rt sr ts - - PowerPoint PPT Presentation

❊♥❝r②♣t❡❞ ❉❛✈✐❡s✲▼❡②❡r ❛♥❞ ■ts ❉✉❛❧✿ ❚♦✇❛r❞s ❖♣t✐♠❛❧ ❙❡❝✉r✐t② ❯s✐♥❣ ▼✐rr♦r ❚❤❡♦r②

❇❛rt ▼❡♥♥✐♥❦✱ ❙❛♠✉❡❧ ◆❡✈❡s ❘❛❞❜♦✉❞ ❯♥✐✈❡rs✐t② ✭❚❤❡ ◆❡t❤❡r❧❛♥❞s✮✱ ❯♥✐✈❡rs✐t② ♦❢ ❈♦✐♠❜r❛ ✭P♦rt✉❣❛❧✮

❈❘❨P❚❖ ✷✵✶✼ ❆✉❣✉st ✷✹✱ ✷✵✶✼

✶ ✴ ✷✸

■♥tr♦❞✉❝t✐♦♥

▲✉❜②✲❘❛❝❦♦✛ ✴ ❋❡✐st❡❧

P❘P P❘❋

◆♦✇

✷ ✴ ✷✸

■♥tr♦❞✉❝t✐♦♥

▲✉❜②✲❘❛❝❦♦✛ ✴ ❋❡✐st❡❧

P❘P P❘❋

◆♦✇

✷ ✴ ✷✸

■♥tr♦❞✉❝t✐♦♥

▲✉❜②✲❘❛❝❦♦✛ ✴ ❋❡✐st❡❧

P❘P P❘❋

◆♦✇

✷ ✴ ✷✸

❳♦r ♦❢ P❡r♠✉t❛t✐♦♥s

❳♦r ♦❢ P❡r♠✉t❛t✐♦♥s

x p2 p1 y

❳♦r ♦❢ ❙✐♥❣❧❡ P❡r♠✉t❛t✐♦♥

• ❋✐rst s✉❣❣❡st❡❞ ❜② ❇❡❧❧❛r❡ ❡t ❛❧✳ ❬❇❑❘✾✽❪
• ❙❡❝✉r❡ ✉♣ t♦ 2n q✉❡r✐❡s ❬❇■✾✾✱▲✉❝✵✵✱P❛t✵✽❪
• ❆♣♣❧✐❝❛t✐♦♥✿ ❈❊◆❈✱ ❙❈❚

❙✐♥❣❧❡ ♣❡r♠✉t❛t✐♦♥ ✉s✐♥❣ ❞♦♠❛✐♥ s❡♣❛r❛t✐♦♥

✸ ✴ ✷✸

❳♦r ♦❢ P❡r♠✉t❛t✐♦♥s

❳♦r ♦❢ P❡r♠✉t❛t✐♦♥s

x p2 p1 y

❳♦r ♦❢ ❙✐♥❣❧❡ P❡r♠✉t❛t✐♦♥

x

1· 0·

p p y

• ❋✐rst s✉❣❣❡st❡❞ ❜② ❇❡❧❧❛r❡ ❡t ❛❧✳ ❬❇❑❘✾✽❪
• ❙❡❝✉r❡ ✉♣ t♦ 2n q✉❡r✐❡s ❬❇■✾✾✱▲✉❝✵✵✱P❛t✵✽❪
• ❆♣♣❧✐❝❛t✐♦♥✿ ❈❊◆❈✱ ❙❈❚
• ❙✐♥❣❧❡ ♣❡r♠✉t❛t✐♦♥ ✉s✐♥❣ ❞♦♠❛✐♥ s❡♣❛r❛t✐♦♥

✸ ✴ ✷✸

❊♥❝r②♣t❡❞ ✭❲❡❣♠❛♥✲❈❛rt❡r✮ ❉❛✈✐❡s✲▼❡②❡r

❊❉▼

x p1 p2 y

❊❲❈❉▼

• ❇② ❈♦❣❧✐❛t✐ ❛♥❞ ❙❡✉r✐♥ ❬❈❙✶✻❪
• ❙❡❝✉r❡ ✉♣ t♦ 22n/3 q✉❡r✐❡s
• ❈♦♥❥❡❝t✉r❡✿ ♦♣t✐♠❛❧ 2n s❡❝✉r✐t②

▼❡ss❛❣❡ ❛✉t❤❡♥t✐❝❛t✐♦♥ ✉s✐♥❣ ❊❲❈❉▼

✹ ✴ ✷✸

❊♥❝r②♣t❡❞ ✭❲❡❣♠❛♥✲❈❛rt❡r✮ ❉❛✈✐❡s✲▼❡②❡r

❊❉▼

x p1 p2 y

❊❲❈❉▼

ν p1 p2 t

h(m)

• ❇② ❈♦❣❧✐❛t✐ ❛♥❞ ❙❡✉r✐♥ ❬❈❙✶✻❪
• ❙❡❝✉r❡ ✉♣ t♦ 22n/3 q✉❡r✐❡s
• ❈♦♥❥❡❝t✉r❡✿ ♦♣t✐♠❛❧ 2n s❡❝✉r✐t②
• ▼❡ss❛❣❡ ❛✉t❤❡♥t✐❝❛t✐♦♥ ✉s✐♥❣ ❊❲❈❉▼

✹ ✴ ✷✸

❖✉r ❈♦♥tr✐❜✉t✐♦♥

❊❉▼ ❛♥❞ ❊❲❈❉▼ ✭❞❛s❤❡❞✮

x p1 p2 y

h(m) ❊❉▼❉ s❝❤❡♠❡

❬❈❙✶✻❪

♥♦✇ EDM 22n/3 2n/n EWCDM 22n/3 2n/n ✖✖

❇❛❝❦❜♦♥❡ ♦❢ ❛♥❛❧②s✐s✿ ♠✐rr♦r t❤❡♦r②

✺ ✴ ✷✸

❊❛r❧✐❡r ♣r♦♣♦s❛❧ r❡♠♦✈❡❞ ❛❢t❡r ♦❜s❡r✈❛t✐♦♥ ❜② ◆❛♥❞✐

❖✉r ❈♦♥tr✐❜✉t✐♦♥

❊❉▼ ❛♥❞ ❊❲❈❉▼ ✭❞❛s❤❡❞✮

x p1 p2 y

h(m) ❊❉▼❉

x p1 p2 y

s❝❤❡♠❡

❬❈❙✶✻❪

♥♦✇ EDM 22n/3 2n/n EWCDM 22n/3 2n/n EDMD ✖✖ 2n

❇❛❝❦❜♦♥❡ ♦❢ ❛♥❛❧②s✐s✿ ♠✐rr♦r t❤❡♦r②

✺ ✴ ✷✸

❊❛r❧✐❡r ♣r♦♣♦s❛❧ r❡♠♦✈❡❞ ❛❢t❡r ♦❜s❡r✈❛t✐♦♥ ❜② ◆❛♥❞✐

❖✉r ❈♦♥tr✐❜✉t✐♦♥

❊❉▼ ❛♥❞ ❊❲❈❉▼ ✭❞❛s❤❡❞✮

x p1 p2 y

h(m) ❊❉▼❉

x p1 p2 y

s❝❤❡♠❡

❬❈❙✶✻❪

♥♦✇ EDM 22n/3 2n/n EWCDM 22n/3 2n/n EDMD ✖✖ 2n

❇❛❝❦❜♦♥❡ ♦❢ ❛♥❛❧②s✐s✿ ♠✐rr♦r t❤❡♦r②

✺ ✴ ✷✸

− − − − → ❊❛r❧✐❡r ♣r♦♣♦s❛❧ EWCDMD r❡♠♦✈❡❞ ❛❢t❡r ♦❜s❡r✈❛t✐♦♥ ❜② ◆❛♥❞✐

❖✉r ❈♦♥tr✐❜✉t✐♦♥

❊❉▼ ❛♥❞ ❊❲❈❉▼ ✭❞❛s❤❡❞✮

x p1 p2 y

h(m) ❊❉▼❉

x p1 p2 y

s❝❤❡♠❡

❬❈❙✶✻❪

♥♦✇ EDM 22n/3 2n/n EWCDM 22n/3 2n/n EDMD ✖✖ 2n

❇❛❝❦❜♦♥❡ ♦❢ ❛♥❛❧②s✐s✿ ♠✐rr♦r t❤❡♦r②

✺ ✴ ✷✸

− − − − → ❊❛r❧✐❡r ♣r♦♣♦s❛❧ EWCDMD r❡♠♦✈❡❞ ❛❢t❡r ♦❜s❡r✈❛t✐♦♥ ❜② ◆❛♥❞✐

▼✐rr♦r ❚❤❡♦r②

❙②st❡♠ ♦❢ ❊q✉❛t✐♦♥s

• ❈♦♥s✐❞❡r r ❞✐st✐♥❝t ✉♥❦♥♦✇♥s P = {P1, . . . , Pr}
• ❈♦♥s✐❞❡r ❛ s②st❡♠ ♦❢ q ❡q✉❛t✐♦♥s ♦❢ t❤❡ ❢♦r♠✿

Pa1 ⊕ Pb1 = λ1 Pa2 ⊕ Pb2 = λ2 ✳ ✳ ✳ Paq ⊕ Pbq = λq ❢♦r s♦♠❡ s✉r❥❡❝t✐♦♥ ϕ : {a1, b1, . . . , aq, bq} → {1, . . . , r}

• ♦❛❧

▲♦✇❡r ❜♦✉♥❞ ♦♥ t❤❡ ♥✉♠❜❡r ♦❢ s♦❧✉t✐♦♥s t♦ s✉❝❤ t❤❛t ❢♦r ❛❧❧ ❞✐st✐♥❝t

✻ ✴ ✷✸

▼✐rr♦r ❚❤❡♦r②

❙②st❡♠ ♦❢ ❊q✉❛t✐♦♥s

• ❈♦♥s✐❞❡r r ❞✐st✐♥❝t ✉♥❦♥♦✇♥s P = {P1, . . . , Pr}
• ❈♦♥s✐❞❡r ❛ s②st❡♠ ♦❢ q ❡q✉❛t✐♦♥s ♦❢ t❤❡ ❢♦r♠✿

Pa1 ⊕ Pb1 = λ1 Pa2 ⊕ Pb2 = λ2 ✳ ✳ ✳ Paq ⊕ Pbq = λq ❢♦r s♦♠❡ s✉r❥❡❝t✐♦♥ ϕ : {a1, b1, . . . , aq, bq} → {1, . . . , r}

• ♦❛❧
• ▲♦✇❡r ❜♦✉♥❞ ♦♥ t❤❡ ♥✉♠❜❡r ♦❢ s♦❧✉t✐♦♥s t♦ P

s✉❝❤ t❤❛t Pa = Pb ❢♦r ❛❧❧ ❞✐st✐♥❝t a, b ∈ {1, . . . , r}

✻ ✴ ✷✸

▼✐rr♦r ❚❤❡♦r②

P❛t❛r✐♥✬s ❘❡s✉❧t

• ❊①tr❡♠❡❧② ♣♦✇❡r❢✉❧ ❧♦✇❡r ❜♦✉♥❞

❍❛s r❡♠❛✐♥❡❞ r❛t❤❡r ✉♥❦♥♦✇♥ s✐♥❝❡ ✐♥tr♦❞✉❝t✐♦♥ ✭✷✵✵✸✮

❆✉t❤♦rs P✉❜❧✐❝❛t✐♦♥ ❆♣♣❧✐❝❛t✐♦♥ ▼✐rr♦r ❇♦✉♥❞ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✸ ❋❡✐st❡❧ ❙✉❜♦♣t✐♠❛❧ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✹ ❋❡✐st❡❧ P❛t❛r✐♥ ■❈■❙❈ ✷✵✵✺ ❋❡✐st❡❧ ❖♣t✐♠❛❧ ✐♥ P❛t❛r✐♥✱ ▼♦♥tr❡✉✐❧ ■❈■❙❈ ✷✵✵✺ ❇❡♥❡s P❛t❛r✐♥ ■❈■❚❙ ✷✵✵✽ ❳♦P P❛t❛r✐♥ ❆❋❘■❈❆❈❘❨P❚ ✷✵✵✽ ❇❡♥❡s P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✽✼ ❳♦P ❈♦♥❝r❡t❡ ❜♦✉♥❞ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✾✸ ❋❡✐st❡❧ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✸✴✸✻✽ ❳♦P ❈♦❣❧✐❛t✐✱ ▲❛♠♣❡✱ P❛t❛r✐♥ ❋❙❊ ✷✵✶✹ ❳♦P ❱♦❧t❡✱ ◆❛❝❤❡❢✱ ▼❛rr✐èr❡ ❡Pr✐♥t ✷✵✶✻✴✶✸✻ ❋❡✐st❡❧ ■✇❛t❛✱ ▼❡♥♥✐♥❦✱ ❱✐③ár ❡Pr✐♥t ✷✵✶✻✴✶✵✽✼ ❈❊◆❈

✼ ✴ ✷✸

▼✐rr♦r ❚❤❡♦r②

P❛t❛r✐♥✬s ❘❡s✉❧t

• ❊①tr❡♠❡❧② ♣♦✇❡r❢✉❧ ❧♦✇❡r ❜♦✉♥❞
• ❍❛s r❡♠❛✐♥❡❞ r❛t❤❡r ✉♥❦♥♦✇♥ s✐♥❝❡ ✐♥tr♦❞✉❝t✐♦♥ ✭✷✵✵✸✮

❆✉t❤♦rs P✉❜❧✐❝❛t✐♦♥ ❆♣♣❧✐❝❛t✐♦♥ ▼✐rr♦r ❇♦✉♥❞ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✸ ❋❡✐st❡❧ ❙✉❜♦♣t✐♠❛❧ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✹ ❋❡✐st❡❧ P❛t❛r✐♥ ■❈■❙❈ ✷✵✵✺ ❋❡✐st❡❧ ❖♣t✐♠❛❧ ✐♥ P❛t❛r✐♥✱ ▼♦♥tr❡✉✐❧ ■❈■❙❈ ✷✵✵✺ ❇❡♥❡s P❛t❛r✐♥ ■❈■❚❙ ✷✵✵✽ ❳♦P P❛t❛r✐♥ ❆❋❘■❈❆❈❘❨P❚ ✷✵✵✽ ❇❡♥❡s P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✽✼ ❳♦P ❈♦♥❝r❡t❡ ❜♦✉♥❞ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✾✸ ❋❡✐st❡❧ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✸✴✸✻✽ ❳♦P ❈♦❣❧✐❛t✐✱ ▲❛♠♣❡✱ P❛t❛r✐♥ ❋❙❊ ✷✵✶✹ ❳♦P ❱♦❧t❡✱ ◆❛❝❤❡❢✱ ▼❛rr✐èr❡ ❡Pr✐♥t ✷✵✶✻✴✶✸✻ ❋❡✐st❡❧ ■✇❛t❛✱ ▼❡♥♥✐♥❦✱ ❱✐③ár ❡Pr✐♥t ✷✵✶✻✴✶✵✽✼ ❈❊◆❈

✼ ✴ ✷✸

▼✐rr♦r ❚❤❡♦r②

P❛t❛r✐♥✬s ❘❡s✉❧t

• ❊①tr❡♠❡❧② ♣♦✇❡r❢✉❧ ❧♦✇❡r ❜♦✉♥❞
• ❍❛s r❡♠❛✐♥❡❞ r❛t❤❡r ✉♥❦♥♦✇♥ s✐♥❝❡ ✐♥tr♦❞✉❝t✐♦♥ ✭✷✵✵✸✮

❆✉t❤♦rs P✉❜❧✐❝❛t✐♦♥ ❆♣♣❧✐❝❛t✐♦♥ ▼✐rr♦r ❇♦✉♥❞ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✸ ❋❡✐st❡❧ ❙✉❜♦♣t✐♠❛❧ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✹ ❋❡✐st❡❧ P❛t❛r✐♥ ■❈■❙❈ ✷✵✵✺ ❋❡✐st❡❧ ❖♣t✐♠❛❧ ✐♥ P❛t❛r✐♥✱ ▼♦♥tr❡✉✐❧ ■❈■❙❈ ✷✵✵✺ ❇❡♥❡s P❛t❛r✐♥ ■❈■❚❙ ✷✵✵✽ ❳♦P P❛t❛r✐♥ ❆❋❘■❈❆❈❘❨P❚ ✷✵✵✽ ❇❡♥❡s P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✽✼ ❳♦P ❈♦♥❝r❡t❡ ❜♦✉♥❞ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✾✸ ❋❡✐st❡❧ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✸✴✸✻✽ ❳♦P ❈♦❣❧✐❛t✐✱ ▲❛♠♣❡✱ P❛t❛r✐♥ ❋❙❊ ✷✵✶✹ ❳♦P ❱♦❧t❡✱ ◆❛❝❤❡❢✱ ▼❛rr✐èr❡ ❡Pr✐♥t ✷✵✶✻✴✶✸✻ ❋❡✐st❡❧ ■✇❛t❛✱ ▼❡♥♥✐♥❦✱ ❱✐③ár ❡Pr✐♥t ✷✵✶✻✴✶✵✽✼ ❈❊◆❈

✼ ✴ ✷✸

▼✐rr♦r ❚❤❡♦r②

P❛t❛r✐♥✬s ❘❡s✉❧t

• ❊①tr❡♠❡❧② ♣♦✇❡r❢✉❧ ❧♦✇❡r ❜♦✉♥❞
• ❍❛s r❡♠❛✐♥❡❞ r❛t❤❡r ✉♥❦♥♦✇♥ s✐♥❝❡ ✐♥tr♦❞✉❝t✐♦♥ ✭✷✵✵✸✮

❆✉t❤♦rs P✉❜❧✐❝❛t✐♦♥ ❆♣♣❧✐❝❛t✐♦♥ ▼✐rr♦r ❇♦✉♥❞ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✸ ❋❡✐st❡❧ ❙✉❜♦♣t✐♠❛❧ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✹ ❋❡✐st❡❧ P❛t❛r✐♥ ■❈■❙❈ ✷✵✵✺ ❋❡✐st❡❧ ❖♣t✐♠❛❧ ✐♥ P❛t❛r✐♥✱ ▼♦♥tr❡✉✐❧ ■❈■❙❈ ✷✵✵✺ ❇❡♥❡s P❛t❛r✐♥ ■❈■❚❙ ✷✵✵✽ ❳♦P P❛t❛r✐♥ ❆❋❘■❈❆❈❘❨P❚ ✷✵✵✽ ❇❡♥❡s P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✽✼ ❳♦P ❈♦♥❝r❡t❡ ❜♦✉♥❞ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✾✸ ❋❡✐st❡❧ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✸✴✸✻✽ ❳♦P ❈♦❣❧✐❛t✐✱ ▲❛♠♣❡✱ P❛t❛r✐♥ ❋❙❊ ✷✵✶✹ ❳♦P ❱♦❧t❡✱ ◆❛❝❤❡❢✱ ▼❛rr✐èr❡ ❡Pr✐♥t ✷✵✶✻✴✶✸✻ ❋❡✐st❡❧ ■✇❛t❛✱ ▼❡♥♥✐♥❦✱ ❱✐③ár ❡Pr✐♥t ✷✵✶✻✴✶✵✽✼ ❈❊◆❈

✼ ✴ ✷✸

▼✐rr♦r ❚❤❡♦r②

P❛t❛r✐♥✬s ❘❡s✉❧t

• ❊①tr❡♠❡❧② ♣♦✇❡r❢✉❧ ❧♦✇❡r ❜♦✉♥❞
• ❍❛s r❡♠❛✐♥❡❞ r❛t❤❡r ✉♥❦♥♦✇♥ s✐♥❝❡ ✐♥tr♦❞✉❝t✐♦♥ ✭✷✵✵✸✮

❆✉t❤♦rs P✉❜❧✐❝❛t✐♦♥ ❆♣♣❧✐❝❛t✐♦♥ ▼✐rr♦r ❇♦✉♥❞ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✸ ❋❡✐st❡❧ ❙✉❜♦♣t✐♠❛❧ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✹ ❋❡✐st❡❧ P❛t❛r✐♥ ■❈■❙❈ ✷✵✵✺ ❋❡✐st❡❧ ❖♣t✐♠❛❧ ✐♥ O(·) P❛t❛r✐♥✱ ▼♦♥tr❡✉✐❧ ■❈■❙❈ ✷✵✵✺ ❇❡♥❡s P❛t❛r✐♥ ■❈■❚❙ ✷✵✵✽ ❳♦P P❛t❛r✐♥ ❆❋❘■❈❆❈❘❨P❚ ✷✵✵✽ ❇❡♥❡s P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✽✼ ❳♦P ❈♦♥❝r❡t❡ ❜♦✉♥❞ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✾✸ ❋❡✐st❡❧ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✸✴✸✻✽ ❳♦P ❈♦❣❧✐❛t✐✱ ▲❛♠♣❡✱ P❛t❛r✐♥ ❋❙❊ ✷✵✶✹ ❳♦P ❱♦❧t❡✱ ◆❛❝❤❡❢✱ ▼❛rr✐èr❡ ❡Pr✐♥t ✷✵✶✻✴✶✸✻ ❋❡✐st❡❧ ■✇❛t❛✱ ▼❡♥♥✐♥❦✱ ❱✐③ár ❡Pr✐♥t ✷✵✶✻✴✶✵✽✼ ❈❊◆❈

✼ ✴ ✷✸

▼✐rr♦r ❚❤❡♦r②

P❛t❛r✐♥✬s ❘❡s✉❧t

• ❊①tr❡♠❡❧② ♣♦✇❡r❢✉❧ ❧♦✇❡r ❜♦✉♥❞
• ❍❛s r❡♠❛✐♥❡❞ r❛t❤❡r ✉♥❦♥♦✇♥ s✐♥❝❡ ✐♥tr♦❞✉❝t✐♦♥ ✭✷✵✵✸✮

❆✉t❤♦rs P✉❜❧✐❝❛t✐♦♥ ❆♣♣❧✐❝❛t✐♦♥ ▼✐rr♦r ❇♦✉♥❞ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✸ ❋❡✐st❡❧ ❙✉❜♦♣t✐♠❛❧ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✹ ❋❡✐st❡❧ P❛t❛r✐♥ ■❈■❙❈ ✷✵✵✺ ❋❡✐st❡❧ ❖♣t✐♠❛❧ ✐♥ O(·) P❛t❛r✐♥✱ ▼♦♥tr❡✉✐❧ ■❈■❙❈ ✷✵✵✺ ❇❡♥❡s P❛t❛r✐♥ ■❈■❚❙ ✷✵✵✽ ❳♦P P❛t❛r✐♥ ❆❋❘■❈❆❈❘❨P❚ ✷✵✵✽ ❇❡♥❡s P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✽✼ ❳♦P ❈♦♥❝r❡t❡ ❜♦✉♥❞ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✾✸ ❋❡✐st❡❧ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✸✴✸✻✽ ❳♦P ❈♦❣❧✐❛t✐✱ ▲❛♠♣❡✱ P❛t❛r✐♥ ❋❙❊ ✷✵✶✹ ❳♦P ❱♦❧t❡✱ ◆❛❝❤❡❢✱ ▼❛rr✐èr❡ ❡Pr✐♥t ✷✵✶✻✴✶✸✻ ❋❡✐st❡❧ ■✇❛t❛✱ ▼❡♥♥✐♥❦✱ ❱✐③ár ❡Pr✐♥t ✷✵✶✻✴✶✵✽✼ ❈❊◆❈

✼ ✴ ✷✸

▼✐rr♦r ❚❤❡♦r②

P❛t❛r✐♥✬s ❘❡s✉❧t

• ❊①tr❡♠❡❧② ♣♦✇❡r❢✉❧ ❧♦✇❡r ❜♦✉♥❞
• ❍❛s r❡♠❛✐♥❡❞ r❛t❤❡r ✉♥❦♥♦✇♥ s✐♥❝❡ ✐♥tr♦❞✉❝t✐♦♥ ✭✷✵✵✸✮

❆✉t❤♦rs P✉❜❧✐❝❛t✐♦♥ ❆♣♣❧✐❝❛t✐♦♥ ▼✐rr♦r ❇♦✉♥❞ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✸ ❋❡✐st❡❧ ❙✉❜♦♣t✐♠❛❧ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✹ ❋❡✐st❡❧ P❛t❛r✐♥ ■❈■❙❈ ✷✵✵✺ ❋❡✐st❡❧ ❖♣t✐♠❛❧ ✐♥ O(·) P❛t❛r✐♥✱ ▼♦♥tr❡✉✐❧ ■❈■❙❈ ✷✵✵✺ ❇❡♥❡s P❛t❛r✐♥ ■❈■❚❙ ✷✵✵✽ ❳♦P P❛t❛r✐♥ ❆❋❘■❈❆❈❘❨P❚ ✷✵✵✽ ❇❡♥❡s P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✽✼ ❳♦P ❈♦♥❝r❡t❡ ❜♦✉♥❞ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✾✸ ❋❡✐st❡❧ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✸✴✸✻✽ ❳♦P ❈♦❣❧✐❛t✐✱ ▲❛♠♣❡✱ P❛t❛r✐♥ ❋❙❊ ✷✵✶✹ ❳♦P ❱♦❧t❡✱ ◆❛❝❤❡❢✱ ▼❛rr✐èr❡ ❡Pr✐♥t ✷✵✶✻✴✶✸✻ ❋❡✐st❡❧ ■✇❛t❛✱ ▼❡♥♥✐♥❦✱ ❱✐③ár ❡Pr✐♥t ✷✵✶✻✴✶✵✽✼ ❈❊◆❈

✼ ✴ ✷✸

▼✐rr♦r ❚❤❡♦r②

P❛t❛r✐♥✬s ❘❡s✉❧t

• ❊①tr❡♠❡❧② ♣♦✇❡r❢✉❧ ❧♦✇❡r ❜♦✉♥❞
• ❍❛s r❡♠❛✐♥❡❞ r❛t❤❡r ✉♥❦♥♦✇♥ s✐♥❝❡ ✐♥tr♦❞✉❝t✐♦♥ ✭✷✵✵✸✮

❆✉t❤♦rs P✉❜❧✐❝❛t✐♦♥ ❆♣♣❧✐❝❛t✐♦♥ ▼✐rr♦r ❇♦✉♥❞ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✸ ❋❡✐st❡❧ ❙✉❜♦♣t✐♠❛❧ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✹ ❋❡✐st❡❧ P❛t❛r✐♥ ■❈■❙❈ ✷✵✵✺ ❋❡✐st❡❧ ❖♣t✐♠❛❧ ✐♥ O(·) P❛t❛r✐♥✱ ▼♦♥tr❡✉✐❧ ■❈■❙❈ ✷✵✵✺ ❇❡♥❡s P❛t❛r✐♥ ■❈■❚❙ ✷✵✵✽ ❳♦P P❛t❛r✐♥ ❆❋❘■❈❆❈❘❨P❚ ✷✵✵✽ ❇❡♥❡s P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✽✼ ❳♦P ❈♦♥❝r❡t❡ ❜♦✉♥❞ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✾✸ ❋❡✐st❡❧ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✸✴✸✻✽ ❳♦P ❈♦❣❧✐❛t✐✱ ▲❛♠♣❡✱ P❛t❛r✐♥ ❋❙❊ ✷✵✶✹ ❳♦P ❱♦❧t❡✱ ◆❛❝❤❡❢✱ ▼❛rr✐èr❡ ❡Pr✐♥t ✷✵✶✻✴✶✸✻ ❋❡✐st❡❧ ■✇❛t❛✱ ▼❡♥♥✐♥❦✱ ❱✐③ár ❡Pr✐♥t ✷✵✶✻✴✶✵✽✼ ❈❊◆❈

✼ ✴ ✷✸

▼✐rr♦r ❚❤❡♦r②

P❛t❛r✐♥✬s ❘❡s✉❧t

• ❊①tr❡♠❡❧② ♣♦✇❡r❢✉❧ ❧♦✇❡r ❜♦✉♥❞
• ❍❛s r❡♠❛✐♥❡❞ r❛t❤❡r ✉♥❦♥♦✇♥ s✐♥❝❡ ✐♥tr♦❞✉❝t✐♦♥ ✭✷✵✵✸✮

❆✉t❤♦rs P✉❜❧✐❝❛t✐♦♥ ❆♣♣❧✐❝❛t✐♦♥ ▼✐rr♦r ❇♦✉♥❞ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✸ ❋❡✐st❡❧ ❙✉❜♦♣t✐♠❛❧ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✹ ❋❡✐st❡❧ P❛t❛r✐♥ ■❈■❙❈ ✷✵✵✺ ❋❡✐st❡❧ ❖♣t✐♠❛❧ ✐♥ O(·) P❛t❛r✐♥✱ ▼♦♥tr❡✉✐❧ ■❈■❙❈ ✷✵✵✺ ❇❡♥❡s P❛t❛r✐♥ ■❈■❚❙ ✷✵✵✽ ❳♦P P❛t❛r✐♥ ❆❋❘■❈❆❈❘❨P❚ ✷✵✵✽ ❇❡♥❡s P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✽✼ ❳♦P ❈♦♥❝r❡t❡ ❜♦✉♥❞ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✾✸ ❋❡✐st❡❧ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✸✴✸✻✽ ❳♦P ❈♦❣❧✐❛t✐✱ ▲❛♠♣❡✱ P❛t❛r✐♥ ❋❙❊ ✷✵✶✹ ❳♦P ❱♦❧t❡✱ ◆❛❝❤❡❢✱ ▼❛rr✐èr❡ ❡Pr✐♥t ✷✵✶✻✴✶✸✻ ❋❡✐st❡❧ ■✇❛t❛✱ ▼❡♥♥✐♥❦✱ ❱✐③ár ❡Pr✐♥t ✷✵✶✻✴✶✵✽✼ ❈❊◆❈

✼ ✴ ✷✸

▼✐rr♦r ❚❤❡♦r②

P❛t❛r✐♥✬s ❘❡s✉❧t

• ❊①tr❡♠❡❧② ♣♦✇❡r❢✉❧ ❧♦✇❡r ❜♦✉♥❞
• ❍❛s r❡♠❛✐♥❡❞ r❛t❤❡r ✉♥❦♥♦✇♥ s✐♥❝❡ ✐♥tr♦❞✉❝t✐♦♥ ✭✷✵✵✸✮

❆✉t❤♦rs P✉❜❧✐❝❛t✐♦♥ ❆♣♣❧✐❝❛t✐♦♥ ▼✐rr♦r ❇♦✉♥❞ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✸ ❋❡✐st❡❧ ❙✉❜♦♣t✐♠❛❧ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✹ ❋❡✐st❡❧ P❛t❛r✐♥ ■❈■❙❈ ✷✵✵✺ ❋❡✐st❡❧ ❖♣t✐♠❛❧ ✐♥ O(·) P❛t❛r✐♥✱ ▼♦♥tr❡✉✐❧ ■❈■❙❈ ✷✵✵✺ ❇❡♥❡s P❛t❛r✐♥ ■❈■❚❙ ✷✵✵✽ ❳♦P P❛t❛r✐♥ ❆❋❘■❈❆❈❘❨P❚ ✷✵✵✽ ❇❡♥❡s P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✽✼ ❳♦P ❈♦♥❝r❡t❡ ❜♦✉♥❞ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✾✸ ❋❡✐st❡❧ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✸✴✸✻✽ ❳♦P ❈♦❣❧✐❛t✐✱ ▲❛♠♣❡✱ P❛t❛r✐♥ ❋❙❊ ✷✵✶✹ ❳♦P ❱♦❧t❡✱ ◆❛❝❤❡❢✱ ▼❛rr✐èr❡ ❡Pr✐♥t ✷✵✶✻✴✶✸✻ ❋❡✐st❡❧ ■✇❛t❛✱ ▼❡♥♥✐♥❦✱ ❱✐③ár ❡Pr✐♥t ✷✵✶✻✴✶✵✽✼ ❈❊◆❈

✼ ✴ ✷✸

▼✐rr♦r ❚❤❡♦r②

P❛t❛r✐♥✬s ❘❡s✉❧t

• ❊①tr❡♠❡❧② ♣♦✇❡r❢✉❧ ❧♦✇❡r ❜♦✉♥❞
• ❍❛s r❡♠❛✐♥❡❞ r❛t❤❡r ✉♥❦♥♦✇♥ s✐♥❝❡ ✐♥tr♦❞✉❝t✐♦♥ ✭✷✵✵✸✮

❆✉t❤♦rs P✉❜❧✐❝❛t✐♦♥ ❆♣♣❧✐❝❛t✐♦♥ ▼✐rr♦r ❇♦✉♥❞ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✸ ❋❡✐st❡❧ ❙✉❜♦♣t✐♠❛❧ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✹ ❋❡✐st❡❧ P❛t❛r✐♥ ■❈■❙❈ ✷✵✵✺ ❋❡✐st❡❧ ❖♣t✐♠❛❧ ✐♥ O(·) P❛t❛r✐♥✱ ▼♦♥tr❡✉✐❧ ■❈■❙❈ ✷✵✵✺ ❇❡♥❡s P❛t❛r✐♥ ■❈■❚❙ ✷✵✵✽ ❳♦P P❛t❛r✐♥ ❆❋❘■❈❆❈❘❨P❚ ✷✵✵✽ ❇❡♥❡s P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✽✼ ❳♦P ❈♦♥❝r❡t❡ ❜♦✉♥❞ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✾✸ ❋❡✐st❡❧ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✸✴✸✻✽ ❳♦P ❈♦❣❧✐❛t✐✱ ▲❛♠♣❡✱ P❛t❛r✐♥ ❋❙❊ ✷✵✶✹ ❳♦P ❱♦❧t❡✱ ◆❛❝❤❡❢✱ ▼❛rr✐èr❡ ❡Pr✐♥t ✷✵✶✻✴✶✸✻ ❋❡✐st❡❧ ■✇❛t❛✱ ▼❡♥♥✐♥❦✱ ❱✐③ár ❡Pr✐♥t ✷✵✶✻✴✶✵✽✼ ❈❊◆❈

✼ ✴ ✷✸

▼✐rr♦r ❚❤❡♦r②

P❛t❛r✐♥✬s ❘❡s✉❧t

• ❊①tr❡♠❡❧② ♣♦✇❡r❢✉❧ ❧♦✇❡r ❜♦✉♥❞
• ❍❛s r❡♠❛✐♥❡❞ r❛t❤❡r ✉♥❦♥♦✇♥ s✐♥❝❡ ✐♥tr♦❞✉❝t✐♦♥ ✭✷✵✵✸✮

❆✉t❤♦rs P✉❜❧✐❝❛t✐♦♥ ❆♣♣❧✐❝❛t✐♦♥ ▼✐rr♦r ❇♦✉♥❞ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✸ ❋❡✐st❡❧ ❙✉❜♦♣t✐♠❛❧ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✹ ❋❡✐st❡❧ P❛t❛r✐♥ ■❈■❙❈ ✷✵✵✺ ❋❡✐st❡❧ ❖♣t✐♠❛❧ ✐♥ O(·) P❛t❛r✐♥✱ ▼♦♥tr❡✉✐❧ ■❈■❙❈ ✷✵✵✺ ❇❡♥❡s P❛t❛r✐♥ ■❈■❚❙ ✷✵✵✽ ❳♦P P❛t❛r✐♥ ❆❋❘■❈❆❈❘❨P❚ ✷✵✵✽ ❇❡♥❡s P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✽✼ ❳♦P ❈♦♥❝r❡t❡ ❜♦✉♥❞ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✾✸ ❋❡✐st❡❧ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✸✴✸✻✽ ❳♦P ❈♦❣❧✐❛t✐✱ ▲❛♠♣❡✱ P❛t❛r✐♥ ❋❙❊ ✷✵✶✹ ❳♦Pd ❱♦❧t❡✱ ◆❛❝❤❡❢✱ ▼❛rr✐èr❡ ❡Pr✐♥t ✷✵✶✻✴✶✸✻ ❋❡✐st❡❧ ■✇❛t❛✱ ▼❡♥♥✐♥❦✱ ❱✐③ár ❡Pr✐♥t ✷✵✶✻✴✶✵✽✼ ❈❊◆❈

✼ ✴ ✷✸

▼✐rr♦r ❚❤❡♦r②

P❛t❛r✐♥✬s ❘❡s✉❧t

• ❊①tr❡♠❡❧② ♣♦✇❡r❢✉❧ ❧♦✇❡r ❜♦✉♥❞
• ❍❛s r❡♠❛✐♥❡❞ r❛t❤❡r ✉♥❦♥♦✇♥ s✐♥❝❡ ✐♥tr♦❞✉❝t✐♦♥ ✭✷✵✵✸✮

❆✉t❤♦rs P✉❜❧✐❝❛t✐♦♥ ❆♣♣❧✐❝❛t✐♦♥ ▼✐rr♦r ❇♦✉♥❞ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✸ ❋❡✐st❡❧ ❙✉❜♦♣t✐♠❛❧ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✹ ❋❡✐st❡❧ P❛t❛r✐♥ ■❈■❙❈ ✷✵✵✺ ❋❡✐st❡❧ ❖♣t✐♠❛❧ ✐♥ O(·) P❛t❛r✐♥✱ ▼♦♥tr❡✉✐❧ ■❈■❙❈ ✷✵✵✺ ❇❡♥❡s P❛t❛r✐♥ ■❈■❚❙ ✷✵✵✽ ❳♦P P❛t❛r✐♥ ❆❋❘■❈❆❈❘❨P❚ ✷✵✵✽ ❇❡♥❡s P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✽✼ ❳♦P ❈♦♥❝r❡t❡ ❜♦✉♥❞ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✾✸ ❋❡✐st❡❧ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✸✴✸✻✽ ❳♦P ❈♦❣❧✐❛t✐✱ ▲❛♠♣❡✱ P❛t❛r✐♥ ❋❙❊ ✷✵✶✹ ❳♦Pd ❱♦❧t❡✱ ◆❛❝❤❡❢✱ ▼❛rr✐èr❡ ❡Pr✐♥t ✷✵✶✻✴✶✸✻ ❋❡✐st❡❧ ■✇❛t❛✱ ▼❡♥♥✐♥❦✱ ❱✐③ár ❡Pr✐♥t ✷✵✶✻✴✶✵✽✼ ❈❊◆❈

✼ ✴ ✷✸

▼✐rr♦r ❚❤❡♦r②

P❛t❛r✐♥✬s ❘❡s✉❧t

• ❊①tr❡♠❡❧② ♣♦✇❡r❢✉❧ ❧♦✇❡r ❜♦✉♥❞
• ❍❛s r❡♠❛✐♥❡❞ r❛t❤❡r ✉♥❦♥♦✇♥ s✐♥❝❡ ✐♥tr♦❞✉❝t✐♦♥ ✭✷✵✵✸✮

❆✉t❤♦rs P✉❜❧✐❝❛t✐♦♥ ❆♣♣❧✐❝❛t✐♦♥ ▼✐rr♦r ❇♦✉♥❞ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✸ ❋❡✐st❡❧ ❙✉❜♦♣t✐♠❛❧ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✹ ❋❡✐st❡❧ P❛t❛r✐♥ ■❈■❙❈ ✷✵✵✺ ❋❡✐st❡❧ ❖♣t✐♠❛❧ ✐♥ O(·) P❛t❛r✐♥✱ ▼♦♥tr❡✉✐❧ ■❈■❙❈ ✷✵✵✺ ❇❡♥❡s P❛t❛r✐♥ ■❈■❚❙ ✷✵✵✽ ❳♦P P❛t❛r✐♥ ❆❋❘■❈❆❈❘❨P❚ ✷✵✵✽ ❇❡♥❡s P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✽✼ ❳♦P ❈♦♥❝r❡t❡ ❜♦✉♥❞ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✾✸ ❋❡✐st❡❧ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✸✴✸✻✽ ❳♦P ❈♦❣❧✐❛t✐✱ ▲❛♠♣❡✱ P❛t❛r✐♥ ❋❙❊ ✷✵✶✹ ❳♦Pd ❱♦❧t❡✱ ◆❛❝❤❡❢✱ ▼❛rr✐èr❡ ❡Pr✐♥t ✷✵✶✻✴✶✸✻ ❋❡✐st❡❧ ■✇❛t❛✱ ▼❡♥♥✐♥❦✱ ❱✐③ár ❡Pr✐♥t ✷✵✶✻✴✶✵✽✼ ❈❊◆❈

✼ ✴ ✷✸

▼✐rr♦r ❚❤❡♦r②

❙②st❡♠ ♦❢ ❊q✉❛t✐♦♥s

• r ❞✐st✐♥❝t ✉♥❦♥♦✇♥s P = {P1, . . . , Pr}
• ❙②st❡♠ ♦❢ ❡q✉❛t✐♦♥s Pai ⊕ Pbi = λi
• ❙✉r❥❡❝t✐♦♥ ϕ : {a1, b1, . . . , aq, bq} → {1, . . . , r}
• r❛♣❤ ❇❛s❡❞ ❱✐❡✇

Pa1 =Pa2 Pb1 Pb3 Pa4 =Pa5 Pb5 Pb2 =Pa3 =Pb4

λ1 λ2 λ3 λ4 λ5

Pa6 Pb6

λ6

Pa7 Pb7

λ7

Pa8 Pa9 Pb8 =Pb9 =Pb10 =Pa11 Pa10 Pb11

λ8 λ9 λ10 λ11 ✽ ✴ ✷✸

▼✐rr♦r ❚❤❡♦r②✿ ❚♦② ❊①❛♠♣❧❡ ✶

• ❙②st❡♠ ♦❢ ❡q✉❛t✐♦♥s✿

Pa ⊕ Pb = λ1 Pb ⊕ Pc = λ2 ■❢ ♦r ♦r ❈♦♥tr❛❞✐❝t✐♦♥✿ ♦r ♦r ❙❝❤❡♠❡ ✐s ❞❡❣❡♥❡r❛t❡ ■❢ ❛♥❞ ❝❤♦✐❝❡s ❢♦r ❋✐①❡s ✭✇❤✐❝❤ ✐s ❛s ❞❡s✐r❡❞✮ ❋✐①❡s ✭✇❤✐❝❤ ✐s ❛s ❞❡s✐r❡❞✮

✾ ✴ ✷✸

Pa Pb Pc

λ1 λ2

▼✐rr♦r ❚❤❡♦r②✿ ❚♦② ❊①❛♠♣❧❡ ✶

• ❙②st❡♠ ♦❢ ❡q✉❛t✐♦♥s✿

Pa ⊕ Pb = λ1 Pb ⊕ Pc = λ2 ■❢ λ1 = 0 ♦r λ2 = 0 ♦r λ1 = λ2

• ❈♦♥tr❛❞✐❝t✐♦♥✿ Pa = Pb ♦r Pb = Pc ♦r Pa = Pc
• ❙❝❤❡♠❡ ✐s ❞❡❣❡♥❡r❛t❡

■❢ ❛♥❞ ❝❤♦✐❝❡s ❢♦r ❋✐①❡s ✭✇❤✐❝❤ ✐s ❛s ❞❡s✐r❡❞✮ ❋✐①❡s ✭✇❤✐❝❤ ✐s ❛s ❞❡s✐r❡❞✮

✾ ✴ ✷✸

Pa Pb Pc

λ1 λ2

▼✐rr♦r ❚❤❡♦r②✿ ❚♦② ❊①❛♠♣❧❡ ✶

• ❙②st❡♠ ♦❢ ❡q✉❛t✐♦♥s✿

Pa ⊕ Pb = λ1 Pb ⊕ Pc = λ2 ■❢ λ1 = 0 ♦r λ2 = 0 ♦r λ1 = λ2

• ❈♦♥tr❛❞✐❝t✐♦♥✿ Pa = Pb ♦r Pb = Pc ♦r Pa = Pc
• ❙❝❤❡♠❡ ✐s ❞❡❣❡♥❡r❛t❡

■❢ λ1, λ2 = 0 ❛♥❞ λ1 = λ2

• 2n ❝❤♦✐❝❡s ❢♦r Pa

❋✐①❡s ✭✇❤✐❝❤ ✐s ❛s ❞❡s✐r❡❞✮ ❋✐①❡s ✭✇❤✐❝❤ ✐s ❛s ❞❡s✐r❡❞✮

✾ ✴ ✷✸

Pa Pb Pc

λ1 λ2

▼✐rr♦r ❚❤❡♦r②✿ ❚♦② ❊①❛♠♣❧❡ ✶

• ❙②st❡♠ ♦❢ ❡q✉❛t✐♦♥s✿

Pa ⊕ Pb = λ1 Pb ⊕ Pc = λ2 ■❢ λ1 = 0 ♦r λ2 = 0 ♦r λ1 = λ2

• ❈♦♥tr❛❞✐❝t✐♦♥✿ Pa = Pb ♦r Pb = Pc ♦r Pa = Pc
• ❙❝❤❡♠❡ ✐s ❞❡❣❡♥❡r❛t❡

■❢ λ1, λ2 = 0 ❛♥❞ λ1 = λ2

• 2n ❝❤♦✐❝❡s ❢♦r Pa
• ❋✐①❡s Pb = λ1 ⊕ Pa ✭✇❤✐❝❤ ✐s = Pa ❛s ❞❡s✐r❡❞✮

❋✐①❡s ✭✇❤✐❝❤ ✐s ❛s ❞❡s✐r❡❞✮

✾ ✴ ✷✸

Pa Pb Pc

λ1 λ2

▼✐rr♦r ❚❤❡♦r②✿ ❚♦② ❊①❛♠♣❧❡ ✶

• ❙②st❡♠ ♦❢ ❡q✉❛t✐♦♥s✿

Pa ⊕ Pb = λ1 Pb ⊕ Pc = λ2 ■❢ λ1 = 0 ♦r λ2 = 0 ♦r λ1 = λ2

• ❈♦♥tr❛❞✐❝t✐♦♥✿ Pa = Pb ♦r Pb = Pc ♦r Pa = Pc
• ❙❝❤❡♠❡ ✐s ❞❡❣❡♥❡r❛t❡

■❢ λ1, λ2 = 0 ❛♥❞ λ1 = λ2

• 2n ❝❤♦✐❝❡s ❢♦r Pa
• ❋✐①❡s Pb = λ1 ⊕ Pa ✭✇❤✐❝❤ ✐s = Pa ❛s ❞❡s✐r❡❞✮
• ❋✐①❡s Pc = λ2 ⊕ Pb ✭✇❤✐❝❤ ✐s = Pa, Pb ❛s ❞❡s✐r❡❞✮

✾ ✴ ✷✸

Pa Pb Pc

λ1 λ2

▼✐rr♦r ❚❤❡♦r②✿ ❚♦② ❊①❛♠♣❧❡ ✷

• ❙②st❡♠ ♦❢ ❡q✉❛t✐♦♥s✿

Pa ⊕ Pb = λ1 Pc ⊕ Pd = λ2 ■❢ ♦r ❈♦♥tr❛❞✐❝t✐♦♥✿ ♦r ❙❝❤❡♠❡ ✐s ❞❡❣❡♥❡r❛t❡ ■❢ ❝❤♦✐❝❡s ❢♦r ✭✇❤✐❝❤ ✜①❡s ✮ ❋♦r ❛♥❞ ✇❡ r❡q✉✐r❡ ❆t ❧❡❛st ❝❤♦✐❝❡s ❢♦r ✭✇❤✐❝❤ ✜①❡s ✮

✶✵ ✴ ✷✸

Pa Pb Pc Pd

λ1 λ2

▼✐rr♦r ❚❤❡♦r②✿ ❚♦② ❊①❛♠♣❧❡ ✷

• ❙②st❡♠ ♦❢ ❡q✉❛t✐♦♥s✿

Pa ⊕ Pb = λ1 Pc ⊕ Pd = λ2 ■❢ λ1 = 0 ♦r λ2 = 0

• ❈♦♥tr❛❞✐❝t✐♦♥✿ Pa = Pb ♦r Pb = Pc
• ❙❝❤❡♠❡ ✐s ❞❡❣❡♥❡r❛t❡

■❢ ❝❤♦✐❝❡s ❢♦r ✭✇❤✐❝❤ ✜①❡s ✮ ❋♦r ❛♥❞ ✇❡ r❡q✉✐r❡ ❆t ❧❡❛st ❝❤♦✐❝❡s ❢♦r ✭✇❤✐❝❤ ✜①❡s ✮

✶✵ ✴ ✷✸

Pa Pb Pc Pd

λ1 λ2

▼✐rr♦r ❚❤❡♦r②✿ ❚♦② ❊①❛♠♣❧❡ ✷

• ❙②st❡♠ ♦❢ ❡q✉❛t✐♦♥s✿

Pa ⊕ Pb = λ1 Pc ⊕ Pd = λ2 ■❢ λ1 = 0 ♦r λ2 = 0

• ❈♦♥tr❛❞✐❝t✐♦♥✿ Pa = Pb ♦r Pb = Pc
• ❙❝❤❡♠❡ ✐s ❞❡❣❡♥❡r❛t❡

■❢ λ1, λ2 = 0

• 2n ❝❤♦✐❝❡s ❢♦r Pa ✭✇❤✐❝❤ ✜①❡s Pb✮

❋♦r ❛♥❞ ✇❡ r❡q✉✐r❡ ❆t ❧❡❛st ❝❤♦✐❝❡s ❢♦r ✭✇❤✐❝❤ ✜①❡s ✮

✶✵ ✴ ✷✸

Pa Pb Pc Pd

λ1 λ2

▼✐rr♦r ❚❤❡♦r②✿ ❚♦② ❊①❛♠♣❧❡ ✷

• ❙②st❡♠ ♦❢ ❡q✉❛t✐♦♥s✿

Pa ⊕ Pb = λ1 Pc ⊕ Pd = λ2 ■❢ λ1 = 0 ♦r λ2 = 0

• ❈♦♥tr❛❞✐❝t✐♦♥✿ Pa = Pb ♦r Pb = Pc
• ❙❝❤❡♠❡ ✐s ❞❡❣❡♥❡r❛t❡

■❢ λ1, λ2 = 0

• 2n ❝❤♦✐❝❡s ❢♦r Pa ✭✇❤✐❝❤ ✜①❡s Pb✮
• ❋♦r Pc ❛♥❞ Pd ✇❡ r❡q✉✐r❡
• Pc = Pa, Pb
• Pd = λ2 ⊕ Pc = Pa, Pb

❆t ❧❡❛st ❝❤♦✐❝❡s ❢♦r ✭✇❤✐❝❤ ✜①❡s ✮

✶✵ ✴ ✷✸

Pa Pb Pc Pd

λ1 λ2

▼✐rr♦r ❚❤❡♦r②✿ ❚♦② ❊①❛♠♣❧❡ ✷

• ❙②st❡♠ ♦❢ ❡q✉❛t✐♦♥s✿

Pa ⊕ Pb = λ1 Pc ⊕ Pd = λ2 ■❢ λ1 = 0 ♦r λ2 = 0

• ❈♦♥tr❛❞✐❝t✐♦♥✿ Pa = Pb ♦r Pb = Pc
• ❙❝❤❡♠❡ ✐s ❞❡❣❡♥❡r❛t❡

■❢ λ1, λ2 = 0

• 2n ❝❤♦✐❝❡s ❢♦r Pa ✭✇❤✐❝❤ ✜①❡s Pb✮
• ❋♦r Pc ❛♥❞ Pd ✇❡ r❡q✉✐r❡
• Pc = Pa, Pb
• Pd = λ2 ⊕ Pc = Pa, Pb
• ❆t ❧❡❛st 2n − 4 ❝❤♦✐❝❡s ❢♦r Pc ✭✇❤✐❝❤ ✜①❡s Pd✮

✶✵ ✴ ✷✸

Pa Pb Pc Pd

λ1 λ2

▼✐rr♦r ❚❤❡♦r②✿ ❚♦② ❊①❛♠♣❧❡ ✸

• ❙②st❡♠ ♦❢ ❡q✉❛t✐♦♥s✿

Pa ⊕ Pb = λ1 Pb ⊕ Pc = λ2 Pc ⊕ Pa = λ3

• ❆ss✉♠❡ λi = 0 ❛♥❞ λi = λj

■❢ ❈♦♥tr❛❞✐❝t✐♦♥✿ ❡q✉❛t✐♦♥s s✉♠ t♦ ❙❝❤❡♠❡ ❝♦♥t❛✐♥s ❛ ❝✐r❝❧❡ ■❢ ❖♥❡ r❡❞✉♥❞❛♥t ❡q✉❛t✐♦♥✱ ♥♦ ❝♦♥tr❛❞✐❝t✐♦♥

✶✶ ✴ ✷✸

Pa Pb Pc

λ1 λ2 λ3

▼✐rr♦r ❚❤❡♦r②✿ ❚♦② ❊①❛♠♣❧❡ ✸

• ❙②st❡♠ ♦❢ ❡q✉❛t✐♦♥s✿

Pa ⊕ Pb = λ1 Pb ⊕ Pc = λ2 Pc ⊕ Pa = λ3

• ❆ss✉♠❡ λi = 0 ❛♥❞ λi = λj

■❢ λ1 ⊕ λ2 ⊕ λ3 = 0

• ❈♦♥tr❛❞✐❝t✐♦♥✿ ❡q✉❛t✐♦♥s s✉♠ t♦ 0 = λ1 ⊕ λ2 ⊕ λ3
• ❙❝❤❡♠❡ ❝♦♥t❛✐♥s ❛ ❝✐r❝❧❡

■❢ ❖♥❡ r❡❞✉♥❞❛♥t ❡q✉❛t✐♦♥✱ ♥♦ ❝♦♥tr❛❞✐❝t✐♦♥

✶✶ ✴ ✷✸

Pa Pb Pc

λ1 λ2 λ3

▼✐rr♦r ❚❤❡♦r②✿ ❚♦② ❊①❛♠♣❧❡ ✸

• ❙②st❡♠ ♦❢ ❡q✉❛t✐♦♥s✿

Pa ⊕ Pb = λ1 Pb ⊕ Pc = λ2 Pc ⊕ Pa = λ3

• ❆ss✉♠❡ λi = 0 ❛♥❞ λi = λj

■❢ λ1 ⊕ λ2 ⊕ λ3 = 0

• ❈♦♥tr❛❞✐❝t✐♦♥✿ ❡q✉❛t✐♦♥s s✉♠ t♦ 0 = λ1 ⊕ λ2 ⊕ λ3
• ❙❝❤❡♠❡ ❝♦♥t❛✐♥s ❛ ❝✐r❝❧❡

■❢ λ1 ⊕ λ2 ⊕ λ3 = 0

• ❖♥❡ r❡❞✉♥❞❛♥t ❡q✉❛t✐♦♥✱ ♥♦ ❝♦♥tr❛❞✐❝t✐♦♥

✶✶ ✴ ✷✸

Pa Pb Pc

λ1 λ2 λ3

▼✐rr♦r ❚❤❡♦r②✿ ❚✇♦ Pr♦❜❧❡♠❛t✐❝ ❈❛s❡s

❈✐r❝❧❡ ❉❡❣❡♥❡r❛❝②

Pa1 = Pb5 Pb1 = Pa2 Pb2 = Pa3 Pb3 = Pa4 Pb4 = Pa5

λ1 λ2 λ3 λ4 λ5

Pa1 =Pa2 Pb1 Pa3 =Pa4 Pb4 = Pa5 Pb2 =Pb3

λ1 λ2 λ3 λ4

Pa8 Pb7 = Pb8

λ1 ⊕ λ2 ⊕ · · · ⊕ λ7

Pb5 = Pa6 Pb6 = Pb7

λ6 λ5 λ7 ✶✷ ✴ ✷✸

▼✐rr♦r ❚❤❡♦r②✿ ▼❛✐♥ ❘❡s✉❧t

❙②st❡♠ ♦❢ ❊q✉❛t✐♦♥s

• r ❞✐st✐♥❝t ✉♥❦♥♦✇♥s P = {P1, . . . , Pr}
• ❙②st❡♠ ♦❢ ❡q✉❛t✐♦♥s Pai ⊕ Pbi = λi
• ❙✉r❥❡❝t✐♦♥ ϕ : {a1, b1, . . . , aq, bq} → {1, . . . , r}

▼❛✐♥ ❘❡s✉❧t ■❢ t❤❡ s②st❡♠ ♦❢ ❡q✉❛t✐♦♥s ✐s ❝✐r❝❧❡✲❢r❡❡ ❛♥❞ ♥♦♥✲❞❡❣❡♥❡r❛t❡✱ t❤❡ ♥✉♠❜❡r ♦❢ s♦❧✉t✐♦♥s t♦ P s✉❝❤ t❤❛t Pa = Pb ❢♦r ❛❧❧ ❞✐st✐♥❝t a, b ∈ {1, . . . , r} ✐s ❛t ❧❡❛st (2n)r 2nq ♣r♦✈✐❞❡❞ t❤❡ ♠❛①✐♠✉♠ tr❡❡ s✐③❡ ξ s❛t✐s✜❡s (ξ−1)2·r ≤ 2n/67

✶✸ ✴ ✷✸

▼✐rr♦r ❚❤❡♦r② ❆♣♣❧✐❡❞ t♦ ❳♦P

x

1· 0·

p p y

• ❡♥❡r❛❧ ❙❡tt✐♥❣
• ❆❞✈❡rs❛r② ❣❡ts tr❛♥s❝r✐♣t τ = {(x1, y1), . . . , (xq, yq)}

❊❛❝❤ t✉♣❧❡ ❝♦rr❡s♣♦♥❞s t♦ ❛♥❞ ❊❛❝❤ t✉♣❧❡ ❝♦rr❡s♣♦♥❞s t♦ ❙②st❡♠ ♦❢ ❡q✉❛t✐♦♥s ■♥♣✉ts t♦ ❛r❡ ❛❧❧ ❞✐st✐♥❝t✿ ✉♥❦♥♦✇♥s

✶✹ ✴ ✷✸

▼✐rr♦r ❚❤❡♦r② ❆♣♣❧✐❡❞ t♦ ❳♦P

x

1· 0·

p p y

• ❡♥❡r❛❧ ❙❡tt✐♥❣
• ❆❞✈❡rs❛r② ❣❡ts tr❛♥s❝r✐♣t τ = {(x1, y1), . . . , (xq, yq)}
• ❊❛❝❤ t✉♣❧❡ ❝♦rr❡s♣♦♥❞s t♦ xi → p(0xi) =: Pai ❛♥❞

❊❛❝❤ t✉♣❧❡ ❝♦rr❡s♣♦♥❞s t♦ xi → p(1xi) =: Pbi ❙②st❡♠ ♦❢ ❡q✉❛t✐♦♥s ■♥♣✉ts t♦ ❛r❡ ❛❧❧ ❞✐st✐♥❝t✿ ✉♥❦♥♦✇♥s

✶✹ ✴ ✷✸

▼✐rr♦r ❚❤❡♦r② ❆♣♣❧✐❡❞ t♦ ❳♦P

x

1· 0·

p p y

• ❡♥❡r❛❧ ❙❡tt✐♥❣
• ❆❞✈❡rs❛r② ❣❡ts tr❛♥s❝r✐♣t τ = {(x1, y1), . . . , (xq, yq)}
• ❊❛❝❤ t✉♣❧❡ ❝♦rr❡s♣♦♥❞s t♦ xi → p(0xi) =: Pai ❛♥❞

❊❛❝❤ t✉♣❧❡ ❝♦rr❡s♣♦♥❞s t♦ xi → p(1xi) =: Pbi

• ❙②st❡♠ ♦❢ q ❡q✉❛t✐♦♥s Pai ⊕ Pbi = yi

■♥♣✉ts t♦ ❛r❡ ❛❧❧ ❞✐st✐♥❝t✿ ✉♥❦♥♦✇♥s

✶✹ ✴ ✷✸

▼✐rr♦r ❚❤❡♦r② ❆♣♣❧✐❡❞ t♦ ❳♦P

x

1· 0·

p p y

• ❡♥❡r❛❧ ❙❡tt✐♥❣
• ❆❞✈❡rs❛r② ❣❡ts tr❛♥s❝r✐♣t τ = {(x1, y1), . . . , (xq, yq)}
• ❊❛❝❤ t✉♣❧❡ ❝♦rr❡s♣♦♥❞s t♦ xi → p(0xi) =: Pai ❛♥❞

❊❛❝❤ t✉♣❧❡ ❝♦rr❡s♣♦♥❞s t♦ xi → p(1xi) =: Pbi

• ❙②st❡♠ ♦❢ q ❡q✉❛t✐♦♥s Pai ⊕ Pbi = yi
• ■♥♣✉ts t♦ p ❛r❡ ❛❧❧ ❞✐st✐♥❝t✿ 2q ✉♥❦♥♦✇♥s

✶✹ ✴ ✷✸

▼✐rr♦r ❚❤❡♦r② ❆♣♣❧✐❡❞ t♦ ❳♦P

Pa1 Pb1 Pa2 Pb2 Paq Pbq · · ·

y1 y2 yq

❆♣♣❧②✐♥❣ ▼✐rr♦r ❚❤❡♦r② ❈✐r❝❧❡✲❢r❡❡✿ ♥♦ ❝♦❧❧✐s✐♦♥s ✐♥ ✐♥♣✉ts t♦ ◆♦♥✲❞❡❣❡♥❡r❛t❡✿ ♣r♦✈✐❞❡❞ t❤❛t ❢♦r ❛❧❧ ▼❛①✐♠✉♠ tr❡❡ s✐③❡ ■❢ ✿ ❛t ❧❡❛st s♦❧✉t✐♦♥s t♦ ✉♥❦♥♦✇♥s

✶✺ ✴ ✷✸

▼✐rr♦r ❚❤❡♦r② ❆♣♣❧✐❡❞ t♦ ❳♦P

Pa1 Pb1 Pa2 Pb2 Paq Pbq · · ·

y1 y2 yq

❆♣♣❧②✐♥❣ ▼✐rr♦r ❚❤❡♦r②

• ❈✐r❝❧❡✲❢r❡❡✿ ♥♦ ❝♦❧❧✐s✐♦♥s ✐♥ ✐♥♣✉ts t♦ p
• ◆♦♥✲❞❡❣❡♥❡r❛t❡✿ ♣r♦✈✐❞❡❞ t❤❛t yi = 0 ❢♦r ❛❧❧ i
• ▼❛①✐♠✉♠ tr❡❡ s✐③❡ 2

■❢ ✿ ❛t ❧❡❛st s♦❧✉t✐♦♥s t♦ ✉♥❦♥♦✇♥s

✶✺ ✴ ✷✸

▼✐rr♦r ❚❤❡♦r② ❆♣♣❧✐❡❞ t♦ ❳♦P

Pa1 Pb1 Pa2 Pb2 Paq Pbq · · ·

y1 y2 yq

❆♣♣❧②✐♥❣ ▼✐rr♦r ❚❤❡♦r②

• ❈✐r❝❧❡✲❢r❡❡✿ ♥♦ ❝♦❧❧✐s✐♦♥s ✐♥ ✐♥♣✉ts t♦ p
• ◆♦♥✲❞❡❣❡♥❡r❛t❡✿ ♣r♦✈✐❞❡❞ t❤❛t yi = 0 ❢♦r ❛❧❧ i
• ▼❛①✐♠✉♠ tr❡❡ s✐③❡ 2
• ■❢ 2q ≤ 2n/67✿ ❛t ❧❡❛st (2n)2q

2nq

s♦❧✉t✐♦♥s t♦ ✉♥❦♥♦✇♥s

✶✺ ✴ ✷✸

▼✐rr♦r ❚❤❡♦r② ❆♣♣❧✐❡❞ t♦ ❳♦P

❍✲❈♦❡✣❝✐❡♥t ❚❡❝❤♥✐q✉❡ ❬P❛t✾✶✱P❛t✵✽✱❈❙✶✹❪ ▲❡t ε ≥ 0 ❜❡ s✉❝❤ t❤❛t ❢♦r ❛❧❧ ❣♦♦❞ tr❛♥s❝r✐♣ts τ✿ Pr [XoP ❣✐✈❡s τ] Pr [f ❣✐✈❡s τ] ≥ 1 − ε ❚❤❡♥✱ Advprf

XoP(q) ≤ ε + Pr [❜❛❞ tr❛♥s❝r✐♣t ❢♦r f]

❇❛❞ tr❛♥s❝r✐♣t✿ ✐❢ ❢♦r s♦♠❡

❜❛❞ tr❛♥s❝r✐♣t ❢♦r

❋♦r ❛♥② ❣♦♦❞ tr❛♥s❝r✐♣t✿

❣✐✈❡s ❣✐✈❡s

✶✻ ✴ ✷✸

▼✐rr♦r ❚❤❡♦r② ❆♣♣❧✐❡❞ t♦ ❳♦P

❍✲❈♦❡✣❝✐❡♥t ❚❡❝❤♥✐q✉❡ ❬P❛t✾✶✱P❛t✵✽✱❈❙✶✹❪ ▲❡t ε ≥ 0 ❜❡ s✉❝❤ t❤❛t ❢♦r ❛❧❧ ❣♦♦❞ tr❛♥s❝r✐♣ts τ✿ Pr [XoP ❣✐✈❡s τ] Pr [f ❣✐✈❡s τ] ≥ 1 − ε ❚❤❡♥✱ Advprf

XoP(q) ≤ ε + Pr [❜❛❞ tr❛♥s❝r✐♣t ❢♦r f]

• ❇❛❞ tr❛♥s❝r✐♣t✿ ✐❢ yi = 0 ❢♦r s♦♠❡ i
• Pr [❜❛❞ tr❛♥s❝r✐♣t ❢♦r f] = q/2n

❋♦r ❛♥② ❣♦♦❞ tr❛♥s❝r✐♣t✿

❣✐✈❡s ❣✐✈❡s

✶✻ ✴ ✷✸

▼✐rr♦r ❚❤❡♦r② ❆♣♣❧✐❡❞ t♦ ❳♦P

❍✲❈♦❡✣❝✐❡♥t ❚❡❝❤♥✐q✉❡ ❬P❛t✾✶✱P❛t✵✽✱❈❙✶✹❪ ▲❡t ε ≥ 0 ❜❡ s✉❝❤ t❤❛t ❢♦r ❛❧❧ ❣♦♦❞ tr❛♥s❝r✐♣ts τ✿ Pr [XoP ❣✐✈❡s τ] Pr [f ❣✐✈❡s τ] ≥ 1 − ε ❚❤❡♥✱ Advprf

XoP(q) ≤ ε + Pr [❜❛❞ tr❛♥s❝r✐♣t ❢♦r f]

• ❇❛❞ tr❛♥s❝r✐♣t✿ ✐❢ yi = 0 ❢♦r s♦♠❡ i
• Pr [❜❛❞ tr❛♥s❝r✐♣t ❢♦r f] = q/2n
• ❋♦r ❛♥② ❣♦♦❞ tr❛♥s❝r✐♣t✿
• Pr [XoP ❣✐✈❡s τ] ≥ (2n)2q

2nq

·

1 (2n)2q

❣✐✈❡s

✶✻ ✴ ✷✸

▼✐rr♦r ❚❤❡♦r② ❆♣♣❧✐❡❞ t♦ ❳♦P

❍✲❈♦❡✣❝✐❡♥t ❚❡❝❤♥✐q✉❡ ❬P❛t✾✶✱P❛t✵✽✱❈❙✶✹❪ ▲❡t ε ≥ 0 ❜❡ s✉❝❤ t❤❛t ❢♦r ❛❧❧ ❣♦♦❞ tr❛♥s❝r✐♣ts τ✿ Pr [XoP ❣✐✈❡s τ] Pr [f ❣✐✈❡s τ] ≥ 1 − ε ❚❤❡♥✱ Advprf

XoP(q) ≤ ε + Pr [❜❛❞ tr❛♥s❝r✐♣t ❢♦r f]

• ❇❛❞ tr❛♥s❝r✐♣t✿ ✐❢ yi = 0 ❢♦r s♦♠❡ i
• Pr [❜❛❞ tr❛♥s❝r✐♣t ❢♦r f] = q/2n
• ❋♦r ❛♥② ❣♦♦❞ tr❛♥s❝r✐♣t✿
• Pr [XoP ❣✐✈❡s τ] ≥ (2n)2q

2nq

·

1 (2n)2q

• Pr [f ❣✐✈❡s τ] =

1 2nq

✶✻ ✴ ✷✸

▼✐rr♦r ❚❤❡♦r② ❆♣♣❧✐❡❞ t♦ ❳♦P

❍✲❈♦❡✣❝✐❡♥t ❚❡❝❤♥✐q✉❡ ❬P❛t✾✶✱P❛t✵✽✱❈❙✶✹❪ ▲❡t ε ≥ 0 ❜❡ s✉❝❤ t❤❛t ❢♦r ❛❧❧ ❣♦♦❞ tr❛♥s❝r✐♣ts τ✿ Pr [XoP ❣✐✈❡s τ] Pr [f ❣✐✈❡s τ] ≥ 1 − ε ❚❤❡♥✱ Advprf

XoP(q) ≤ ε + Pr [❜❛❞ tr❛♥s❝r✐♣t ❢♦r f]

• ❇❛❞ tr❛♥s❝r✐♣t✿ ✐❢ yi = 0 ❢♦r s♦♠❡ i
• Pr [❜❛❞ tr❛♥s❝r✐♣t ❢♦r f] = q/2n
• ❋♦r ❛♥② ❣♦♦❞ tr❛♥s❝r✐♣t✿
• Pr [XoP ❣✐✈❡s τ] ≥ (2n)2q

2nq

·

1 (2n)2q

• Pr [f ❣✐✈❡s τ] =

1 2nq

✶✻ ✴ ✷✸

• ε = 0

▼✐rr♦r ❚❤❡♦r② ❆♣♣❧✐❡❞ t♦ ❳♦P

❍✲❈♦❡✣❝✐❡♥t ❚❡❝❤♥✐q✉❡ ❬P❛t✾✶✱P❛t✵✽✱❈❙✶✹❪ ▲❡t ε ≥ 0 ❜❡ s✉❝❤ t❤❛t ❢♦r ❛❧❧ ❣♦♦❞ tr❛♥s❝r✐♣ts τ✿ Pr [XoP ❣✐✈❡s τ] Pr [f ❣✐✈❡s τ] ≥ 1 − ε ❚❤❡♥✱ Advprf

XoP(q) ≤ ε + Pr [❜❛❞ tr❛♥s❝r✐♣t ❢♦r f]

• ❇❛❞ tr❛♥s❝r✐♣t✿ ✐❢ yi = 0 ❢♦r s♦♠❡ i
• Pr [❜❛❞ tr❛♥s❝r✐♣t ❢♦r f] = q/2n
• ❋♦r ❛♥② ❣♦♦❞ tr❛♥s❝r✐♣t✿
• Pr [XoP ❣✐✈❡s τ] ≥ (2n)2q

2nq

·

1 (2n)2q

• Pr [f ❣✐✈❡s τ] =

1 2nq

Advprf

XoP(q) ≤ q/2n

✶✻ ✴ ✷✸

• ε = 0

❊❉▼

x p1 p2 x y

• ❡♥❡r❛❧ ❙❡tt✐♥❣
• ❆❞✈❡rs❛r② ❣❡ts tr❛♥s❝r✐♣t τ = {(x1, y1), . . . , (xq, yq)}

❳♦r ♦❢ ♣❡r♠✉t❛t✐♦♥s ✐♥ t❤❡ ♠✐❞❞❧❡ ❊❛❝❤ t✉♣❧❡ ❝♦rr❡s♣♦♥❞s t♦ ❛♥❞ ❊❛❝❤ t✉♣❧❡ ❝♦rr❡s♣♦♥❞s t♦ ❙②st❡♠ ♦❢ ❡q✉❛t✐♦♥s ✬s ❛❧❧ ✉♥✐q✉❡✱ ✬s ♠❛② ❝♦❧❧✐❞❡

✶✼ ✴ ✷✸

❊❉▼

x p1 p2 x y

• ❡♥❡r❛❧ ❙❡tt✐♥❣
• ❆❞✈❡rs❛r② ❣❡ts tr❛♥s❝r✐♣t τ = {(x1, y1), . . . , (xq, yq)}

❳♦r ♦❢ ♣❡r♠✉t❛t✐♦♥s ✐♥ t❤❡ ♠✐❞❞❧❡ ❊❛❝❤ t✉♣❧❡ ❝♦rr❡s♣♦♥❞s t♦ ❛♥❞ ❊❛❝❤ t✉♣❧❡ ❝♦rr❡s♣♦♥❞s t♦ ❙②st❡♠ ♦❢ ❡q✉❛t✐♦♥s ✬s ❛❧❧ ✉♥✐q✉❡✱ ✬s ♠❛② ❝♦❧❧✐❞❡

✶✼ ✴ ✷✸

❊❉▼

x p1 p2 x y

• ❡♥❡r❛❧ ❙❡tt✐♥❣
• ❆❞✈❡rs❛r② ❣❡ts tr❛♥s❝r✐♣t τ = {(x1, y1), . . . , (xq, yq)}
• ❳♦r ♦❢ ♣❡r♠✉t❛t✐♦♥s ✐♥ t❤❡ ♠✐❞❞❧❡

❊❛❝❤ t✉♣❧❡ ❝♦rr❡s♣♦♥❞s t♦ ❛♥❞ ❊❛❝❤ t✉♣❧❡ ❝♦rr❡s♣♦♥❞s t♦ ❙②st❡♠ ♦❢ ❡q✉❛t✐♦♥s ✬s ❛❧❧ ✉♥✐q✉❡✱ ✬s ♠❛② ❝♦❧❧✐❞❡

✶✼ ✴ ✷✸

❊❉▼

x p1 p2 x y

• ❡♥❡r❛❧ ❙❡tt✐♥❣
• ❆❞✈❡rs❛r② ❣❡ts tr❛♥s❝r✐♣t τ = {(x1, y1), . . . , (xq, yq)}
• ❳♦r ♦❢ ♣❡r♠✉t❛t✐♦♥s ✐♥ t❤❡ ♠✐❞❞❧❡
• ❊❛❝❤ t✉♣❧❡ ❝♦rr❡s♣♦♥❞s t♦ xi → p1(xi) =: Pai ❛♥❞

❊❛❝❤ t✉♣❧❡ ❝♦rr❡s♣♦♥❞s t♦ yi → p−1

2 (yi) =: Pbi

❙②st❡♠ ♦❢ ❡q✉❛t✐♦♥s ✬s ❛❧❧ ✉♥✐q✉❡✱ ✬s ♠❛② ❝♦❧❧✐❞❡

✶✼ ✴ ✷✸

❊❉▼

x p1 p2 x y

• ❡♥❡r❛❧ ❙❡tt✐♥❣
• ❆❞✈❡rs❛r② ❣❡ts tr❛♥s❝r✐♣t τ = {(x1, y1), . . . , (xq, yq)}
• ❳♦r ♦❢ ♣❡r♠✉t❛t✐♦♥s ✐♥ t❤❡ ♠✐❞❞❧❡
• ❊❛❝❤ t✉♣❧❡ ❝♦rr❡s♣♦♥❞s t♦ xi → p1(xi) =: Pai ❛♥❞

❊❛❝❤ t✉♣❧❡ ❝♦rr❡s♣♦♥❞s t♦ yi → p−1

2 (yi) =: Pbi

• ❙②st❡♠ ♦❢ q ❡q✉❛t✐♦♥s Pai ⊕ Pbi = xi

✬s ❛❧❧ ✉♥✐q✉❡✱ ✬s ♠❛② ❝♦❧❧✐❞❡

✶✼ ✴ ✷✸

❊❉▼

x p1 p2 x y

• ❡♥❡r❛❧ ❙❡tt✐♥❣
• ❆❞✈❡rs❛r② ❣❡ts tr❛♥s❝r✐♣t τ = {(x1, y1), . . . , (xq, yq)}
• ❳♦r ♦❢ ♣❡r♠✉t❛t✐♦♥s ✐♥ t❤❡ ♠✐❞❞❧❡
• ❊❛❝❤ t✉♣❧❡ ❝♦rr❡s♣♦♥❞s t♦ xi → p1(xi) =: Pai ❛♥❞

❊❛❝❤ t✉♣❧❡ ❝♦rr❡s♣♦♥❞s t♦ yi → p−1

2 (yi) =: Pbi

• ❙②st❡♠ ♦❢ q ❡q✉❛t✐♦♥s Pai ⊕ Pbi = xi
• xi✬s ❛❧❧ ✉♥✐q✉❡✱ yi✬s ♠❛② ❝♦❧❧✐❞❡

✶✼ ✴ ✷✸

❊❉▼

Pa1 Pa2 Paξ1 Pb1

x1 x2 xξ1

Paξ1+

1

Paξ1+

2

Paξ1+

ξ2

Pb2

xξ1+

1

xξ1+

2

xξ1+

ξ2

· · · Paq✕ξs+

1

Paq✕ξs+

2

Paq Pbs

xq✕ξs+

1

xq✕ξs+

2

xq

❆♣♣❧②✐♥❣ ❘❡❧❛①❡❞ ▼✐rr♦r ❚❤❡♦r② ❈✐r❝❧❡✲❢r❡❡✿ ♥♦ ❝♦❧❧✐s✐♦♥s ✐♥ ✐♥♣✉ts t♦ ◆♦♥✲❞❡❣❡♥❡r❛t❡✿ ❛s ❢♦r ❛❧❧ ▼❛① tr❡❡ s✐③❡ ✿ ♣r♦✈✐❞❡❞ ♥♦ ✲❢♦❧❞ ❝♦❧❧✐s✐♦♥ ■❢ ✿ ❛t ❧❡❛st s♦❧✉t✐♦♥s t♦ ✉♥❦♥♦✇♥s ❍✲❝♦❡✣❝✐❡♥t t❡❝❤♥✐q✉❡✿

✶✽ ✴ ✷✸

❝♦✈❡rs ✐♥❞❡♣❡♥❞❡♥t ♣❡r♠✉t❛t✐♦♥s

❊❉▼

Pa1 Pa2 Paξ1 Pb1

x1 x2 xξ1

Paξ1+

1

Paξ1+

2

Paξ1+

ξ2

Pb2

xξ1+

1

xξ1+

2

xξ1+

ξ2

· · · Paq✕ξs+

1

Paq✕ξs+

2

Paq Pbs

xq✕ξs+

1

xq✕ξs+

2

xq

❆♣♣❧②✐♥❣ ❘❡❧❛①❡❞ ▼✐rr♦r ❚❤❡♦r② ❈✐r❝❧❡✲❢r❡❡✿ ♥♦ ❝♦❧❧✐s✐♦♥s ✐♥ ✐♥♣✉ts t♦ ◆♦♥✲❞❡❣❡♥❡r❛t❡✿ ❛s ❢♦r ❛❧❧ ▼❛① tr❡❡ s✐③❡ ✿ ♣r♦✈✐❞❡❞ ♥♦ ✲❢♦❧❞ ❝♦❧❧✐s✐♦♥ ■❢ ✿ ❛t ❧❡❛st s♦❧✉t✐♦♥s t♦ ✉♥❦♥♦✇♥s ❍✲❝♦❡✣❝✐❡♥t t❡❝❤♥✐q✉❡✿

✶✽ ✴ ✷✸

❝♦✈❡rs ✐♥❞❡♣❡♥❞❡♥t ♣❡r♠✉t❛t✐♦♥s

❊❉▼

Pa1 Pa2 Paξ1 Pb1

x1 x2 xξ1

Paξ1+

1

Paξ1+

2

Paξ1+

ξ2

Pb2

xξ1+

1

xξ1+

2

xξ1+

ξ2

· · · Paq✕ξs+

1

Paq✕ξs+

2

Paq Pbs

xq✕ξs+

1

xq✕ξs+

2

xq

❆♣♣❧②✐♥❣ ❘❡❧❛①❡❞ ▼✐rr♦r ❚❤❡♦r②

• ❈✐r❝❧❡✲❢r❡❡✿ ♥♦ ❝♦❧❧✐s✐♦♥s ✐♥ ✐♥♣✉ts t♦ p1
• ◆♦♥✲❞❡❣❡♥❡r❛t❡✿ ❛s xi = xj ❢♦r ❛❧❧ i = j
• ▼❛① tr❡❡ s✐③❡ ξ + 1✿ ♣r♦✈✐❞❡❞ ♥♦ (ξ + 1)✲❢♦❧❞ ❝♦❧❧✐s✐♦♥

■❢ ✿ ❛t ❧❡❛st s♦❧✉t✐♦♥s t♦ ✉♥❦♥♦✇♥s ❍✲❝♦❡✣❝✐❡♥t t❡❝❤♥✐q✉❡✿

✶✽ ✴ ✷✸

❝♦✈❡rs ✐♥❞❡♣❡♥❞❡♥t ♣❡r♠✉t❛t✐♦♥s

❊❉▼

Pa1 Pa2 Paξ1 Pb1

x1 x2 xξ1

Paξ1+

1

Paξ1+

2

Paξ1+

ξ2

Pb2

xξ1+

1

xξ1+

2

xξ1+

ξ2

· · · Paq✕ξs+

1

Paq✕ξs+

2

Paq Pbs

xq✕ξs+

1

xq✕ξs+

2

xq

❆♣♣❧②✐♥❣ ❘❡❧❛①❡❞ ▼✐rr♦r ❚❤❡♦r②

• ❈✐r❝❧❡✲❢r❡❡✿ ♥♦ ❝♦❧❧✐s✐♦♥s ✐♥ ✐♥♣✉ts t♦ p1
• ◆♦♥✲❞❡❣❡♥❡r❛t❡✿ ❛s xi = xj ❢♦r ❛❧❧ i = j
• ▼❛① tr❡❡ s✐③❡ ξ + 1✿ ♣r♦✈✐❞❡❞ ♥♦ (ξ + 1)✲❢♦❧❞ ❝♦❧❧✐s✐♦♥
• ■❢ ξ2q ≤ 2n/67✿ ❛t ❧❡❛st (2n)s·(2n−1)q

2nq

s♦❧✉t✐♦♥s t♦ ✉♥❦♥♦✇♥s ❍✲❝♦❡✣❝✐❡♥t t❡❝❤♥✐q✉❡✿

✶✽ ✴ ✷✸

❝♦✈❡rs ✐♥❞❡♣❡♥❞❡♥t ♣❡r♠✉t❛t✐♦♥s

❊❉▼

Pa1 Pa2 Paξ1 Pb1

x1 x2 xξ1

Paξ1+

1

Paξ1+

2

Paξ1+

ξ2

Pb2

xξ1+

1

xξ1+

2

xξ1+

ξ2

· · · Paq✕ξs+

1

Paq✕ξs+

2

Paq Pbs

xq✕ξs+

1

xq✕ξs+

2

xq

❆♣♣❧②✐♥❣ ❘❡❧❛①❡❞ ▼✐rr♦r ❚❤❡♦r②

• ❈✐r❝❧❡✲❢r❡❡✿ ♥♦ ❝♦❧❧✐s✐♦♥s ✐♥ ✐♥♣✉ts t♦ p1
• ◆♦♥✲❞❡❣❡♥❡r❛t❡✿ ❛s xi = xj ❢♦r ❛❧❧ i = j
• ▼❛① tr❡❡ s✐③❡ ξ + 1✿ ♣r♦✈✐❞❡❞ ♥♦ (ξ + 1)✲❢♦❧❞ ❝♦❧❧✐s✐♦♥
• ■❢ ξ2q ≤ 2n/67✿ ❛t ❧❡❛st (2n)s·(2n−1)q

2nq

s♦❧✉t✐♦♥s t♦ ✉♥❦♥♦✇♥s

• ❍✲❝♦❡✣❝✐❡♥t t❡❝❤♥✐q✉❡✿ Advprf

EDM(q) ≤ q/2n +

q

ξ+1

• /2nξ

✶✽ ✴ ✷✸

❝♦✈❡rs ✐♥❞❡♣❡♥❞❡♥t ♣❡r♠✉t❛t✐♦♥s

❊❲❈❉▼

ν p1 p2 ν t

h(m)

• ❡♥❡r❛❧ ❙❡tt✐♥❣
• ❆❞✈❡rs❛r② ❣❡ts tr❛♥s❝r✐♣t τ = {(ν1, m1, t1), . . . , (νq, mq, tq)}

❊❛❝❤ t✉♣❧❡ ❝♦rr❡s♣♦♥❞s t♦ ❛♥❞ ❊❛❝❤ t✉♣❧❡ ❝♦rr❡s♣♦♥❞s t♦ ❙②st❡♠ ♦❢ ❡q✉❛t✐♦♥s ❊①tr❛ ✐ss✉❡✿ ♠❛② ❝♦❧❧✐❞❡

✶✾ ✴ ✷✸

❊❲❈❉▼

ν p1 p2 ν t

h(m)

• ❡♥❡r❛❧ ❙❡tt✐♥❣
• ❆❞✈❡rs❛r② ❣❡ts tr❛♥s❝r✐♣t τ = {(ν1, m1, t1), . . . , (νq, mq, tq)}

❊❛❝❤ t✉♣❧❡ ❝♦rr❡s♣♦♥❞s t♦ ❛♥❞ ❊❛❝❤ t✉♣❧❡ ❝♦rr❡s♣♦♥❞s t♦ ❙②st❡♠ ♦❢ ❡q✉❛t✐♦♥s ❊①tr❛ ✐ss✉❡✿ ♠❛② ❝♦❧❧✐❞❡

✶✾ ✴ ✷✸

❊❲❈❉▼

ν p1 p2 ν t

h(m)

• ❡♥❡r❛❧ ❙❡tt✐♥❣
• ❆❞✈❡rs❛r② ❣❡ts tr❛♥s❝r✐♣t τ = {(ν1, m1, t1), . . . , (νq, mq, tq)}
• ❊❛❝❤ t✉♣❧❡ ❝♦rr❡s♣♦♥❞s t♦ νi → p1(νi) =: Pai ❛♥❞

❊❛❝❤ t✉♣❧❡ ❝♦rr❡s♣♦♥❞s t♦ ti → p−1

2 (ti) =: Pbi

• ❙②st❡♠ ♦❢ q ❡q✉❛t✐♦♥s Pai ⊕ Pbi = νi ⊕ h(mi)

❊①tr❛ ✐ss✉❡✿ ♠❛② ❝♦❧❧✐❞❡

✶✾ ✴ ✷✸

❊❲❈❉▼

ν p1 p2 ν t

h(m)

• ❡♥❡r❛❧ ❙❡tt✐♥❣
• ❆❞✈❡rs❛r② ❣❡ts tr❛♥s❝r✐♣t τ = {(ν1, m1, t1), . . . , (νq, mq, tq)}
• ❊❛❝❤ t✉♣❧❡ ❝♦rr❡s♣♦♥❞s t♦ νi → p1(νi) =: Pai ❛♥❞

❊❛❝❤ t✉♣❧❡ ❝♦rr❡s♣♦♥❞s t♦ ti → p−1

2 (ti) =: Pbi

• ❙②st❡♠ ♦❢ q ❡q✉❛t✐♦♥s Pai ⊕ Pbi = νi ⊕ h(mi)
• ❊①tr❛ ✐ss✉❡✿ νi ⊕ h(mi) ♠❛② ❝♦❧❧✐❞❡

✶✾ ✴ ✷✸

❊❲❈❉▼

Pa1 Pa2 Paξ1 Pb1

ν1 ⊕ h(m1) ν2 ⊕ h ( m2 ) νξ1 ⊕ h(mξ1)

Paξ1+

1

Paξ1+

2

Paξ1+

ξ2

Pb2

νξ1+

1 ⊕ h(mξ1+ 1)

νξ1+

2 ⊕ h(mξ1+ 2)

ν

ξ

1

+ ξ

2

⊕ h ( m

ξ

1

+ ξ

2

)

· · · Paq✕ξs+

1

Paq✕ξs+

2

Paq Pbs

ν

q✕ξ

s

+ 1

⊕ h ( m

q✕ξ

s

+ 1

) νq✕ξs+

2 ⊕ h(m q ✕ ξs + 2)

ν

q

⊕ h ( m

q

)

❆♣♣❧②✐♥❣ ❘❡❧❛①❡❞ ▼✐rr♦r ❚❤❡♦r② ❈✐r❝❧❡✲❢r❡❡✿ ♥♦ ❝♦❧❧✐s✐♦♥s ✐♥ ✐♥♣✉ts t♦ ◆♦♥✲❞❡❣❡♥❡r❛t❡✿ ♣r♦✈✐❞❡❞ ✐♥ ❛❧❧ tr❡❡s ▼❛① tr❡❡ s✐③❡ ✿ ♣r♦✈✐❞❡❞ ♥♦ ✲❢♦❧❞ ❝♦❧❧✐s✐♦♥ ■❢ ✿

✷✵ ✴ ✷✸

❊❲❈❉▼

Pa1 Pa2 Paξ1 Pb1

ν1 ⊕ h(m1) ν2 ⊕ h ( m2 ) νξ1 ⊕ h(mξ1)

Paξ1+

1

Paξ1+

2

Paξ1+

ξ2

Pb2

νξ1+

1 ⊕ h(mξ1+ 1)

νξ1+

2 ⊕ h(mξ1+ 2)

ν

ξ

1

+ ξ

2

⊕ h ( m

ξ

1

+ ξ

2

)

· · · Paq✕ξs+

1

Paq✕ξs+

2

Paq Pbs

ν

q✕ξ

s

+ 1

⊕ h ( m

q✕ξ

s

+ 1

) νq✕ξs+

2 ⊕ h(m q ✕ ξs + 2)

ν

q

⊕ h ( m

q

)

❆♣♣❧②✐♥❣ ❘❡❧❛①❡❞ ▼✐rr♦r ❚❤❡♦r②

• ❈✐r❝❧❡✲❢r❡❡✿ ♥♦ ❝♦❧❧✐s✐♦♥s ✐♥ ✐♥♣✉ts t♦ p1
• ◆♦♥✲❞❡❣❡♥❡r❛t❡✿ ♣r♦✈✐❞❡❞ νi ⊕ h(mi) = νj ⊕ h(mj) ✐♥ ❛❧❧ tr❡❡s
• ▼❛① tr❡❡ s✐③❡ ξ + 1✿ ♣r♦✈✐❞❡❞ ♥♦ (ξ + 1)✲❢♦❧❞ ❝♦❧❧✐s✐♦♥

■❢ ✿

✷✵ ✴ ✷✸

❊❲❈❉▼

Pa1 Pa2 Paξ1 Pb1

ν1 ⊕ h(m1) ν2 ⊕ h ( m2 ) νξ1 ⊕ h(mξ1)

Paξ1+

1

Paξ1+

2

Paξ1+

ξ2

Pb2

νξ1+

1 ⊕ h(mξ1+ 1)

νξ1+

2 ⊕ h(mξ1+ 2)

ν

ξ

1

+ ξ

2

⊕ h ( m

ξ

1

+ ξ

2

)

· · · Paq✕ξs+

1

Paq✕ξs+

2

Paq Pbs

ν

q✕ξ

s

+ 1

⊕ h ( m

q✕ξ

s

+ 1

) νq✕ξs+

2 ⊕ h(m q ✕ ξs + 2)

ν

q

⊕ h ( m

q

)

❆♣♣❧②✐♥❣ ❘❡❧❛①❡❞ ▼✐rr♦r ❚❤❡♦r②

• ❈✐r❝❧❡✲❢r❡❡✿ ♥♦ ❝♦❧❧✐s✐♦♥s ✐♥ ✐♥♣✉ts t♦ p1
• ◆♦♥✲❞❡❣❡♥❡r❛t❡✿ ♣r♦✈✐❞❡❞ νi ⊕ h(mi) = νj ⊕ h(mj) ✐♥ ❛❧❧ tr❡❡s
• ▼❛① tr❡❡ s✐③❡ ξ + 1✿ ♣r♦✈✐❞❡❞ ♥♦ (ξ + 1)✲❢♦❧❞ ❝♦❧❧✐s✐♦♥
• ■❢ ξ2q ≤ 2n/67✿ Advprf

EWCDM(q) ≤ q/2n +

q

2

• ǫ/2n +

q

ξ+1

• /2nξ

✷✵ ✴ ✷✸

❊❉▼❉

x p1 p2 y ✐❞❡♥t✐❝❛❧ ❡q✉✐✈❛❧❡♥t ✐s ❛t ❧❡❛st ❛s s❡❝✉r❡ ❛s ■❢ ✿

✷✶ ✴ ✷✸

❊❉▼❉

x p1 p2 y x p1 p2 p1 y ✐❞❡♥t✐❝❛❧ ❡q✉✐✈❛❧❡♥t ✐s ❛t ❧❡❛st ❛s s❡❝✉r❡ ❛s ■❢ ✿

✷✶ ✴ ✷✸

❊❉▼❉

x p1 p2 y x p1 p2 p1 y x p3 p1 y ✐❞❡♥t✐❝❛❧ ❡q✉✐✈❛❧❡♥t ✐s ❛t ❧❡❛st ❛s s❡❝✉r❡ ❛s ■❢ ✿

✷✶ ✴ ✷✸

❊❉▼❉

x p1 p2 y x p1 p2 p1 y x p3 p1 y ✐❞❡♥t✐❝❛❧ ❡q✉✐✈❛❧❡♥t

• EDMD ✐s ❛t ❧❡❛st ❛s s❡❝✉r❡ ❛s XoP
• ■❢ q ≤ 2n/67✿ Advprf

EDMD(D) ≤ q/2n

✷✶ ✴ ✷✸

❙✐♥❣❧❡✲❑❡② ❱❛r✐❛♥ts❄

❊✭❲❈✮❉▼

x p1 p2 y

h(m)

• ✏❳♦P ✐♥ t❤❡ ♠✐❞❞❧❡✑

r❡❧✐❡s ♦♥ ✐♥✈❡rt✐♥❣ p2

• ❚r✐❝❦ ❢❛✐❧s ✐❢ p1 = p2

❊❉▼❉ ✐♥❞❡♣❡♥❞❡♥t✿ ❝❛s❝❛❞✐♥❣ ❤❛s ❧✐♠✐t❡❞ ✐♥✢✉❡♥❝❡ ❙❧✐❞✐♥❣ ✐ss✉❡s ✐❢

❈♦♥❥❡❝t✉r❡✿ ♦♣t✐♠❛❧ s❡❝✉r✐t②

✷✷ ✴ ✷✸

❙✐♥❣❧❡✲❑❡② ❱❛r✐❛♥ts❄

❊✭❲❈✮❉▼

x p1 p2 y

h(m)

• ✏❳♦P ✐♥ t❤❡ ♠✐❞❞❧❡✑

r❡❧✐❡s ♦♥ ✐♥✈❡rt✐♥❣ p2

• ❚r✐❝❦ ❢❛✐❧s ✐❢ p1 = p2

❊❉▼❉

x p1 p2 y

• p1, p2 ✐♥❞❡♣❡♥❞❡♥t✿

❝❛s❝❛❞✐♥❣ ❤❛s ❧✐♠✐t❡❞ ✐♥✢✉❡♥❝❡

• ❙❧✐❞✐♥❣ ✐ss✉❡s ✐❢ p1 = p2

❈♦♥❥❡❝t✉r❡✿ ♦♣t✐♠❛❧ s❡❝✉r✐t②

✷✷ ✴ ✷✸

❙✐♥❣❧❡✲❑❡② ❱❛r✐❛♥ts❄

❊✭❲❈✮❉▼

x p1 p2 y

h(m)

• ✏❳♦P ✐♥ t❤❡ ♠✐❞❞❧❡✑

r❡❧✐❡s ♦♥ ✐♥✈❡rt✐♥❣ p2

• ❚r✐❝❦ ❢❛✐❧s ✐❢ p1 = p2

❊❉▼❉

x p1 p2 y

• p1, p2 ✐♥❞❡♣❡♥❞❡♥t✿

❝❛s❝❛❞✐♥❣ ❤❛s ❧✐♠✐t❡❞ ✐♥✢✉❡♥❝❡

• ❙❧✐❞✐♥❣ ✐ss✉❡s ✐❢ p1 = p2

❈♦♥❥❡❝t✉r❡✿ ♦♣t✐♠❛❧ 2n s❡❝✉r✐t②

✷✷ ✴ ✷✸

❈♦♥❝❧✉s✐♦♥

▼✐rr♦r ❚❤❡♦r②

• P♦✇❡r❢✉❧ ❜✉t ✉♥❞❡r❡st✐♠❛t❡❞ t❡❝❤♥✐q✉❡
• ■♠♣❧✐❡s ✭❛❧♠♦st✮ ♦♣t✐♠❛❧ s❡❝✉r✐t② ♦❢ ❊✭❲❈✮❉▼
• ■♠♣❧✐❡s ♦♣t✐♠❛❧ s❡❝✉r✐t② ♦❢ ❊❉▼❉

❖♣❡♥ ◗✉❡st✐♦♥s ❙✐♥❣❧❡✲❦❡② ✈❛r✐❛♥ts❄ ❉✉❛❧ ♦❢ ❊❲❈❉▼❄ ❋✉rt❤❡r ❛♣♣❧✐❝❛t✐♦♥s

❚❤❛♥❦ ②♦✉ ❢♦r ②♦✉r ❛tt❡♥t✐♦♥✦

✷✸ ✴ ✷✸

❈♦♥❝❧✉s✐♦♥

▼✐rr♦r ❚❤❡♦r②

• P♦✇❡r❢✉❧ ❜✉t ✉♥❞❡r❡st✐♠❛t❡❞ t❡❝❤♥✐q✉❡
• ■♠♣❧✐❡s ✭❛❧♠♦st✮ ♦♣t✐♠❛❧ s❡❝✉r✐t② ♦❢ ❊✭❲❈✮❉▼
• ■♠♣❧✐❡s ♦♣t✐♠❛❧ s❡❝✉r✐t② ♦❢ ❊❉▼❉

❖♣❡♥ ◗✉❡st✐♦♥s

• ❙✐♥❣❧❡✲❦❡② ✈❛r✐❛♥ts❄
• ❉✉❛❧ ♦❢ ❊❲❈❉▼❄
• ❋✉rt❤❡r ❛♣♣❧✐❝❛t✐♦♥s

❚❤❛♥❦ ②♦✉ ❢♦r ②♦✉r ❛tt❡♥t✐♦♥✦

✷✸ ✴ ✷✸

❙✉♣♣♦rt✐♥❣ ❙❧✐❞❡s ❙❯PP❖❘❚■◆● ❙▲■❉❊❙

✷✹ ✴ ✷✸

Ps❡✉❞♦r❛♥❞♦♠ P❡r♠✉t❛t✐♦♥

IC

Ek p

blockcipher random permutation

• ❚✇♦ ♦r❛❝❧❡s✿ Ek ✭❢♦r s❡❝r❡t r❛♥❞♦♠ ❦❡② k✮ ❛♥❞ p

❉✐st✐♥❣✉✐s❤❡r ❤❛s q✉❡r② ❛❝❝❡ss t♦ ❡✐t❤❡r ♦r tr✐❡s t♦ ❞❡t❡r♠✐♥❡ ✇❤✐❝❤ ♦r❛❝❧❡ ✐t ❝♦♠♠✉♥✐❝❛t❡s ✇✐t❤

✷✺ ✴ ✷✸

Ps❡✉❞♦r❛♥❞♦♠ P❡r♠✉t❛t✐♦♥

IC

Ek p

distinguisher D

blockcipher random permutation

• ❚✇♦ ♦r❛❝❧❡s✿ Ek ✭❢♦r s❡❝r❡t r❛♥❞♦♠ ❦❡② k✮ ❛♥❞ p
• ❉✐st✐♥❣✉✐s❤❡r D ❤❛s q✉❡r② ❛❝❝❡ss t♦ ❡✐t❤❡r Ek ♦r p

tr✐❡s t♦ ❞❡t❡r♠✐♥❡ ✇❤✐❝❤ ♦r❛❝❧❡ ✐t ❝♦♠♠✉♥✐❝❛t❡s ✇✐t❤

✷✺ ✴ ✷✸

Ps❡✉❞♦r❛♥❞♦♠ P❡r♠✉t❛t✐♦♥

IC

Ek p

distinguisher D

blockcipher random permutation

• ❚✇♦ ♦r❛❝❧❡s✿ Ek ✭❢♦r s❡❝r❡t r❛♥❞♦♠ ❦❡② k✮ ❛♥❞ p
• ❉✐st✐♥❣✉✐s❤❡r D ❤❛s q✉❡r② ❛❝❝❡ss t♦ ❡✐t❤❡r Ek ♦r p
• D tr✐❡s t♦ ❞❡t❡r♠✐♥❡ ✇❤✐❝❤ ♦r❛❝❧❡ ✐t ❝♦♠♠✉♥✐❝❛t❡s ✇✐t❤

✷✺ ✴ ✷✸

Ps❡✉❞♦r❛♥❞♦♠ P❡r♠✉t❛t✐♦♥

IC

Ek p

distinguisher D

blockcipher random permutation

• ❚✇♦ ♦r❛❝❧❡s✿ Ek ✭❢♦r s❡❝r❡t r❛♥❞♦♠ ❦❡② k✮ ❛♥❞ p
• ❉✐st✐♥❣✉✐s❤❡r D ❤❛s q✉❡r② ❛❝❝❡ss t♦ ❡✐t❤❡r Ek ♦r p
• D tr✐❡s t♦ ❞❡t❡r♠✐♥❡ ✇❤✐❝❤ ♦r❛❝❧❡ ✐t ❝♦♠♠✉♥✐❝❛t❡s ✇✐t❤

Advprp

E (D) =

• Pr
• DEk = 1
• − Pr [Dp = 1]
• ✷✺ ✴ ✷✸

Ps❡✉❞♦r❛♥❞♦♠ ❋✉♥❝t✐♦♥

IC

Fk f

distinguisher D

• ne-way function

random function

• ❚✇♦ ♦r❛❝❧❡s✿ Fk ✭❢♦r s❡❝r❡t r❛♥❞♦♠ ❦❡② k✮ ❛♥❞ f
• ❉✐st✐♥❣✉✐s❤❡r D ❤❛s q✉❡r② ❛❝❝❡ss t♦ ❡✐t❤❡r Fk ♦r f
• D tr✐❡s t♦ ❞❡t❡r♠✐♥❡ ✇❤✐❝❤ ♦r❛❝❧❡ ✐t ❝♦♠♠✉♥✐❝❛t❡s ✇✐t❤

Advprf

F (D) =

• Pr
• DFk = 1
• − Pr
• Df = 1
• ✷✻ ✴ ✷✸

❈♦✉♥t❡r ▼♦❞❡ ❇❛s❡❞ ♦♥ Ps❡✉❞♦r❛♥❞♦♠ P❡r♠✉t❛t✐♦♥

n + 1 n + 2 n + ℓ Ek Ek · · · · · · Ek m1 c1 m2 c2 mℓ cℓ

❙❡❝✉r✐t② ❜♦✉♥❞✿ ❈❚❘ ✐s s❡❝✉r❡ ❛s ❧♦♥❣ ❛s✿

✐s ❛ s❡❝✉r❡ P❘P ◆✉♠❜❡r ♦❢ ❡♥❝r②♣t❡❞ ❜❧♦❝❦s

✷✼ ✴ ✷✸

❈♦✉♥t❡r ▼♦❞❡ ❇❛s❡❞ ♦♥ Ps❡✉❞♦r❛♥❞♦♠ P❡r♠✉t❛t✐♦♥

n + 1 n + 2 n + ℓ Ek Ek · · · · · · Ek m1 c1 m2 c2 mℓ cℓ

• ❙❡❝✉r✐t② ❜♦✉♥❞✿

Advcpa

CTR[E](σ) ≤ Advprp E (σ) +

σ 2

• /2n

❈❚❘ ✐s s❡❝✉r❡ ❛s ❧♦♥❣ ❛s✿

✐s ❛ s❡❝✉r❡ P❘P ◆✉♠❜❡r ♦❢ ❡♥❝r②♣t❡❞ ❜❧♦❝❦s

✷✼ ✴ ✷✸

❈♦✉♥t❡r ▼♦❞❡ ❇❛s❡❞ ♦♥ Ps❡✉❞♦r❛♥❞♦♠ P❡r♠✉t❛t✐♦♥

n + 1 n + 2 n + ℓ Ek Ek · · · · · · Ek m1 c1 m2 c2 mℓ cℓ

• ❙❡❝✉r✐t② ❜♦✉♥❞✿

Advcpa

CTR[E](σ) ≤ Advprp E (σ) +

σ 2

• /2n
• ❈❚❘[E] ✐s s❡❝✉r❡ ❛s ❧♦♥❣ ❛s✿
• Ek ✐s ❛ s❡❝✉r❡ P❘P
• ◆✉♠❜❡r ♦❢ ❡♥❝r②♣t❡❞ ❜❧♦❝❦s σ ≪ 2n/2

✷✼ ✴ ✷✸

❈♦✉♥t❡r ▼♦❞❡ ❇❛s❡❞ ♦♥ Ps❡✉❞♦r❛♥❞♦♠ P❡r♠✉t❛t✐♦♥

n + 1 n + 2 n + ℓ Ek Ek · · · · · · Ek m1 c1 m2 c2 mℓ cℓ

• mi ⊕ ci ✐s ❞✐st✐♥❝t ❢♦r ❛❧❧ σ ❜❧♦❝❦s
• ❯♥❧✐❦❡❧② t♦ ❤❛♣♣❡♥ ❢♦r r❛♥❞♦♠ str✐♥❣

❉✐st✐♥❣✉✐s❤✐♥❣ ❛tt❛❝❦ ✐♥ ❜❧♦❝❦s✿

✷✽ ✴ ✷✸

❈♦✉♥t❡r ▼♦❞❡ ❇❛s❡❞ ♦♥ Ps❡✉❞♦r❛♥❞♦♠ P❡r♠✉t❛t✐♦♥

n + 1 n + 2 n + ℓ Ek Ek · · · · · · Ek m1 c1 m2 c2 mℓ cℓ

• mi ⊕ ci ✐s ❞✐st✐♥❝t ❢♦r ❛❧❧ σ ❜❧♦❝❦s
• ❯♥❧✐❦❡❧② t♦ ❤❛♣♣❡♥ ❢♦r r❛♥❞♦♠ str✐♥❣
• ❉✐st✐♥❣✉✐s❤✐♥❣ ❛tt❛❝❦ ✐♥ σ ≈ 2n/2 ❜❧♦❝❦s✿

σ 2

• /2n Advcpa

CTR[E](σ)

✷✽ ✴ ✷✸

❈♦✉♥t❡r ▼♦❞❡ ❇❛s❡❞ ♦♥ Ps❡✉❞♦r❛♥❞♦♠ ❋✉♥❝t✐♦♥

n + 1 n + 2 n + ℓ Fk Fk · · · · · · Fk m1 c1 m2 c2 mℓ cℓ

❙❡❝✉r✐t② ❜♦✉♥❞✿ ❈❚❘ ✐s s❡❝✉r❡ ❛s ❧♦♥❣ ❛s ✐s ❛ s❡❝✉r❡ P❘❋ ❇✐rt❤❞❛② ❜♦✉♥❞ s❡❝✉r✐t② ❧♦ss ❞✐s❛♣♣❡❛r❡❞

✷✾ ✴ ✷✸

❈♦✉♥t❡r ▼♦❞❡ ❇❛s❡❞ ♦♥ Ps❡✉❞♦r❛♥❞♦♠ ❋✉♥❝t✐♦♥

n + 1 n + 2 n + ℓ Fk Fk · · · · · · Fk m1 c1 m2 c2 mℓ cℓ

• ❙❡❝✉r✐t② ❜♦✉♥❞✿

Advcpa

CTR[F](σ) ≤ Advprf F (σ)

❈❚❘ ✐s s❡❝✉r❡ ❛s ❧♦♥❣ ❛s ✐s ❛ s❡❝✉r❡ P❘❋ ❇✐rt❤❞❛② ❜♦✉♥❞ s❡❝✉r✐t② ❧♦ss ❞✐s❛♣♣❡❛r❡❞

✷✾ ✴ ✷✸

❈♦✉♥t❡r ▼♦❞❡ ❇❛s❡❞ ♦♥ Ps❡✉❞♦r❛♥❞♦♠ ❋✉♥❝t✐♦♥

n + 1 n + 2 n + ℓ Fk Fk · · · · · · Fk m1 c1 m2 c2 mℓ cℓ

• ❙❡❝✉r✐t② ❜♦✉♥❞✿

Advcpa

CTR[F](σ) ≤ Advprf F (σ)

• ❈❚❘[F] ✐s s❡❝✉r❡ ❛s ❧♦♥❣ ❛s Fk ✐s ❛ s❡❝✉r❡ P❘❋
• ❇✐rt❤❞❛② ❜♦✉♥❞ s❡❝✉r✐t② ❧♦ss ❞✐s❛♣♣❡❛r❡❞

✷✾ ✴ ✷✸

❈♦✉♥t❡r ▼♦❞❡ ❇❛s❡❞ ♦♥ ❳♦P

· · · · · · Ek Ek Ek Ek Ek Ek

0n+1 1n+1 0n+2 1n+2 0n+ℓ 1n+ℓ

m1 c1 m2 c2 mℓ cℓ

• ❙❡❝✉r✐t② ❜♦✉♥❞✿

Advcpa

CTR[XoP](σ) ≤ Advprf XoP(σ)

❇❡②♦♥❞ ❜✐rt❤❞❛②✲❜♦✉♥❞ ❜✉t ✷① ❛s ❡①♣❡♥s✐✈❡ ❛s ❈❚❘

✸✵ ✴ ✷✸

❈♦✉♥t❡r ▼♦❞❡ ❇❛s❡❞ ♦♥ ❳♦P

· · · · · · Ek Ek Ek Ek Ek Ek

0n+1 1n+1 0n+2 1n+2 0n+ℓ 1n+ℓ

m1 c1 m2 c2 mℓ cℓ

• ❙❡❝✉r✐t② ❜♦✉♥❞✿

Advcpa

CTR[XoP](σ) ≤ Advprf XoP(σ)

≤ Advprp

E (2σ) + σ/2n

❇❡②♦♥❞ ❜✐rt❤❞❛②✲❜♦✉♥❞ ❜✉t ✷① ❛s ❡①♣❡♥s✐✈❡ ❛s ❈❚❘

✸✵ ✴ ✷✸

❈♦✉♥t❡r ▼♦❞❡ ❇❛s❡❞ ♦♥ ❳♦P

· · · · · · Ek Ek Ek Ek Ek Ek

0n+1 1n+1 0n+2 1n+2 0n+ℓ 1n+ℓ

m1 c1 m2 c2 mℓ cℓ

• ❙❡❝✉r✐t② ❜♦✉♥❞✿

Advcpa

CTR[XoP](σ) ≤ Advprf XoP(σ)

≤ Advprp

E (2σ) + σ/2n

• ❇❡②♦♥❞ ❜✐rt❤❞❛②✲❜♦✉♥❞ ❜✉t ✷① ❛s ❡①♣❡♥s✐✈❡ ❛s ❈❚❘[E]

✸✵ ✴ ✷✸

❈❊◆❈ ❜② ■✇❛t❛ ❬■✇❛✵✻❪

· · · · · · · · · Ek Ek Ek Ek Ek Ek Ek Ek

0n+1 1n+1 0n+1 1n+2 0n+1 1n+w 0n+2 1n+w+1

m1 c1 m2 c2 mw cw mw+1 cw+1

• ❖♥❡ s✉❜❦❡② ✉s❡❞ ❢♦r w ≥ 1 ❡♥❝r②♣t✐♦♥s

❆❧♠♦st ❛s ❡①♣❡♥s✐✈❡ ❛s ❈❚❘ ✷✵✵✻✿ s❡❝✉r✐t②✱ ❝♦♥❥❡❝t✉r❡❞ ❬■✇❛✵✻❪ ✷✵✶✻✿ s❡❝✉r✐t② ❬■▼❱✶✻❪

✸✶ ✴ ✷✸

❈❊◆❈ ❜② ■✇❛t❛ ❬■✇❛✵✻❪

· · · · · · · · · Ek Ek Ek Ek Ek Ek Ek Ek

0n+1 1n+1 0n+1 1n+2 0n+1 1n+w 0n+2 1n+w+1

m1 c1 m2 c2 mw cw mw+1 cw+1

• ❖♥❡ s✉❜❦❡② ✉s❡❞ ❢♦r w ≥ 1 ❡♥❝r②♣t✐♦♥s
• ❆❧♠♦st ❛s ❡①♣❡♥s✐✈❡ ❛s ❈❚❘[E]

✷✵✵✻✿ s❡❝✉r✐t②✱ ❝♦♥❥❡❝t✉r❡❞ ❬■✇❛✵✻❪ ✷✵✶✻✿ s❡❝✉r✐t② ❬■▼❱✶✻❪

✸✶ ✴ ✷✸

❈❊◆❈ ❜② ■✇❛t❛ ❬■✇❛✵✻❪

· · · · · · · · · Ek Ek Ek Ek Ek Ek Ek Ek

0n+1 1n+1 0n+1 1n+2 0n+1 1n+w 0n+2 1n+w+1

m1 c1 m2 c2 mw cw mw+1 cw+1

• ❖♥❡ s✉❜❦❡② ✉s❡❞ ❢♦r w ≥ 1 ❡♥❝r②♣t✐♦♥s
• ❆❧♠♦st ❛s ❡①♣❡♥s✐✈❡ ❛s ❈❚❘[E]
• ✷✵✵✻✿ 22n/3 s❡❝✉r✐t②✱ 2n/w ❝♦♥❥❡❝t✉r❡❞ ❬■✇❛✵✻❪

✷✵✶✻✿ s❡❝✉r✐t② ❬■▼❱✶✻❪

✸✶ ✴ ✷✸

❈❊◆❈ ❜② ■✇❛t❛ ❬■✇❛✵✻❪

· · · · · · · · · Ek Ek Ek Ek Ek Ek Ek Ek

0n+1 1n+1 0n+1 1n+2 0n+1 1n+w 0n+2 1n+w+1

m1 c1 m2 c2 mw cw mw+1 cw+1

• ❖♥❡ s✉❜❦❡② ✉s❡❞ ❢♦r w ≥ 1 ❡♥❝r②♣t✐♦♥s
• ❆❧♠♦st ❛s ❡①♣❡♥s✐✈❡ ❛s ❈❚❘[E]
• ✷✵✵✻✿ 22n/3 s❡❝✉r✐t②✱ 2n/w ❝♦♥❥❡❝t✉r❡❞ ❬■✇❛✵✻❪
• ✷✵✶✻✿ 2n/w s❡❝✉r✐t② ❬■▼❱✶✻❪

✸✶ ✴ ✷✸

▼✐rr♦r ❚❤❡♦r② ❆♣♣❧✐❡❞ t♦ ❈❊◆❈

Pa1 Pb1 Pb2 Pb3 Pbw

y1 y2 y3 y

w

Pa2 Pbw+1 Pbw+2 Pbw+3 Pb2w

yw+1 yw+2 yw+3 y

2 w

· · · Paq/w Pbq✕w+1 Pbq✕w+2 Pbq✕w+3 Pbq

yq✕w+1 yq✕w+2 yq✕w+3 y

q

❆♣♣❧②✐♥❣ ▼✐rr♦r ❚❤❡♦r② ❈✐r❝❧❡✲❢r❡❡✿ ♥♦ ❝♦❧❧✐s✐♦♥s ✐♥ ✐♥♣✉ts t♦ ◆♦♥✲❞❡❣❡♥❡r❛t❡✿ ♣r♦✈✐❞❡❞ t❤❛t ❢♦r ❛❧❧ ◆♦♥✲❞❡❣❡♥❡r❛t❡✿ ❛♥❞ ✇✐t❤✐♥ ❛❧❧ ✲❜❧♦❝❦s ▼❛①✐♠✉♠ tr❡❡ s✐③❡ ■❢ ✿ ❛t ❧❡❛st s♦❧✉t✐♦♥s t♦ ✉♥❦♥♦✇♥s ❍✲❝♦❡✣❝✐❡♥t t❡❝❤♥✐q✉❡✿

✸✷ ✴ ✷✸

▼✐rr♦r ❚❤❡♦r② ❆♣♣❧✐❡❞ t♦ ❈❊◆❈

Pa1 Pb1 Pb2 Pb3 Pbw

y1 y2 y3 y

w

Pa2 Pbw+1 Pbw+2 Pbw+3 Pb2w

yw+1 yw+2 yw+3 y

2 w

· · · Paq/w Pbq✕w+1 Pbq✕w+2 Pbq✕w+3 Pbq

yq✕w+1 yq✕w+2 yq✕w+3 y

q

❆♣♣❧②✐♥❣ ▼✐rr♦r ❚❤❡♦r②

• ❈✐r❝❧❡✲❢r❡❡✿ ♥♦ ❝♦❧❧✐s✐♦♥s ✐♥ ✐♥♣✉ts t♦ p
• ◆♦♥✲❞❡❣❡♥❡r❛t❡✿ ♣r♦✈✐❞❡❞ t❤❛t yi = 0 ❢♦r ❛❧❧ i

◆♦♥✲❞❡❣❡♥❡r❛t❡✿ ❛♥❞ yi = yj ✇✐t❤✐♥ ❛❧❧ w✲❜❧♦❝❦s

• ▼❛①✐♠✉♠ tr❡❡ s✐③❡ w + 1

■❢ ✿ ❛t ❧❡❛st s♦❧✉t✐♦♥s t♦ ✉♥❦♥♦✇♥s ❍✲❝♦❡✣❝✐❡♥t t❡❝❤♥✐q✉❡✿

✸✷ ✴ ✷✸

▼✐rr♦r ❚❤❡♦r② ❆♣♣❧✐❡❞ t♦ ❈❊◆❈

Pa1 Pb1 Pb2 Pb3 Pbw

y1 y2 y3 y

w

Pa2 Pbw+1 Pbw+2 Pbw+3 Pb2w

yw+1 yw+2 yw+3 y

2 w

· · · Paq/w Pbq✕w+1 Pbq✕w+2 Pbq✕w+3 Pbq

yq✕w+1 yq✕w+2 yq✕w+3 y

q

❆♣♣❧②✐♥❣ ▼✐rr♦r ❚❤❡♦r②

• ❈✐r❝❧❡✲❢r❡❡✿ ♥♦ ❝♦❧❧✐s✐♦♥s ✐♥ ✐♥♣✉ts t♦ p
• ◆♦♥✲❞❡❣❡♥❡r❛t❡✿ ♣r♦✈✐❞❡❞ t❤❛t yi = 0 ❢♦r ❛❧❧ i

◆♦♥✲❞❡❣❡♥❡r❛t❡✿ ❛♥❞ yi = yj ✇✐t❤✐♥ ❛❧❧ w✲❜❧♦❝❦s

• ▼❛①✐♠✉♠ tr❡❡ s✐③❡ w + 1
• ■❢ 2w2q ≤ 2n/67✿ ❛t ❧❡❛st (2n)r

2nq

s♦❧✉t✐♦♥s t♦ ✉♥❦♥♦✇♥s ❍✲❝♦❡✣❝✐❡♥t t❡❝❤♥✐q✉❡✿

✸✷ ✴ ✷✸

▼✐rr♦r ❚❤❡♦r② ❆♣♣❧✐❡❞ t♦ ❈❊◆❈

Pa1 Pb1 Pb2 Pb3 Pbw

y1 y2 y3 y

w

Pa2 Pbw+1 Pbw+2 Pbw+3 Pb2w

yw+1 yw+2 yw+3 y

2 w

· · · Paq/w Pbq✕w+1 Pbq✕w+2 Pbq✕w+3 Pbq

yq✕w+1 yq✕w+2 yq✕w+3 y

q

❆♣♣❧②✐♥❣ ▼✐rr♦r ❚❤❡♦r②

• ❈✐r❝❧❡✲❢r❡❡✿ ♥♦ ❝♦❧❧✐s✐♦♥s ✐♥ ✐♥♣✉ts t♦ p
• ◆♦♥✲❞❡❣❡♥❡r❛t❡✿ ♣r♦✈✐❞❡❞ t❤❛t yi = 0 ❢♦r ❛❧❧ i

◆♦♥✲❞❡❣❡♥❡r❛t❡✿ ❛♥❞ yi = yj ✇✐t❤✐♥ ❛❧❧ w✲❜❧♦❝❦s

• ▼❛①✐♠✉♠ tr❡❡ s✐③❡ w + 1
• ■❢ 2w2q ≤ 2n/67✿ ❛t ❧❡❛st (2n)r

2nq

s♦❧✉t✐♦♥s t♦ ✉♥❦♥♦✇♥s

• ❍✲❝♦❡✣❝✐❡♥t t❡❝❤♥✐q✉❡✿ Advcpa

CENC(q) ≤ q/2n + wq/2n+1

✸✷ ✴ ✷✸

◆❛✐✈❡ P❘P✲P❘❋ ❈♦♥✈❡rs✐♦♥

IC

Fk = Ek f

distinguisher D

blockcipher random function

P❘P✲P❘❋ ❙✇✐t❝❤

• ❙✐♠♣❧② ✈✐❡✇ Ek ❛s ❛ P❘❋

❞♦❡s ♥♦t ❡①♣♦s❡ ❝♦❧❧✐s✐♦♥s ❜✉t ❞♦❡s ❝❛♥ ❜❡ ❞✐st✐♥❣✉✐s❤❡❞ ❢r♦♠ ✐♥ q✉❡r✐❡s

✸✸ ✴ ✷✸

◆❛✐✈❡ P❘P✲P❘❋ ❈♦♥✈❡rs✐♦♥

IC

Fk = Ek f

distinguisher D

blockcipher random function

P❘P✲P❘❋ ❙✇✐t❝❤

• ❙✐♠♣❧② ✈✐❡✇ Ek ❛s ❛ P❘❋
• Ek ❞♦❡s ♥♦t ❡①♣♦s❡ ❝♦❧❧✐s✐♦♥s ❜✉t f ❞♦❡s
• Ek ❝❛♥ ❜❡ ❞✐st✐♥❣✉✐s❤❡❞ ❢r♦♠ f ✐♥ ≈ 2n/2 q✉❡r✐❡s

q 2

• /2n Advprf

E (q) ≤ Advprp E (q) +

q 2

• /2n

✸✸ ✴ ✷✸

❇❡②♦♥❞ ❇✐rt❤❞❛② ❇♦✉♥❞ P❘P✲P❘❋ ❈♦♥✈❡rs✐♦♥✿ ❚r✉♥❝❛t✐♦♥

❚r✉♥❝❛t✐♦♥

x p2 p1

tr✉♥❝ tr✉♥❝

y

• ❋✐rst s✉❣❣❡st❡❞ ❜② ❍❛❧❧ ❡t ❛❧✳ ❬❍❲❑❙✾✽❪
• ❙❡❝✉r❡ ✉♣ t♦ 23n/4 q✉❡r✐❡s ❬❙t❛✼✽✱❇■✾✾✱●●✶✻❪
• ❆♣♣❧✐❝❛t✐♦♥✿ ●❈▼✲❙■❱

✸✹ ✴ ✷✸