraph Multiplicity
Connectivity, Graph Minors, and Subgraph Multiplicity David Eppstein Department of Information and Computer Science University of California, Irvine, CA 92717 Tech. Report 92-06 January 10, 1992 Abstract
More informationLesson 2 7 Graph Partitioning
Lesson 2 7 Graph Partitioning The Graph Partitioning Problem Look at the problem from a different angle: Let s multiply a sparse matrix A by a vector X. Recall the duality between matrices and graphs:
More informationLecture 21: Other Reductions Steven Skiena
Lecture 21: Other Reductions Steven Skiena Department of Computer Science State University of New York Stony Brook, NY 11794 4400 http://www.cs.stonybrook.edu/ skiena Problem of the Day Show that the dense
More informationPaths. Path is a sequence of edges that begins at a vertex of a graph and travels from vertex to vertex along edges of the graph.
Paths Path is a sequence of edges that begins at a vertex of a graph and travels from vertex to vertex along edges of the graph. Formal Definition of a Path (Undirected) Let n be a nonnegative integer
More informationCHAPTER 2. KEYED NON-SURJECTIVE FUNCTIONS IN STREAM CIPHERS54 All bytes in odd positions of the shift register are XORed and used as an index into a f
CHAPTER 2. KEYED NON-SURJECTIVE FUNCTIONS IN STREAM CIPHERS53 is 512. Λ This demonstrates the contribution to the security of RC4 made by the simple swapping of S table entries in the memory update function.
More informationLecture 21: Other Reductions Steven Skiena. Department of Computer Science State University of New York Stony Brook, NY
Lecture 21: Other Reductions Steven Skiena Department of Computer Science State University of New York Stony Brook, NY 11794 4400 http://www.cs.sunysb.edu/ skiena Problem of the Day Show that the Dense
More informationA Meet-in-the-Middle Attack on 8-Round AES
A Meet-in-the-Middle Attack on 8-Round AES Hüseyin Demirci 1 and Ali Aydın Selçuk 2 1 Tübitak UEKAE, 41470 Gebze, Kocaeli, Turkey huseyind@uekae.tubitak.gov.tr 2 Department of Computer Engineering Bilkent
More informationComputational problems. Lecture 2: Combinatorial search and optimisation problems. Computational problems. Examples. Example
Lecture 2: Combinatorial search and optimisation problems Different types of computational problems Examples of computational problems Relationships between problems Computational properties of different
More informationKernelization Upper Bounds for Parameterized Graph Coloring Problems
Kernelization Upper Bounds for Parameterized Graph Coloring Problems Pim de Weijer Master Thesis: ICA-3137910 Supervisor: Hans L. Bodlaender Computing Science, Utrecht University 1 Abstract This thesis
More informationChapter 9: Elementary Graph Algorithms Basic Graph Concepts
hapter 9: Elementary Graph lgorithms asic Graph oncepts msc 250 Intro to lgorithms graph is a mathematical object that is used to model different situations objects and processes: Linked list Tree (partial
More informationCube Attacks and Cube-attack-like Cryptanalysis on the Round-reduced Keccak Sponge Function
Cube Attacks and Cube-attack-like Cryptanalysis on the Round-reduced Keccak Sponge Function Itai Dinur 1, Pawe l Morawiecki 2,3, Josef Pieprzyk 4 Marian Srebrny 2,3, and Micha l Straus 3 1 Computer Science
More informationChapter 8. NP-complete problems
Chapter 8. NP-complete problems Search problems E cient algorithms We have developed algorithms for I I I I I finding shortest paths in graphs, minimum spanning trees in graphs, matchings in bipartite
More informationLesson 22: Basic Graph Concepts
Lesson 22: asic Graph oncepts msc 175 iscrete Mathematics 1. Introduction graph is a mathematical object that is used to model different relations between objects and processes: Linked list Flowchart of
More informationOn the Security of Stream Cipher CryptMT v3
On the Security of Stream Cipher CryptMT v3 Haina Zhang 1, and Xiaoyun Wang 1,2 1 Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Jinan 250100,
More informationHIPS : a parallel hybrid direct/iterative solver based on a Schur complement approach
HIPS : a parallel hybrid direct/iterative solver based on a Schur complement approach Mini-workshop PHyLeaS associated team J. Gaidamour, P. Hénon July 9, 28 HIPS : an hybrid direct/iterative solver /
More informationMath 778S Spectral Graph Theory Handout #2: Basic graph theory
Math 778S Spectral Graph Theory Handout #: Basic graph theory Graph theory was founded by the great Swiss mathematician Leonhard Euler (1707-178) after he solved the Königsberg Bridge problem: Is it possible
More informationCommunication balancing in Mondriaan sparse matrix partitioning
Communication balancing in Mondriaan sparse matrix partitioning Rob Bisseling and Wouter Meesen Rob.Bisseling@math.uu.nl http://www.math.uu.nl/people/bisseling Department of Mathematics Utrecht University
More information11/22/2016. Chapter 9 Graph Algorithms. Introduction. Definitions. Definitions. Definitions. Definitions
Introduction Chapter 9 Graph Algorithms graph theory useful in practice represent many real-life problems can be slow if not careful with data structures 2 Definitions an undirected graph G = (V, E) is
More informationChapter 9 Graph Algorithms
Chapter 9 Graph Algorithms 2 Introduction graph theory useful in practice represent many real-life problems can be slow if not careful with data structures 3 Definitions an undirected graph G = (V, E)
More informationVertex Cover is Fixed-Parameter Tractable
Vertex Cover is Fixed-Parameter Tractable CS 511 Iowa State University November 28, 2010 CS 511 (Iowa State University) Vertex Cover is Fixed-Parameter Tractable November 28, 2010 1 / 18 The Vertex Cover
More informationA substructure based parallel dynamic solution of large systems on homogeneous PC clusters
CHALLENGE JOURNAL OF STRUCTURAL MECHANICS 1 (4) (2015) 156 160 A substructure based parallel dynamic solution of large systems on homogeneous PC clusters Semih Özmen, Tunç Bahçecioğlu, Özgür Kurç * Department
More informationChapter 9 Graph Algorithms
Introduction graph theory useful in practice represent many real-life problems can be if not careful with data structures Chapter 9 Graph s 2 Definitions Definitions an undirected graph is a finite set
More informationMath 776 Graph Theory Lecture Note 1 Basic concepts
Math 776 Graph Theory Lecture Note 1 Basic concepts Lectured by Lincoln Lu Transcribed by Lincoln Lu Graph theory was founded by the great Swiss mathematician Leonhard Euler (1707-178) after he solved
More informationNP-Hardness. We start by defining types of problem, and then move on to defining the polynomial-time reductions.
CS 787: Advanced Algorithms NP-Hardness Instructor: Dieter van Melkebeek We review the concept of polynomial-time reductions, define various classes of problems including NP-complete, and show that 3-SAT
More informationTELCOM2125: Network Science and Analysis
School of Information Sciences University of Pittsburgh TELCOM2125: Network Science and Analysis Konstantinos Pelechrinis Spring 2015 2 Part 4: Dividing Networks into Clusters The problem l Graph partitioning
More informationarxiv: v1 [cs.dm] 24 Sep 2012
A new edge selection heuristic for computing the Tutte polynomial of an undirected graph. arxiv:1209.5160v1 [cs.dm] 2 Sep 2012 Michael Monagan Department of Mathematics, Simon Fraser University mmonagan@cecms.sfu.ca
More informationLecture 5: Graphs. Rajat Mittal. IIT Kanpur
Lecture : Graphs Rajat Mittal IIT Kanpur Combinatorial graphs provide a natural way to model connections between different objects. They are very useful in depicting communication networks, social networks
More informationStream Ciphers: A Practical Solution for Efficient Homomorphic-Ciphertext Compression
Stream Ciphers: A Practical Solution for Efficient Homomorphic-Ciphertext Compression Anne Canteaut, Sergiu Carpov, Caroline Fontaine, Tancrède Lepoint, María Naya-Plasencia, Pascal Paillier, Renaud Sirdey
More informationTwo Attacks Against the HBB Stream Cipher
Two Attacks Against the HBB Stream Cipher Antoine Joux 1 and Frédéric Muller 2 1 DGA and Univ. Versailles St-Quentin Antoine.Joux@m4x.org 2 DCSSI Crypto Lab Frederic.Muller@sgdn.pm.gouv.fr Abstract. Hiji-Bij-Bij
More informationChapter 9 Graph Algorithms
Chapter 9 Graph Algorithms 2 Introduction graph theory useful in practice represent many real-life problems can be if not careful with data structures 3 Definitions an undirected graph G = (V, E) is a
More informationCryptography for Resource Constrained Devices: A Survey
Cryptography for Resource Constrained Devices: A Survey Jacob John Dept. of Computer Engineering Sinhgad Institute of Technology Pune, India. jj31270@yahoo.co.in Abstract Specifically designed and developed
More informationIntroduction to Graph Theory
Introduction to Graph Theory Tandy Warnow January 20, 2017 Graphs Tandy Warnow Graphs A graph G = (V, E) is an object that contains a vertex set V and an edge set E. We also write V (G) to denote the vertex
More informationBest known solution time is Ω(V!) Check every permutation of vertices to see if there is a graph edge between adjacent vertices
Hard Problems Euler-Tour Problem Undirected graph G=(V,E) An Euler Tour is a path where every edge appears exactly once. The Euler-Tour Problem: does graph G have an Euler Path? Answerable in O(E) time.
More informationParallel Hybrid Monte Carlo Algorithms for Matrix Computations
Parallel Hybrid Monte Carlo Algorithms for Matrix Computations V. Alexandrov 1, E. Atanassov 2, I. Dimov 2, S.Branford 1, A. Thandavan 1 and C. Weihrauch 1 1 Department of Computer Science, University
More informationCache Timing Attacks on estream Finalists
Cache Timing Attacks on estream Finalists Erik Zenner Technical University Denmark (DTU) Institute for Mathematics e.zenner@mat.dtu.dk Echternach, Jan. 9, 2008 Erik Zenner (DTU-MAT) Cache Timing Attacks
More informationA new edge selection heuristic for computing the Tutte polynomial of an undirected graph.
FPSAC 2012, Nagoya, Japan DMTCS proc. (subm.), by the authors, 1 12 A new edge selection heuristic for computing the Tutte polynomial of an undirected graph. Michael Monagan 1 1 Department of Mathematics,
More informationComputer Algebra Investigation of Known Primitive Triangle-Free Strongly Regular Graphs
Computer Algebra Investigation of Known Primitive Triangle-Free Strongly Regular Graphs Matan Ziv-Av (Jointly with Mikhail Klin) Ben-Gurion University of the Negev SCSS 2013 RISC, JKU July 5, 2013 Ziv-Av
More informationGraphs: Introduction. Ali Shokoufandeh, Department of Computer Science, Drexel University
Graphs: Introduction Ali Shokoufandeh, Department of Computer Science, Drexel University Overview of this talk Introduction: Notations and Definitions Graphs and Modeling Algorithmic Graph Theory and Combinatorial
More informationAlgebraic-Differential Cryptanalysis of DES
Algebraic-Differential Cryptanalysis of DES Jean-Charles FAUGÈRE, Ludovic PERRET, Pierre-Jean SPAENLEHAUER UPMC, Univ Paris 06, LIP6 INRIA, Centre Paris-Rocquencourt, SALSA Project CNRS, UMR 7606, LIP6
More informationConstruction of Minimum-Weight Spanners Mikkel Sigurd Martin Zachariasen
Construction of Minimum-Weight Spanners Mikkel Sigurd Martin Zachariasen University of Copenhagen Outline Motivation and Background Minimum-Weight Spanner Problem Greedy Spanner Algorithm Exact Algorithm:
More informationL15. POSE-GRAPH SLAM. NA568 Mobile Robotics: Methods & Algorithms
L15. POSE-GRAPH SLAM NA568 Mobile Robotics: Methods & Algorithms Today s Topic Nonlinear Least Squares Pose-Graph SLAM Incremental Smoothing and Mapping Feature-Based SLAM Filtering Problem: Motion Prediction
More informationResearch Incubator: Combinatorial Optimization. Dr. Lixin Tao December 9, 2003
Research Incubator: Combinatorial Optimization Dr. Lixin Tao December 9, 23 Content General Nature of Research on Combinatorial Optimization Problem Identification and Abstraction Problem Properties and
More informationRelational Database: The Relational Data Model; Operations on Database Relations
Relational Database: The Relational Data Model; Operations on Database Relations Greg Plaxton Theory in Programming Practice, Spring 2005 Department of Computer Science University of Texas at Austin Overview
More informationStudying Graph Connectivity
Studying Graph Connectivity Freeman Yufei Huang July 1, 2002 Submitted for CISC-871 Instructor: Dr. Robin Dawes Studying Graph Connectivity Freeman Yufei Huang Submitted July 1, 2002 for CISC-871 In some
More informationKey Recovery from State Information of Sprout: Application to Cryptanalysis and Fault Attack
Key Recovery from State Information of Sprout: Application to Cryptanalysis and Fault Attack Subhamoy Maitra, Santanu Sarkar, Anubhab Baksi, Pramit Dey Indian Statistical Institute, Kolkata and Indian
More informationThe RAKAPOSHI Stream Cipher
The RAKAPOSHI Stream Cipher Carlos Cid 1, Shinsaku Kiyomoto 2, and Jun Kurihara 2 1 Information Security Group, Royal Holloway, University of London Egham, United Kingdom carlos.cid@rhul.ac.uk 2 KDDI R
More informationTreewidth and graph minors
Treewidth and graph minors Lectures 9 and 10, December 29, 2011, January 5, 2012 We shall touch upon the theory of Graph Minors by Robertson and Seymour. This theory gives a very general condition under
More informationNON LINEAR FEEDBACK STREAM CIPHER
NON LINEAR FEEDBACK STREAM CIPHER *Dr.R. Siva Ram Prasad **G.Murali ***S.Gopi Krishna Research Director, Dept. of CSE, Head, Dept. of CSE, Head, Dept. of CSE, Acharya Nagarjuna University, R.K College
More informationThe Dynamic Hungarian Algorithm for the Assignment Problem with Changing Costs
The Dynamic Hungarian Algorithm for the Assignment Problem with Changing Costs G. Ayorkor Mills-Tettey Anthony Stentz M. Bernardine Dias CMU-RI-TR-07-7 July 007 Robotics Institute Carnegie Mellon University
More informationSpeed Optimized Implementations of the QUAD Algorithm. Jason Hamlet and Robert Brocato. Sandia National Laboratories
SAND 2013-1418 C Speed Optimized Implementations of the QUAD Algorithm Jason Hamlet and Robert Brocato Sandia National Laboratories jrhamle@sandia.gov, rwbroca@sandia.gov Abstract We present several software
More informationAn Introduction to new Stream Cipher Designs
An Introduction to new Stream Cipher Designs Ways of Turning Your Data into Line Noise T. E. Bjørstad The Selmer Center, Department of Informatics University of Bergen, Norway 25th Chaos Communications
More informationIntroduction III. Graphs. Motivations I. Introduction IV
Introduction I Graphs Computer Science & Engineering 235: Discrete Mathematics Christopher M. Bourke cbourke@cse.unl.edu Graph theory was introduced in the 18th century by Leonhard Euler via the Königsberg
More informationCSC 8301 Design and Analysis of Algorithms: Exhaustive Search
CSC 8301 Design and Analysis of Algorithms: Exhaustive Search Professor Henry Carter Fall 2016 Recap Brute force is the use of iterative checking or solving a problem by its definition The straightforward
More informationGraph Partitioning for High-Performance Scientific Simulations. Advanced Topics Spring 2008 Prof. Robert van Engelen
Graph Partitioning for High-Performance Scientific Simulations Advanced Topics Spring 2008 Prof. Robert van Engelen Overview Challenges for irregular meshes Modeling mesh-based computations as graphs Static
More informationDesign Space Exploration of the Lightweight Stream Cipher WG-8 for FPGAs and ASICs
Design Space Exploration of the Lightweight Stream Cipher WG- for FPGAs and ASICs Gangqiang Yang, Xinxin Fan, Mark Aagaard and Guang Gong University of Waterloo g37yang@uwaterloo.ca Sept 9, 013 Gangqiang
More informationPublic-Key Cryptanalysis
http://www.di.ens.fr/ pnguyen INRIA and École normale supérieure, Paris, France MPRI, 2010 Outline 1 Introduction Asymmetric Cryptology Course Overview 2 Textbook RSA 3 Euclid s Algorithm Applications
More informationSome Open Problems in Graph Theory and Computational Geometry
Some Open Problems in Graph Theory and Computational Geometry David Eppstein Univ. of California, Irvine Dept. of Information and Computer Science ICS 269, January 25, 2002 Two Models of Algorithms Research
More informationTrees. 3. (Minimally Connected) G is connected and deleting any of its edges gives rise to a disconnected graph.
Trees 1 Introduction Trees are very special kind of (undirected) graphs. Formally speaking, a tree is a connected graph that is acyclic. 1 This definition has some drawbacks: given a graph it is not trivial
More informationSymmetric Key Algorithms. Definition. A symmetric key algorithm is an encryption algorithm where the same key is used for encrypting and decrypting.
Symmetric Key Algorithms Definition A symmetric key algorithm is an encryption algorithm where the same key is used for encrypting and decrypting. 1 Block cipher and stream cipher There are two main families
More informationChapter 10 Part 1: Reduction
//06 Polynomial-Time Reduction Suppose we could solve Y in polynomial-time. What else could we solve in polynomial time? don't confuse with reduces from Chapter 0 Part : Reduction Reduction. Problem X
More informationLecture 4: Graph Algorithms
Lecture 4: Graph Algorithms Definitions Undirected graph: G =(V, E) V finite set of vertices, E finite set of edges any edge e = (u,v) is an unordered pair Directed graph: edges are ordered pairs If e
More informationGenetic Algorithm for Circuit Partitioning
Genetic Algorithm for Circuit Partitioning ZOLTAN BARUCH, OCTAVIAN CREŢ, KALMAN PUSZTAI Computer Science Department, Technical University of Cluj-Napoca, 26, Bariţiu St., 3400 Cluj-Napoca, Romania {Zoltan.Baruch,
More informationDeciding k-colorability of P 5 -free graphs in polynomial time
Deciding k-colorability of P 5 -free graphs in polynomial time Chính T. Hoàng Marcin Kamiński Vadim Lozin Joe Sawada Xiao Shu April 16, 2008 Abstract The problem of computing the chromatic number of a
More information