c omplexity of ssa
play

C OMPLEXITY OF SSA Finding a fully discriminant signature is not - PowerPoint PPT Presentation

Nov 01, 2022 •354 likes •1k views

LESS IS M ORE : C ODE -B ASED S IGNATURES WITHOUT S YNDROMES J.-F. Biasse, G. Micheli, E. Persichetti and P . Santini 20 July 2020 E. P ERSICHETTI F LORIDA A TLANTIC U NIVERSITY 20 J ULY 2020 1 / 17 T RADITIONAL C ODE - BASED A PPROACH

  1. LESS IS M ORE : C ODE -B ASED S IGNATURES WITHOUT S YNDROMES J.-F. Biasse, G. Micheli, E. Persichetti and P . Santini 20 July 2020 E. P ERSICHETTI F LORIDA A TLANTIC U NIVERSITY 20 J ULY 2020 1 / 17

  2. T RADITIONAL C ODE - BASED A PPROACH McEliece: first cryptosystem using error correcting codes (1978). E. P ERSICHETTI F LORIDA A TLANTIC U NIVERSITY 20 J ULY 2020 2 / 17

  3. T RADITIONAL C ODE - BASED A PPROACH McEliece: first cryptosystem using error correcting codes (1978). Based on the hardness of decoding random linear codes. E. P ERSICHETTI F LORIDA A TLANTIC U NIVERSITY 20 J ULY 2020 2 / 17

  4. T RADITIONAL C ODE - BASED A PPROACH McEliece: first cryptosystem using error correcting codes (1978). Based on the hardness of decoding random linear codes. Important that the chosen code is indistinguishable from random. E. P ERSICHETTI F LORIDA A TLANTIC U NIVERSITY 20 J ULY 2020 2 / 17

  5. T RADITIONAL C ODE - BASED A PPROACH McEliece: first cryptosystem using error correcting codes (1978). Based on the hardness of decoding random linear codes. Important that the chosen code is indistinguishable from random. → the Code Equivalence Problem. E. P ERSICHETTI F LORIDA A TLANTIC U NIVERSITY 20 J ULY 2020 2 / 17

  6. C ODE E QUIVALENCE N OTIONS P ERMUTATION C ODE E QUIVALENCE Two codes C and C ′ are permutationally equivalent , or C PE ∼ C ′ , if there is a permutation π ∈ S n that maps C into C , i.e. C ′ = { π ( x ) , x ∈ C } . E. P ERSICHETTI F LORIDA A TLANTIC U NIVERSITY 20 J ULY 2020 3 / 17

  7. C ODE E QUIVALENCE N OTIONS P ERMUTATION C ODE E QUIVALENCE Two codes C and C ′ are permutationally equivalent , or C PE ∼ C ′ , if there is a permutation π ∈ S n that maps C into C , i.e. C ′ = { π ( x ) , x ∈ C } . This notion can be extended using linear isometries. E. P ERSICHETTI F LORIDA A TLANTIC U NIVERSITY 20 J ULY 2020 3 / 17

  8. C ODE E QUIVALENCE N OTIONS P ERMUTATION C ODE E QUIVALENCE Two codes C and C ′ are permutationally equivalent , or C PE ∼ C ′ , if there is a permutation π ∈ S n that maps C into C , i.e. C ′ = { π ( x ) , x ∈ C } . This notion can be extended using linear isometries. L INEAR C ODE E QUIVALENCE Two codes C and C ′ are linearly equivalent , or C LE ∼ C ′ , if there is a q ⋊ S n such that C ′ = µ ( C ) , i.e. linear isometry µ = ( v , π ) ∈ F ∗ n C ′ = { µ ( x ) , x ∈ C } . E. P ERSICHETTI F LORIDA A TLANTIC U NIVERSITY 20 J ULY 2020 3 / 17

  9. T HE C ODE E QUIVALENCE P ROBLEM Code equivalence can be described using generator matrices. Clearly: E. P ERSICHETTI F LORIDA A TLANTIC U NIVERSITY 20 J ULY 2020 4 / 17

  10. T HE C ODE E QUIVALENCE P ROBLEM Code equivalence can be described using generator matrices. Clearly: C PE ∼ C ′ ⇐ ⇒ ∃ ( S , P ) ∈ GL k ( q ) × S n s.t. G ′ = SGP , C LE ∼ C ′ ⇐ ⇒ ∃ ( S , Q ) ∈ GL k ( q ) × M n ( q ) s.t. G ′ = SGQ , where P is a permutation matrix, and Q a monomial matrix. E. P ERSICHETTI F LORIDA A TLANTIC U NIVERSITY 20 J ULY 2020 4 / 17

  11. T HE C ODE E QUIVALENCE P ROBLEM Code equivalence can be described using generator matrices. Clearly: C PE ∼ C ′ ⇐ ⇒ ∃ ( S , P ) ∈ GL k ( q ) × S n s.t. G ′ = SGP , C LE ∼ C ′ ⇐ ⇒ ∃ ( S , Q ) ∈ GL k ( q ) × M n ( q ) s.t. G ′ = SGQ , where P is a permutation matrix, and Q a monomial matrix. P ERMUTATION (L INEAR ) C ODE E QUIVALENCE P ROBLEM Let C and C ′ be two [ n , k ] linear codes over F q , having generator matrices G and G ′ , respectively. Determine whether the two codes are permutationally (linearly) equivalent, i.e. if there exist matrices S ∈ GL and P ∈ S n ( Q ∈ M n ( q ) ) such that G ′ = SGP ( G ′ = SGQ ). E. P ERSICHETTI F LORIDA A TLANTIC U NIVERSITY 20 J ULY 2020 4 / 17

  12. H ARDNESS AT A G LANCE Studied for a very long time. E. P ERSICHETTI F LORIDA A TLANTIC U NIVERSITY 20 J ULY 2020 5 / 17

  13. H ARDNESS AT A G LANCE Studied for a very long time. Unlikely to be NP-complete (unless polynomial hierarchy collapses). (Petrank and Roth, 1997) E. P ERSICHETTI F LORIDA A TLANTIC U NIVERSITY 20 J ULY 2020 5 / 17

  14. H ARDNESS AT A G LANCE Studied for a very long time. Unlikely to be NP-complete (unless polynomial hierarchy collapses). (Petrank and Roth, 1997) Existing algorithms efficiently attack particular cases, however... E. P ERSICHETTI F LORIDA A TLANTIC U NIVERSITY 20 J ULY 2020 5 / 17

  15. H ARDNESS AT A G LANCE Studied for a very long time. Unlikely to be NP-complete (unless polynomial hierarchy collapses). (Petrank and Roth, 1997) Existing algorithms efficiently attack particular cases, however... ...underlying exponential complexity makes it easy to find intractable instances. E. P ERSICHETTI F LORIDA A TLANTIC U NIVERSITY 20 J ULY 2020 5 / 17

  16. A PPLICATIONS IN C RYPTOGRAPHY Could Code Equivalence be used as a stand-alone problem? E. P ERSICHETTI F LORIDA A TLANTIC U NIVERSITY 20 J ULY 2020 6 / 17

  17. A PPLICATIONS IN C RYPTOGRAPHY Could Code Equivalence be used as a stand-alone problem? The situation for linear isometries recalls that of DLP (although without commutativity). E. P ERSICHETTI F LORIDA A TLANTIC U NIVERSITY 20 J ULY 2020 6 / 17

  18. A PPLICATIONS IN C RYPTOGRAPHY Could Code Equivalence be used as a stand-alone problem? The situation for linear isometries recalls that of DLP (although without commutativity). This means several existing constructions could be adapted to be based on Code Equivalence, with evident computational advantages. E. P ERSICHETTI F LORIDA A TLANTIC U NIVERSITY 20 J ULY 2020 6 / 17

  19. A PPLICATIONS IN C RYPTOGRAPHY Could Code Equivalence be used as a stand-alone problem? The situation for linear isometries recalls that of DLP (although without commutativity). This means several existing constructions could be adapted to be based on Code Equivalence, with evident computational advantages. In this work, we construct a ZK protocol based exclusively on the hardness of the linear code equivalence problem. E. P ERSICHETTI F LORIDA A TLANTIC U NIVERSITY 20 J ULY 2020 6 / 17

  20. A PPLICATIONS IN C RYPTOGRAPHY Could Code Equivalence be used as a stand-alone problem? The situation for linear isometries recalls that of DLP (although without commutativity). This means several existing constructions could be adapted to be based on Code Equivalence, with evident computational advantages. In this work, we construct a ZK protocol based exclusively on the hardness of the linear code equivalence problem. This can be then transformed into a full-fledged signature scheme via Fiat-Shamir. E. P ERSICHETTI F LORIDA A TLANTIC U NIVERSITY 20 J ULY 2020 6 / 17

  21. A PPLICATIONS IN C RYPTOGRAPHY Could Code Equivalence be used as a stand-alone problem? The situation for linear isometries recalls that of DLP (although without commutativity). This means several existing constructions could be adapted to be based on Code Equivalence, with evident computational advantages. In this work, we construct a ZK protocol based exclusively on the hardness of the linear code equivalence problem. This can be then transformed into a full-fledged signature scheme via Fiat-Shamir. Since the scheme does not rely on decoding hardness, very small codes can be employed, leading to very practical instances. E. P ERSICHETTI F LORIDA A TLANTIC U NIVERSITY 20 J ULY 2020 6 / 17

  22. LESS I DENTIFICATION S CHEME K EY G ENERATION Choose linear code C with generator matrix G . SK: invertible matrix S and monomial matrix Q . PK: matrix G ′ = SGQ . P ROVER ’ S C OMPUTATION Choose random monomial matrix ˜ Q Set ˜ G = G ˜ Q and h = Hash ( SystForm ( ˜ G )) . (After receiving challenge bit b ) If b = 0 respond with µ = ˜ Q . If b = 1 respond with µ = Q − 1 ˜ Q . V ERIFIER ’ S C OMPUTATION If b = 0 verify that Hash ( SystForm ( G µ )) = h . If b = 1 verify that Hash ( SystForm ( G ′ µ )) = h . E. P ERSICHETTI F LORIDA A TLANTIC U NIVERSITY 20 J ULY 2020 7 / 17

  23. S ECURITY R EQUIREMENTS The three main security aspects of a zero-knowledge identification scheme are easily proved (sketch below). E. P ERSICHETTI F LORIDA A TLANTIC U NIVERSITY 20 J ULY 2020 8 / 17

  24. S ECURITY R EQUIREMENTS The three main security aspects of a zero-knowledge identification scheme are easily proved (sketch below). Completeness: this is immediate, and it is possible thanks to the use of the systematic form. E. P ERSICHETTI F LORIDA A TLANTIC U NIVERSITY 20 J ULY 2020 8 / 17

  25. S ECURITY R EQUIREMENTS The three main security aspects of a zero-knowledge identification scheme are easily proved (sketch below). Completeness: this is immediate, and it is possible thanks to the use of the systematic form. Zero-Knowledge: the produced responses do not leak information about the private key. In fact, in both cases, the response is distributed uniformly at random over the set of all monomial matrices. E. P ERSICHETTI F LORIDA A TLANTIC U NIVERSITY 20 J ULY 2020 8 / 17

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

I ( C ) . i = 0 i = 0 i = 0 D ANIELA R ITIRC C OMPLEXITY OF C IRCUIT I DEAL M

I ( C ) . i = 0 i = 0 i = 0 D ANIELA R ITIRC C OMPLEXITY OF C IRCUIT I DEAL M

C OMPLEXITY OF C IRCUIT I DEAL M EMBERSHIP T ESTING Daniela Ritirc, Armin Biere, Manuel Kauers Johannes Kepler University Linz, Austria SC-Square Workshop 2017 University of Kaiserslautern, Germany 29. July 2017 D ANIELA R ITIRC C OMPLEXITY OF

695 views • 52 slides
L AB EXPERIMENTS ON GELS (T. Y AMAGUCHI ) C OMPLEXITY OF DYNAMIC RUPTURE Ripperger, Ampuero, Mai

L AB EXPERIMENTS ON GELS (T. Y AMAGUCHI ) C OMPLEXITY OF DYNAMIC RUPTURE Ripperger, Ampuero, Mai

I MAGING EARTHQUAKE RUPTURE COMPLEXITY WITH DENSE ARRAYS Pablo Ampuero (Caltech Seismolab) Simons et al (Science, 2011) Meng, Inbal and Ampuero (subm. GRL, 2011) C OMPLEXITY OF DYNAMIC RUPTURE Ripperger, Ampuero, Mai (2008) Complicated

540 views • 31 slides
C ONSTANT S PACE C OMPLEXITY E NVIRONMENT R EPRESENTATION FOR V ISION - BASED N AVIGATION CONSTANT

C ONSTANT S PACE C OMPLEXITY E NVIRONMENT R EPRESENTATION FOR V ISION - BASED N AVIGATION CONSTANT

JEFFREY KANE JOHNSON C ONSTANT S PACE C OMPLEXITY E NVIRONMENT R EPRESENTATION FOR V ISION - BASED N AVIGATION CONSTANT SPACE COMPLEXITY ENVIRONMENT REPRESENTATION FOR VISION-BASED NAVIGATION NAVIGATING THE WORLD Zenrin Nokia/Here Google/Waymo

325 views • 7 slides
C OMPARATIVE E FFECTIVENESS E FFECTIVENESS AND AND S AFETY S AFETY OF OF C OMPARATIVE N EW - VERSUS

C OMPARATIVE E FFECTIVENESS E FFECTIVENESS AND AND S AFETY S AFETY OF OF C OMPARATIVE N EW - VERSUS

C OMPARATIVE E FFECTIVENESS E FFECTIVENESS AND AND S AFETY S AFETY OF OF C OMPARATIVE N EW - VERSUS E ARLY -G ENERATION D RUG -E LUTING S TENTS N EW - VERSUS E ARLY -G ENERATION D RUG -E LUTING S TENTS ACCORDING TO THE C TO THE C OMPLEXITY OMPLEXITY

369 views • 11 slides
Bayesian Network A DAG over a set of variables X 1 , . . . , X n A collection of local

Bayesian Network A DAG over a set of variables X 1 , . . . , X n A collection of local

IJCAI 2015 T HE C OMPLEXITY OF MAP I NFERENCE IN B AYESIAN N ETWORKS S PECIFIED T HROUGH L OGICAL L ANGUAGES D ENIS D. M AU Universidade de S ao Paulo, Brazil A C ASSIO P. DE C AMPOS Queens University Belfast, UK F ABIO G. C OZMAN

790 views • 13 slides
Executive Summary From monoliths to microservices: Monoliths all functionality in a

Executive Summary From monoliths to microservices: Monoliths all functionality in a

S EER: L EVERAGING B IG D ATA T O N AVIGATE T HE C OMPLEXITY O F P ERFORMANCE D EBUGGING I N C LOUD M ICROSERVICES Yu Gan, Yanqi Zhang, Kelvin Hu, Dailun Cheng, Yuan He, Meghna Pancholi, and Christina Delimitrou Cornell University ASPLOS

1.18k views • 60 slides
Complexity Natural Machine Language Learning www.urv.cat Complexity www.urv.cat Natural

Complexity Natural Machine Language Learning www.urv.cat Complexity www.urv.cat Natural

LACompLing2018. Symposium on Logic and Algorithms in Computational Linguistics Stockholm, 28 31 August 2018 C OMPLEXITY , N ATURAL L ANGUAGE AND M ACHINE L EARNING M. D OLORES J IMNEZ -L PEZ GRLMC- R ESEARCH G ROUP ON M ATHEMATICAL L

1.13k views • 77 slides
Content: PART I : The Problem of Linguistic Difficulty Measurement PART II : Review of

Content: PART I : The Problem of Linguistic Difficulty Measurement PART II : Review of

C ATEGORIAL P ROOF N ETS AND D EPENDENCY L OCALITY A N EW M ETRIC FOR L INGUISTIC C OMPLEXITY M EHDI M IRZAPOUR J EAN -P HILIPPE P ROST C HRISTIAN R ETOR August 31, 2018 LAComLing2018 Department of Mathematics University of Stockholm Content:

745 views • 55 slides
Link semantics and computational complexity. Evaluate complexity of semantic constructions in

Link semantics and computational complexity. Evaluate complexity of semantic constructions in

Motivations Previous works Reciprocity in language Reciprocals as lifts over GQs Complexity of reciprocal lifts Further questions C OMPLEXITY OF NATURAL LANGUAGE QUANTIFIERS C OMPUTATIONAL DICHOTOMY BETWEEN RECIPROCALS Jakub Szymanik

602 views • 32 slides
Exascale-ability Today N=4096 3 12.3 10 12 Flops 1.1 TB of Data 3D FFT Exascale-ability

Exascale-ability Today N=4096 3 12.3 10 12 Flops 1.1 TB of Data 3D FFT Exascale-ability

O N THE C OMMUNICATION C OMPLEXITY OF 3D FFT S AND ITS I MPLICATIONS FOR E XASCALE Kent Czechowski, Chris McClanahan, Casey Battaglino, Kartik Iyer, P .-K. Yeung, and Richard Vuduc Exascale-ability Today N=4096 3 12.3 10 12 Flops 1.1 TB of

651 views • 37 slides
Monitoring for the New Smart Grid Michel Kamel, Ph.D. CEO MelRok AEE October 17 th 2013 C

Monitoring for the New Smart Grid Michel Kamel, Ph.D. CEO MelRok AEE October 17 th 2013 C

Advanced Energy Monitoring for the New Smart Grid Michel Kamel, Ph.D. CEO MelRok AEE October 17 th 2013 C OMPLEXITY & U NCERTAINTY REQUIRE I NFORMATION REAL TIME, ACCURATE, DETAILED Data vs Knowledge Multiple routes: Highways vs

1k views • 75 slides
Lec 02. Non-deterministic Finite Automata Eunjung Kim N ONDETERMINISM Figure 1.27, Sipser 2012.

Lec 02. Non-deterministic Finite Automata Eunjung Kim N ONDETERMINISM Figure 1.27, Sipser 2012.

C OMPUTABILITY AND C OMPLEXITY , 2020 F ALL SEMESTER Lec 02. Non-deterministic Finite Automata Eunjung Kim N ONDETERMINISM Figure 1.27, Sipser 2012. Deterministic FA Nondeterministic FA each state & symbol one leaving arc multiple arcs

218 views • 17 slides
Space Complexity of Polynomial Calculus Massimo Lauria Sapienza Universit` a di Roma L

Space Complexity of Polynomial Calculus Massimo Lauria Sapienza Universit` a di Roma L

Space Complexity of Polynomial Calculus Massimo Lauria Sapienza Universit` a di Roma L OGICAL A PPROACHES TO B ARRIERS IN C OMPLEXITY II C AMBRIDGE 2012 (joint work with Y. Filmus, J. Nordstr om, N.Thapen and N. Zewi) SAT has been

998 views • 57 slides
A New Java Runtime for a Parallel World Christoph Reichenbach, Yannis Smaragdakis University of

A New Java Runtime for a Parallel World Christoph Reichenbach, Yannis Smaragdakis University of

A New Java Runtime for a Parallel World Christoph Reichenbach, Yannis Smaragdakis University of Massachusetts, Amherst 1 P ARALLELIZABILITY ACCORDING TO C OMPLEXITY T HEORY Serial Code degree of parallelizability . . . FOL + transitive

897 views • 20 slides
Lec 01. Finite-state automata Eunjung Kim F UNDAMENTAL QUESTIONS FOR CS What do we mean by

Lec 01. Finite-state automata Eunjung Kim F UNDAMENTAL QUESTIONS FOR CS What do we mean by

C OMPUTABILITY AND C OMPLEXITY , 2020 F ALL SEMESTER Lec 01. Finite-state automata Eunjung Kim F UNDAMENTAL QUESTIONS FOR CS What do we mean by "computation"? "Computation is to solve a problem by an effective manner."

615 views • 19 slides
Handling Javas Abrupt Termination in a Sequent Calculus for Dynamic Logic Bernhard Beckert

Handling Javas Abrupt Termination in a Sequent Calculus for Dynamic Logic Bernhard Beckert

Handling Javas Abrupt Termination in a Sequent Calculus for Dynamic Logic Bernhard Beckert Bettina Sasse U NIVERSITY OF K ARLSRUHE I NSTITUTE FOR L OGIC , C OMPLEXITY AND D EDUCTION S YSTEMS i12www.ira.uka.de/ key VerifiCard Workshop

604 views • 33 slides
Proofs of Restricted Shuffles Bjrn Terelius and Douglas Wikstrm KTH, Stockholm May 3, 2010

Proofs of Restricted Shuffles Bjrn Terelius and Douglas Wikstrm KTH, Stockholm May 3, 2010

Introduction Proof of Knowledge of Permutation Matrix Restricted Permutations Proofs of Restricted Shuffles Bjrn Terelius and Douglas Wikstrm KTH, Stockholm May 3, 2010 Bjrn Terelius and Douglas Wikstrm Proofs of Restricted Shuffles

969 views • 61 slides
Group-theoretic constructions of erasure-robust frames Matthew Fickus 1 John Jasper 2 Dustin G.

Group-theoretic constructions of erasure-robust frames Matthew Fickus 1 John Jasper 2 Dustin G.

Group-theoretic constructions of erasure-robust frames Matthew Fickus 1 John Jasper 2 Dustin G. Mixon 1 Jesse Peterson 2 1 Department of Mathematics and Statistics, Air Force Institute of Technology 2 Department of Mathematics, University of

358 views • 15 slides
Posets of alternating sign matrices and totally symmetric self-complementary plane partitions

Posets of alternating sign matrices and totally symmetric self-complementary plane partitions

Posets of alternating sign matrices and totally symmetric self-complementary plane partitions Jessica Striker North Dakota State University May 18, 2015 Some failed attempts to find a certain bijection, and what has come of it Jessica

1.88k views • 169 slides
Bohemian Eigenvalues Steven E. Thornton Robert M. Corless BohemianEigenvalues.com

Bohemian Eigenvalues Steven E. Thornton Robert M. Corless BohemianEigenvalues.com

Bohemian Eigenvalues Steven E. Thornton Robert M. Corless BohemianEigenvalues.com

522 views • 31 slides
Introducing 05A06: Patterns in Permutations and Words Eric S. Egge Carleton College September

Introducing 05A06: Patterns in Permutations and Words Eric S. Egge Carleton College September

Introducing 05A06: Patterns in Permutations and Words Eric S. Egge Carleton College September 20, 2014 Eric S. Egge (Carleton College) Introducing 05A06: Patterns in Permutations and WordsSeptember 20, 2014 1 / 34 The Case There are

1.14k views • 96 slides
= = p CSE 541 x x x x = n p 1-norm: x x =

= = p CSE 541 x x x x = n p 1-norm: x x =

Vector Norms Measure the magnitude of a vector Measure the magnitude of a vector Vector Norms Is the error in x small or large? General class of p -norms: General class of p norms: 1/ p n = = p

69 views • 3 slides
Descending Plane Partitions and Permutations Arvind Ayyer Institut de Physique Th eorique CEA

Descending Plane Partitions and Permutations Arvind Ayyer Institut de Physique Th eorique CEA

Descending Plane Partitions and Permutations Arvind Ayyer Institut de Physique Th eorique CEA Saclay 91191 Gif-sur-Yvette Cedex, France 1 Abstract The connections between alternating sign matrices and descending plane partitions had been

529 views • 34 slides
R q = 1 : rook placements S n = { permutations w of { 1 , 2 , . . . , n }} Let S { 1 , 2 , . .

R q = 1 : rook placements S n = { permutations w of { 1 , 2 , . . . , n }} Let S { 1 , 2 , . .

Counting matrices over finite fields with zeroes on Rothe diagrams Alejandro Morales (LaCIM, Universit e du Qu ebec ` a Montr eal) CanaDAM 2013, Minisymposia enumerative combinatorics June 10, 2013 joint work with Aaron Klein

699 views • 59 slides

More recommend