Möbius transforms, coincident Boolean functions and non-coincidence property of Boolean functions

Boolean functions and their Möbius transforms are involved in logical calculation, digital communications, coding theory and modern cryptography. So far, little is known about the relations of Boolean functions and their Möbius transforms. This work is composed of three parts. In the first part, we present relations between a Boolean function and its Möbius transform so as to convert the truth table/algebraic normal form (ANF) to the ANF/truth table of a function in different conditions. In the second part, we focus on the special case when a Boolean function is identical to its Möbius transform. We call such functions coincident. In the third part, we generalize the concept of coincident functions and indicate that any Boolean function has the coincidence property even it is not coincident.

Lattice-based threshold changeability for standard shamir sectret-sharing schemes

We consider the problem of increasing the threshold parameter of a secret-sharing scheme after the setup (share distribution) phase, without further communication between the dealer and the shareholders. Previous solutions to this problem require one to start off with a nonstandard scheme designed specifically for this purpose, or to have communication between shareholders. In contrast, we show how to increase the threshold parameter of the standard Shamir secret-sharing scheme without communication between the shareholders. Our technique can thus be applied to existing Shamir schemes even if they were set up without consideration to future threshold increases. Our method is a new positive cryptographic application for lattice reduction algorithms, inspired by recent work on lattice-based list decoding of Reed-Solomon codes with noise bounded in the Lee norm. We use fundamental results from the theory of lattices (geometry of numbers) to prove quantitative statements about the information-theoretic security of our construction. These lattice-based security proof techniques may be of independent interest.

Active security in multiparty computation over black-box groups

Most previous work on unconditionally secure multiparty computation has focused on computing over a finite field (or ring). Multiparty computation over other algebraic structures has not received much attention, but is an interesting topic whose study may provide new and improved tools for certain applications. At CRYPTO 2007, Desmedt et al introduced a construction for a passive-secure multiparty multiplication protocol for black-box groups, reducing it to a certain graph coloring problem, leaving as an open problem to achieve security against active attacks. We present the first n-party protocol for unconditionally secure multiparty computation over a black-box group which is secure under an active attack model, tolerating any adversary structure Δ satisfying the Q 3 property (in which no union of three subsets from Δ covers the whole player set), which is known to be necessary for achieving security in the active setting. Our protocol uses Maurer’s Verifiable Secret Sharing (VSS) but preserves the essential simplicity of the graph-based approach of Desmedt et al, which avoids each shareholder having to rerun the full VSS protocol after each local computation. A corollary of our result is a new active-secure protocol for general multiparty computation of an arbitrary Boolean circuit.

NTRUCCA : how to strengthen NTRUEncrypt to chosen-ciphertext security in the standard model

NTRUEncrypt is a fast and practical lattice-based public-key encryption scheme, which has been standardized by IEEE, but until recently, its security analysis relied only on heuristic arguments. Recently, Stehlé and Steinfeld showed that a slight variant (that we call pNE) could be proven to be secure under chosen-plaintext attack (IND-CPA), assuming the hardness of worst-case problems in ideal lattices. We present a variant of pNE called NTRUCCA, that is IND-CCA2 secure in the standard model assuming the hardness of worst-case problems in ideal lattices, and only incurs a constant factor overhead in ciphertext and key length over the pNE scheme. To our knowledge, our result gives the first IND-CCA2 secure variant of NTRUEncrypt in the standard model, based on standard cryptographic assumptions. As an intermediate step, we present a construction for an All-But-One (ABO) lossy trapdoor function from pNE, which may be of independent interest. Our scheme uses the lossy trapdoor function framework of Peikert and Waters, which we generalize to the case of (k − 1)-of-k-correlated input distributions.

Lattice-based completely non-malleable PKE in the standard model

This paper presents ongoing work toward constructing efficient completely non-malleable public-key encryption scheme based on lattices in the standard (common reference string) model. An encryption scheme is completely non-malleable if it requires attackers to have negligible advantage, even if they are allowed to transform the public key under which the related message is encrypted. Ventre and Visconti proposed two inefficient constructions of completely non-malleable schemes, one in the common reference string model using non-interactive zero-knowledge proofs, and another using interactive encryption schemes. Recently, two efficient public-key encryption schemes have been proposed, both of them are based on pairing identity-based encryption.

Extensions of the cube attack based on low degree annihilators

At Crypto 2008, Shamir introduced a new algebraic attack called the cube attack, which allows us to solve black-box polynomials if we are able to tweak the inputs by varying an initialization vector. In a stream cipher setting where the filter function is known, we can extend it to the cube attack with annihilators: By applying the cube attack to Boolean functions for which we can find low-degree multiples (equivalently annihilators), the attack complexity can be improved. When the size of the filter function is smaller than the LFSR, we can improve the attack complexity further by considering a sliding window version of the cube attack with annihilators. Finally, we extend the cube attack to vectorial Boolean functions by finding implicit relations with low-degree polynomials.

Cryptanalysis of the LAKE hash family

We analyse the security of the cryptographic hash function LAKE-256 proposed at FSE 2008 by Aumasson, Meier and Phan. By exploiting non-injectivity of some of the building primitives of LAKE, we show three different collision and near-collision attacks on the compression function. The first attack uses differences in the chaining values and the block counter and finds collisions with complexity 233. The second attack utilizes differences in the chaining values and salt and yields collisions with complexity 242. The final attack uses differences only in the chaining values to yield near-collisions with complexity 299. All our attacks are independent of the number of rounds in the compression function. We illustrate the first two attacks by showing examples of collisions and near-collisions.

Energy-based positioning control of underactuated vehicles using manifold regulation

In this paper, we consider the problem of position regulation of a class of underactuated rigid-body vehicles that operate within a gravitational field and have fully-actuated attitude. The control objective is to regulate the vehicle position to a manifold of dimension equal to the underactuation degree. We address the problem using Port-Hamiltonian theory, and reduce the associated matching PDEs to a set of algebraic equations using a kinematic identity. The resulting method for control design is constructive. The point within the manifold to which the position is regulated is determined by the action of the potential field and the geometry of the manifold. We illustrate the performance of the controller for an unmanned aerial vehicle with underactuation degree two-a quadrotor helicopter.

Characterisation of the micro-architecture of direct writing melt electrospun tissue engineering scaffolds using diffusion tensor and computed tomography microimaging

This article describes the first steps toward comprehensive characterization of molecular transport within scaffolds for tissue engineering. The scaffolds were fabricated using a novel melt electrospinning technique capable of constructing 3D lattices of layered polymer fibers with well - defined internal microarchitectures. The general morphology and structure order was then determined using T 2 - weighted magnetic resonance imaging and X - ray microcomputed tomography. Diffusion tensor microimaging was used to measure the time - dependent diffusivity and diffusion anisotropy within the scaffolds. The measured diffusion tensors were anisotropic and consistent with the cross - hatched geometry of the scaffolds: diffusion was least restricted in the direction perpendicular to the fiber layers. The results demonstrate that the cross - hatched scaffold structure preferentially promotes molecular transport vertically through the layers ( z - axis), with more restricted diffusion in the directions of the fiber layers ( x – y plane). Diffusivity in the x – y plane was observed to be invariant to the fiber thickness. The characteristic pore size of the fiber scaffolds can be probed by sampling the diffusion tensor at multiple diffusion times. Prospective application of diffusion tensor imaging for the real - time monitoring of tissue maturation and nutrient transport pathways within tissue engineering scaffolds is discussed.

Diophantine equations as a context for technology-enhanced training in conjecturing and proving

Solving indeterminate algebraic equations in integers is a classic topic in the mathematics curricula across grades. At the undergraduate level, the study of solutions of non-linear equations of this kind can be motivated by the use of technology. This article shows how the unity of geometric contextualization and spreadsheet-based amplification of this topic can provide a discovery experience for prospective secondary teachers and information technology students. Such experience can be extended to include a transition from a computationally driven conjecturing to a formal proof based on a number of simple yet useful techniques.

Basic finance made accessible in Excel 2007 : "the big 5, plus 2"

The basic principles and equations are developed for elementary finance, based on the concept of compound interest. The five quantities of interest in such problems are present value, future value, amount of periodic payment, number of periods and the rate of interest per period. We consider three distinct means of computing each of these five quantities in Excel 2007: (i) use of algebraic equations, (ii) by recursive schedule and the Goal Seek facility, and (iii) use of Excel's intrinsic financial functions. The paper is intended to be used as the basis for a lesson plan and contains many examples and solved problems. Comment is made regarding the relative difficulty of each approach, and a prominent theme is the systematic use of more than one method to increase student understanding and build confidence in the answer obtained. Full instructions to build each type of model are given and a complete set of examples and solutions may be downloaded (Examples.xlsx and Solutions.xlsx).

Images inside a reflecting spherical surface with possible application in astronomy

This report studies an algebraic equation whose solution gives the image system of a source of light as seen by an observer inside a reflecting spherical surface. The equation is looked at numerically using GeoGebra. Under the hypothesis that our galaxy is enveloped by a reflecting interface this becomes a possible model for many mysterious extra galactic observations.

Characterisations of extended resiliency and extended immunity of S-boxes

New criteria of extended resiliency and extended immunity of vectorial Boolean functions, such as S-boxes for stream or block ciphers, were recently introduced. They are related to a divide-and-conquer approach to algebraic attacks by conditional or unconditional equations. Classical resiliency turns out to be a special case of extended resiliency and as such requires more conditions to be satisfied. In particular, the algebraic degrees of classically resilient S-boxes are restricted to lower values. In this paper, extended immunity and extended resiliency of S-boxes are studied and many characterisations and properties of such S-boxes are established. The new criteria are shown to be necessary and sufficient for resistance against the divide-and-conquer algebraic attacks by conditional or unconditional equations.

Cryptanalysis of block ciphers with overdefined systems of equations

Several recently proposed ciphers, for example Rijndael and Serpent, are built with layers of small S-boxes interconnected by linear key-dependent layers. Their security relies on the fact, that the classical methods of cryptanalysis (e.g. linear or differential attacks) are based on probabilistic characteristics, which makes their security grow exponentially with the number of rounds N r r. In this paper we study the security of such ciphers under an additional hypothesis: the S-box can be described by an overdefined system of algebraic equations (true with probability 1). We show that this is true for both Serpent (due to a small size of S-boxes) and Rijndael (due to unexpected algebraic properties). We study general methods known for solving overdefined systems of equations, such as XL from Eurocrypt’00, and show their inefficiency. Then we introduce a new method called XSL that uses the sparsity of the equations and their specific structure. The XSL attack uses only relations true with probability 1, and thus the security does not have to grow exponentially in the number of rounds. XSL has a parameter P, and from our estimations is seems that P should be a constant or grow very slowly with the number of rounds. The XSL attack would then be polynomial (or subexponential) in N r> , with a huge constant that is double-exponential in the size of the S-box. The exact complexity of such attacks is not known due to the redundant equations. Though the presented version of the XSL attack always gives always more than the exhaustive search for Rijndael, it seems to (marginally) break 256-bit Serpent. We suggest a new criterion for design of S-boxes in block ciphers: they should not be describable by a system of polynomial equations that is too small or too overdefined.

Reduction of amplitude equations by the renormalization group approach

This article elucidates and analyzes the fundamental underlying structure of the renormalization group (RG) approach as it applies to the solution of any differential equation involving multiple scales. The amplitude equation derived through the elimination of secular terms arising from a naive perturbation expansion of the solution to these equations by the RG approach is reduced to an algebraic equation which is expressed in terms of the Thiele semi-invariants or cumulants of the eliminant sequence { Zi } i=1 . Its use is illustrated through the solution of both linear and nonlinear perturbation problems and certain results from the literature are recovered as special cases. The fundamental structure that emerges from the application of the RG approach is not the amplitude equation but the aforementioned algebraic equation. © 2008 The American Physical Society.