rs - - PowerPoint PPT Presentation

❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs ❛♥❞ ❇❡②♦♥❞ ❇✐rt❤❞❛② ❇♦✉♥❞ ❙❡❝✉r✐t②

❇❛rt ▼❡♥♥✐♥❦ ❘❛❞❜♦✉❞ ❯♥✐✈❡rs✐t② ✭❚❤❡ ◆❡t❤❡r❧❛♥❞s✮ ✽t❤ ❆s✐❛♥ ❲♦r❦s❤♦♣ ♦♥ ❙②♠♠❡tr✐❝ ❑❡② ❈r②♣t♦❣r❛♣❤② ◆♦✈❡♠❜❡r ✶✺✱ ✷✵✶✽

✶ ✴ ✹✽

❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs

m c

E

k

❚✇❡❛❦✿ ✢❡①✐❜✐❧✐t② t♦ t❤❡ ❝✐♣❤❡r ❊❛❝❤ t✇❡❛❦ ❣✐✈❡s ❞✐✛❡r❡♥t ♣❡r♠✉t❛t✐♦♥

✷ ✴ ✹✽

❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs

m t c k

• E
• ❚✇❡❛❦✿ ✢❡①✐❜✐❧✐t② t♦ t❤❡ ❝✐♣❤❡r
• ❊❛❝❤ t✇❡❛❦ ❣✐✈❡s ❞✐✛❡r❡♥t ♣❡r♠✉t❛t✐♦♥

✷ ✴ ✹✽

❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs ✐♥ ❖❈❇①

A1 A2 Aa M1 M2 Md ⊕Mi C1 C2 Cd T ˜ E

N,tA1 k

˜ E

N,tA2 k

˜ E

N,tAa k

˜ E

N,tM⊕ k

˜ E

N,tM1 k

˜ E

N,tM2 k

˜ E

N,tMd k

• ●❡♥❡r❛❧✐③❡❞ ❖❈❇ ❜② ❘♦❣❛✇❛② ❡t ❛❧✳ ❬❘❇❇❑✵✶✱❘♦❣✵✹✱❑❘✶✶❪

■♥t❡r♥❛❧❧② ❜❛s❡❞ ♦♥ t✇❡❛❦❛❜❧❡ ❜❧♦❝❦❝✐♣❤❡r

❚✇❡❛❦ ✐s ✉♥✐q✉❡ ❢♦r ❡✈❡r② ❡✈❛❧✉❛t✐♦♥ ❉✐✛❡r❡♥t ❜❧♦❝❦s ❛❧✇❛②s tr❛♥s❢♦r♠❡❞ ✉♥❞❡r ❞✐✛❡r❡♥t t✇❡❛❦

❈❤❛♥❣❡ ♦❢ t✇❡❛❦ s❤♦✉❧❞ ❜❡ ❡✣❝✐❡♥t

✸ ✴ ✹✽

❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs ✐♥ ❖❈❇①

A1 A2 Aa M1 M2 Md ⊕Mi C1 C2 Cd T ˜ E

N,tA1 k

˜ E

N,tA2 k

˜ E

N,tAa k

˜ E

N,tM⊕ k

˜ E

N,tM1 k

˜ E

N,tM2 k

˜ E

N,tMd k

• ●❡♥❡r❛❧✐③❡❞ ❖❈❇ ❜② ❘♦❣❛✇❛② ❡t ❛❧✳ ❬❘❇❇❑✵✶✱❘♦❣✵✹✱❑❘✶✶❪
• ■♥t❡r♥❛❧❧② ❜❛s❡❞ ♦♥ t✇❡❛❦❛❜❧❡ ❜❧♦❝❦❝✐♣❤❡r

E

• ❚✇❡❛❦ (N, index) ✐s ✉♥✐q✉❡ ❢♦r ❡✈❡r② ❡✈❛❧✉❛t✐♦♥
• ❉✐✛❡r❡♥t ❜❧♦❝❦s ❛❧✇❛②s tr❛♥s❢♦r♠❡❞ ✉♥❞❡r ❞✐✛❡r❡♥t t✇❡❛❦

❈❤❛♥❣❡ ♦❢ t✇❡❛❦ s❤♦✉❧❞ ❜❡ ❡✣❝✐❡♥t

✸ ✴ ✹✽

❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs ✐♥ ❖❈❇①

A1 A2 Aa M1 M2 Md ⊕Mi C1 C2 Cd T ˜ E

N,tA1 k

˜ E

N,tA2 k

˜ E

N,tAa k

˜ E

N,tM⊕ k

˜ E

N,tM1 k

˜ E

N,tM2 k

˜ E

N,tMd k

• ●❡♥❡r❛❧✐③❡❞ ❖❈❇ ❜② ❘♦❣❛✇❛② ❡t ❛❧✳ ❬❘❇❇❑✵✶✱❘♦❣✵✹✱❑❘✶✶❪
• ■♥t❡r♥❛❧❧② ❜❛s❡❞ ♦♥ t✇❡❛❦❛❜❧❡ ❜❧♦❝❦❝✐♣❤❡r

E

• ❚✇❡❛❦ (N, index) ✐s ✉♥✐q✉❡ ❢♦r ❡✈❡r② ❡✈❛❧✉❛t✐♦♥
• ❉✐✛❡r❡♥t ❜❧♦❝❦s ❛❧✇❛②s tr❛♥s❢♦r♠❡❞ ✉♥❞❡r ❞✐✛❡r❡♥t t✇❡❛❦
• ❈❤❛♥❣❡ ♦❢ t✇❡❛❦ s❤♦✉❧❞ ❜❡ ❡✣❝✐❡♥t

✸ ✴ ✹✽

❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡r ❉❡s✐❣♥s ✐♥ ❈❆❊❙❆❘

• E

t

E

• E

P

• E

❉❡❞✐❝❛t❡❞ ❇❧♦❝❦❝✐♣❤❡r✲❇❛s❡❞ P❡r♠✉t❛t✐♦♥✲❇❛s❡❞ ❑■❆❙❯✱ ❈❇❆✱ ❈❖❇❘❆✱ ✐❋❡❡❞✱ ▼❛r❜❧❡ Prøst✱ ❏♦❧t✐❦✱ ❙❈❘❊❆▼✱ ❖▼❉✱ P❖❊❚✱ ❙❍❊▲▲✱ ▼✐♥❛❧♣❤❡r ❆❊❩✱ ❖❚❘✱ ❉❡♦①②s ❈❖P❆✴❊▲♠❉✱ ❖❈❇

✹ ✴ ✹✽

✜rst r♦✉♥❞✱ s❡❝♦♥❞ r♦✉♥❞✱ t❤✐r❞ r♦✉♥❞✱ ✜♥❛❧ r♦✉♥❞

❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡r ❉❡s✐❣♥s ✐♥ ❈❆❊❙❆❘

• E

t

E

• E

P

• E

❉❡❞✐❝❛t❡❞ ❇❧♦❝❦❝✐♣❤❡r✲❇❛s❡❞ P❡r♠✉t❛t✐♦♥✲❇❛s❡❞ ❑■❆❙❯✱ ❈❇❆✱ ❈❖❇❘❆✱ ✐❋❡❡❞✱ ▼❛r❜❧❡ Prøst✱ ❏♦❧t✐❦✱ ❙❈❘❊❆▼✱ ❖▼❉✱ P❖❊❚✱ ❙❍❊▲▲✱ ▼✐♥❛❧♣❤❡r ❆❊❩✱ ❖❚❘✱ ❉❡♦①②s ❈❖P❆✴❊▲♠❉✱ ❖❈❇

✹ ✴ ✹✽

✜rst r♦✉♥❞✱ s❡❝♦♥❞ r♦✉♥❞✱ t❤✐r❞ r♦✉♥❞✱ ✜♥❛❧ r♦✉♥❞

❉❡❞✐❝❛t❡❞ ❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs

• ❍❛st② P✉❞❞✐♥❣ ❈✐♣❤❡r ❬❙❝❤✾✽❪
• ❆❊❙ s✉❜♠✐ss✐♦♥✱ ✏✜rst t✇❡❛❦❛❜❧❡ ❝✐♣❤❡r✑
• ▼❡r❝② ❬❈r♦✵✶❪
• ❉✐s❦ ❡♥❝r②♣t✐♦♥
• ❚❤r❡❡✜s❤ ❬❋▲❙✰✵✼❪
• ❙❍❆✲✸ s✉❜♠✐ss✐♦♥ ❙❦❡✐♥
• ❚❲❊❆❑❊❨ ❢r❛♠❡✇♦r❦ ❬❏◆P✶✹❪
• ❋♦✉r ❈❆❊❙❆❘ s✉❜♠✐ss✐♦♥s
• ❙❑■◆◆❨ ✫ ▼❆◆❚■❙

✺ ✴ ✹✽

❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡r ❙❡❝✉r✐t②

IC

• Ek
• p

distinguisher D

tweakable blockcipher random tweakable permutation

Ek s❤♦✉❧❞ ❧♦♦❦ ❧✐❦❡ r❛♥❞♦♠ ♣❡r♠✉t❛t✐♦♥ ❢♦r ❡✈❡r② t

• ❉✐✛❡r❡♥t t✇❡❛❦s −

→ ♣s❡✉❞♦✲✐♥❞❡♣❡♥❞❡♥t ♣❡r♠✉t❛t✐♦♥s tr✐❡s t♦ ❞❡t❡r♠✐♥❡ ✇❤✐❝❤ ♦r❛❝❧❡ ✐t ❝♦♠♠✉♥✐❝❛t❡s ✇✐t❤

✻ ✴ ✹✽

❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡r ❙❡❝✉r✐t②

IC

• Ek
• p

distinguisher D

tweakable blockcipher random tweakable permutation

Ek s❤♦✉❧❞ ❧♦♦❦ ❧✐❦❡ r❛♥❞♦♠ ♣❡r♠✉t❛t✐♦♥ ❢♦r ❡✈❡r② t

• ❉✐✛❡r❡♥t t✇❡❛❦s −

→ ♣s❡✉❞♦✲✐♥❞❡♣❡♥❞❡♥t ♣❡r♠✉t❛t✐♦♥s

• D tr✐❡s t♦ ❞❡t❡r♠✐♥❡ ✇❤✐❝❤ ♦r❛❝❧❡ ✐t ❝♦♠♠✉♥✐❝❛t❡s ✇✐t❤

Advstprp

• E

(D) =

• Pr
• D
• Ek,

E−1

k

= 1

• − Pr
• D

π, π−1 = 1

• ✻ ✴ ✹✽

❖✉t❧✐♥❡ ❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs ❇❛s❡❞ ♦♥ ▼❛s❦✐♥❣

• ■♥t✉✐t✐♦♥
• ❙t❛t❡ ♦❢ t❤❡ ❆rt
• ■♠♣r♦✈❡❞ ❊✣❝✐❡♥❝②

❇❡②♦♥❞ ❇✐rt❤❞❛② ❇♦✉♥❞ ❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs

• ❙t❛t❡ ♦❢ t❤❡ ❆rt
• ❚✐❣❤t ❙❡❝✉r✐t② ♦❢ ❈❛s❝❛❞❡❞ LRW2❄
• ■♠♣r♦✈❡❞ ❆tt❛❝❦
• ■♠♣r♦✈❡❞ ❙❡❝✉r✐t② ❇♦✉♥❞

❈♦♥❝❧✉s✐♦♥

✼ ✴ ✹✽

❖✉t❧✐♥❡ ❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs ❇❛s❡❞ ♦♥ ▼❛s❦✐♥❣

• ■♥t✉✐t✐♦♥
• ❙t❛t❡ ♦❢ t❤❡ ❆rt
• ■♠♣r♦✈❡❞ ❊✣❝✐❡♥❝②

❇❡②♦♥❞ ❇✐rt❤❞❛② ❇♦✉♥❞ ❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs

• ❙t❛t❡ ♦❢ t❤❡ ❆rt
• ❚✐❣❤t ❙❡❝✉r✐t② ♦❢ ❈❛s❝❛❞❡❞ LRW2❄
• ■♠♣r♦✈❡❞ ❆tt❛❝❦
• ■♠♣r♦✈❡❞ ❙❡❝✉r✐t② ❇♦✉♥❞

❈♦♥❝❧✉s✐♦♥

✽ ✴ ✹✽

■♥t✉✐t✐♦♥✿ ❉❡s✐❣♥

m c

E

k t ?

• ❈♦♥s✐❞❡r ❛ ❜❧♦❝❦❝✐♣❤❡r E ✇✐t❤ κ✲❜✐t ❦❡② ❛♥❞ n✲❜✐t st❛t❡

❍♦✇ t♦ ♠✐♥❣❧❡ t❤❡ t✇❡❛❦ ✐♥t♦ t❤❡ ❡✈❛❧✉❛t✐♦♥❄ ❜❧❡♥❞ ✐t ✇✐t❤ t❤❡ ❦❡② ❜❧❡♥❞ ✐t ✇✐t❤ t❤❡ st❛t❡

✾ ✴ ✹✽

■♥t✉✐t✐♦♥✿ ❉❡s✐❣♥

m c

E

k t ?

• ❈♦♥s✐❞❡r ❛ ❜❧♦❝❦❝✐♣❤❡r E ✇✐t❤ κ✲❜✐t ❦❡② ❛♥❞ n✲❜✐t st❛t❡

❍♦✇ t♦ ♠✐♥❣❧❡ t❤❡ t✇❡❛❦ ✐♥t♦ t❤❡ ❡✈❛❧✉❛t✐♦♥❄

← − − − ← − − −

❜❧❡♥❞ ✐t ✇✐t❤ t❤❡ ❦❡② ❜❧❡♥❞ ✐t ✇✐t❤ t❤❡ st❛t❡

✾ ✴ ✹✽

■♥t✉✐t✐♦♥✿ ❉❡s✐❣♥

m c

E

k t

• ❇❧❡♥❞✐♥❣ t✇❡❛❦ ❛♥❞ ❦❡② ✇♦r❦s✳ ✳ ✳
• ✳ ✳ ✳ ❜✉t✿ ❝❛r❡❢✉❧ ✇✐t❤ r❡❧❛t❡❞✲❦❡② ❛tt❛❝❦s✦

❋♦r ✲♠✐①✐♥❣✱ ❦❡② ❝❛♥ ❜❡ r❡❝♦✈❡r❡❞ ✐♥ ❡✈❛❧✉❛t✐♦♥s ❙❝❤❡♠❡ ✐s ✐♥s❡❝✉r❡ ✐❢ ✐s ❊✈❡♥✲▼❛♥s♦✉r ❚❲❊❆❑❊❨ ❜❧❡♥❞✐♥❣ ❬❏◆P✶✹❪ ✐s ♠♦r❡ ❛❞✈❛♥❝❡❞

✶✵ ✴ ✹✽

■♥t✉✐t✐♦♥✿ ❉❡s✐❣♥

m c

E

k t

• ❇❧❡♥❞✐♥❣ t✇❡❛❦ ❛♥❞ ❦❡② ✇♦r❦s✳ ✳ ✳
• ✳ ✳ ✳ ❜✉t✿ ❝❛r❡❢✉❧ ✇✐t❤ r❡❧❛t❡❞✲❦❡② ❛tt❛❝❦s✦
• ❋♦r ⊕✲♠✐①✐♥❣✱ ❦❡② ❝❛♥ ❜❡ r❡❝♦✈❡r❡❞ ✐♥ 2κ/2 ❡✈❛❧✉❛t✐♦♥s
• ❙❝❤❡♠❡ ✐s ✐♥s❡❝✉r❡ ✐❢ E ✐s ❊✈❡♥✲▼❛♥s♦✉r

❚❲❊❆❑❊❨ ❜❧❡♥❞✐♥❣ ❬❏◆P✶✹❪ ✐s ♠♦r❡ ❛❞✈❛♥❝❡❞

✶✵ ✴ ✹✽

■♥t✉✐t✐♦♥✿ ❉❡s✐❣♥

m c

E

k t

• ❇❧❡♥❞✐♥❣ t✇❡❛❦ ❛♥❞ ❦❡② ✇♦r❦s✳ ✳ ✳
• ✳ ✳ ✳ ❜✉t✿ ❝❛r❡❢✉❧ ✇✐t❤ r❡❧❛t❡❞✲❦❡② ❛tt❛❝❦s✦
• ❋♦r ⊕✲♠✐①✐♥❣✱ ❦❡② ❝❛♥ ❜❡ r❡❝♦✈❡r❡❞ ✐♥ 2κ/2 ❡✈❛❧✉❛t✐♦♥s
• ❙❝❤❡♠❡ ✐s ✐♥s❡❝✉r❡ ✐❢ E ✐s ❊✈❡♥✲▼❛♥s♦✉r
• ❚❲❊❆❑❊❨ ❜❧❡♥❞✐♥❣ ❬❏◆P✶✹❪ ✐s ♠♦r❡ ❛❞✈❛♥❝❡❞

✶✵ ✴ ✹✽

■♥t✉✐t✐♦♥✿ ❉❡s✐❣♥

m c

E

k t

• ❙✐♠♣❧❡ ❜❧❡♥❞✐♥❣ ♦❢ t✇❡❛❦ ❛♥❞ st❛t❡ ❞♦❡s ♥♦t ✇♦r❦

❙♦♠❡ s❡❝r❡❝② r❡q✉✐r❡❞✿ ❙t✐❧❧ ❞♦❡s ♥♦t ✇♦r❦ ✐❢ ❛❞✈❡rs❛r② ❤❛s ❛❝❝❡ss t♦

❚✇♦✲s✐❞❡❞ ♠❛s❦✐♥❣ ♥❡❝❡ss❛r②

✶✶ ✴ ✹✽

■♥t✉✐t✐♦♥✿ ❉❡s✐❣♥

m c

E

k t

• ❙✐♠♣❧❡ ❜❧❡♥❞✐♥❣ ♦❢ t✇❡❛❦ ❛♥❞ st❛t❡ ❞♦❡s ♥♦t ✇♦r❦

Ek(t, m) = Ek(t ⊕ C, m ⊕ C)

❙♦♠❡ s❡❝r❡❝② r❡q✉✐r❡❞✿ ❙t✐❧❧ ❞♦❡s ♥♦t ✇♦r❦ ✐❢ ❛❞✈❡rs❛r② ❤❛s ❛❝❝❡ss t♦

❚✇♦✲s✐❞❡❞ ♠❛s❦✐♥❣ ♥❡❝❡ss❛r②

✶✶ ✴ ✹✽

■♥t✉✐t✐♦♥✿ ❉❡s✐❣♥

m c

E

k h ⊗ t

• ❙✐♠♣❧❡ ❜❧❡♥❞✐♥❣ ♦❢ t✇❡❛❦ ❛♥❞ st❛t❡ ❞♦❡s ♥♦t ✇♦r❦

Ek(t, m) = Ek(t ⊕ C, m ⊕ C)

• ❙♦♠❡ s❡❝r❡❝② r❡q✉✐r❡❞✿ h

❙t✐❧❧ ❞♦❡s ♥♦t ✇♦r❦ ✐❢ ❛❞✈❡rs❛r② ❤❛s ❛❝❝❡ss t♦

❚✇♦✲s✐❞❡❞ ♠❛s❦✐♥❣ ♥❡❝❡ss❛r②

✶✶ ✴ ✹✽

■♥t✉✐t✐♦♥✿ ❉❡s✐❣♥

m c

E

k h ⊗ t

• ❙✐♠♣❧❡ ❜❧❡♥❞✐♥❣ ♦❢ t✇❡❛❦ ❛♥❞ st❛t❡ ❞♦❡s ♥♦t ✇♦r❦

Ek(t, m) = Ek(t ⊕ C, m ⊕ C)

• ❙♦♠❡ s❡❝r❡❝② r❡q✉✐r❡❞✿ h
• ❙t✐❧❧ ❞♦❡s ♥♦t ✇♦r❦ ✐❢ ❛❞✈❡rs❛r② ❤❛s ❛❝❝❡ss t♦

E−1

k

❚✇♦✲s✐❞❡❞ ♠❛s❦✐♥❣ ♥❡❝❡ss❛r②

✶✶ ✴ ✹✽

■♥t✉✐t✐♦♥✿ ❉❡s✐❣♥

m c

E

k h ⊗ t

• ❙✐♠♣❧❡ ❜❧❡♥❞✐♥❣ ♦❢ t✇❡❛❦ ❛♥❞ st❛t❡ ❞♦❡s ♥♦t ✇♦r❦

Ek(t, m) = Ek(t ⊕ C, m ⊕ C)

• ❙♦♠❡ s❡❝r❡❝② r❡q✉✐r❡❞✿ h
• ❙t✐❧❧ ❞♦❡s ♥♦t ✇♦r❦ ✐❢ ❛❞✈❡rs❛r② ❤❛s ❛❝❝❡ss t♦

E−1

k

E−1

k (t, c) ⊕

E−1

k (t ⊕ C, c) = h ⊗ C

❚✇♦✲s✐❞❡❞ ♠❛s❦✐♥❣ ♥❡❝❡ss❛r②

✶✶ ✴ ✹✽

■♥t✉✐t✐♦♥✿ ❉❡s✐❣♥

m c

E

k h ⊗ t h ⊗ t

• ❙✐♠♣❧❡ ❜❧❡♥❞✐♥❣ ♦❢ t✇❡❛❦ ❛♥❞ st❛t❡ ❞♦❡s ♥♦t ✇♦r❦

Ek(t, m) = Ek(t ⊕ C, m ⊕ C)

• ❙♦♠❡ s❡❝r❡❝② r❡q✉✐r❡❞✿ h
• ❙t✐❧❧ ❞♦❡s ♥♦t ✇♦r❦ ✐❢ ❛❞✈❡rs❛r② ❤❛s ❛❝❝❡ss t♦

E−1

k

E−1

k (t, c) ⊕

E−1

k (t ⊕ C, c) = h ⊗ C

• ❚✇♦✲s✐❞❡❞ ♠❛s❦✐♥❣ ♥❡❝❡ss❛r②

✶✶ ✴ ✹✽

■♥t✉✐t✐♦♥✿ ❉❡s✐❣♥

m c

E

k h ⊗ t h ⊗ t

• ❚✇♦✲s✐❞❡❞ s❡❝r❡t ♠❛s❦✐♥❣ s❡❡♠s t♦ ✇♦r❦
• ❈❛♥ ✇❡ ❣❡♥❡r❛❧✐③❡❄
• ❡♥❡r❛❧✐③✐♥❣ ♠❛s❦✐♥❣❄ ❉❡♣❡♥❞s ♦♥ ❢✉♥❝t✐♦♥

❱❛r✐❛t✐♦♥ ✐♥ ♠❛s❦✐♥❣❄ ❉❡♣❡♥❞s ♦♥ ❢✉♥❝t✐♦♥s ❘❡❧❡❛s✐♥❣ s❡❝r❡❝② ✐♥ ❄ ❯s✉❛❧❧② ♥♦ ♣r♦❜❧❡♠

✶✷ ✴ ✹✽

▼❛❥♦r✐t② ♦❢ t✇❡❛❦❛❜❧❡ ❜❧♦❝❦❝✐♣❤❡rs ❢♦❧❧♦✇ ♠❛s❦✲ ✲♠❛s❦ ♣r✐♥❝✐♣❧❡

■♥t✉✐t✐♦♥✿ ❉❡s✐❣♥

m c

E

k f(t) f(t)

• ❚✇♦✲s✐❞❡❞ s❡❝r❡t ♠❛s❦✐♥❣ s❡❡♠s t♦ ✇♦r❦
• ❈❛♥ ✇❡ ❣❡♥❡r❛❧✐③❡❄
• ●❡♥❡r❛❧✐③✐♥❣ ♠❛s❦✐♥❣❄ ❉❡♣❡♥❞s ♦♥ ❢✉♥❝t✐♦♥ f

❱❛r✐❛t✐♦♥ ✐♥ ♠❛s❦✐♥❣❄ ❉❡♣❡♥❞s ♦♥ ❢✉♥❝t✐♦♥s ❘❡❧❡❛s✐♥❣ s❡❝r❡❝② ✐♥ ❄ ❯s✉❛❧❧② ♥♦ ♣r♦❜❧❡♠

✶✷ ✴ ✹✽

▼❛❥♦r✐t② ♦❢ t✇❡❛❦❛❜❧❡ ❜❧♦❝❦❝✐♣❤❡rs ❢♦❧❧♦✇ ♠❛s❦✲ ✲♠❛s❦ ♣r✐♥❝✐♣❧❡

■♥t✉✐t✐♦♥✿ ❉❡s✐❣♥

m c

E

k f1(t) f2(t)

• ❚✇♦✲s✐❞❡❞ s❡❝r❡t ♠❛s❦✐♥❣ s❡❡♠s t♦ ✇♦r❦
• ❈❛♥ ✇❡ ❣❡♥❡r❛❧✐③❡❄
• ●❡♥❡r❛❧✐③✐♥❣ ♠❛s❦✐♥❣❄ ❉❡♣❡♥❞s ♦♥ ❢✉♥❝t✐♦♥ f
• ❱❛r✐❛t✐♦♥ ✐♥ ♠❛s❦✐♥❣❄ ❉❡♣❡♥❞s ♦♥ ❢✉♥❝t✐♦♥s f1, f2

❘❡❧❡❛s✐♥❣ s❡❝r❡❝② ✐♥ ❄ ❯s✉❛❧❧② ♥♦ ♣r♦❜❧❡♠

✶✷ ✴ ✹✽

▼❛❥♦r✐t② ♦❢ t✇❡❛❦❛❜❧❡ ❜❧♦❝❦❝✐♣❤❡rs ❢♦❧❧♦✇ ♠❛s❦✲ ✲♠❛s❦ ♣r✐♥❝✐♣❧❡

■♥t✉✐t✐♦♥✿ ❉❡s✐❣♥

m c

P

f1(t) f2(t)

• ❚✇♦✲s✐❞❡❞ s❡❝r❡t ♠❛s❦✐♥❣ s❡❡♠s t♦ ✇♦r❦
• ❈❛♥ ✇❡ ❣❡♥❡r❛❧✐③❡❄
• ●❡♥❡r❛❧✐③✐♥❣ ♠❛s❦✐♥❣❄ ❉❡♣❡♥❞s ♦♥ ❢✉♥❝t✐♦♥ f
• ❱❛r✐❛t✐♦♥ ✐♥ ♠❛s❦✐♥❣❄ ❉❡♣❡♥❞s ♦♥ ❢✉♥❝t✐♦♥s f1, f2
• ❘❡❧❡❛s✐♥❣ s❡❝r❡❝② ✐♥ E❄ ❯s✉❛❧❧② ♥♦ ♣r♦❜❧❡♠

✶✷ ✴ ✹✽

▼❛❥♦r✐t② ♦❢ t✇❡❛❦❛❜❧❡ ❜❧♦❝❦❝✐♣❤❡rs ❢♦❧❧♦✇ ♠❛s❦✲ ✲♠❛s❦ ♣r✐♥❝✐♣❧❡

■♥t✉✐t✐♦♥✿ ❉❡s✐❣♥

m c

P

f1(t) f2(t)

• ❚✇♦✲s✐❞❡❞ s❡❝r❡t ♠❛s❦✐♥❣ s❡❡♠s t♦ ✇♦r❦
• ❈❛♥ ✇❡ ❣❡♥❡r❛❧✐③❡❄
• ●❡♥❡r❛❧✐③✐♥❣ ♠❛s❦✐♥❣❄ ❉❡♣❡♥❞s ♦♥ ❢✉♥❝t✐♦♥ f
• ❱❛r✐❛t✐♦♥ ✐♥ ♠❛s❦✐♥❣❄ ❉❡♣❡♥❞s ♦♥ ❢✉♥❝t✐♦♥s f1, f2
• ❘❡❧❡❛s✐♥❣ s❡❝r❡❝② ✐♥ E❄ ❯s✉❛❧❧② ♥♦ ♣r♦❜❧❡♠

✶✷ ✴ ✹✽

▼❛❥♦r✐t② ♦❢ t✇❡❛❦❛❜❧❡ ❜❧♦❝❦❝✐♣❤❡rs ❢♦❧❧♦✇ ♠❛s❦✲Ek/P✲♠❛s❦ ♣r✐♥❝✐♣❧❡

■♥t✉✐t✐♦♥✿ ❆♥❛❧②s✐s

m c

Ek/P

f1(t) f2(t)

Ek s❤♦✉❧❞ ✏❧♦♦❦ ❧✐❦❡✑ r❛♥❞♦♠ ♣❡r♠✉t❛t✐♦♥ ❢♦r ❡✈❡r② t

• ❈♦♥s✐❞❡r ❛❞✈❡rs❛r② D t❤❛t ♠❛❦❡s q ❡✈❛❧✉❛t✐♦♥s ♦❢

Ek ❙t❡♣ ✶✿

❍♦✇ ♠❛♥② ❡✈❛❧✉❛t✐♦♥s ❞♦❡s ♥❡❡❞ ❛t ♠♦st❄

❙t❡♣ ✶✿

❇♦✐❧s ❞♦✇♥ t♦ ✜♥❞✐♥❣ ❣❡♥❡r✐❝ ❛tt❛❝❦s

❙t❡♣ ✷✿

❍♦✇ ♠❛♥② ❡✈❛❧✉❛t✐♦♥s ❞♦❡s ♥❡❡❞ ❛t ❧❡❛st❄

❙t❡♣ ✷✿

❇♦✐❧s ❞♦✇♥ t♦ ♣r♦✈❛❜❧❡ s❡❝✉r✐t②

✶✸ ✴ ✹✽

■♥t✉✐t✐♦♥✿ ❆♥❛❧②s✐s

m c

Ek/P

f1(t) f2(t)

Ek s❤♦✉❧❞ ✏❧♦♦❦ ❧✐❦❡✑ r❛♥❞♦♠ ♣❡r♠✉t❛t✐♦♥ ❢♦r ❡✈❡r② t

• ❈♦♥s✐❞❡r ❛❞✈❡rs❛r② D t❤❛t ♠❛❦❡s q ❡✈❛❧✉❛t✐♦♥s ♦❢

Ek

• ❙t❡♣ ✶✿ • ❍♦✇ ♠❛♥② ❡✈❛❧✉❛t✐♦♥s ❞♦❡s D ♥❡❡❞ ❛t ♠♦st❄

❙t❡♣ ✶✿ • ❇♦✐❧s ❞♦✇♥ t♦ ✜♥❞✐♥❣ ❣❡♥❡r✐❝ ❛tt❛❝❦s ❙t❡♣ ✷✿

❍♦✇ ♠❛♥② ❡✈❛❧✉❛t✐♦♥s ❞♦❡s ♥❡❡❞ ❛t ❧❡❛st❄

❙t❡♣ ✷✿

❇♦✐❧s ❞♦✇♥ t♦ ♣r♦✈❛❜❧❡ s❡❝✉r✐t②

✶✸ ✴ ✹✽

■♥t✉✐t✐♦♥✿ ❆♥❛❧②s✐s

m c

Ek/P

f1(t) f2(t)

Ek s❤♦✉❧❞ ✏❧♦♦❦ ❧✐❦❡✑ r❛♥❞♦♠ ♣❡r♠✉t❛t✐♦♥ ❢♦r ❡✈❡r② t

• ❈♦♥s✐❞❡r ❛❞✈❡rs❛r② D t❤❛t ♠❛❦❡s q ❡✈❛❧✉❛t✐♦♥s ♦❢

Ek

• ❙t❡♣ ✶✿ • ❍♦✇ ♠❛♥② ❡✈❛❧✉❛t✐♦♥s ❞♦❡s D ♥❡❡❞ ❛t ♠♦st❄

❙t❡♣ ✶✿ • ❇♦✐❧s ❞♦✇♥ t♦ ✜♥❞✐♥❣ ❣❡♥❡r✐❝ ❛tt❛❝❦s

• ❙t❡♣ ✷✿ • ❍♦✇ ♠❛♥② ❡✈❛❧✉❛t✐♦♥s ❞♦❡s D ♥❡❡❞ ❛t ❧❡❛st❄

❙t❡♣ ✷✿ • ❇♦✐❧s ❞♦✇♥ t♦ ♣r♦✈❛❜❧❡ s❡❝✉r✐t②

✶✸ ✴ ✹✽

■♥t✉✐t✐♦♥✿ ❆♥❛❧②s✐s

m c

Ek/P

f1(t) f2(t)

❋♦r ❛♥② t✇♦ q✉❡r✐❡s ✱ ✿ ❯♥❧✐❦❡❧② t♦ ❤❛♣♣❡♥ ❢♦r r❛♥❞♦♠ ❢❛♠✐❧② ♦❢ ♣❡r♠✉t❛t✐♦♥s ■♠♣❧✐❝❛t✐♦♥ st✐❧❧ ❤♦❧❞s ✇✐t❤ ❞✐✛❡r❡♥❝❡ ①♦r❡❞ t♦

❙❝❤❡♠❡ ❝❛♥ ❜❡ ❜r♦❦❡♥ ✐♥ ❡✈❛❧✉❛t✐♦♥s

✶✹ ✴ ✹✽

■♥t✉✐t✐♦♥✿ ❆♥❛❧②s✐s

m c

Ek/P

f1(t) f2(t)

• ❋♦r ❛♥② t✇♦ q✉❡r✐❡s (t, m, c)✱ (t′, m′, c′)✿

m ⊕ f1(t) = m′ ⊕ f1(t′) = ⇒ c ⊕ f2(t) = c′ ⊕ f2(t′) ❯♥❧✐❦❡❧② t♦ ❤❛♣♣❡♥ ❢♦r r❛♥❞♦♠ ❢❛♠✐❧② ♦❢ ♣❡r♠✉t❛t✐♦♥s ■♠♣❧✐❝❛t✐♦♥ st✐❧❧ ❤♦❧❞s ✇✐t❤ ❞✐✛❡r❡♥❝❡ ①♦r❡❞ t♦

❙❝❤❡♠❡ ❝❛♥ ❜❡ ❜r♦❦❡♥ ✐♥ ❡✈❛❧✉❛t✐♦♥s

✶✹ ✴ ✹✽

■♥t✉✐t✐♦♥✿ ❆♥❛❧②s✐s

m c

Ek/P

f1(t) f2(t)

• ❋♦r ❛♥② t✇♦ q✉❡r✐❡s (t, m, c)✱ (t′, m′, c′)✿

m ⊕ f1(t) = m′ ⊕ f1(t′) = ⇒ c ⊕ f2(t) = c′ ⊕ f2(t′)

• ❯♥❧✐❦❡❧② t♦ ❤❛♣♣❡♥ ❢♦r r❛♥❞♦♠ ❢❛♠✐❧② ♦❢ ♣❡r♠✉t❛t✐♦♥s

■♠♣❧✐❝❛t✐♦♥ st✐❧❧ ❤♦❧❞s ✇✐t❤ ❞✐✛❡r❡♥❝❡ ①♦r❡❞ t♦

❙❝❤❡♠❡ ❝❛♥ ❜❡ ❜r♦❦❡♥ ✐♥ ❡✈❛❧✉❛t✐♦♥s

✶✹ ✴ ✹✽

■♥t✉✐t✐♦♥✿ ❆♥❛❧②s✐s

m c

Ek/P

f1(t) f2(t)

• ❋♦r ❛♥② t✇♦ q✉❡r✐❡s (t, m, c)✱ (t′, m′, c′)✿

m ⊕ f1(t) = m′ ⊕ f1(t′) = ⇒ c ⊕ f2(t) = c′ ⊕ f2(t′)

• ❯♥❧✐❦❡❧② t♦ ❤❛♣♣❡♥ ❢♦r r❛♥❞♦♠ ❢❛♠✐❧② ♦❢ ♣❡r♠✉t❛t✐♦♥s
• ■♠♣❧✐❝❛t✐♦♥ st✐❧❧ ❤♦❧❞s ✇✐t❤ ❞✐✛❡r❡♥❝❡ C ①♦r❡❞ t♦ m, m′

❙❝❤❡♠❡ ❝❛♥ ❜❡ ❜r♦❦❡♥ ✐♥ ❡✈❛❧✉❛t✐♦♥s

✶✹ ✴ ✹✽

■♥t✉✐t✐♦♥✿ ❆♥❛❧②s✐s

m c

Ek/P

f1(t) f2(t)

• ❋♦r ❛♥② t✇♦ q✉❡r✐❡s (t, m, c)✱ (t′, m′, c′)✿

m ⊕ f1(t) = m′ ⊕ f1(t′) = ⇒ c ⊕ f2(t) = c′ ⊕ f2(t′)

• ❯♥❧✐❦❡❧② t♦ ❤❛♣♣❡♥ ❢♦r r❛♥❞♦♠ ❢❛♠✐❧② ♦❢ ♣❡r♠✉t❛t✐♦♥s
• ■♠♣❧✐❝❛t✐♦♥ st✐❧❧ ❤♦❧❞s ✇✐t❤ ❞✐✛❡r❡♥❝❡ C ①♦r❡❞ t♦ m, m′

❙❝❤❡♠❡ ❝❛♥ ❜❡ ❜r♦❦❡♥ ✐♥ ≈ 2n/2 ❡✈❛❧✉❛t✐♦♥s

✶✹ ✴ ✹✽

■♥t✉✐t✐♦♥✿ ❆♥❛❧②s✐s

m c

Ek/P

f1(t) f2(t)

• ❚❤❡ ❢✉♥ st❛rts ❤❡r❡✦
• ▼♦r❡ t❡❝❤♥✐❝❛❧ ❛♥❞ ♦❢t❡♥ ♠♦r❡ ✐♥✈♦❧✈❡❞

❚②♣✐❝❛❧ ❛♣♣r♦❛❝❤✿

❈♦♥s✐❞❡r ❛♥② tr❛♥s❝r✐♣t ❛♥ ❛❞✈❡rs❛r② ♠❛② s❡❡ ▼♦st ✬s s❤♦✉❧❞ ❜❡ ❡q✉❛❧❧② ❧✐❦❡❧② ✐♥ ❜♦t❤ ✇♦r❧❞s ❖❞❞ ♦♥❡s s❤♦✉❧❞ ❤❛♣♣❡♥ ✇✐t❤ ✈❡r② s♠❛❧❧ ♣r♦❜❛❜✐❧✐t②

❆❧❧ ❝♦♥str✉❝t✐♦♥s ♦❢ t❤✐s ❦✐♥❞✿ s❡❝✉r❡ ✉♣ t♦ ❡✈❛❧✉❛t✐♦♥s

✶✺ ✴ ✹✽

■♥t✉✐t✐♦♥✿ ❆♥❛❧②s✐s

m c

Ek/P

f1(t) f2(t)

• ❚❤❡ ❢✉♥ st❛rts ❤❡r❡✦
• ▼♦r❡ t❡❝❤♥✐❝❛❧ ❛♥❞ ♦❢t❡♥ ♠♦r❡ ✐♥✈♦❧✈❡❞
• ❚②♣✐❝❛❧ ❛♣♣r♦❛❝❤✿
• ❈♦♥s✐❞❡r ❛♥② tr❛♥s❝r✐♣t τ ❛♥ ❛❞✈❡rs❛r② ♠❛② s❡❡
• ▼♦st τ✬s s❤♦✉❧❞ ❜❡ ❡q✉❛❧❧② ❧✐❦❡❧② ✐♥ ❜♦t❤ ✇♦r❧❞s
• ❖❞❞ ♦♥❡s s❤♦✉❧❞ ❤❛♣♣❡♥ ✇✐t❤ ✈❡r② s♠❛❧❧ ♣r♦❜❛❜✐❧✐t②

❆❧❧ ❝♦♥str✉❝t✐♦♥s ♦❢ t❤✐s ❦✐♥❞✿ s❡❝✉r❡ ✉♣ t♦ ❡✈❛❧✉❛t✐♦♥s

✶✺ ✴ ✹✽

■♥t✉✐t✐♦♥✿ ❆♥❛❧②s✐s

m c

Ek/P

f1(t) f2(t)

• ❚❤❡ ❢✉♥ st❛rts ❤❡r❡✦
• ▼♦r❡ t❡❝❤♥✐❝❛❧ ❛♥❞ ♦❢t❡♥ ♠♦r❡ ✐♥✈♦❧✈❡❞
• ❚②♣✐❝❛❧ ❛♣♣r♦❛❝❤✿
• ❈♦♥s✐❞❡r ❛♥② tr❛♥s❝r✐♣t τ ❛♥ ❛❞✈❡rs❛r② ♠❛② s❡❡
• ▼♦st τ✬s s❤♦✉❧❞ ❜❡ ❡q✉❛❧❧② ❧✐❦❡❧② ✐♥ ❜♦t❤ ✇♦r❧❞s
• ❖❞❞ ♦♥❡s s❤♦✉❧❞ ❤❛♣♣❡♥ ✇✐t❤ ✈❡r② s♠❛❧❧ ♣r♦❜❛❜✐❧✐t②

❆❧❧ ❝♦♥str✉❝t✐♦♥s ♦❢ t❤✐s ❦✐♥❞✿ s❡❝✉r❡ ✉♣ t♦ ≈ 2n/2 ❡✈❛❧✉❛t✐♦♥s

✶✺ ✴ ✹✽

❖✉t❧✐♥❡ ❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs ❇❛s❡❞ ♦♥ ▼❛s❦✐♥❣

• ■♥t✉✐t✐♦♥
• ❙t❛t❡ ♦❢ t❤❡ ❆rt
• ■♠♣r♦✈❡❞ ❊✣❝✐❡♥❝②

❇❡②♦♥❞ ❇✐rt❤❞❛② ❇♦✉♥❞ ❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs

• ❙t❛t❡ ♦❢ t❤❡ ❆rt
• ❚✐❣❤t ❙❡❝✉r✐t② ♦❢ ❈❛s❝❛❞❡❞ LRW2❄
• ■♠♣r♦✈❡❞ ❆tt❛❝❦
• ■♠♣r♦✈❡❞ ❙❡❝✉r✐t② ❇♦✉♥❞

❈♦♥❝❧✉s✐♦♥

✶✻ ✴ ✹✽

❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs ❇❛s❡❞ ♦♥ ▼❛s❦✐♥❣

❇❧♦❝❦❝✐♣❤❡r✲❇❛s❡❞✳

m c tweak-based mask

Ek

t②♣✐❝❛❧❧② ✶✷✽ ❜✐ts

♣P❡r♠✉t❛t✐♦♥✲❇❛s❡❞✳♣

m c tweak-based mask

P

♠✉❝❤ ❧❛r❣❡r✿ ✷✺✻✲✶✻✵✵ ❜✐ts

✶✼ ✴ ✹✽

❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs ❇❛s❡❞ ♦♥ ▼❛s❦✐♥❣

❇❧♦❝❦❝✐♣❤❡r✲❇❛s❡❞✳

m c tweak-based mask

Ek

t②♣✐❝❛❧❧② ✶✷✽ ❜✐ts

♣P❡r♠✉t❛t✐♦♥✲❇❛s❡❞✳♣

m c tweak-based mask

P

♠✉❝❤ ❧❛r❣❡r✿ ✷✺✻✲✶✻✵✵ ❜✐ts

✶✼ ✴ ✹✽

❖r✐❣✐♥❛❧ ❈♦♥str✉❝t✐♦♥s

• LRW1 ❛♥❞ LRW2 ❜② ▲✐s❦♦✈ ❡t ❛❧✳ ❬▲❘❲✵✷❪✿

m c t

Ek Ek

m c h(t)

Ek

• h ✐s ❳❖❘✲✉♥✐✈❡rs❛❧ ❤❛s❤
• ❊✳❣✳✱ h(t) = h ⊗ t ❢♦r n✲❜✐t ✏❦❡②✑ h

✶✽ ✴ ✹✽

P♦✇❡r✐♥❣✲❯♣ ▼❛s❦✐♥❣ ✭❳❊❳✮

• XEX ❜② ❘♦❣❛✇❛② ❬❘♦❣✵✹❪✿

m c 2α3β7γ · Ek(N)

Ek

• (α, β, γ, N) ✐s t✇❡❛❦ ✭s✐♠♣❧✐✜❡❞✮

❯s❡❞ ✐♥ ❖❈❇✷ ❛♥❞ ✶✹ ❈❆❊❙❆❘ ❝❛♥❞✐❞❛t❡s P❡r♠✉t❛t✐♦♥✲❜❛s❡❞ ✈❛r✐❛♥ts ✐♥ ▼✐♥❛❧♣❤❡r ❛♥❞ Prøst ✭❣❡♥❡r❛❧✐③❡❞ ❜② ❈♦❣❧✐❛t✐ ❡t ❛❧✳ ❬❈▲❙✶✺❪✮

✶✾ ✴ ✹✽

P♦✇❡r✐♥❣✲❯♣ ▼❛s❦✐♥❣ ✭❳❊❳✮

• XEX ❜② ❘♦❣❛✇❛② ❬❘♦❣✵✹❪✿

m c 2α3β7γ · Ek(N)

Ek

• (α, β, γ, N) ✐s t✇❡❛❦ ✭s✐♠♣❧✐✜❡❞✮
• ❯s❡❞ ✐♥ ❖❈❇✷ ❛♥❞ ±✶✹ ❈❆❊❙❆❘ ❝❛♥❞✐❞❛t❡s

P❡r♠✉t❛t✐♦♥✲❜❛s❡❞ ✈❛r✐❛♥ts ✐♥ ▼✐♥❛❧♣❤❡r ❛♥❞ Prøst ✭❣❡♥❡r❛❧✐③❡❞ ❜② ❈♦❣❧✐❛t✐ ❡t ❛❧✳ ❬❈▲❙✶✺❪✮

✶✾ ✴ ✹✽

P♦✇❡r✐♥❣✲❯♣ ▼❛s❦✐♥❣ ✭❳❊❳✮

• XEX ❜② ❘♦❣❛✇❛② ❬❘♦❣✵✹❪✿

m c 2α3β7γ · Ek(N)

Ek

m c 2α3β7γ · (kN ⊕ P(kN))

P

• (α, β, γ, N) ✐s t✇❡❛❦ ✭s✐♠♣❧✐✜❡❞✮
• ❯s❡❞ ✐♥ ❖❈❇✷ ❛♥❞ ±✶✹ ❈❆❊❙❆❘ ❝❛♥❞✐❞❛t❡s
• P❡r♠✉t❛t✐♦♥✲❜❛s❡❞ ✈❛r✐❛♥ts ✐♥ ▼✐♥❛❧♣❤❡r ❛♥❞ Prøst

✭❣❡♥❡r❛❧✐③❡❞ ❜② ❈♦❣❧✐❛t✐ ❡t ❛❧✳ ❬❈▲❙✶✺❪✮

✶✾ ✴ ✹✽

P♦✇❡r✐♥❣✲❯♣ ▼❛s❦✐♥❣ ✐♥ ❖❈❇✷✲▲✐❦❡ ❈♦♥str✉❝t✐♦♥

A1 A2 Aa M1 M2 Md ⊕Mi C1 C2 Cd T ˜ E

N,tA1 k

˜ E

N,tA2 k

˜ E

N,tAa k

˜ E

N,tM⊕ k

˜ E

N,tM1 k

˜ E

N,tM2 k

˜ E

N,tMd k

❯♣❞❛t❡ ♦❢ ♠❛s❦✿

❙❤✐❢t ❛♥❞ ❝♦♥❞✐t✐♦♥❛❧ ❳❖❘

❱❛r✐❛❜❧❡ t✐♠❡ ❝♦♠♣✉t❛t✐♦♥ ❊①♣❡♥s✐✈❡ ♦♥ ❝❡rt❛✐♥ ♣❧❛t❢♦r♠s

✷✵ ✴ ✹✽

L = Ek(N)

P♦✇❡r✐♥❣✲❯♣ ▼❛s❦✐♥❣ ✐♥ ❖❈❇✷✲▲✐❦❡ ❈♦♥str✉❝t✐♦♥

A1 A2 Aa M1 M2 Md ⊕Mi C1 C2 Cd T

2·32L 2232L 2a32L 2d3L 2L 22L 2dL 2L 22L 2dL

Ek Ek Ek Ek Ek Ek Ek

❯♣❞❛t❡ ♦❢ ♠❛s❦✿

❙❤✐❢t ❛♥❞ ❝♦♥❞✐t✐♦♥❛❧ ❳❖❘

❱❛r✐❛❜❧❡ t✐♠❡ ❝♦♠♣✉t❛t✐♦♥ ❊①♣❡♥s✐✈❡ ♦♥ ❝❡rt❛✐♥ ♣❧❛t❢♦r♠s

✷✵ ✴ ✹✽

L = Ek(N)

P♦✇❡r✐♥❣✲❯♣ ▼❛s❦✐♥❣ ✐♥ ❖❈❇✷✲▲✐❦❡ ❈♦♥str✉❝t✐♦♥

A1 A2 Aa M1 M2 Md ⊕Mi C1 C2 Cd T

2·32L 2232L 2a32L 2d3L 2L 22L 2dL 2L 22L 2dL

Ek Ek Ek Ek Ek Ek Ek

❯♣❞❛t❡ ♦❢ ♠❛s❦✿

❙❤✐❢t ❛♥❞ ❝♦♥❞✐t✐♦♥❛❧ ❳❖❘

❱❛r✐❛❜❧❡ t✐♠❡ ❝♦♠♣✉t❛t✐♦♥ ❊①♣❡♥s✐✈❡ ♦♥ ❝❡rt❛✐♥ ♣❧❛t❢♦r♠s

✷✵ ✴ ✹✽

L = Ek(N)

P♦✇❡r✐♥❣✲❯♣ ▼❛s❦✐♥❣ ✐♥ ❖❈❇✷✲▲✐❦❡ ❈♦♥str✉❝t✐♦♥

A1 A2 Aa M1 M2 Md ⊕Mi C1 C2 Cd T

2·32L 2232L 2a32L 2d3L 2L 22L 2dL 2L 22L 2dL

Ek Ek Ek Ek Ek Ek Ek

❯♣❞❛t❡ ♦❢ ♠❛s❦✿

❙❤✐❢t ❛♥❞ ❝♦♥❞✐t✐♦♥❛❧ ❳❖❘

❱❛r✐❛❜❧❡ t✐♠❡ ❝♦♠♣✉t❛t✐♦♥ ❊①♣❡♥s✐✈❡ ♦♥ ❝❡rt❛✐♥ ♣❧❛t❢♦r♠s

✷✵ ✴ ✹✽

L = Ek(N)

P♦✇❡r✐♥❣✲❯♣ ▼❛s❦✐♥❣ ✐♥ ❖❈❇✷✲▲✐❦❡ ❈♦♥str✉❝t✐♦♥

A1 A2 Aa M1 M2 Md ⊕Mi C1 C2 Cd T

2·32L 2232L 2a32L 2d3L 2L 22L 2dL 2L 22L 2dL

Ek Ek Ek Ek Ek Ek Ek

❯♣❞❛t❡ ♦❢ ♠❛s❦✿

❙❤✐❢t ❛♥❞ ❝♦♥❞✐t✐♦♥❛❧ ❳❖❘

❱❛r✐❛❜❧❡ t✐♠❡ ❝♦♠♣✉t❛t✐♦♥ ❊①♣❡♥s✐✈❡ ♦♥ ❝❡rt❛✐♥ ♣❧❛t❢♦r♠s

✷✵ ✴ ✹✽

L = Ek(N)

P♦✇❡r✐♥❣✲❯♣ ▼❛s❦✐♥❣ ✐♥ ❖❈❇✷✲▲✐❦❡ ❈♦♥str✉❝t✐♦♥

A1 A2 Aa M1 M2 Md ⊕Mi C1 C2 Cd T

2·32L 2232L 2a32L 2d3L 2L 22L 2dL 2L 22L 2dL

Ek Ek Ek Ek Ek Ek Ek

❯♣❞❛t❡ ♦❢ ♠❛s❦✿

❙❤✐❢t ❛♥❞ ❝♦♥❞✐t✐♦♥❛❧ ❳❖❘

❱❛r✐❛❜❧❡ t✐♠❡ ❝♦♠♣✉t❛t✐♦♥ ❊①♣❡♥s✐✈❡ ♦♥ ❝❡rt❛✐♥ ♣❧❛t❢♦r♠s

✷✵ ✴ ✹✽

L = Ek(N)

P♦✇❡r✐♥❣✲❯♣ ▼❛s❦✐♥❣ ✐♥ ❖❈❇✷✲▲✐❦❡ ❈♦♥str✉❝t✐♦♥

A1 A2 Aa M1 M2 Md ⊕Mi C1 C2 Cd T

2·32L 2232L 2a32L 2d3L 2L 22L 2dL 2L 22L 2dL

Ek Ek Ek Ek Ek Ek Ek

• ❯♣❞❛t❡ ♦❢ ♠❛s❦✿
• ❙❤✐❢t ❛♥❞ ❝♦♥❞✐t✐♦♥❛❧ ❳❖❘
• ❱❛r✐❛❜❧❡ t✐♠❡ ❝♦♠♣✉t❛t✐♦♥
• ❊①♣❡♥s✐✈❡ ♦♥ ❝❡rt❛✐♥ ♣❧❛t❢♦r♠s

✷✵ ✴ ✹✽

L = Ek(N)

• r❛② ❈♦❞❡ ▼❛s❦✐♥❣
• ❖❈❇✶ ❛♥❞ ❖❈❇✸ ✉s❡ ●r❛② ❈♦❞❡s✿

m c

• α ⊕ (α ≫ 1)
• · Ek(N)

Ek

• (α, N) ✐s t✇❡❛❦
• ❯♣❞❛t✐♥❣✿ G(α) = G(α − 1) ⊕ 2ntz(α)

❙✐♥❣❧❡ ❳❖❘ ▲♦❣❛r✐t❤♠✐❝ ❛♠♦✉♥t ♦❢ ✜❡❧❞ ❞♦✉❜❧✐♥❣s ✭♣r❡❝♦♠♣✉t❡❞✮

▼♦r❡ ❡✣❝✐❡♥t t❤❛♥ ♣♦✇❡r✐♥❣✲✉♣ ❬❑❘✶✶❪

✷✶ ✴ ✹✽

• r❛② ❈♦❞❡ ▼❛s❦✐♥❣
• ❖❈❇✶ ❛♥❞ ❖❈❇✸ ✉s❡ ●r❛② ❈♦❞❡s✿

m c

• α ⊕ (α ≫ 1)
• · Ek(N)

Ek

• (α, N) ✐s t✇❡❛❦
• ❯♣❞❛t✐♥❣✿ G(α) = G(α − 1) ⊕ 2ntz(α)
• ❙✐♥❣❧❡ ❳❖❘
• ▲♦❣❛r✐t❤♠✐❝ ❛♠♦✉♥t ♦❢ ✜❡❧❞ ❞♦✉❜❧✐♥❣s ✭♣r❡❝♦♠♣✉t❡❞✮
• ▼♦r❡ ❡✣❝✐❡♥t t❤❛♥ ♣♦✇❡r✐♥❣✲✉♣ ❬❑❘✶✶❪

✷✶ ✴ ✹✽

❖✉t❧✐♥❡ ❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs ❇❛s❡❞ ♦♥ ▼❛s❦✐♥❣

• ■♥t✉✐t✐♦♥
• ❙t❛t❡ ♦❢ t❤❡ ❆rt
• ■♠♣r♦✈❡❞ ❊✣❝✐❡♥❝②

❇❡②♦♥❞ ❇✐rt❤❞❛② ❇♦✉♥❞ ❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs

• ❙t❛t❡ ♦❢ t❤❡ ❆rt
• ❚✐❣❤t ❙❡❝✉r✐t② ♦❢ ❈❛s❝❛❞❡❞ LRW2❄
• ■♠♣r♦✈❡❞ ❆tt❛❝❦
• ■♠♣r♦✈❡❞ ❙❡❝✉r✐t② ❇♦✉♥❞

❈♦♥❝❧✉s✐♦♥

✷✷ ✴ ✹✽

▼❛s❦❡❞ ❊✈❡♥✲▼❛♥s♦✉r ✭MEM✮

• MEM ❜② ●r❛♥❣❡r ❡t ❛❧✳ ❬●❏▼◆✶✻❪✿

m c ϕγ

2 ◦ ϕβ 1 ◦ ϕα 0 ◦ P(Nk)

P

• ϕi ❛r❡ ✜①❡❞ ▲❋❙❘s✱ (α, β, γ, N) ✐s t✇❡❛❦ ✭s✐♠♣❧✐✜❡❞✮

❈♦♠❜✐♥❡s ❛❞✈❛♥t❛❣❡s ♦❢✿

P♦✇❡r✐♥❣✲✉♣ ♠❛s❦✐♥❣ ❲♦r❞✲❜❛s❡❞ ▲❋❙❘s

❙✐♠♣❧❡r✱ ❝♦♥st❛♥t✲t✐♠❡ ✭❜② ❞❡❢❛✉❧t✮✱ ♠♦r❡ ❡✣❝✐❡♥t

✷✸ ✴ ✹✽

▼❛s❦❡❞ ❊✈❡♥✲▼❛♥s♦✉r ✭MEM✮

• MEM ❜② ●r❛♥❣❡r ❡t ❛❧✳ ❬●❏▼◆✶✻❪✿

m c ϕγ

2 ◦ ϕβ 1 ◦ ϕα 0 ◦ P(Nk)

P

• ϕi ❛r❡ ✜①❡❞ ▲❋❙❘s✱ (α, β, γ, N) ✐s t✇❡❛❦ ✭s✐♠♣❧✐✜❡❞✮
• ❈♦♠❜✐♥❡s ❛❞✈❛♥t❛❣❡s ♦❢✿
• P♦✇❡r✐♥❣✲✉♣ ♠❛s❦✐♥❣
• ❲♦r❞✲❜❛s❡❞ ▲❋❙❘s

❙✐♠♣❧❡r✱ ❝♦♥st❛♥t✲t✐♠❡ ✭❜② ❞❡❢❛✉❧t✮✱ ♠♦r❡ ❡✣❝✐❡♥t

✷✸ ✴ ✹✽

▼❛s❦❡❞ ❊✈❡♥✲▼❛♥s♦✉r ✭MEM✮

• MEM ❜② ●r❛♥❣❡r ❡t ❛❧✳ ❬●❏▼◆✶✻❪✿

m c ϕγ

2 ◦ ϕβ 1 ◦ ϕα 0 ◦ P(Nk)

P

• ϕi ❛r❡ ✜①❡❞ ▲❋❙❘s✱ (α, β, γ, N) ✐s t✇❡❛❦ ✭s✐♠♣❧✐✜❡❞✮
• ❈♦♠❜✐♥❡s ❛❞✈❛♥t❛❣❡s ♦❢✿
• P♦✇❡r✐♥❣✲✉♣ ♠❛s❦✐♥❣
• ❲♦r❞✲❜❛s❡❞ ▲❋❙❘s
• ❙✐♠♣❧❡r✱ ❝♦♥st❛♥t✲t✐♠❡ ✭❜② ❞❡❢❛✉❧t✮✱ ♠♦r❡ ❡✣❝✐❡♥t

✷✸ ✴ ✹✽

MEM✿ ❉❡s✐❣♥ ❈♦♥s✐❞❡r❛t✐♦♥s

• P❛rt✐❝✉❧❛r❧② s✉✐t❡❞ ❢♦r ❧❛r❣❡ st❛t❡s ✭♣❡r♠✉t❛t✐♦♥s✮
• ▲♦✇ ♦♣❡r❛t✐♦♥ ❝♦✉♥ts ❜② ❝❧❡✈❡r ❝❤♦✐❝❡ ♦❢ ▲❋❙❘

❙❛♠♣❧❡ ▲❋❙❘s ✭st❛t❡ s✐③❡ ❛s ✇♦r❞s ♦❢ ❜✐ts✮✿

✳ ✳ ✳ ✳ ✳ ✳ ✳ ✳ ✳ ✳ ✳ ✳

❲♦r❦ ❡①❝❡♣t✐♦♥❛❧❧② ✇❡❧❧ ❢♦r ❆❘❳ ♣r✐♠✐t✐✈❡s

✷✹ ✴ ✹✽

MEM✿ ❉❡s✐❣♥ ❈♦♥s✐❞❡r❛t✐♦♥s

• P❛rt✐❝✉❧❛r❧② s✉✐t❡❞ ❢♦r ❧❛r❣❡ st❛t❡s ✭♣❡r♠✉t❛t✐♦♥s✮
• ▲♦✇ ♦♣❡r❛t✐♦♥ ❝♦✉♥ts ❜② ❝❧❡✈❡r ❝❤♦✐❝❡ ♦❢ ▲❋❙❘
• ❙❛♠♣❧❡ ▲❋❙❘s ✭st❛t❡ s✐③❡ b ❛s n ✇♦r❞s ♦❢ w ❜✐ts✮✿

b w n ϕ 128 8 16 (x1, . . . , x15, (x0 ≪ 1) ⊕ (x9 ≫ 1) ⊕ (x10 ≪ 1)) 128 32 4 (x1, . . . , x3, (x0 ≪ 5) ⊕ x1 ⊕ (x1 ≪ 13)) 128 64 2 (x1, (x0 ≪ 11) ⊕ x1 ⊕ (x1 ≪ 13)) 256 64 4 (x1, . . . , x3, (x0 ≪ 3) ⊕ (x3 ≫ 5)) 512 32 16 (x1, . . . , x15, (x0 ≪ 5) ⊕ (x3 ≫ 7)) 512 64 8 (x1, . . . , x7, (x0 ≪ 29) ⊕ (x1 ≪ 9)) 1024 64 16 (x1, . . . , x15, (x0 ≪ 53) ⊕ (x5 ≪ 13)) 1600 32 50 (x1, . . . , x49, (x0 ≪ 3) ⊕ (x23 ≫ 3)) ✳ ✳ ✳ ✳ ✳ ✳ ✳ ✳ ✳ ✳ ✳ ✳

❲♦r❦ ❡①❝❡♣t✐♦♥❛❧❧② ✇❡❧❧ ❢♦r ❆❘❳ ♣r✐♠✐t✐✈❡s

✷✹ ✴ ✹✽

MEM✿ ❉❡s✐❣♥ ❈♦♥s✐❞❡r❛t✐♦♥s

• P❛rt✐❝✉❧❛r❧② s✉✐t❡❞ ❢♦r ❧❛r❣❡ st❛t❡s ✭♣❡r♠✉t❛t✐♦♥s✮
• ▲♦✇ ♦♣❡r❛t✐♦♥ ❝♦✉♥ts ❜② ❝❧❡✈❡r ❝❤♦✐❝❡ ♦❢ ▲❋❙❘
• ❙❛♠♣❧❡ ▲❋❙❘s ✭st❛t❡ s✐③❡ b ❛s n ✇♦r❞s ♦❢ w ❜✐ts✮✿

b w n ϕ 128 8 16 (x1, . . . , x15, (x0 ≪ 1) ⊕ (x9 ≫ 1) ⊕ (x10 ≪ 1)) 128 32 4 (x1, . . . , x3, (x0 ≪ 5) ⊕ x1 ⊕ (x1 ≪ 13)) 128 64 2 (x1, (x0 ≪ 11) ⊕ x1 ⊕ (x1 ≪ 13)) 256 64 4 (x1, . . . , x3, (x0 ≪ 3) ⊕ (x3 ≫ 5)) 512 32 16 (x1, . . . , x15, (x0 ≪ 5) ⊕ (x3 ≫ 7)) 512 64 8 (x1, . . . , x7, (x0 ≪ 29) ⊕ (x1 ≪ 9)) 1024 64 16 (x1, . . . , x15, (x0 ≪ 53) ⊕ (x5 ≪ 13)) 1600 32 50 (x1, . . . , x49, (x0 ≪ 3) ⊕ (x23 ≫ 3)) ✳ ✳ ✳ ✳ ✳ ✳ ✳ ✳ ✳ ✳ ✳ ✳

• ❲♦r❦ ❡①❝❡♣t✐♦♥❛❧❧② ✇❡❧❧ ❢♦r ❆❘❳ ♣r✐♠✐t✐✈❡s

✷✹ ✴ ✹✽

MEM✿ ❯♥✐q✉❡♥❡ss ♦❢ ▼❛s❦✐♥❣

• ■♥t✉✐t✐✈❡❧②✱ ♠❛s❦✐♥❣ ❣♦❡s ✇❡❧❧ ❛s ❧♦♥❣ ❛s

ϕγ

2 ◦ ϕβ 1 ◦ ϕα 0 = ϕγ′ 2 ◦ ϕβ′ 1 ◦ ϕα′

❢♦r ❛♥② (α, β, γ) = (α′, β′, γ′)

• ❈❤❛❧❧❡♥❣❡✿ s❡t ♣r♦♣❡r ❞♦♠❛✐♥ ❢♦r (α, β, γ)
• ❘❡q✉✐r❡s ❝♦♠♣✉t❛t✐♦♥ ♦❢ ❞✐s❝r❡t❡ ❧♦❣❛r✐t❤♠s

✻✹ ✶✷✽ ✷✺✻ ✺✶✷ ✶✵✷✹

s♦❧✈❡❞ ❜② ❘♦❣❛✇❛② ❬❘♦❣✵✹❪ r❡s✉❧ts ✐♠♣❧✐❝✐t❧② ✉s❡❞✱ ❡✳❣✳✱ ❜② Prøst ✭✷✵✶✹✮ s♦❧✈❡❞ ❜② ●r❛♥❣❡r ❡t ❛❧✳ ❬●❏▼◆✶✻❪

✷✺ ✴ ✹✽

MEM✿ ❯♥✐q✉❡♥❡ss ♦❢ ▼❛s❦✐♥❣

• ■♥t✉✐t✐✈❡❧②✱ ♠❛s❦✐♥❣ ❣♦❡s ✇❡❧❧ ❛s ❧♦♥❣ ❛s

ϕγ

2 ◦ ϕβ 1 ◦ ϕα 0 = ϕγ′ 2 ◦ ϕβ′ 1 ◦ ϕα′

❢♦r ❛♥② (α, β, γ) = (α′, β′, γ′)

• ❈❤❛❧❧❡♥❣❡✿ s❡t ♣r♦♣❡r ❞♦♠❛✐♥ ❢♦r (α, β, γ)
• ❘❡q✉✐r❡s ❝♦♠♣✉t❛t✐♦♥ ♦❢ ❞✐s❝r❡t❡ ❧♦❣❛r✐t❤♠s

✻✹ ✶✷✽ ✷✺✻ ✺✶✷ ✶✵✷✹

s♦❧✈❡❞ ❜② ❘♦❣❛✇❛② ❬❘♦❣✵✹❪ r❡s✉❧ts ✐♠♣❧✐❝✐t❧② ✉s❡❞✱ ❡✳❣✳✱ ❜② Prøst ✭✷✵✶✹✮ s♦❧✈❡❞ ❜② ●r❛♥❣❡r ❡t ❛❧✳ ❬●❏▼◆✶✻❪

✷✺ ✴ ✹✽

MEM✿ ❯♥✐q✉❡♥❡ss ♦❢ ▼❛s❦✐♥❣

• ■♥t✉✐t✐✈❡❧②✱ ♠❛s❦✐♥❣ ❣♦❡s ✇❡❧❧ ❛s ❧♦♥❣ ❛s

ϕγ

2 ◦ ϕβ 1 ◦ ϕα 0 = ϕγ′ 2 ◦ ϕβ′ 1 ◦ ϕα′

❢♦r ❛♥② (α, β, γ) = (α′, β′, γ′)

• ❈❤❛❧❧❡♥❣❡✿ s❡t ♣r♦♣❡r ❞♦♠❛✐♥ ❢♦r (α, β, γ)
• ❘❡q✉✐r❡s ❝♦♠♣✉t❛t✐♦♥ ♦❢ ❞✐s❝r❡t❡ ❧♦❣❛r✐t❤♠s

✻✹ ✶✷✽ ✷✺✻ ✺✶✷ ✶✵✷✹

s♦❧✈❡❞ ❜② ❘♦❣❛✇❛② ❬❘♦❣✵✹❪ r❡s✉❧ts ✐♠♣❧✐❝✐t❧② ✉s❡❞✱ ❡✳❣✳✱ ❜② Prøst ✭✷✵✶✹✮ s♦❧✈❡❞ ❜② ●r❛♥❣❡r ❡t ❛❧✳ ❬●❏▼◆✶✻❪

✷✺ ✴ ✹✽

MEM✿ ❯♥✐q✉❡♥❡ss ♦❢ ▼❛s❦✐♥❣

• ■♥t✉✐t✐✈❡❧②✱ ♠❛s❦✐♥❣ ❣♦❡s ✇❡❧❧ ❛s ❧♦♥❣ ❛s

ϕγ

2 ◦ ϕβ 1 ◦ ϕα 0 = ϕγ′ 2 ◦ ϕβ′ 1 ◦ ϕα′

❢♦r ❛♥② (α, β, γ) = (α′, β′, γ′)

• ❈❤❛❧❧❡♥❣❡✿ s❡t ♣r♦♣❡r ❞♦♠❛✐♥ ❢♦r (α, β, γ)
• ❘❡q✉✐r❡s ❝♦♠♣✉t❛t✐♦♥ ♦❢ ❞✐s❝r❡t❡ ❧♦❣❛r✐t❤♠s

✻✹ ✶✷✽ ✷✺✻ ✺✶✷ ✶✵✷✹

s♦❧✈❡❞ ❜② ❘♦❣❛✇❛② ❬❘♦❣✵✹❪

• r❡s✉❧ts ✐♠♣❧✐❝✐t❧② ✉s❡❞✱

❡✳❣✳✱ ❜② Prøst ✭✷✵✶✹✮ s♦❧✈❡❞ ❜② ●r❛♥❣❡r ❡t ❛❧✳ ❬●❏▼◆✶✻❪

✷✺ ✴ ✹✽

MEM✿ ❯♥✐q✉❡♥❡ss ♦❢ ▼❛s❦✐♥❣

• ■♥t✉✐t✐✈❡❧②✱ ♠❛s❦✐♥❣ ❣♦❡s ✇❡❧❧ ❛s ❧♦♥❣ ❛s

ϕγ

2 ◦ ϕβ 1 ◦ ϕα 0 = ϕγ′ 2 ◦ ϕβ′ 1 ◦ ϕα′

❢♦r ❛♥② (α, β, γ) = (α′, β′, γ′)

• ❈❤❛❧❧❡♥❣❡✿ s❡t ♣r♦♣❡r ❞♦♠❛✐♥ ❢♦r (α, β, γ)
• ❘❡q✉✐r❡s ❝♦♠♣✉t❛t✐♦♥ ♦❢ ❞✐s❝r❡t❡ ❧♦❣❛r✐t❤♠s

✻✹ ✶✷✽ ✷✺✻ ✺✶✷ ✶✵✷✹

s♦❧✈❡❞ ❜② ❘♦❣❛✇❛② ❬❘♦❣✵✹❪

• r❡s✉❧ts ✐♠♣❧✐❝✐t❧② ✉s❡❞✱

❡✳❣✳✱ ❜② Prøst ✭✷✵✶✹✮

• s♦❧✈❡❞ ❜② ●r❛♥❣❡r ❡t ❛❧✳ ❬●❏▼◆✶✻❪

✷✺ ✴ ✹✽

❆♣♣❧✐❝❛t✐♦♥ t♦ ❆❊✿ ❖PP

A0 A1 Aa–1 M0 M1 Md–1 ⊕Mi C1 C2 Cd T

ϕ0(L) ϕ0(L) ϕ1(L) ϕ1(L) ϕa–1(L) ϕa–1(L) ϕ2◦ϕ2

1◦ϕd–1(L)

ϕ2◦ϕ2

1◦ϕd–1(L)

ϕ2◦ϕ0(L) ϕ2◦ϕ1(L) ϕ2◦ϕd–1(L) ϕ2◦ϕ0(L) ϕ2◦ϕ1(L) ϕ2◦ϕd–1(L)

P P P P P P P

• ❖✛s❡t P✉❜❧✐❝ P❡r♠✉t❛t✐♦♥ ✭❖PP✮
• ●❡♥❡r❛❧✐③❛t✐♦♥ ♦❢ ❖❈❇✸✿
• P❡r♠✉t❛t✐♦♥✲❜❛s❡❞
• ▼♦r❡ ❡✣❝✐❡♥t ▼❊▼ ♠❛s❦✐♥❣
• ❙❡❝✉r✐t② ❛❣❛✐♥st ♥♦♥❝❡✲r❡s♣❡❝t✐♥❣ ❛❞✈❡rs❛r✐❡s
• ✵✳✺✺ ❝♣❜ ✇✐t❤ r❡❞✉❝❡❞✲r♦✉♥❞ ❇▲❆❑❊✷❜

✷✻ ✴ ✹✽

L = P(Nk) ϕ1 = ϕ ⊕ id, ϕ2 = ϕ2 ⊕ ϕ ⊕ id

❆♣♣❧✐❝❛t✐♦♥ t♦ ❆❊✿ ▼❘❖

A0 Aa–1 T0 Td–1 M0 Md–1

|A||M|

C1 Cd T

ϕ0(L) ϕ0(L) ϕa–1(L) ϕa–1(L) ϕ1◦ϕ0(L) ϕ1◦ϕ0(L) ϕ1◦ϕd–1(L) ϕ1◦ϕd–1(L) ϕ2

1(L)

ϕ2

1(L)

ϕ2(L) ϕ2(L) ϕ2(L)⊕M0 ϕ2(L)⊕Md–1

P P P P P P P

• ▼✐s✉s❡✲❘❡s✐st❛♥t ❖PP ✭▼❘❖✮
• ❋✉❧❧② ♥♦♥❝❡✲♠✐s✉s❡ r❡s✐st❛♥t ✈❡rs✐♦♥ ♦❢ ❖PP
• ✶✳✵✻ ❝♣❜ ✇✐t❤ r❡❞✉❝❡❞✲r♦✉♥❞ ❇▲❆❑❊✷❜

✷✼ ✴ ✹✽

L = P(Nk) ϕ1 = ϕ ⊕ id, ϕ2 = ϕ2 ⊕ ϕ ⊕ id

❖✉t❧✐♥❡ ❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs ❇❛s❡❞ ♦♥ ▼❛s❦✐♥❣

• ■♥t✉✐t✐♦♥
• ❙t❛t❡ ♦❢ t❤❡ ❆rt
• ■♠♣r♦✈❡❞ ❊✣❝✐❡♥❝②

❇❡②♦♥❞ ❇✐rt❤❞❛② ❇♦✉♥❞ ❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs

• ❙t❛t❡ ♦❢ t❤❡ ❆rt
• ❚✐❣❤t ❙❡❝✉r✐t② ♦❢ ❈❛s❝❛❞❡❞ LRW2❄
• ■♠♣r♦✈❡❞ ❆tt❛❝❦
• ■♠♣r♦✈❡❞ ❙❡❝✉r✐t② ❇♦✉♥❞

❈♦♥❝❧✉s✐♦♥

✷✽ ✴ ✹✽

❇❡②♦♥❞ ❇✐rt❤❞❛② ❇♦✉♥❞ ❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs

m c

Ek/P

f1(t) f2(t)

• ✏❇✐rt❤❞❛② ❜♦✉♥❞✑ 2n/2 s❡❝✉r✐t② ❛t ❜❡st
• ❖✈❡r❧②✐♥❣ ♠♦❞❡s ✐♥❤❡r✐t s❡❝✉r✐t② ❜♦✉♥❞

■❢ ✐s ❧❛r❣❡ ❡♥♦✉❣❤ ♥♦ ♣r♦❜❧❡♠ ■❢ ✐s s♠❛❧❧ ✏❜❡②♦♥❞ ❜✐rt❤❞❛② ❜♦✉♥❞✑ s♦❧✉t✐♦♥s

❚✇❡❛❦✲r❡❦❡②✐♥❣ ❬▼✐♥✵✾✱▼❡♥✶✺✱❲●❩✰✶✻✱❏▲▼✰✶✼✱▲▲✶✽❪ ❈❛s❝❛❞✐♥❣ ✭♥♦✇✮

✷✾ ✴ ✹✽

❇❡②♦♥❞ ❇✐rt❤❞❛② ❇♦✉♥❞ ❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs

m c

Ek/P

f1(t) f2(t)

• ✏❇✐rt❤❞❛② ❜♦✉♥❞✑ 2n/2 s❡❝✉r✐t② ❛t ❜❡st
• ❖✈❡r❧②✐♥❣ ♠♦❞❡s ✐♥❤❡r✐t s❡❝✉r✐t② ❜♦✉♥❞
• ■❢ n ✐s ❧❛r❣❡ ❡♥♦✉❣❤ −

→ ♥♦ ♣r♦❜❧❡♠

• ■❢ n ✐s s♠❛❧❧ −

→ ✏❜❡②♦♥❞ ❜✐rt❤❞❛② ❜♦✉♥❞✑ s♦❧✉t✐♦♥s

• ❚✇❡❛❦✲r❡❦❡②✐♥❣ ❬▼✐♥✵✾✱▼❡♥✶✺✱❲●❩✰✶✻✱❏▲▼✰✶✼✱▲▲✶✽❪
• ❈❛s❝❛❞✐♥❣ ✭♥♦✇✮

✷✾ ✴ ✹✽

❈❛s❝❛❞✐♥❣ LRW2✬s

m c

· · · · · ·

h1(t) h1(t)⊕h2(t) hρ−1(t)⊕hρ(t) hρ(t)

Ek1 Ek2 Ekρ

• LRW2[ρ]✿ ❝♦♥❝❛t❡♥❛t✐♦♥ ♦❢ ρ LRW2✬s
• k1, . . . , kρ ❛♥❞ h1, . . . , hρ ✐♥❞❡♣❡♥❞❡♥t

✿ s❡❝✉r❡ ✉♣ t♦ q✉❡r✐❡s ❬▲❙❚✶✷✱Pr♦✶✹❪ ❡✈❡♥✿ s❡❝✉r❡ ✉♣ t♦ q✉❡r✐❡s ❬▲❙✶✸❪ ❇❡st ❛tt❛❝❦✿ q✉❡r✐❡s

✸✵ ✴ ✹✽

✏❈❛s❝❛❞❡❞ LRW2✑ ❂ LRW2[2]

❈❛s❝❛❞✐♥❣ LRW2✬s

m c

· · · · · ·

h1(t) h1(t)⊕h2(t) hρ−1(t)⊕hρ(t) hρ(t)

Ek1 Ek2 Ekρ

• LRW2[ρ]✿ ❝♦♥❝❛t❡♥❛t✐♦♥ ♦❢ ρ LRW2✬s
• k1, . . . , kρ ❛♥❞ h1, . . . , hρ ✐♥❞❡♣❡♥❞❡♥t
• ρ = 2✿ s❡❝✉r❡ ✉♣ t♦ 22n/3 q✉❡r✐❡s ❬▲❙❚✶✷✱Pr♦✶✹❪
• ρ ≥ 2 ❡✈❡♥✿ s❡❝✉r❡ ✉♣ t♦ 2ρn/(ρ+2) q✉❡r✐❡s ❬▲❙✶✸❪
• ❇❡st ❛tt❛❝❦✿ 2n q✉❡r✐❡s

✸✵ ✴ ✹✽

✏❈❛s❝❛❞❡❞ LRW2✑ ❂ LRW2[2]

❈❛s❝❛❞✐♥❣ ❚❊▼✬s

m c

· · · · · ·

h1(t) h1(t)⊕h2(t) hρ−1(t)⊕hρ(t) hρ(t)

P1 P2 Pρ

• TEM[ρ]✿ ❝♦♥❝❛t❡♥❛t✐♦♥ ♦❢ ρ TEM✬s
• P1, . . . , Pρ ❛♥❞ h1, . . . , hρ ✐♥❞❡♣❡♥❞❡♥t

✿ s❡❝✉r❡ ✉♣ t♦ q✉❡r✐❡s ❬❈▲❙✶✺❪ ❡✈❡♥✿ s❡❝✉r❡ ✉♣ t♦ q✉❡r✐❡s ❬❈▲❙✶✺❪ ❇❡st ❛tt❛❝❦✿ q✉❡r✐❡s ❬❇❑▲✰✶✷❪

✸✶ ✴ ✹✽

❈❛s❝❛❞✐♥❣ ❚❊▼✬s

m c

· · · · · ·

h1(t) h1(t)⊕h2(t) hρ−1(t)⊕hρ(t) hρ(t)

P1 P2 Pρ

• TEM[ρ]✿ ❝♦♥❝❛t❡♥❛t✐♦♥ ♦❢ ρ TEM✬s
• P1, . . . , Pρ ❛♥❞ h1, . . . , hρ ✐♥❞❡♣❡♥❞❡♥t
• ρ = 2✿ s❡❝✉r❡ ✉♣ t♦ 22n/3 q✉❡r✐❡s ❬❈▲❙✶✺❪
• ρ ≥ 2 ❡✈❡♥✿ s❡❝✉r❡ ✉♣ t♦ 2ρn/(ρ+2) q✉❡r✐❡s ❬❈▲❙✶✺❪
• ❇❡st ❛tt❛❝❦✿ 2ρn/(ρ+1) q✉❡r✐❡s ❬❇❑▲✰✶✷❪

✸✶ ✴ ✹✽

❙t❛t❡ ♦❢ t❤❡ ❆rt

n/2 2n/3 3n/4 5n/6 n LRW2[1] LRW2[2] LRW2[3] LRW2[4] LRW2[5] LRW2[6] LRW2[7] LRW2[8] LRW2[9] LRW2[10] LRW2[11] ❣❛♣ ❣❛♣ ❣❛♣ ❣❛♣ ❣❛♣ ❣❛♣ ❣❛♣ ❣❛♣ ❣❛♣ ❣❛♣ n/2 2n/3 3n/4 5n/6 n TEM[1] TEM[2] TEM[3] TEM[4] TEM[5] TEM[6] TEM[7] TEM[8] TEM[9] TEM[10] TEM[11] ❣❛♣ ❣❛♣ ❣❛♣ ❣❛♣ ❣❛♣ ❣❛♣ ❣❛♣ ❣❛♣ ❣❛♣

✸✷ ✴ ✹✽

■♠♣r♦✈❡❞ ✐♥ ❬▼❡♥✶✽❪

❙t❛t❡ ♦❢ t❤❡ ❆rt

n/2 2n/3 3n/4 5n/6 n LRW2[1] LRW2[2] LRW2[3] LRW2[4] LRW2[5] LRW2[6] LRW2[7] LRW2[8] LRW2[9] LRW2[10] LRW2[11] ❣❛♣ ❣❛♣ ❣❛♣ ❣❛♣ ❣❛♣ ❣❛♣ ❣❛♣ ❣❛♣ ❣❛♣ ❣❛♣ n/2 2n/3 3n/4 5n/6 n TEM[1] TEM[2] TEM[3] TEM[4] TEM[5] TEM[6] TEM[7] TEM[8] TEM[9] TEM[10] TEM[11] ❣❛♣ ❣❛♣ ❣❛♣ ❣❛♣ ❣❛♣ ❣❛♣ ❣❛♣ ❣❛♣ ❣❛♣

✸✷ ✴ ✹✽

− − →

■♠♣r♦✈❡❞ ✐♥ ❬▼❡♥✶✽❪

❖✉t❧✐♥❡ ❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs ❇❛s❡❞ ♦♥ ▼❛s❦✐♥❣

• ■♥t✉✐t✐♦♥
• ❙t❛t❡ ♦❢ t❤❡ ❆rt
• ■♠♣r♦✈❡❞ ❊✣❝✐❡♥❝②

❇❡②♦♥❞ ❇✐rt❤❞❛② ❇♦✉♥❞ ❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs

• ❙t❛t❡ ♦❢ t❤❡ ❆rt
• ❚✐❣❤t ❙❡❝✉r✐t② ♦❢ ❈❛s❝❛❞❡❞ LRW2❄
• ■♠♣r♦✈❡❞ ❆tt❛❝❦
• ■♠♣r♦✈❡❞ ❙❡❝✉r✐t② ❇♦✉♥❞

❈♦♥❝❧✉s✐♦♥

✸✸ ✴ ✹✽

❚✐❣❤t ❙❡❝✉r✐t② ♦❢ ❈❛s❝❛❞❡❞ LRW2❄

m Ek1 Ek2 c

h1(t) h1(t) ⊕ h2(t) h2(t)

n/2 2n/3 3n/4 n ❣❛♣

✐♠♣r♦✈❡❞ ❛tt❛❝❦ ✭❣❡♥❡r❛❧✐③❡❞ ❝♦♥str✉❝t✐♦♥✮ ✐♠♣r♦✈❡❞ ❜♦✉♥❞ ✭❝♦♥❞✐t✐♦♥❛❧❧②✮ ❝❛rr✐❡s ♦✈❡r t♦ ✕

✸✹ ✴ ✹✽

❚✐❣❤t ❙❡❝✉r✐t② ♦❢ ❈❛s❝❛❞❡❞ LRW2❄

m Ek1 Ek2 c

h1(t) h1(t) ⊕ h2(t) h2(t)

n/2 2n/3 3n/4 n ❣❛♣

✐♠♣r♦✈❡❞ ❛tt❛❝❦ ✭❣❡♥❡r❛❧✐③❡❞ ❝♦♥str✉❝t✐♦♥✮ ✐♠♣r♦✈❡❞ ❜♦✉♥❞ ✭❝♦♥❞✐t✐♦♥❛❧❧②✮ ❝❛rr✐❡s ♦✈❡r t♦ ✕

✸✹ ✴ ✹✽

❚✐❣❤t ❙❡❝✉r✐t② ♦❢ ❈❛s❝❛❞❡❞ LRW2❄

m Ek1 Ek2 c

h1(t) h1(t) ⊕ h2(t) h2(t)

n/2 2n/3 3n/4 n

✐♠♣r♦✈❡❞ ❛tt❛❝❦ ✭❣❡♥❡r❛❧✐③❡❞ ❝♦♥str✉❝t✐♦♥✮ ✐♠♣r♦✈❡❞ ❜♦✉♥❞ ✭❝♦♥❞✐t✐♦♥❛❧❧②✮ ❝❛rr✐❡s ♦✈❡r t♦ ✕

✸✹ ✴ ✹✽

❚✐❣❤t ❙❡❝✉r✐t② ♦❢ ❈❛s❝❛❞❡❞ LRW2❄

m Ek1 Ek2 c

h1(t) h1(t) ⊕ h2(t) h2(t)

n/2 2n/3 3n/4 n

✐♠♣r♦✈❡❞ ❛tt❛❝❦ ✭❣❡♥❡r❛❧✐③❡❞ ❝♦♥str✉❝t✐♦♥✮ ✐♠♣r♦✈❡❞ ❜♦✉♥❞ ✭❝♦♥❞✐t✐♦♥❛❧❧②✮ ❝❛rr✐❡s ♦✈❡r t♦ LRW2[3]✕LRW2[5]

✸✹ ✴ ✹✽

❖✉t❧✐♥❡ ❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs ❇❛s❡❞ ♦♥ ▼❛s❦✐♥❣

• ■♥t✉✐t✐♦♥
• ❙t❛t❡ ♦❢ t❤❡ ❆rt
• ■♠♣r♦✈❡❞ ❊✣❝✐❡♥❝②

❇❡②♦♥❞ ❇✐rt❤❞❛② ❇♦✉♥❞ ❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs

• ❙t❛t❡ ♦❢ t❤❡ ❆rt
• ❚✐❣❤t ❙❡❝✉r✐t② ♦❢ ❈❛s❝❛❞❡❞ LRW2❄
• ■♠♣r♦✈❡❞ ❆tt❛❝❦
• ■♠♣r♦✈❡❞ ❙❡❝✉r✐t② ❇♦✉♥❞

❈♦♥❝❧✉s✐♦♥

✸✺ ✴ ✹✽

■♠♣r♦✈❡❞ ❆tt❛❝❦

• GCL ✭●❡♥❡r❛❧✐③❡❞ ❈❛s❝❛❞❡❞ LRW2✮✿

m Ek1 Ek2 c

f1(t) f2(t) f3(t)

• fi ❛r❡ ❛r❜✐tr❛r② ❢✉♥❝t✐♦♥s
• pi := Eki ❛r❡ r❛♥❞♦♠ ♣❡r♠✉t❛t✐♦♥s
• ❡♥❡r✐❝ ❞✐st✐♥❣✉✐s❤✐♥❣ ❛tt❛❝❦ ✐♥

❡✈❛❧✉❛t✐♦♥s

✸✻ ✴ ✹✽

■♠♣r♦✈❡❞ ❆tt❛❝❦

• GCL ✭●❡♥❡r❛❧✐③❡❞ ❈❛s❝❛❞❡❞ LRW2✮✿

m Ek1 Ek2 c

f1(t) f2(t) f3(t)

• fi ❛r❡ ❛r❜✐tr❛r② ❢✉♥❝t✐♦♥s
• pi := Eki ❛r❡ r❛♥❞♦♠ ♣❡r♠✉t❛t✐♦♥s
• ❡♥❡r✐❝ ❞✐st✐♥❣✉✐s❤✐♥❣ ❛tt❛❝❦ ✐♥ 2n1/223n/4 ❡✈❛❧✉❛t✐♦♥s

✸✻ ✴ ✹✽

■♠♣r♦✈❡❞ ❆tt❛❝❦✿ ❘❛t✐♦♥❛❧❡

m1 m3 m′

2

m′

4

p1 p1 p1 p1 p2 p2 p2 p2 c1 c3 c′

2

c′

4 f1(t) f1(t′) f2(t) f2(t′) f3(t) f3(t′)

• ❉✐st✐♥❣✉✐s❤❡r D ♠❛❦❡s ✈❛r✐♦✉s q✉❡r✐❡s

❢♦r t✇♦ ❞✐✛❡r❡♥t t✇❡❛❦s✿ t ❛♥❞ t′ ❙✉♣♣♦s❡ ✐t ♠❛❦❡s q✉❡r✐❡s s✉❝❤ t❤❛t ◆❡❝❡ss❛r✐❧②✱ ❙t❛t❡❞ ❞✐✛❡r❡♥t❧②✿

✸✼ ✴ ✹✽

■♠♣r♦✈❡❞ ❆tt❛❝❦✿ ❘❛t✐♦♥❛❧❡

m1 m3 m′

2

m′

4

p1 p1 p1 p1 p2 p2 p2 p2 c1 c3 c′

2

c′

4 f1(t) f1(t′) f2(t) f2(t′) f3(t) f3(t′)

• ❉✐st✐♥❣✉✐s❤❡r D ♠❛❦❡s ✈❛r✐♦✉s q✉❡r✐❡s

❢♦r t✇♦ ❞✐✛❡r❡♥t t✇❡❛❦s✿ t ❛♥❞ t′

• ❙✉♣♣♦s❡ ✐t ♠❛❦❡s 4 q✉❡r✐❡s s✉❝❤ t❤❛t

m1 ⊕ f1(t) = m′

2 ⊕ f1(t′)

c′

2 ⊕ f3(t′) = c3 ⊕ f3(t)

m3 ⊕ f1(t) = m′

4 ⊕ f1(t′)

◆❡❝❡ss❛r✐❧②✱ ❙t❛t❡❞ ❞✐✛❡r❡♥t❧②✿

✸✼ ✴ ✹✽

■♠♣r♦✈❡❞ ❆tt❛❝❦✿ ❘❛t✐♦♥❛❧❡

m1 m3 m′

2

m′

4

p1 p1 p1 p1 p2 p2 p2 p2 c1 c3 c′

2

c′

4 f1(t) f1(t′) f2(t) f2(t′) f3(t) f3(t′)

• ❉✐st✐♥❣✉✐s❤❡r D ♠❛❦❡s ✈❛r✐♦✉s q✉❡r✐❡s

❢♦r t✇♦ ❞✐✛❡r❡♥t t✇❡❛❦s✿ t ❛♥❞ t′

• ❙✉♣♣♦s❡ ✐t ♠❛❦❡s 4 q✉❡r✐❡s s✉❝❤ t❤❛t

m1 ⊕ f1(t) = m′

2 ⊕ f1(t′)

c′

2 ⊕ f3(t′) = c3 ⊕ f3(t)

m3 ⊕ f1(t) = m′

4 ⊕ f1(t′)

• ◆❡❝❡ss❛r✐❧②✱

c1 ⊕ f3(t) = c′

4 ⊕ f3(t′)

❙t❛t❡❞ ❞✐✛❡r❡♥t❧②✿

✸✼ ✴ ✹✽

■♠♣r♦✈❡❞ ❆tt❛❝❦✿ ❘❛t✐♦♥❛❧❡

m1 m3 m′

2

m′

4

p1 p1 p1 p1 p2 p2 p2 p2 c1 c3 c′

2

c′

4 f1(t) f1(t′) f2(t) f2(t′) f3(t) f3(t′)

• ❉✐st✐♥❣✉✐s❤❡r D ♠❛❦❡s ✈❛r✐♦✉s q✉❡r✐❡s

❢♦r t✇♦ ❞✐✛❡r❡♥t t✇❡❛❦s✿ t ❛♥❞ t′

• ❙✉♣♣♦s❡ ✐t ♠❛❦❡s 4 q✉❡r✐❡s s✉❝❤ t❤❛t

m1 ⊕ f1(t) = m′

2 ⊕ f1(t′)

c′

2 ⊕ f3(t′) = c3 ⊕ f3(t)

m3 ⊕ f1(t) = m′

4 ⊕ f1(t′)

• ◆❡❝❡ss❛r✐❧②✱

c1 ⊕ f3(t) = c′

4 ⊕ f3(t′)

• ❙t❛t❡❞ ❞✐✛❡r❡♥t❧②✿

m1 ⊕ m′

2 = m3 ⊕ m′ 4 = f1(t) ⊕ f1(t′)

c′

2 ⊕ c3 = c1 ⊕ c′ 4 = f3(t) ⊕ f3(t′)

✸✼ ✴ ✹✽

■♠♣r♦✈❡❞ ❆tt❛❝❦✿ ❘❛t✐♦♥❛❧❡

m1 m3 m′

2

m′

4

p1 p1 p1 p1 p2 p2 p2 p2 c1 c3 c′

2

c′

4 f1(t) f1(t′) f2(t) f2(t′) f3(t) f3(t′)

• ❙t❛t❡❞ ❞✐✛❡r❡♥t❧②✿

m1 ⊕ m′

2 = m3 ⊕ m′ 4 = f1(t) ⊕ f1(t′)

c′

2 ⊕ c3 = c1 ⊕ c′ 4 = f3(t) ⊕ f3(t′)

❇✉t ❞♦❡s ♥♦t ❦♥♦✇ ❈❤♦♦s❡ t❤❡ ✬s ❛♥❞ ✬s s✉❝❤ t❤❛t ❢♦r ❛♥② ✱ t❤❡r❡ ❛r❡ q✉❛❞r✉♣❧❡s s✉❝❤ t❤❛t ✭❝♦sts q✉❡r✐❡s ❢♦r ❜♦t❤ ❛♥❞ ✮ s♦❧✉t✐♦♥s t♦ ❄ ✐❢ ✱ ♦t❤❡r✇✐s❡ ❊①t❡♥❞ t❤❡ ♥✉♠❜❡r ♦❢ q✉❡r✐❡s ❜② ❢❛❝t♦r t♦ ❡❧✐♠✐♥❛t❡ ❢❛❧s❡ ♣♦s✐t✐✈❡s

✸✽ ✴ ✹✽

■♠♣r♦✈❡❞ ❆tt❛❝❦✿ ❘❛t✐♦♥❛❧❡

m1 m3 m′

2

m′

4

p1 p1 p1 p1 p2 p2 p2 p2 c1 c3 c′

2

c′

4 f1(t) f1(t′) f2(t) f2(t′) f3(t) f3(t′)

• ❙t❛t❡❞ ❞✐✛❡r❡♥t❧②✿

m1 ⊕ m′

2 = m3 ⊕ m′ 4 = f1(t) ⊕ f1(t′)

c′

2 ⊕ c3 = c1 ⊕ c′ 4 = f3(t) ⊕ f3(t′)

• ❇✉t D ❞♦❡s ♥♦t ❦♥♦✇ f1(t) ⊕ f1(t′)

❈❤♦♦s❡ t❤❡ ✬s ❛♥❞ ✬s s✉❝❤ t❤❛t ❢♦r ❛♥② ✱ t❤❡r❡ ❛r❡ q✉❛❞r✉♣❧❡s s✉❝❤ t❤❛t ✭❝♦sts q✉❡r✐❡s ❢♦r ❜♦t❤ ❛♥❞ ✮ s♦❧✉t✐♦♥s t♦ ❄ ✐❢ ✱ ♦t❤❡r✇✐s❡ ❊①t❡♥❞ t❤❡ ♥✉♠❜❡r ♦❢ q✉❡r✐❡s ❜② ❢❛❝t♦r t♦ ❡❧✐♠✐♥❛t❡ ❢❛❧s❡ ♣♦s✐t✐✈❡s

✸✽ ✴ ✹✽

■♠♣r♦✈❡❞ ❆tt❛❝❦✿ ❘❛t✐♦♥❛❧❡

m1 m3 m′

2

m′

4

p1 p1 p1 p1 p2 p2 p2 p2 c1 c3 c′

2

c′

4 f1(t) f1(t′) f2(t) f2(t′) f3(t) f3(t′)

• ❙t❛t❡❞ ❞✐✛❡r❡♥t❧②✿

m1 ⊕ m′

2 = m3 ⊕ m′ 4 = f1(t) ⊕ f1(t′)

c′

2 ⊕ c3 = c1 ⊕ c′ 4 = f3(t) ⊕ f3(t′)

• ❇✉t D ❞♦❡s ♥♦t ❦♥♦✇ f1(t) ⊕ f1(t′)
• ❈❤♦♦s❡ t❤❡ mi✬s ❛♥❞ m′

i✬s s✉❝❤ t❤❛t

❢♦r ❛♥② d✱ t❤❡r❡ ❛r❡ 2n q✉❛❞r✉♣❧❡s s✉❝❤ t❤❛t m1 ⊕ m′

2 = m3 ⊕ m′ 4 = d

✭❝♦sts 23n/4 q✉❡r✐❡s ❢♦r ❜♦t❤ t ❛♥❞ t′✮ s♦❧✉t✐♦♥s t♦ ❄ ✐❢ ✱ ♦t❤❡r✇✐s❡ ❊①t❡♥❞ t❤❡ ♥✉♠❜❡r ♦❢ q✉❡r✐❡s ❜② ❢❛❝t♦r t♦ ❡❧✐♠✐♥❛t❡ ❢❛❧s❡ ♣♦s✐t✐✈❡s

✸✽ ✴ ✹✽

■♠♣r♦✈❡❞ ❆tt❛❝❦✿ ❘❛t✐♦♥❛❧❡

m1 m3 m′

2

m′

4

p1 p1 p1 p1 p2 p2 p2 p2 c1 c3 c′

2

c′

4 f1(t) f1(t′) f2(t) f2(t′) f3(t) f3(t′)

• ❙t❛t❡❞ ❞✐✛❡r❡♥t❧②✿

m1 ⊕ m′

2 = m3 ⊕ m′ 4 = f1(t) ⊕ f1(t′)

c′

2 ⊕ c3 = c1 ⊕ c′ 4 = f3(t) ⊕ f3(t′)

• ❇✉t D ❞♦❡s ♥♦t ❦♥♦✇ f1(t) ⊕ f1(t′)
• ❈❤♦♦s❡ t❤❡ mi✬s ❛♥❞ m′

i✬s s✉❝❤ t❤❛t

❢♦r ❛♥② d✱ t❤❡r❡ ❛r❡ 2n q✉❛❞r✉♣❧❡s s✉❝❤ t❤❛t m1 ⊕ m′

2 = m3 ⊕ m′ 4 = d

✭❝♦sts 23n/4 q✉❡r✐❡s ❢♦r ❜♦t❤ t ❛♥❞ t′✮

• E[s♦❧✉t✐♦♥s t♦ c′

2 ⊕ c3 = c1 ⊕ c′ 4]❄

2 ✐❢ d = f1(t) ⊕ f1(t′)✱ 1 ♦t❤❡r✇✐s❡ ❊①t❡♥❞ t❤❡ ♥✉♠❜❡r ♦❢ q✉❡r✐❡s ❜② ❢❛❝t♦r t♦ ❡❧✐♠✐♥❛t❡ ❢❛❧s❡ ♣♦s✐t✐✈❡s

✸✽ ✴ ✹✽

■♠♣r♦✈❡❞ ❆tt❛❝❦✿ ❘❛t✐♦♥❛❧❡

m1 m3 m′

2

m′

4

p1 p1 p1 p1 p2 p2 p2 p2 c1 c3 c′

2

c′

4 f1(t) f1(t′) f2(t) f2(t′) f3(t) f3(t′)

• ❙t❛t❡❞ ❞✐✛❡r❡♥t❧②✿

m1 ⊕ m′

2 = m3 ⊕ m′ 4 = f1(t) ⊕ f1(t′)

c′

2 ⊕ c3 = c1 ⊕ c′ 4 = f3(t) ⊕ f3(t′)

• ❇✉t D ❞♦❡s ♥♦t ❦♥♦✇ f1(t) ⊕ f1(t′)
• ❈❤♦♦s❡ t❤❡ mi✬s ❛♥❞ m′

i✬s s✉❝❤ t❤❛t

❢♦r ❛♥② d✱ t❤❡r❡ ❛r❡ 2n q✉❛❞r✉♣❧❡s s✉❝❤ t❤❛t m1 ⊕ m′

2 = m3 ⊕ m′ 4 = d

✭❝♦sts 23n/4 q✉❡r✐❡s ❢♦r ❜♦t❤ t ❛♥❞ t′✮

• E[s♦❧✉t✐♦♥s t♦ c′

2 ⊕ c3 = c1 ⊕ c′ 4]❄

2 ✐❢ d = f1(t) ⊕ f1(t′)✱ 1 ♦t❤❡r✇✐s❡

• ❊①t❡♥❞ t❤❡ ♥✉♠❜❡r ♦❢ q✉❡r✐❡s ❜②

❢❛❝t♦r n1/2 t♦ ❡❧✐♠✐♥❛t❡ ❢❛❧s❡ ♣♦s✐t✐✈❡s

✸✽ ✴ ✹✽

■♠♣r♦✈❡❞ ❆tt❛❝❦✿ ❱❡r✐✜❝❛t✐♦♥

❚❤❡♦r❡t✐❝❛❧ ❱❡r✐✜❝❛t✐♦♥

• ❆ss✉♠✐♥❣ n ≥ 27✱ t❤❡ s✉❝❝❡ss ♣r♦❜❛❜✐❧✐t② ♦❢ D ✐s ❛t ❧❡❛st 1/2
• ❆♥❛❧②s✐s ❝♦♥s✐sts ♦❢ ♣r♦♣❡r❧② ❜♦✉♥❞✐♥❣ Pr
• D

Ek = 1

• ❛♥❞ Pr
• D

π = 1

• ❊①♣❡r✐♠❡♥t❛❧ ❱❡r✐✜❝❛t✐♦♥

❙♠❛❧❧✲s❝❛❧❡ ✐♠♣❧❡♠❡♥t❛t✐♦♥ ❢♦r ✐s t❤❡ ♥✉♠❜❡r ♦❢ ❤✐ts

✐♥ r❡❛❧ ✇♦r❧❞ ❢♦r ✐♥ ✐❞❡❛❧ ✇♦r❧❞ ❢♦r r❛♥❞♦♠ r❛♥❞♦♠

✸✾ ✴ ✹✽

■♠♣r♦✈❡❞ ❆tt❛❝❦✿ ❱❡r✐✜❝❛t✐♦♥

❚❤❡♦r❡t✐❝❛❧ ❱❡r✐✜❝❛t✐♦♥

• ❆ss✉♠✐♥❣ n ≥ 27✱ t❤❡ s✉❝❝❡ss ♣r♦❜❛❜✐❧✐t② ♦❢ D ✐s ❛t ❧❡❛st 1/2
• ❆♥❛❧②s✐s ❝♦♥s✐sts ♦❢ ♣r♦♣❡r❧② ❜♦✉♥❞✐♥❣ Pr
• D

Ek = 1

• ❛♥❞ Pr
• D

π = 1

• ❊①♣❡r✐♠❡♥t❛❧ ❱❡r✐✜❝❛t✐♦♥
• ❙♠❛❧❧✲s❝❛❧❡ ✐♠♣❧❡♠❡♥t❛t✐♦♥ ❢♦r n = 16, 20, 24
• Nd ✐s t❤❡ ♥✉♠❜❡r ♦❢ ❤✐ts c′

2 ⊕ c3 = c1 ⊕ c′ 4 Nd ✐♥ r❡❛❧ ✇♦r❧❞ ❢♦r d = Nd ✐♥ ✐❞❡❛❧ ✇♦r❧❞ ❢♦r d = n n1/2 ≈ q f1(t) ⊕ f1(t′) r❛♥❞♦♠ f1(t) ⊕ f1(t′) r❛♥❞♦♠ 16 2 4 · 212 256.593750 129.781250 127.093750 127.375000 20 2 4 · 215 265.531250 133.312500 125.625000 128.750000 24 2 4 · 218 246.750000 131.375000 120.625000 129.875000

✸✾ ✴ ✹✽

❖✉t❧✐♥❡ ❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs ❇❛s❡❞ ♦♥ ▼❛s❦✐♥❣

• ■♥t✉✐t✐♦♥
• ❙t❛t❡ ♦❢ t❤❡ ❆rt
• ■♠♣r♦✈❡❞ ❊✣❝✐❡♥❝②

❇❡②♦♥❞ ❇✐rt❤❞❛② ❇♦✉♥❞ ❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs

• ❙t❛t❡ ♦❢ t❤❡ ❆rt
• ❚✐❣❤t ❙❡❝✉r✐t② ♦❢ ❈❛s❝❛❞❡❞ LRW2❄
• ■♠♣r♦✈❡❞ ❆tt❛❝❦
• ■♠♣r♦✈❡❞ ❙❡❝✉r✐t② ❇♦✉♥❞

❈♦♥❝❧✉s✐♦♥

✹✵ ✴ ✹✽

■♠♣r♦✈❡❞ ❙❡❝✉r✐t② ❇♦✉♥❞

• ❈❛s❝❛❞❡❞ LRW2✿

m Ek1 Ek2 c

h1(t) h1(t) ⊕ h2(t) h2(t)

• Eki ❛r❡ ❙P❘P✲s❡❝✉r❡
• hi ❛r❡ 4✲✇✐s❡ ✐♥❞❡♣❡♥❞❡♥t ❳❖❘✲✉♥✐✈❡rs❛❧ ❤❛s❤
• ◆♦ t✇❡❛❦ ✐s q✉❡r✐❡❞ ♠♦r❡ t❤❛♥ 2n/4 t✐♠❡s

❈❛s❝❛❞❡❞ ✐s s❡❝✉r❡ ✉♣ t♦ ❡✈❛❧✉❛t✐♦♥s

✹✶ ✴ ✹✽

■♠♣r♦✈❡❞ ❙❡❝✉r✐t② ❇♦✉♥❞

• ❈❛s❝❛❞❡❞ LRW2✿

m Ek1 Ek2 c

h1(t) h1(t) ⊕ h2(t) h2(t)

• Eki ❛r❡ ❙P❘P✲s❡❝✉r❡
• hi ❛r❡ 4✲✇✐s❡ ✐♥❞❡♣❡♥❞❡♥t ❳❖❘✲✉♥✐✈❡rs❛❧ ❤❛s❤
• ◆♦ t✇❡❛❦ ✐s q✉❡r✐❡❞ ♠♦r❡ t❤❛♥ 2n/4 t✐♠❡s

❈❛s❝❛❞❡❞ LRW2 ✐s s❡❝✉r❡ ✉♣ t♦ ≈ 23n/4 ❡✈❛❧✉❛t✐♦♥s

✹✶ ✴ ✹✽

■♠♣r♦✈❡❞ ❙❡❝✉r✐t② ❇♦✉♥❞✿ Pr♦♦❢ ■❞❡❛ ✭✶✮

❙t❡♣ ✶✿ ❙P❘P ❙✇✐t❝❤

• ❘❡♣❧❛❝❡ Eki ❜② r❛♥❞♦♠ ♣❡r♠✉t❛t✐♦♥s pi

m p1 p2 c

h1(t) h1(t) ⊕ h2(t) h2(t)

❙t❡♣ ✷✿ P❛t❛r✐♥✬s ❍✲❈♦❡✣❝✐❡♥t ❚❡❝❤♥✐q✉❡ ▼❛✐♥ t❛s❦✿ ❣✐✈❡♥ ❡✈❛❧✉❛t✐♦♥s ♦❢ ❝❛s❝❛❞❡❞ ✱ ❞❡r✐✈❡ ❧♦✇❡r ❜♦✉♥❞ ♦♥ ▲♦✇❡r ❜♦✉♥❞ s❤♦✉❧❞ ❤♦❧❞ ❢♦r t❤❡ ✏♠♦st ❧✐❦❡❧②✑ tr❛♥s❝r✐♣ts

✹✷ ✴ ✹✽

■♠♣r♦✈❡❞ ❙❡❝✉r✐t② ❇♦✉♥❞✿ Pr♦♦❢ ■❞❡❛ ✭✶✮

❙t❡♣ ✶✿ ❙P❘P ❙✇✐t❝❤

• ❘❡♣❧❛❝❡ Eki ❜② r❛♥❞♦♠ ♣❡r♠✉t❛t✐♦♥s pi

m p1 p2 c

h1(t) h1(t) ⊕ h2(t) h2(t)

❙t❡♣ ✷✿ P❛t❛r✐♥✬s ❍✲❈♦❡✣❝✐❡♥t ❚❡❝❤♥✐q✉❡

• ▼❛✐♥ t❛s❦✿ ❣✐✈❡♥ q ❡✈❛❧✉❛t✐♦♥s ♦❢ ❝❛s❝❛❞❡❞ LRW2✱

❞❡r✐✈❡ ❧♦✇❡r ❜♦✉♥❞ ♦♥ #{(p1, p2)}

• ▲♦✇❡r ❜♦✉♥❞ s❤♦✉❧❞ ❤♦❧❞ ❢♦r t❤❡ ✏♠♦st ❧✐❦❡❧②✑ tr❛♥s❝r✐♣ts

✹✷ ✴ ✹✽

■♠♣r♦✈❡❞ ❙❡❝✉r✐t② ❇♦✉♥❞✿ Pr♦♦❢ ■❞❡❛ ✭✷✮

❙t❡♣ ✸✿ ❚r❛♥s❢♦r♠ ❚r❛♥s❝r✐♣t t♦ ●r❛♣❤ ✭❖♥❡ ❚✉♣❧❡✮

m p1 p2 c

h1(t) h1(t) ⊕ h2(t) h2(t)

⇐ ⇒

m ⊕ h1(t) c ⊕ h2(t) h1(t) ⊕ h2(t)

✉♥❦♥♦✇♥s✿ ❛♥❞ ❡q✉❛t✐♦♥✿ ▲♦✇❡r ❜♦✉♥❞ ♦♥ r❡❧❛t❡❞ t♦ t❤❡ ♥✉♠❜❡r ♦❢ ❝❤♦✐❝❡s

✹✸ ✴ ✹✽

■♠♣r♦✈❡❞ ❙❡❝✉r✐t② ❇♦✉♥❞✿ Pr♦♦❢ ■❞❡❛ ✭✷✮

❙t❡♣ ✸✿ ❚r❛♥s❢♦r♠ ❚r❛♥s❝r✐♣t t♦ ●r❛♣❤ ✭❖♥❡ ❚✉♣❧❡✮

m p1 p2 c

h1(t) h1(t) ⊕ h2(t) h2(t)

⇐ ⇒

m ⊕ h1(t) c ⊕ h2(t) h1(t) ⊕ h2(t)

• 2 ✉♥❦♥♦✇♥s✿ X := p1(m ⊕ h1(t)) ❛♥❞ Y := p−1

2 (c ⊕ h2(t))

• 1 ❡q✉❛t✐♦♥✿ X ⊕ Y = h1(t) ⊕ h2(t)

▲♦✇❡r ❜♦✉♥❞ ♦♥ r❡❧❛t❡❞ t♦ t❤❡ ♥✉♠❜❡r ♦❢ ❝❤♦✐❝❡s

✹✸ ✴ ✹✽

■♠♣r♦✈❡❞ ❙❡❝✉r✐t② ❇♦✉♥❞✿ Pr♦♦❢ ■❞❡❛ ✭✷✮

❙t❡♣ ✸✿ ❚r❛♥s❢♦r♠ ❚r❛♥s❝r✐♣t t♦ ●r❛♣❤ ✭❖♥❡ ❚✉♣❧❡✮

m p1 p2 c

h1(t) h1(t) ⊕ h2(t) h2(t)

⇐ ⇒

m ⊕ h1(t) c ⊕ h2(t) h1(t) ⊕ h2(t)

• 2 ✉♥❦♥♦✇♥s✿ X := p1(m ⊕ h1(t)) ❛♥❞ Y := p−1

2 (c ⊕ h2(t))

• 1 ❡q✉❛t✐♦♥✿ X ⊕ Y = h1(t) ⊕ h2(t)
• ▲♦✇❡r ❜♦✉♥❞ ♦♥ #{(p1, p2)} r❡❧❛t❡❞ t♦ t❤❡ ♥✉♠❜❡r ♦❢ ❝❤♦✐❝❡s (X, Y )

✹✸ ✴ ✹✽

■♠♣r♦✈❡❞ ❙❡❝✉r✐t② ❇♦✉♥❞✿ Pr♦♦❢ ■❞❡❛ ✭✸✮

❙t❡♣ ✹✿ ❚r❛♥s❢♦r♠ ❚r❛♥s❝r✐♣t t♦ ●r❛♣❤ ✭❆❧❧ ❚✉♣❧❡s✮

¯ m1 ¯ m2 = ¯ m3 ¯ m4 = ¯ m5 = ¯ m6 ¯ m7 ¯ c1 ¯ c2 ¯ c3 ¯ c4 ¯ c5 ¯ c6 = ¯ c7 f(t1) f(t2) f(t3) f(t4) f(t5) f2(t6) f2(t7)

♥♦t❛t✐♦♥✿ ¯ mi ❂ mi ⊕ h1(ti) ¯ ci ❂ ci ⊕ h2(ti) f(ti) ❂ h1(ti) ⊕ h2(ti)

• r1 ✉♥❦♥♦✇♥s ❢♦r p1✱ r2 ✉♥❦♥♦✇♥s ❢♦r p2✱ ❛♥❞ q ❡q✉❛t✐♦♥s

❚✇♦ ♣♦t❡♥t✐❛❧ ♣r♦❜❧❡♠s✿

✭✐✮ ●r❛♣❤ ❝♦♥t❛✐♥s ❝✐r❝❧❡ ✭✐✐✮ ●r❛♣❤ ❝♦♥t❛✐♥s ♣❛t❤ ♦❢ ❡✈❡♥ ❧❡♥❣t❤ ✇❤♦s❡ ❧❛❜❡❧s s✉♠ t♦ ✭❞❡❣❡♥❡r❛❝②✮

■❢ ♥❡✐t❤❡r ♦❢ t❤❡s❡ ♦❝❝✉rs✿ ♦♥❡ ✏❢r❡❡ ❝❤♦✐❝❡✑ ❢♦r ❡❛❝❤ tr❡❡

✹✹ ✴ ✹✽

■♠♣r♦✈❡❞ ❙❡❝✉r✐t② ❇♦✉♥❞✿ Pr♦♦❢ ■❞❡❛ ✭✸✮

❙t❡♣ ✹✿ ❚r❛♥s❢♦r♠ ❚r❛♥s❝r✐♣t t♦ ●r❛♣❤ ✭❆❧❧ ❚✉♣❧❡s✮

¯ m1 ¯ m2 = ¯ m3 ¯ m4 = ¯ m5 = ¯ m6 ¯ m7 ¯ c1 ¯ c2 ¯ c3 ¯ c4 ¯ c5 ¯ c6 = ¯ c7 f(t1) f(t2) f(t3) f(t4) f(t5) f2(t6) f2(t7)

♥♦t❛t✐♦♥✿ ¯ mi ❂ mi ⊕ h1(ti) ¯ ci ❂ ci ⊕ h2(ti) f(ti) ❂ h1(ti) ⊕ h2(ti)

• r1 ✉♥❦♥♦✇♥s ❢♦r p1✱ r2 ✉♥❦♥♦✇♥s ❢♦r p2✱ ❛♥❞ q ❡q✉❛t✐♦♥s
• ❚✇♦ ♣♦t❡♥t✐❛❧ ♣r♦❜❧❡♠s✿

✭✐✮ ●r❛♣❤ ❝♦♥t❛✐♥s ❝✐r❝❧❡ ✭✐✐✮ ●r❛♣❤ ❝♦♥t❛✐♥s ♣❛t❤ ♦❢ ❡✈❡♥ ❧❡♥❣t❤ ✇❤♦s❡ ❧❛❜❡❧s s✉♠ t♦ 0 ✭❞❡❣❡♥❡r❛❝②✮

■❢ ♥❡✐t❤❡r ♦❢ t❤❡s❡ ♦❝❝✉rs✿ ♦♥❡ ✏❢r❡❡ ❝❤♦✐❝❡✑ ❢♦r ❡❛❝❤ tr❡❡

✹✹ ✴ ✹✽

■♠♣r♦✈❡❞ ❙❡❝✉r✐t② ❇♦✉♥❞✿ Pr♦♦❢ ■❞❡❛ ✭✸✮

❙t❡♣ ✹✿ ❚r❛♥s❢♦r♠ ❚r❛♥s❝r✐♣t t♦ ●r❛♣❤ ✭❆❧❧ ❚✉♣❧❡s✮

¯ m1 ¯ m2 = ¯ m3 ¯ m4 = ¯ m5 = ¯ m6 ¯ m7 ¯ c1 ¯ c2 ¯ c3 ¯ c4 ¯ c5 ¯ c6 = ¯ c7 f(t1) f(t2) f(t3) f(t4) f(t5) f2(t6) f2(t7)

♥♦t❛t✐♦♥✿ ¯ mi ❂ mi ⊕ h1(ti) ¯ ci ❂ ci ⊕ h2(ti) f(ti) ❂ h1(ti) ⊕ h2(ti)

• r1 ✉♥❦♥♦✇♥s ❢♦r p1✱ r2 ✉♥❦♥♦✇♥s ❢♦r p2✱ ❛♥❞ q ❡q✉❛t✐♦♥s
• ❚✇♦ ♣♦t❡♥t✐❛❧ ♣r♦❜❧❡♠s✿

✭✐✮ ●r❛♣❤ ❝♦♥t❛✐♥s ❝✐r❝❧❡ ✭✐✐✮ ●r❛♣❤ ❝♦♥t❛✐♥s ♣❛t❤ ♦❢ ❡✈❡♥ ❧❡♥❣t❤ ✇❤♦s❡ ❧❛❜❡❧s s✉♠ t♦ 0 ✭❞❡❣❡♥❡r❛❝②✮

• ■❢ ♥❡✐t❤❡r ♦❢ t❤❡s❡ ♦❝❝✉rs✿ ♦♥❡ ✏❢r❡❡ ❝❤♦✐❝❡✑ ❢♦r ❡❛❝❤ tr❡❡

✹✹ ✴ ✹✽

■♠♣r♦✈❡❞ ❙❡❝✉r✐t② ❇♦✉♥❞✿ Pr♦♦❢ ■❞❡❛ ✭✹✮

❙t❡♣ ✺✿ P❛t❛r✐♥✬s ▼✐rr♦r ❚❤❡♦r② ✭■♥❢♦r♠❛❧✮ ■❢ t❤❡ ❣r❛♣❤ ✐s ✭✐✮ ❝✐r❝❧❡ ❢r❡❡✱ ✭✐✐✮ ♥♦♥✲❞❡❣❡♥❡r❛t❡✱ ❛♥❞ ✭✐✐✐✮ ❤❛s ♥♦ ❡①❝❡ss✐✈❡❧② ❧❛r❣❡ tr❡❡✱ t❤❡ ♥✉♠❜❡r ♦❢ ♣♦ss✐❜❧❡ (p1, p2) ✐s ❛t ❧❡❛st 2n!2n! 2nq ·

• 1 − 4q

2n

• ▲♦✇❡r ❜♦✉♥❞ ♦♥

s✉✣❝✐❡♥t t♦ ❞❡r✐✈❡ s❡❝✉r✐t② ✭s♦♠❡ t❡❝❤♥✐❝❛❧✐t② ✐♥✈♦❧✈❡❞✮ ❱✐♦❧❛t✐♦♥ ♦❢ ✭✐✮✱ ✭✐✐✮✱ ♦r ✭✐✐✐✮ ✇✐t❤ ♣r♦❜❛❜✐❧✐t② ❛t ♠♦st ❲❡ ❛♣♣❧② ♠✐rr♦r t❤❡♦r② ✉♣ t♦ t❤❡ ✜rst ✐t❡r❛t✐♦♥

✹✺ ✴ ✹✽

■♠♣r♦✈❡❞ ❙❡❝✉r✐t② ❇♦✉♥❞✿ Pr♦♦❢ ■❞❡❛ ✭✹✮

❙t❡♣ ✺✿ P❛t❛r✐♥✬s ▼✐rr♦r ❚❤❡♦r② ✭■♥❢♦r♠❛❧✮ ■❢ t❤❡ ❣r❛♣❤ ✐s ✭✐✮ ❝✐r❝❧❡ ❢r❡❡✱ ✭✐✐✮ ♥♦♥✲❞❡❣❡♥❡r❛t❡✱ ❛♥❞ ✭✐✐✐✮ ❤❛s ♥♦ ❡①❝❡ss✐✈❡❧② ❧❛r❣❡ tr❡❡✱ t❤❡ ♥✉♠❜❡r ♦❢ ♣♦ss✐❜❧❡ (p1, p2) ✐s ❛t ❧❡❛st 2n!2n! 2nq ·

• 1 − 4q

2n

• ▲♦✇❡r ❜♦✉♥❞ ♦♥ #{(p1, p2)} s✉✣❝✐❡♥t t♦ ❞❡r✐✈❡ 23n/4 s❡❝✉r✐t②

✭s♦♠❡ t❡❝❤♥✐❝❛❧✐t② ✐♥✈♦❧✈❡❞✮

• ❱✐♦❧❛t✐♦♥ ♦❢ ✭✐✮✱ ✭✐✐✮✱ ♦r ✭✐✐✐✮ ✇✐t❤ ♣r♦❜❛❜✐❧✐t② ❛t ♠♦st O(q4/23n)

❲❡ ❛♣♣❧② ♠✐rr♦r t❤❡♦r② ✉♣ t♦ t❤❡ ✜rst ✐t❡r❛t✐♦♥

✹✺ ✴ ✹✽

■♠♣r♦✈❡❞ ❙❡❝✉r✐t② ❇♦✉♥❞✿ Pr♦♦❢ ■❞❡❛ ✭✹✮

❙t❡♣ ✺✿ P❛t❛r✐♥✬s ▼✐rr♦r ❚❤❡♦r② ✭■♥❢♦r♠❛❧✮ ■❢ t❤❡ ❣r❛♣❤ ✐s ✭✐✮ ❝✐r❝❧❡ ❢r❡❡✱ ✭✐✐✮ ♥♦♥✲❞❡❣❡♥❡r❛t❡✱ ❛♥❞ ✭✐✐✐✮ ❤❛s ♥♦ ❡①❝❡ss✐✈❡❧② ❧❛r❣❡ tr❡❡✱ t❤❡ ♥✉♠❜❡r ♦❢ ♣♦ss✐❜❧❡ (p1, p2) ✐s ❛t ❧❡❛st 2n!2n! 2nq ·

• 1 − 4q

2n

• ▲♦✇❡r ❜♦✉♥❞ ♦♥ #{(p1, p2)} s✉✣❝✐❡♥t t♦ ❞❡r✐✈❡ 23n/4 s❡❝✉r✐t②

✭s♦♠❡ t❡❝❤♥✐❝❛❧✐t② ✐♥✈♦❧✈❡❞✮

• ❱✐♦❧❛t✐♦♥ ♦❢ ✭✐✮✱ ✭✐✐✮✱ ♦r ✭✐✐✐✮ ✇✐t❤ ♣r♦❜❛❜✐❧✐t② ❛t ♠♦st O(q4/23n)
• ❲❡ ❛♣♣❧② ♠✐rr♦r t❤❡♦r② ✉♣ t♦ t❤❡ ✜rst ✐t❡r❛t✐♦♥

✹✺ ✴ ✹✽

■♠♣r♦✈❡❞ ❙❡❝✉r✐t② ❇♦✉♥❞✿ ❇♦tt❧❡♥❡❝❦s

❊①❝❡ss✐✈❡❧② ▲❛r❣❡ ❚r❡❡

• ❇❛❞♥❡ss ♣r♦❜❛❜✐❧✐t② r❡❧✐❡s ♦♥
• t✇❡❛❦ ❧✐♠✐t❛t✐♦♥
• 4✲✇✐s❡ ✐♥❞❡♣❡♥❞❡♥❝❡ ♦❢ ❤❛s❤ ❢✉♥❝t✐♦♥s

▼✐rr♦r ❚❤❡♦r②

• ▼✐rr♦r t❤❡♦r② ❞❡✈❡❧♦♣❡❞ ❢♦r ❝♦♠♣❛r✐s♦♥ ✇✐t❤ P❘❋✱ ♥♦t ✇✐t❤ P❘P
• Pr♦❜❧❡♠ ♠✐t✐❣❛t❡❞ ❞✉❡ t♦ t✇❡❛❦ ❧✐♠✐t❛t✐♦♥

✹✻ ✴ ✹✽

❖✉t❧✐♥❡ ❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs ❇❛s❡❞ ♦♥ ▼❛s❦✐♥❣

• ■♥t✉✐t✐♦♥
• ❙t❛t❡ ♦❢ t❤❡ ❆rt
• ■♠♣r♦✈❡❞ ❊✣❝✐❡♥❝②

❇❡②♦♥❞ ❇✐rt❤❞❛② ❇♦✉♥❞ ❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs

• ❙t❛t❡ ♦❢ t❤❡ ❆rt
• ❚✐❣❤t ❙❡❝✉r✐t② ♦❢ ❈❛s❝❛❞❡❞ LRW2❄
• ■♠♣r♦✈❡❞ ❆tt❛❝❦
• ■♠♣r♦✈❡❞ ❙❡❝✉r✐t② ❇♦✉♥❞

❈♦♥❝❧✉s✐♦♥

✹✼ ✴ ✹✽

❈♦♥❝❧✉s✐♦♥

❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs✿ ❙✐♠♣❧❡ ❛♥❞ P♦✇❡r❢✉❧

• ▼②r✐❛❞ ❛♣♣❧✐❝❛t✐♦♥s t♦ ❆❊✱ ▼❆❈✱ ❡♥❝r②♣t✐♦♥✱ ✳ ✳ ✳
• ❚r❛❞❡✲♦✛ ❜❡t✇❡❡♥ s❡❝✉r✐t② ❛♥❞ ❡✣❝✐❡♥❝②
• ❇❡②♦♥❞ ❜✐rt❤❞❛② ❜♦✉♥❞ s❡❝✉r✐t② ❛❝❤✐❡✈❡❞ ✉s✐♥❣
• ❊①tr❛ r❛♥❞♦♠♥❡ss
• ❊①tr❛ st❛t❡ s✐③❡

❈❤❛❧❧❡♥❣❡s ❚✐❣❤t♥❡ss ♦❢ ❝❛s❝❛❞❡❞ ✇✐t❤♦✉t s✐❞❡ ❝♦♥❞✐t✐♦♥s❄ ▲♦♥❣❡r ❝❛s❝❛❞❡s ♦❢ ❛♥❞ ❄ ▼❛♥② ❢✉rt❤❡r ♦♣❡♥ ♣r♦❜❧❡♠s ✐♥ ❇❇❇ s❡❝✉r✐t②

❚❤❛♥❦ ②♦✉ ❢♦r ②♦✉r ❛tt❡♥t✐♦♥✦

✹✽ ✴ ✹✽

❈♦♥❝❧✉s✐♦♥

❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs✿ ❙✐♠♣❧❡ ❛♥❞ P♦✇❡r❢✉❧

• ▼②r✐❛❞ ❛♣♣❧✐❝❛t✐♦♥s t♦ ❆❊✱ ▼❆❈✱ ❡♥❝r②♣t✐♦♥✱ ✳ ✳ ✳
• ❚r❛❞❡✲♦✛ ❜❡t✇❡❡♥ s❡❝✉r✐t② ❛♥❞ ❡✣❝✐❡♥❝②
• ❇❡②♦♥❞ ❜✐rt❤❞❛② ❜♦✉♥❞ s❡❝✉r✐t② ❛❝❤✐❡✈❡❞ ✉s✐♥❣
• ❊①tr❛ r❛♥❞♦♠♥❡ss
• ❊①tr❛ st❛t❡ s✐③❡

❈❤❛❧❧❡♥❣❡s

• ❚✐❣❤t♥❡ss ♦❢ ❝❛s❝❛❞❡❞ LRW2 ✇✐t❤♦✉t s✐❞❡ ❝♦♥❞✐t✐♦♥s❄
• ▲♦♥❣❡r ❝❛s❝❛❞❡s ♦❢ LRW2[ρ] ❛♥❞ TEM[ρ]❄
• ▼❛♥② ❢✉rt❤❡r ♦♣❡♥ ♣r♦❜❧❡♠s ✐♥ ❇❇❇ s❡❝✉r✐t②

❚❤❛♥❦ ②♦✉ ❢♦r ②♦✉r ❛tt❡♥t✐♦♥✦

✹✽ ✴ ✹✽

❙❯PP❖❘❚■◆● ❙▲■❉❊❙

✹✾ ✴ ✹✽

❯♣❞❛t❡❞ ❙t❛t❡ ♦❢ t❤❡ ❆rt ♦♥ LRW2[ρ]

n/2 2n/3 3n/4 5n/6 n LRW2[1] LRW2[2] LRW2[3] LRW2[4] LRW2[5] LRW2[6] LRW2[7] LRW2[8] LRW2[9] LRW2[10] LRW2[11] ❣❛♣ ❣❛♣ ❣❛♣ ❣❛♣ ❣❛♣ ❣❛♣ ❣❛♣ ❣❛♣ ❣❛♣ ❣❛♣

✐♠♣r♦✈❡❞ ❛tt❛❝❦ ✭❣❡♥❡r❛❧✐③❡❞ ❝♦♥str✉❝t✐♦♥✮ ✐♠♣r♦✈❡❞ ❜♦✉♥❞ ✭❝♦♥❞✐t✐♦♥❛❧❧②✮ ❝❛rr✐❡s ♦✈❡r t♦ ✲

✺✵ ✴ ✹✽

❯♣❞❛t❡❞ ❙t❛t❡ ♦❢ t❤❡ ❆rt ♦♥ LRW2[ρ]

n/2 2n/3 3n/4 5n/6 n LRW2[1] LRW2[2] LRW2[3] LRW2[4] LRW2[5] LRW2[6] LRW2[7] LRW2[8] LRW2[9] LRW2[10] LRW2[11] ❣❛♣ ❣❛♣ ❣❛♣ ❣❛♣ ❣❛♣ ❣❛♣ ❣❛♣ ❣❛♣ ❣❛♣

✐♠♣r♦✈❡❞ ❛tt❛❝❦ ✭❣❡♥❡r❛❧✐③❡❞ ❝♦♥str✉❝t✐♦♥✮ ✐♠♣r♦✈❡❞ ❜♦✉♥❞ ✭❝♦♥❞✐t✐♦♥❛❧❧②✮ ❝❛rr✐❡s ♦✈❡r t♦ ✲

✺✵ ✴ ✹✽

❯♣❞❛t❡❞ ❙t❛t❡ ♦❢ t❤❡ ❆rt ♦♥ LRW2[ρ]

n/2 2n/3 3n/4 5n/6 n LRW2[1] LRW2[2] LRW2[3] LRW2[4] LRW2[5] LRW2[6] LRW2[7] LRW2[8] LRW2[9] LRW2[10] LRW2[11] ❣❛♣ ❣❛♣ ❣❛♣ ❣❛♣ ❣❛♣ ❣❛♣ ❣❛♣ ❣❛♣ ❣❛♣

✐♠♣r♦✈❡❞ ❛tt❛❝❦ ✭❣❡♥❡r❛❧✐③❡❞ ❝♦♥str✉❝t✐♦♥✮ ✐♠♣r♦✈❡❞ ❜♦✉♥❞ ✭❝♦♥❞✐t✐♦♥❛❧❧②✮ ❝❛rr✐❡s ♦✈❡r t♦ LRW2[3]✲LRW2[5]

✺✵ ✴ ✹✽

❍✲❈♦❡✣❝✐❡♥t ❚❡❝❤♥✐q✉❡

• P❛t❛r✐♥ ❬P❛t✾✶✱P❛t✵✽❪
• P♦♣✉❧❛r✐③❡❞ ❜② ❈❤❡♥ ❛♥❞ ❙t❡✐♥❜❡r❣❡r ❬❈❙✶✹❪
• ❙✐♠✐❧❛r t♦ ✏❙tr♦♥❣ ■♥t❡r♣♦❧❛t✐♦♥ ❚❡❝❤♥✐q✉❡✑ ❬❇❡r✵✺❪

❇❛s✐❝ ✐❞❡❛✿

❊❛❝❤ ❝♦♥✈❡rs❛t✐♦♥ ❞❡✜♥❡s ❛ tr❛♥s❝r✐♣t ❢♦r ♠♦st ♦❢ t❤❡ tr❛♥s❝r✐♣ts ❘❡♠❛✐♥✐♥❣ tr❛♥s❝r✐♣ts ♦❝❝✉r ✇✐t❤ s♠❛❧❧ ♣r♦❜❛❜✐❧✐t②

✺✶ ✴ ✹✽

❍✲❈♦❡✣❝✐❡♥t ❚❡❝❤♥✐q✉❡

• P❛t❛r✐♥ ❬P❛t✾✶✱P❛t✵✽❪
• P♦♣✉❧❛r✐③❡❞ ❜② ❈❤❡♥ ❛♥❞ ❙t❡✐♥❜❡r❣❡r ❬❈❙✶✹❪
• ❙✐♠✐❧❛r t♦ ✏❙tr♦♥❣ ■♥t❡r♣♦❧❛t✐♦♥ ❚❡❝❤♥✐q✉❡✑ ❬❇❡r✵✺❪

IC

O P

distinguisher D

❇❛s✐❝ ✐❞❡❛✿

❊❛❝❤ ❝♦♥✈❡rs❛t✐♦♥ ❞❡✜♥❡s ❛ tr❛♥s❝r✐♣t ❢♦r ♠♦st ♦❢ t❤❡ tr❛♥s❝r✐♣ts ❘❡♠❛✐♥✐♥❣ tr❛♥s❝r✐♣ts ♦❝❝✉r ✇✐t❤ s♠❛❧❧ ♣r♦❜❛❜✐❧✐t②

✺✶ ✴ ✹✽

❍✲❈♦❡✣❝✐❡♥t ❚❡❝❤♥✐q✉❡

• P❛t❛r✐♥ ❬P❛t✾✶✱P❛t✵✽❪
• P♦♣✉❧❛r✐③❡❞ ❜② ❈❤❡♥ ❛♥❞ ❙t❡✐♥❜❡r❣❡r ❬❈❙✶✹❪
• ❙✐♠✐❧❛r t♦ ✏❙tr♦♥❣ ■♥t❡r♣♦❧❛t✐♦♥ ❚❡❝❤♥✐q✉❡✑ ❬❇❡r✵✺❪

IC

O P

distinguisher D

• ❇❛s✐❝ ✐❞❡❛✿
• ❊❛❝❤ ❝♦♥✈❡rs❛t✐♦♥ ❞❡✜♥❡s ❛ tr❛♥s❝r✐♣t τ

❢♦r ♠♦st ♦❢ t❤❡ tr❛♥s❝r✐♣ts ❘❡♠❛✐♥✐♥❣ tr❛♥s❝r✐♣ts ♦❝❝✉r ✇✐t❤ s♠❛❧❧ ♣r♦❜❛❜✐❧✐t②

✺✶ ✴ ✹✽

❍✲❈♦❡✣❝✐❡♥t ❚❡❝❤♥✐q✉❡

• P❛t❛r✐♥ ❬P❛t✾✶✱P❛t✵✽❪
• P♦♣✉❧❛r✐③❡❞ ❜② ❈❤❡♥ ❛♥❞ ❙t❡✐♥❜❡r❣❡r ❬❈❙✶✹❪
• ❙✐♠✐❧❛r t♦ ✏❙tr♦♥❣ ■♥t❡r♣♦❧❛t✐♦♥ ❚❡❝❤♥✐q✉❡✑ ❬❇❡r✵✺❪

IC

O P

distinguisher D

• ❇❛s✐❝ ✐❞❡❛✿
• ❊❛❝❤ ❝♦♥✈❡rs❛t✐♦♥ ❞❡✜♥❡s ❛ tr❛♥s❝r✐♣t τ
• O ≈ P ❢♦r ♠♦st ♦❢ t❤❡ tr❛♥s❝r✐♣ts

❘❡♠❛✐♥✐♥❣ tr❛♥s❝r✐♣ts ♦❝❝✉r ✇✐t❤ s♠❛❧❧ ♣r♦❜❛❜✐❧✐t②

✺✶ ✴ ✹✽

❍✲❈♦❡✣❝✐❡♥t ❚❡❝❤♥✐q✉❡

• P❛t❛r✐♥ ❬P❛t✾✶✱P❛t✵✽❪
• P♦♣✉❧❛r✐③❡❞ ❜② ❈❤❡♥ ❛♥❞ ❙t❡✐♥❜❡r❣❡r ❬❈❙✶✹❪
• ❙✐♠✐❧❛r t♦ ✏❙tr♦♥❣ ■♥t❡r♣♦❧❛t✐♦♥ ❚❡❝❤♥✐q✉❡✑ ❬❇❡r✵✺❪

IC

O P

distinguisher D

• ❇❛s✐❝ ✐❞❡❛✿
• ❊❛❝❤ ❝♦♥✈❡rs❛t✐♦♥ ❞❡✜♥❡s ❛ tr❛♥s❝r✐♣t τ
• O ≈ P ❢♦r ♠♦st ♦❢ t❤❡ tr❛♥s❝r✐♣ts
• ❘❡♠❛✐♥✐♥❣ tr❛♥s❝r✐♣ts ♦❝❝✉r ✇✐t❤ s♠❛❧❧ ♣r♦❜❛❜✐❧✐t②

✺✶ ✴ ✹✽

❍✲❈♦❡✣❝✐❡♥t ❚❡❝❤♥✐q✉❡

• D ✐s ❝♦♠♣✉t❛t✐♦♥❛❧❧② ✉♥❜♦✉♥❞❡❞ ❛♥❞ ❞❡t❡r♠✐♥✐st✐❝
• ❊❛❝❤ ❝♦♥✈❡rs❛t✐♦♥ ❞❡✜♥❡s ❛ tr❛♥s❝r✐♣t τ

❈♦♥s✐❞❡r ❣♦♦❞ ❛♥❞ ❜❛❞ tr❛♥s❝r✐♣ts ▲❡♠♠❛ ▲❡t ❜❡ s✉❝❤ t❤❛t ❢♦r ❛❧❧ ❣♦♦❞ tr❛♥s❝r✐♣ts ✿ ❣✐✈❡s ❣✐✈❡s ❚❤❡♥✱ ❜❛❞ tr❛♥s❝r✐♣t ❢♦r ❚r❛❞❡✲♦✛✿ ❞❡✜♥❡ ❜❛❞ tr❛♥s❝r✐♣ts s♠❛rt❧②✦

✺✷ ✴ ✹✽

❍✲❈♦❡✣❝✐❡♥t ❚❡❝❤♥✐q✉❡

• D ✐s ❝♦♠♣✉t❛t✐♦♥❛❧❧② ✉♥❜♦✉♥❞❡❞ ❛♥❞ ❞❡t❡r♠✐♥✐st✐❝
• ❊❛❝❤ ❝♦♥✈❡rs❛t✐♦♥ ❞❡✜♥❡s ❛ tr❛♥s❝r✐♣t τ
• ❈♦♥s✐❞❡r ❣♦♦❞ ❛♥❞ ❜❛❞ tr❛♥s❝r✐♣ts

▲❡♠♠❛ ▲❡t ❜❡ s✉❝❤ t❤❛t ❢♦r ❛❧❧ ❣♦♦❞ tr❛♥s❝r✐♣ts ✿ ❣✐✈❡s ❣✐✈❡s ❚❤❡♥✱ ❜❛❞ tr❛♥s❝r✐♣t ❢♦r ❚r❛❞❡✲♦✛✿ ❞❡✜♥❡ ❜❛❞ tr❛♥s❝r✐♣ts s♠❛rt❧②✦

✺✷ ✴ ✹✽

❍✲❈♦❡✣❝✐❡♥t ❚❡❝❤♥✐q✉❡

• D ✐s ❝♦♠♣✉t❛t✐♦♥❛❧❧② ✉♥❜♦✉♥❞❡❞ ❛♥❞ ❞❡t❡r♠✐♥✐st✐❝
• ❊❛❝❤ ❝♦♥✈❡rs❛t✐♦♥ ❞❡✜♥❡s ❛ tr❛♥s❝r✐♣t τ
• ❈♦♥s✐❞❡r ❣♦♦❞ ❛♥❞ ❜❛❞ tr❛♥s❝r✐♣ts

▲❡♠♠❛ ▲❡t ε ≥ 0 ❜❡ s✉❝❤ t❤❛t ❢♦r ❛❧❧ ❣♦♦❞ tr❛♥s❝r✐♣ts τ✿ Pr [O ❣✐✈❡s τ] Pr [P ❣✐✈❡s τ] ≥ 1 − ε ❚❤❡♥✱ ∆D(O; P) ≤ ε + Pr [❜❛❞ tr❛♥s❝r✐♣t ❢♦r P] ❚r❛❞❡✲♦✛✿ ❞❡✜♥❡ ❜❛❞ tr❛♥s❝r✐♣ts s♠❛rt❧②✦

✺✷ ✴ ✹✽

❍✲❈♦❡✣❝✐❡♥t ❚❡❝❤♥✐q✉❡

• D ✐s ❝♦♠♣✉t❛t✐♦♥❛❧❧② ✉♥❜♦✉♥❞❡❞ ❛♥❞ ❞❡t❡r♠✐♥✐st✐❝
• ❊❛❝❤ ❝♦♥✈❡rs❛t✐♦♥ ❞❡✜♥❡s ❛ tr❛♥s❝r✐♣t τ
• ❈♦♥s✐❞❡r ❣♦♦❞ ❛♥❞ ❜❛❞ tr❛♥s❝r✐♣ts

▲❡♠♠❛ ▲❡t ε ≥ 0 ❜❡ s✉❝❤ t❤❛t ❢♦r ❛❧❧ ❣♦♦❞ tr❛♥s❝r✐♣ts τ✿ Pr [O ❣✐✈❡s τ] Pr [P ❣✐✈❡s τ] ≥ 1 − ε ❚❤❡♥✱ ∆D(O; P) ≤ ε + Pr [❜❛❞ tr❛♥s❝r✐♣t ❢♦r P] ❚r❛❞❡✲♦✛✿ ❞❡✜♥❡ ❜❛❞ tr❛♥s❝r✐♣ts s♠❛rt❧②✦

✺✷ ✴ ✹✽

▼✐rr♦r ❚❤❡♦r②

❙②st❡♠ ♦❢ ❊q✉❛t✐♦♥s

• ❈♦♥s✐❞❡r r ❞✐st✐♥❝t ✉♥❦♥♦✇♥s P = {P1, . . . , Pr}
• ❈♦♥s✐❞❡r ❛ s②st❡♠ ♦❢ q ❡q✉❛t✐♦♥s ♦❢ t❤❡ ❢♦r♠✿

Pa1 ⊕ Pb1 = λ1 Pa2 ⊕ Pb2 = λ2 ✳ ✳ ✳ Paq ⊕ Pbq = λq ❢♦r s♦♠❡ s✉r❥❡❝t✐♦♥ ϕ : {a1, b1, . . . , aq, bq} → {1, . . . , r}

• ♦❛❧

▲♦✇❡r ❜♦✉♥❞ ♦♥ t❤❡ ♥✉♠❜❡r ♦❢ s♦❧✉t✐♦♥s t♦ s✉❝❤ t❤❛t ❢♦r ❛❧❧ ❞✐st✐♥❝t

✺✸ ✴ ✹✽

▼✐rr♦r ❚❤❡♦r②

❙②st❡♠ ♦❢ ❊q✉❛t✐♦♥s

• ❈♦♥s✐❞❡r r ❞✐st✐♥❝t ✉♥❦♥♦✇♥s P = {P1, . . . , Pr}
• ❈♦♥s✐❞❡r ❛ s②st❡♠ ♦❢ q ❡q✉❛t✐♦♥s ♦❢ t❤❡ ❢♦r♠✿

Pa1 ⊕ Pb1 = λ1 Pa2 ⊕ Pb2 = λ2 ✳ ✳ ✳ Paq ⊕ Pbq = λq ❢♦r s♦♠❡ s✉r❥❡❝t✐♦♥ ϕ : {a1, b1, . . . , aq, bq} → {1, . . . , r}

• ♦❛❧
• ▲♦✇❡r ❜♦✉♥❞ ♦♥ t❤❡ ♥✉♠❜❡r ♦❢ s♦❧✉t✐♦♥s t♦ P

s✉❝❤ t❤❛t Pa = Pb ❢♦r ❛❧❧ ❞✐st✐♥❝t a, b ∈ {1, . . . , r}

✺✸ ✴ ✹✽

▼✐rr♦r ❚❤❡♦r②

P❛t❛r✐♥✬s ❘❡s✉❧t

• ❊①tr❡♠❡❧② ♣♦✇❡r❢✉❧ ❧♦✇❡r ❜♦✉♥❞

❍❛s r❡♠❛✐♥❡❞ r❛t❤❡r ✉♥❦♥♦✇♥ s✐♥❝❡ ✐♥tr♦❞✉❝t✐♦♥ ✭✷✵✵✸✮

❆✉t❤♦rs P✉❜❧✐❝❛t✐♦♥ ❆♣♣❧✐❝❛t✐♦♥ ▼✐rr♦r ❇♦✉♥❞ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✸ ❋❡✐st❡❧ ❙✉❜♦♣t✐♠❛❧ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✹ ❋❡✐st❡❧ P❛t❛r✐♥ ■❈■❙❈ ✷✵✵✺ ❋❡✐st❡❧ ❖♣t✐♠❛❧ ✐♥ P❛t❛r✐♥✱ ▼♦♥tr❡✉✐❧ ■❈■❙❈ ✷✵✵✺ ❇❡♥❡s P❛t❛r✐♥ ■❈■❚❙ ✷✵✵✽ ❳♦P P❛t❛r✐♥ ❆❋❘■❈❆❈❘❨P❚ ✷✵✵✽ ❇❡♥❡s P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✽✼ ❳♦P ❈♦♥❝r❡t❡ ❜♦✉♥❞ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✾✸ ❋❡✐st❡❧ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✸✴✸✻✽ ❳♦P ❈♦❣❧✐❛t✐✱ ▲❛♠♣❡✱ P❛t❛r✐♥ ❋❙❊ ✷✵✶✹ ❳♦P ❱♦❧t❡✱ ◆❛❝❤❡❢✱ ▼❛rr✐èr❡ ❡Pr✐♥t ✷✵✶✻✴✶✸✻ ❋❡✐st❡❧ ■✇❛t❛✱ ▼❡♥♥✐♥❦✱ ❱✐③ár ❡Pr✐♥t ✷✵✶✻✴✶✵✽✼ ❈❊◆❈

✺✹ ✴ ✹✽

▼✐rr♦r ❚❤❡♦r②

P❛t❛r✐♥✬s ❘❡s✉❧t

• ❊①tr❡♠❡❧② ♣♦✇❡r❢✉❧ ❧♦✇❡r ❜♦✉♥❞
• ❍❛s r❡♠❛✐♥❡❞ r❛t❤❡r ✉♥❦♥♦✇♥ s✐♥❝❡ ✐♥tr♦❞✉❝t✐♦♥ ✭✷✵✵✸✮

❆✉t❤♦rs P✉❜❧✐❝❛t✐♦♥ ❆♣♣❧✐❝❛t✐♦♥ ▼✐rr♦r ❇♦✉♥❞ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✸ ❋❡✐st❡❧ ❙✉❜♦♣t✐♠❛❧ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✹ ❋❡✐st❡❧ P❛t❛r✐♥ ■❈■❙❈ ✷✵✵✺ ❋❡✐st❡❧ ❖♣t✐♠❛❧ ✐♥ P❛t❛r✐♥✱ ▼♦♥tr❡✉✐❧ ■❈■❙❈ ✷✵✵✺ ❇❡♥❡s P❛t❛r✐♥ ■❈■❚❙ ✷✵✵✽ ❳♦P P❛t❛r✐♥ ❆❋❘■❈❆❈❘❨P❚ ✷✵✵✽ ❇❡♥❡s P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✽✼ ❳♦P ❈♦♥❝r❡t❡ ❜♦✉♥❞ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✾✸ ❋❡✐st❡❧ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✸✴✸✻✽ ❳♦P ❈♦❣❧✐❛t✐✱ ▲❛♠♣❡✱ P❛t❛r✐♥ ❋❙❊ ✷✵✶✹ ❳♦P ❱♦❧t❡✱ ◆❛❝❤❡❢✱ ▼❛rr✐èr❡ ❡Pr✐♥t ✷✵✶✻✴✶✸✻ ❋❡✐st❡❧ ■✇❛t❛✱ ▼❡♥♥✐♥❦✱ ❱✐③ár ❡Pr✐♥t ✷✵✶✻✴✶✵✽✼ ❈❊◆❈

✺✹ ✴ ✹✽

▼✐rr♦r ❚❤❡♦r②

P❛t❛r✐♥✬s ❘❡s✉❧t

• ❊①tr❡♠❡❧② ♣♦✇❡r❢✉❧ ❧♦✇❡r ❜♦✉♥❞
• ❍❛s r❡♠❛✐♥❡❞ r❛t❤❡r ✉♥❦♥♦✇♥ s✐♥❝❡ ✐♥tr♦❞✉❝t✐♦♥ ✭✷✵✵✸✮

❆✉t❤♦rs P✉❜❧✐❝❛t✐♦♥ ❆♣♣❧✐❝❛t✐♦♥ ▼✐rr♦r ❇♦✉♥❞ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✸ ❋❡✐st❡❧ ❙✉❜♦♣t✐♠❛❧ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✹ ❋❡✐st❡❧ P❛t❛r✐♥ ■❈■❙❈ ✷✵✵✺ ❋❡✐st❡❧ ❖♣t✐♠❛❧ ✐♥ P❛t❛r✐♥✱ ▼♦♥tr❡✉✐❧ ■❈■❙❈ ✷✵✵✺ ❇❡♥❡s P❛t❛r✐♥ ■❈■❚❙ ✷✵✵✽ ❳♦P P❛t❛r✐♥ ❆❋❘■❈❆❈❘❨P❚ ✷✵✵✽ ❇❡♥❡s P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✽✼ ❳♦P ❈♦♥❝r❡t❡ ❜♦✉♥❞ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✾✸ ❋❡✐st❡❧ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✸✴✸✻✽ ❳♦P ❈♦❣❧✐❛t✐✱ ▲❛♠♣❡✱ P❛t❛r✐♥ ❋❙❊ ✷✵✶✹ ❳♦P ❱♦❧t❡✱ ◆❛❝❤❡❢✱ ▼❛rr✐èr❡ ❡Pr✐♥t ✷✵✶✻✴✶✸✻ ❋❡✐st❡❧ ■✇❛t❛✱ ▼❡♥♥✐♥❦✱ ❱✐③ár ❡Pr✐♥t ✷✵✶✻✴✶✵✽✼ ❈❊◆❈

✺✹ ✴ ✹✽

▼✐rr♦r ❚❤❡♦r②

P❛t❛r✐♥✬s ❘❡s✉❧t

• ❊①tr❡♠❡❧② ♣♦✇❡r❢✉❧ ❧♦✇❡r ❜♦✉♥❞
• ❍❛s r❡♠❛✐♥❡❞ r❛t❤❡r ✉♥❦♥♦✇♥ s✐♥❝❡ ✐♥tr♦❞✉❝t✐♦♥ ✭✷✵✵✸✮

❆✉t❤♦rs P✉❜❧✐❝❛t✐♦♥ ❆♣♣❧✐❝❛t✐♦♥ ▼✐rr♦r ❇♦✉♥❞ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✸ ❋❡✐st❡❧ ❙✉❜♦♣t✐♠❛❧ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✹ ❋❡✐st❡❧ P❛t❛r✐♥ ■❈■❙❈ ✷✵✵✺ ❋❡✐st❡❧ ❖♣t✐♠❛❧ ✐♥ P❛t❛r✐♥✱ ▼♦♥tr❡✉✐❧ ■❈■❙❈ ✷✵✵✺ ❇❡♥❡s P❛t❛r✐♥ ■❈■❚❙ ✷✵✵✽ ❳♦P P❛t❛r✐♥ ❆❋❘■❈❆❈❘❨P❚ ✷✵✵✽ ❇❡♥❡s P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✽✼ ❳♦P ❈♦♥❝r❡t❡ ❜♦✉♥❞ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✾✸ ❋❡✐st❡❧ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✸✴✸✻✽ ❳♦P ❈♦❣❧✐❛t✐✱ ▲❛♠♣❡✱ P❛t❛r✐♥ ❋❙❊ ✷✵✶✹ ❳♦P ❱♦❧t❡✱ ◆❛❝❤❡❢✱ ▼❛rr✐èr❡ ❡Pr✐♥t ✷✵✶✻✴✶✸✻ ❋❡✐st❡❧ ■✇❛t❛✱ ▼❡♥♥✐♥❦✱ ❱✐③ár ❡Pr✐♥t ✷✵✶✻✴✶✵✽✼ ❈❊◆❈

✺✹ ✴ ✹✽

▼✐rr♦r ❚❤❡♦r②

P❛t❛r✐♥✬s ❘❡s✉❧t

• ❊①tr❡♠❡❧② ♣♦✇❡r❢✉❧ ❧♦✇❡r ❜♦✉♥❞
• ❍❛s r❡♠❛✐♥❡❞ r❛t❤❡r ✉♥❦♥♦✇♥ s✐♥❝❡ ✐♥tr♦❞✉❝t✐♦♥ ✭✷✵✵✸✮

❆✉t❤♦rs P✉❜❧✐❝❛t✐♦♥ ❆♣♣❧✐❝❛t✐♦♥ ▼✐rr♦r ❇♦✉♥❞ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✸ ❋❡✐st❡❧ ❙✉❜♦♣t✐♠❛❧ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✹ ❋❡✐st❡❧ P❛t❛r✐♥ ■❈■❙❈ ✷✵✵✺ ❋❡✐st❡❧ ❖♣t✐♠❛❧ ✐♥ O(·) P❛t❛r✐♥✱ ▼♦♥tr❡✉✐❧ ■❈■❙❈ ✷✵✵✺ ❇❡♥❡s P❛t❛r✐♥ ■❈■❚❙ ✷✵✵✽ ❳♦P P❛t❛r✐♥ ❆❋❘■❈❆❈❘❨P❚ ✷✵✵✽ ❇❡♥❡s P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✽✼ ❳♦P ❈♦♥❝r❡t❡ ❜♦✉♥❞ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✾✸ ❋❡✐st❡❧ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✸✴✸✻✽ ❳♦P ❈♦❣❧✐❛t✐✱ ▲❛♠♣❡✱ P❛t❛r✐♥ ❋❙❊ ✷✵✶✹ ❳♦P ❱♦❧t❡✱ ◆❛❝❤❡❢✱ ▼❛rr✐èr❡ ❡Pr✐♥t ✷✵✶✻✴✶✸✻ ❋❡✐st❡❧ ■✇❛t❛✱ ▼❡♥♥✐♥❦✱ ❱✐③ár ❡Pr✐♥t ✷✵✶✻✴✶✵✽✼ ❈❊◆❈

✺✹ ✴ ✹✽

▼✐rr♦r ❚❤❡♦r②

P❛t❛r✐♥✬s ❘❡s✉❧t

• ❊①tr❡♠❡❧② ♣♦✇❡r❢✉❧ ❧♦✇❡r ❜♦✉♥❞
• ❍❛s r❡♠❛✐♥❡❞ r❛t❤❡r ✉♥❦♥♦✇♥ s✐♥❝❡ ✐♥tr♦❞✉❝t✐♦♥ ✭✷✵✵✸✮

❆✉t❤♦rs P✉❜❧✐❝❛t✐♦♥ ❆♣♣❧✐❝❛t✐♦♥ ▼✐rr♦r ❇♦✉♥❞ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✸ ❋❡✐st❡❧ ❙✉❜♦♣t✐♠❛❧ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✹ ❋❡✐st❡❧ P❛t❛r✐♥ ■❈■❙❈ ✷✵✵✺ ❋❡✐st❡❧ ❖♣t✐♠❛❧ ✐♥ O(·) P❛t❛r✐♥✱ ▼♦♥tr❡✉✐❧ ■❈■❙❈ ✷✵✵✺ ❇❡♥❡s P❛t❛r✐♥ ■❈■❚❙ ✷✵✵✽ ❳♦P P❛t❛r✐♥ ❆❋❘■❈❆❈❘❨P❚ ✷✵✵✽ ❇❡♥❡s P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✽✼ ❳♦P ❈♦♥❝r❡t❡ ❜♦✉♥❞ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✾✸ ❋❡✐st❡❧ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✸✴✸✻✽ ❳♦P ❈♦❣❧✐❛t✐✱ ▲❛♠♣❡✱ P❛t❛r✐♥ ❋❙❊ ✷✵✶✹ ❳♦P ❱♦❧t❡✱ ◆❛❝❤❡❢✱ ▼❛rr✐èr❡ ❡Pr✐♥t ✷✵✶✻✴✶✸✻ ❋❡✐st❡❧ ■✇❛t❛✱ ▼❡♥♥✐♥❦✱ ❱✐③ár ❡Pr✐♥t ✷✵✶✻✴✶✵✽✼ ❈❊◆❈

✺✹ ✴ ✹✽

▼✐rr♦r ❚❤❡♦r②

P❛t❛r✐♥✬s ❘❡s✉❧t

• ❊①tr❡♠❡❧② ♣♦✇❡r❢✉❧ ❧♦✇❡r ❜♦✉♥❞
• ❍❛s r❡♠❛✐♥❡❞ r❛t❤❡r ✉♥❦♥♦✇♥ s✐♥❝❡ ✐♥tr♦❞✉❝t✐♦♥ ✭✷✵✵✸✮

❆✉t❤♦rs P✉❜❧✐❝❛t✐♦♥ ❆♣♣❧✐❝❛t✐♦♥ ▼✐rr♦r ❇♦✉♥❞ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✸ ❋❡✐st❡❧ ❙✉❜♦♣t✐♠❛❧ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✹ ❋❡✐st❡❧ P❛t❛r✐♥ ■❈■❙❈ ✷✵✵✺ ❋❡✐st❡❧ ❖♣t✐♠❛❧ ✐♥ O(·) P❛t❛r✐♥✱ ▼♦♥tr❡✉✐❧ ■❈■❙❈ ✷✵✵✺ ❇❡♥❡s P❛t❛r✐♥ ■❈■❚❙ ✷✵✵✽ ❳♦P P❛t❛r✐♥ ❆❋❘■❈❆❈❘❨P❚ ✷✵✵✽ ❇❡♥❡s P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✽✼ ❳♦P ❈♦♥❝r❡t❡ ❜♦✉♥❞ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✾✸ ❋❡✐st❡❧ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✸✴✸✻✽ ❳♦P ❈♦❣❧✐❛t✐✱ ▲❛♠♣❡✱ P❛t❛r✐♥ ❋❙❊ ✷✵✶✹ ❳♦P ❱♦❧t❡✱ ◆❛❝❤❡❢✱ ▼❛rr✐èr❡ ❡Pr✐♥t ✷✵✶✻✴✶✸✻ ❋❡✐st❡❧ ■✇❛t❛✱ ▼❡♥♥✐♥❦✱ ❱✐③ár ❡Pr✐♥t ✷✵✶✻✴✶✵✽✼ ❈❊◆❈

✺✹ ✴ ✹✽

▼✐rr♦r ❚❤❡♦r②

P❛t❛r✐♥✬s ❘❡s✉❧t

• ❊①tr❡♠❡❧② ♣♦✇❡r❢✉❧ ❧♦✇❡r ❜♦✉♥❞
• ❍❛s r❡♠❛✐♥❡❞ r❛t❤❡r ✉♥❦♥♦✇♥ s✐♥❝❡ ✐♥tr♦❞✉❝t✐♦♥ ✭✷✵✵✸✮

❆✉t❤♦rs P✉❜❧✐❝❛t✐♦♥ ❆♣♣❧✐❝❛t✐♦♥ ▼✐rr♦r ❇♦✉♥❞ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✸ ❋❡✐st❡❧ ❙✉❜♦♣t✐♠❛❧ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✹ ❋❡✐st❡❧ P❛t❛r✐♥ ■❈■❙❈ ✷✵✵✺ ❋❡✐st❡❧ ❖♣t✐♠❛❧ ✐♥ O(·) P❛t❛r✐♥✱ ▼♦♥tr❡✉✐❧ ■❈■❙❈ ✷✵✵✺ ❇❡♥❡s P❛t❛r✐♥ ■❈■❚❙ ✷✵✵✽ ❳♦P P❛t❛r✐♥ ❆❋❘■❈❆❈❘❨P❚ ✷✵✵✽ ❇❡♥❡s P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✽✼ ❳♦P ❈♦♥❝r❡t❡ ❜♦✉♥❞ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✾✸ ❋❡✐st❡❧ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✸✴✸✻✽ ❳♦P ❈♦❣❧✐❛t✐✱ ▲❛♠♣❡✱ P❛t❛r✐♥ ❋❙❊ ✷✵✶✹ ❳♦P ❱♦❧t❡✱ ◆❛❝❤❡❢✱ ▼❛rr✐èr❡ ❡Pr✐♥t ✷✵✶✻✴✶✸✻ ❋❡✐st❡❧ ■✇❛t❛✱ ▼❡♥♥✐♥❦✱ ❱✐③ár ❡Pr✐♥t ✷✵✶✻✴✶✵✽✼ ❈❊◆❈

✺✹ ✴ ✹✽

▼✐rr♦r ❚❤❡♦r②

P❛t❛r✐♥✬s ❘❡s✉❧t

• ❊①tr❡♠❡❧② ♣♦✇❡r❢✉❧ ❧♦✇❡r ❜♦✉♥❞
• ❍❛s r❡♠❛✐♥❡❞ r❛t❤❡r ✉♥❦♥♦✇♥ s✐♥❝❡ ✐♥tr♦❞✉❝t✐♦♥ ✭✷✵✵✸✮

❆✉t❤♦rs P✉❜❧✐❝❛t✐♦♥ ❆♣♣❧✐❝❛t✐♦♥ ▼✐rr♦r ❇♦✉♥❞ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✸ ❋❡✐st❡❧ ❙✉❜♦♣t✐♠❛❧ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✹ ❋❡✐st❡❧ P❛t❛r✐♥ ■❈■❙❈ ✷✵✵✺ ❋❡✐st❡❧ ❖♣t✐♠❛❧ ✐♥ O(·) P❛t❛r✐♥✱ ▼♦♥tr❡✉✐❧ ■❈■❙❈ ✷✵✵✺ ❇❡♥❡s P❛t❛r✐♥ ■❈■❚❙ ✷✵✵✽ ❳♦P P❛t❛r✐♥ ❆❋❘■❈❆❈❘❨P❚ ✷✵✵✽ ❇❡♥❡s P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✽✼ ❳♦P ❈♦♥❝r❡t❡ ❜♦✉♥❞ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✾✸ ❋❡✐st❡❧ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✸✴✸✻✽ ❳♦P ❈♦❣❧✐❛t✐✱ ▲❛♠♣❡✱ P❛t❛r✐♥ ❋❙❊ ✷✵✶✹ ❳♦P ❱♦❧t❡✱ ◆❛❝❤❡❢✱ ▼❛rr✐èr❡ ❡Pr✐♥t ✷✵✶✻✴✶✸✻ ❋❡✐st❡❧ ■✇❛t❛✱ ▼❡♥♥✐♥❦✱ ❱✐③ár ❡Pr✐♥t ✷✵✶✻✴✶✵✽✼ ❈❊◆❈

✺✹ ✴ ✹✽

▼✐rr♦r ❚❤❡♦r②

P❛t❛r✐♥✬s ❘❡s✉❧t

• ❊①tr❡♠❡❧② ♣♦✇❡r❢✉❧ ❧♦✇❡r ❜♦✉♥❞
• ❍❛s r❡♠❛✐♥❡❞ r❛t❤❡r ✉♥❦♥♦✇♥ s✐♥❝❡ ✐♥tr♦❞✉❝t✐♦♥ ✭✷✵✵✸✮

❆✉t❤♦rs P✉❜❧✐❝❛t✐♦♥ ❆♣♣❧✐❝❛t✐♦♥ ▼✐rr♦r ❇♦✉♥❞ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✸ ❋❡✐st❡❧ ❙✉❜♦♣t✐♠❛❧ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✹ ❋❡✐st❡❧ P❛t❛r✐♥ ■❈■❙❈ ✷✵✵✺ ❋❡✐st❡❧ ❖♣t✐♠❛❧ ✐♥ O(·) P❛t❛r✐♥✱ ▼♦♥tr❡✉✐❧ ■❈■❙❈ ✷✵✵✺ ❇❡♥❡s P❛t❛r✐♥ ■❈■❚❙ ✷✵✵✽ ❳♦P P❛t❛r✐♥ ❆❋❘■❈❆❈❘❨P❚ ✷✵✵✽ ❇❡♥❡s P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✽✼ ❳♦P ❈♦♥❝r❡t❡ ❜♦✉♥❞ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✾✸ ❋❡✐st❡❧ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✸✴✸✻✽ ❳♦P ❈♦❣❧✐❛t✐✱ ▲❛♠♣❡✱ P❛t❛r✐♥ ❋❙❊ ✷✵✶✹ ❳♦P ❱♦❧t❡✱ ◆❛❝❤❡❢✱ ▼❛rr✐èr❡ ❡Pr✐♥t ✷✵✶✻✴✶✸✻ ❋❡✐st❡❧ ■✇❛t❛✱ ▼❡♥♥✐♥❦✱ ❱✐③ár ❡Pr✐♥t ✷✵✶✻✴✶✵✽✼ ❈❊◆❈

✺✹ ✴ ✹✽

▼✐rr♦r ❚❤❡♦r②

P❛t❛r✐♥✬s ❘❡s✉❧t

• ❊①tr❡♠❡❧② ♣♦✇❡r❢✉❧ ❧♦✇❡r ❜♦✉♥❞
• ❍❛s r❡♠❛✐♥❡❞ r❛t❤❡r ✉♥❦♥♦✇♥ s✐♥❝❡ ✐♥tr♦❞✉❝t✐♦♥ ✭✷✵✵✸✮

❆✉t❤♦rs P✉❜❧✐❝❛t✐♦♥ ❆♣♣❧✐❝❛t✐♦♥ ▼✐rr♦r ❇♦✉♥❞ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✸ ❋❡✐st❡❧ ❙✉❜♦♣t✐♠❛❧ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✹ ❋❡✐st❡❧ P❛t❛r✐♥ ■❈■❙❈ ✷✵✵✺ ❋❡✐st❡❧ ❖♣t✐♠❛❧ ✐♥ O(·) P❛t❛r✐♥✱ ▼♦♥tr❡✉✐❧ ■❈■❙❈ ✷✵✵✺ ❇❡♥❡s P❛t❛r✐♥ ■❈■❚❙ ✷✵✵✽ ❳♦P P❛t❛r✐♥ ❆❋❘■❈❆❈❘❨P❚ ✷✵✵✽ ❇❡♥❡s P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✽✼ ❳♦P ❈♦♥❝r❡t❡ ❜♦✉♥❞ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✾✸ ❋❡✐st❡❧ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✸✴✸✻✽ ❳♦P ❈♦❣❧✐❛t✐✱ ▲❛♠♣❡✱ P❛t❛r✐♥ ❋❙❊ ✷✵✶✹ ❳♦P ❱♦❧t❡✱ ◆❛❝❤❡❢✱ ▼❛rr✐èr❡ ❡Pr✐♥t ✷✵✶✻✴✶✸✻ ❋❡✐st❡❧ ■✇❛t❛✱ ▼❡♥♥✐♥❦✱ ❱✐③ár ❡Pr✐♥t ✷✵✶✻✴✶✵✽✼ ❈❊◆❈

✺✹ ✴ ✹✽

▼✐rr♦r ❚❤❡♦r②

P❛t❛r✐♥✬s ❘❡s✉❧t

• ❊①tr❡♠❡❧② ♣♦✇❡r❢✉❧ ❧♦✇❡r ❜♦✉♥❞
• ❍❛s r❡♠❛✐♥❡❞ r❛t❤❡r ✉♥❦♥♦✇♥ s✐♥❝❡ ✐♥tr♦❞✉❝t✐♦♥ ✭✷✵✵✸✮

❆✉t❤♦rs P✉❜❧✐❝❛t✐♦♥ ❆♣♣❧✐❝❛t✐♦♥ ▼✐rr♦r ❇♦✉♥❞ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✸ ❋❡✐st❡❧ ❙✉❜♦♣t✐♠❛❧ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✹ ❋❡✐st❡❧ P❛t❛r✐♥ ■❈■❙❈ ✷✵✵✺ ❋❡✐st❡❧ ❖♣t✐♠❛❧ ✐♥ O(·) P❛t❛r✐♥✱ ▼♦♥tr❡✉✐❧ ■❈■❙❈ ✷✵✵✺ ❇❡♥❡s P❛t❛r✐♥ ■❈■❚❙ ✷✵✵✽ ❳♦P P❛t❛r✐♥ ❆❋❘■❈❆❈❘❨P❚ ✷✵✵✽ ❇❡♥❡s P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✽✼ ❳♦P ❈♦♥❝r❡t❡ ❜♦✉♥❞ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✾✸ ❋❡✐st❡❧ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✸✴✸✻✽ ❳♦P ❈♦❣❧✐❛t✐✱ ▲❛♠♣❡✱ P❛t❛r✐♥ ❋❙❊ ✷✵✶✹ ❳♦Pd ❱♦❧t❡✱ ◆❛❝❤❡❢✱ ▼❛rr✐èr❡ ❡Pr✐♥t ✷✵✶✻✴✶✸✻ ❋❡✐st❡❧ ■✇❛t❛✱ ▼❡♥♥✐♥❦✱ ❱✐③ár ❡Pr✐♥t ✷✵✶✻✴✶✵✽✼ ❈❊◆❈

✺✹ ✴ ✹✽

▼✐rr♦r ❚❤❡♦r②

P❛t❛r✐♥✬s ❘❡s✉❧t

• ❊①tr❡♠❡❧② ♣♦✇❡r❢✉❧ ❧♦✇❡r ❜♦✉♥❞
• ❍❛s r❡♠❛✐♥❡❞ r❛t❤❡r ✉♥❦♥♦✇♥ s✐♥❝❡ ✐♥tr♦❞✉❝t✐♦♥ ✭✷✵✵✸✮

❆✉t❤♦rs P✉❜❧✐❝❛t✐♦♥ ❆♣♣❧✐❝❛t✐♦♥ ▼✐rr♦r ❇♦✉♥❞ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✸ ❋❡✐st❡❧ ❙✉❜♦♣t✐♠❛❧ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✹ ❋❡✐st❡❧ P❛t❛r✐♥ ■❈■❙❈ ✷✵✵✺ ❋❡✐st❡❧ ❖♣t✐♠❛❧ ✐♥ O(·) P❛t❛r✐♥✱ ▼♦♥tr❡✉✐❧ ■❈■❙❈ ✷✵✵✺ ❇❡♥❡s P❛t❛r✐♥ ■❈■❚❙ ✷✵✵✽ ❳♦P P❛t❛r✐♥ ❆❋❘■❈❆❈❘❨P❚ ✷✵✵✽ ❇❡♥❡s P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✽✼ ❳♦P ❈♦♥❝r❡t❡ ❜♦✉♥❞ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✾✸ ❋❡✐st❡❧ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✸✴✸✻✽ ❳♦P ❈♦❣❧✐❛t✐✱ ▲❛♠♣❡✱ P❛t❛r✐♥ ❋❙❊ ✷✵✶✹ ❳♦Pd ❱♦❧t❡✱ ◆❛❝❤❡❢✱ ▼❛rr✐èr❡ ❡Pr✐♥t ✷✵✶✻✴✶✸✻ ❋❡✐st❡❧ ■✇❛t❛✱ ▼❡♥♥✐♥❦✱ ❱✐③ár ❡Pr✐♥t ✷✵✶✻✴✶✵✽✼ ❈❊◆❈

✺✹ ✴ ✹✽

▼✐rr♦r ❚❤❡♦r②

P❛t❛r✐♥✬s ❘❡s✉❧t

• ❊①tr❡♠❡❧② ♣♦✇❡r❢✉❧ ❧♦✇❡r ❜♦✉♥❞
• ❍❛s r❡♠❛✐♥❡❞ r❛t❤❡r ✉♥❦♥♦✇♥ s✐♥❝❡ ✐♥tr♦❞✉❝t✐♦♥ ✭✷✵✵✸✮

❆✉t❤♦rs P✉❜❧✐❝❛t✐♦♥ ❆♣♣❧✐❝❛t✐♦♥ ▼✐rr♦r ❇♦✉♥❞ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✸ ❋❡✐st❡❧ ❙✉❜♦♣t✐♠❛❧ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✹ ❋❡✐st❡❧ P❛t❛r✐♥ ■❈■❙❈ ✷✵✵✺ ❋❡✐st❡❧ ❖♣t✐♠❛❧ ✐♥ O(·) P❛t❛r✐♥✱ ▼♦♥tr❡✉✐❧ ■❈■❙❈ ✷✵✵✺ ❇❡♥❡s P❛t❛r✐♥ ■❈■❚❙ ✷✵✵✽ ❳♦P P❛t❛r✐♥ ❆❋❘■❈❆❈❘❨P❚ ✷✵✵✽ ❇❡♥❡s P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✽✼ ❳♦P ❈♦♥❝r❡t❡ ❜♦✉♥❞ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✾✸ ❋❡✐st❡❧ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✸✴✸✻✽ ❳♦P ❈♦❣❧✐❛t✐✱ ▲❛♠♣❡✱ P❛t❛r✐♥ ❋❙❊ ✷✵✶✹ ❳♦Pd ❱♦❧t❡✱ ◆❛❝❤❡❢✱ ▼❛rr✐èr❡ ❡Pr✐♥t ✷✵✶✻✴✶✸✻ ❋❡✐st❡❧ ■✇❛t❛✱ ▼❡♥♥✐♥❦✱ ❱✐③ár ❡Pr✐♥t ✷✵✶✻✴✶✵✽✼ ❈❊◆❈

✺✹ ✴ ✹✽

▼✐rr♦r ❚❤❡♦r②

❙②st❡♠ ♦❢ ❊q✉❛t✐♦♥s

• r ❞✐st✐♥❝t ✉♥❦♥♦✇♥s P = {P1, . . . , Pr}
• ❙②st❡♠ ♦❢ ❡q✉❛t✐♦♥s Pai ⊕ Pbi = λi
• ❙✉r❥❡❝t✐♦♥ ϕ : {a1, b1, . . . , aq, bq} → {1, . . . , r}
• r❛♣❤ ❇❛s❡❞ ❱✐❡✇

Pa1 =Pa2 Pb1 Pb3 Pa4 =Pa5 Pb5 Pb2 =Pa3 =Pb4

λ1 λ2 λ3 λ4 λ5

Pa6 Pb6

λ6

Pa7 Pb7

λ7

Pa8 Pa9 Pb8 =Pb9 =Pb10 =Pa11 Pa10 Pb11

λ8 λ9 λ10 λ11 ✺✺ ✴ ✹✽

▼✐rr♦r ❚❤❡♦r②✿ ❚♦② ❊①❛♠♣❧❡ ✶

• ❙②st❡♠ ♦❢ ❡q✉❛t✐♦♥s✿

Pa ⊕ Pb = λ1 Pb ⊕ Pc = λ2 ■❢ ♦r ♦r ❈♦♥tr❛❞✐❝t✐♦♥✿ ♦r ♦r ❙❝❤❡♠❡ ✐s ❞❡❣❡♥❡r❛t❡ ■❢ ❛♥❞ ❝❤♦✐❝❡s ❢♦r ❋✐①❡s ✭✇❤✐❝❤ ✐s ❛s ❞❡s✐r❡❞✮ ❋✐①❡s ✭✇❤✐❝❤ ✐s ❛s ❞❡s✐r❡❞✮

✺✻ ✴ ✹✽

Pa Pb Pc

λ1 λ2

▼✐rr♦r ❚❤❡♦r②✿ ❚♦② ❊①❛♠♣❧❡ ✶

• ❙②st❡♠ ♦❢ ❡q✉❛t✐♦♥s✿

Pa ⊕ Pb = λ1 Pb ⊕ Pc = λ2 ■❢ λ1 = 0 ♦r λ2 = 0 ♦r λ1 = λ2

• ❈♦♥tr❛❞✐❝t✐♦♥✿ Pa = Pb ♦r Pb = Pc ♦r Pa = Pc
• ❙❝❤❡♠❡ ✐s ❞❡❣❡♥❡r❛t❡

■❢ ❛♥❞ ❝❤♦✐❝❡s ❢♦r ❋✐①❡s ✭✇❤✐❝❤ ✐s ❛s ❞❡s✐r❡❞✮ ❋✐①❡s ✭✇❤✐❝❤ ✐s ❛s ❞❡s✐r❡❞✮

✺✻ ✴ ✹✽

Pa Pb Pc

λ1 λ2

▼✐rr♦r ❚❤❡♦r②✿ ❚♦② ❊①❛♠♣❧❡ ✶

• ❙②st❡♠ ♦❢ ❡q✉❛t✐♦♥s✿

Pa ⊕ Pb = λ1 Pb ⊕ Pc = λ2 ■❢ λ1 = 0 ♦r λ2 = 0 ♦r λ1 = λ2

• ❈♦♥tr❛❞✐❝t✐♦♥✿ Pa = Pb ♦r Pb = Pc ♦r Pa = Pc
• ❙❝❤❡♠❡ ✐s ❞❡❣❡♥❡r❛t❡

■❢ λ1, λ2 = 0 ❛♥❞ λ1 = λ2

• 2n ❝❤♦✐❝❡s ❢♦r Pa

❋✐①❡s ✭✇❤✐❝❤ ✐s ❛s ❞❡s✐r❡❞✮ ❋✐①❡s ✭✇❤✐❝❤ ✐s ❛s ❞❡s✐r❡❞✮

✺✻ ✴ ✹✽

Pa Pb Pc

λ1 λ2

▼✐rr♦r ❚❤❡♦r②✿ ❚♦② ❊①❛♠♣❧❡ ✶

• ❙②st❡♠ ♦❢ ❡q✉❛t✐♦♥s✿

Pa ⊕ Pb = λ1 Pb ⊕ Pc = λ2 ■❢ λ1 = 0 ♦r λ2 = 0 ♦r λ1 = λ2

• ❈♦♥tr❛❞✐❝t✐♦♥✿ Pa = Pb ♦r Pb = Pc ♦r Pa = Pc
• ❙❝❤❡♠❡ ✐s ❞❡❣❡♥❡r❛t❡

■❢ λ1, λ2 = 0 ❛♥❞ λ1 = λ2

• 2n ❝❤♦✐❝❡s ❢♦r Pa
• ❋✐①❡s Pb = λ1 ⊕ Pa ✭✇❤✐❝❤ ✐s = Pa ❛s ❞❡s✐r❡❞✮

❋✐①❡s ✭✇❤✐❝❤ ✐s ❛s ❞❡s✐r❡❞✮

✺✻ ✴ ✹✽

Pa Pb Pc

λ1 λ2

▼✐rr♦r ❚❤❡♦r②✿ ❚♦② ❊①❛♠♣❧❡ ✶

• ❙②st❡♠ ♦❢ ❡q✉❛t✐♦♥s✿

Pa ⊕ Pb = λ1 Pb ⊕ Pc = λ2 ■❢ λ1 = 0 ♦r λ2 = 0 ♦r λ1 = λ2

• ❈♦♥tr❛❞✐❝t✐♦♥✿ Pa = Pb ♦r Pb = Pc ♦r Pa = Pc
• ❙❝❤❡♠❡ ✐s ❞❡❣❡♥❡r❛t❡

■❢ λ1, λ2 = 0 ❛♥❞ λ1 = λ2

• 2n ❝❤♦✐❝❡s ❢♦r Pa
• ❋✐①❡s Pb = λ1 ⊕ Pa ✭✇❤✐❝❤ ✐s = Pa ❛s ❞❡s✐r❡❞✮
• ❋✐①❡s Pc = λ2 ⊕ Pb ✭✇❤✐❝❤ ✐s = Pa, Pb ❛s ❞❡s✐r❡❞✮

✺✻ ✴ ✹✽

Pa Pb Pc

λ1 λ2

▼✐rr♦r ❚❤❡♦r②✿ ❚♦② ❊①❛♠♣❧❡ ✷

• ❙②st❡♠ ♦❢ ❡q✉❛t✐♦♥s✿

Pa ⊕ Pb = λ1 Pc ⊕ Pd = λ2 ■❢ ♦r ❈♦♥tr❛❞✐❝t✐♦♥✿ ♦r ❙❝❤❡♠❡ ✐s ❞❡❣❡♥❡r❛t❡ ■❢ ❝❤♦✐❝❡s ❢♦r ✭✇❤✐❝❤ ✜①❡s ✮ ❋♦r ❛♥❞ ✇❡ r❡q✉✐r❡ ❆t ❧❡❛st ❝❤♦✐❝❡s ❢♦r ✭✇❤✐❝❤ ✜①❡s ✮

✺✼ ✴ ✹✽

Pa Pb Pc Pd

λ1 λ2

▼✐rr♦r ❚❤❡♦r②✿ ❚♦② ❊①❛♠♣❧❡ ✷

• ❙②st❡♠ ♦❢ ❡q✉❛t✐♦♥s✿

Pa ⊕ Pb = λ1 Pc ⊕ Pd = λ2 ■❢ λ1 = 0 ♦r λ2 = 0

• ❈♦♥tr❛❞✐❝t✐♦♥✿ Pa = Pb ♦r Pb = Pc
• ❙❝❤❡♠❡ ✐s ❞❡❣❡♥❡r❛t❡

■❢ ❝❤♦✐❝❡s ❢♦r ✭✇❤✐❝❤ ✜①❡s ✮ ❋♦r ❛♥❞ ✇❡ r❡q✉✐r❡ ❆t ❧❡❛st ❝❤♦✐❝❡s ❢♦r ✭✇❤✐❝❤ ✜①❡s ✮

✺✼ ✴ ✹✽

Pa Pb Pc Pd

λ1 λ2

▼✐rr♦r ❚❤❡♦r②✿ ❚♦② ❊①❛♠♣❧❡ ✷

• ❙②st❡♠ ♦❢ ❡q✉❛t✐♦♥s✿

Pa ⊕ Pb = λ1 Pc ⊕ Pd = λ2 ■❢ λ1 = 0 ♦r λ2 = 0

• ❈♦♥tr❛❞✐❝t✐♦♥✿ Pa = Pb ♦r Pb = Pc
• ❙❝❤❡♠❡ ✐s ❞❡❣❡♥❡r❛t❡

■❢ λ1, λ2 = 0

• 2n ❝❤♦✐❝❡s ❢♦r Pa ✭✇❤✐❝❤ ✜①❡s Pb✮

❋♦r ❛♥❞ ✇❡ r❡q✉✐r❡ ❆t ❧❡❛st ❝❤♦✐❝❡s ❢♦r ✭✇❤✐❝❤ ✜①❡s ✮

✺✼ ✴ ✹✽

Pa Pb Pc Pd

λ1 λ2

▼✐rr♦r ❚❤❡♦r②✿ ❚♦② ❊①❛♠♣❧❡ ✷

• ❙②st❡♠ ♦❢ ❡q✉❛t✐♦♥s✿

Pa ⊕ Pb = λ1 Pc ⊕ Pd = λ2 ■❢ λ1 = 0 ♦r λ2 = 0

• ❈♦♥tr❛❞✐❝t✐♦♥✿ Pa = Pb ♦r Pb = Pc
• ❙❝❤❡♠❡ ✐s ❞❡❣❡♥❡r❛t❡

■❢ λ1, λ2 = 0

• 2n ❝❤♦✐❝❡s ❢♦r Pa ✭✇❤✐❝❤ ✜①❡s Pb✮
• ❋♦r Pc ❛♥❞ Pd ✇❡ r❡q✉✐r❡
• Pc = Pa, Pb
• Pd = λ2 ⊕ Pc = Pa, Pb

❆t ❧❡❛st ❝❤♦✐❝❡s ❢♦r ✭✇❤✐❝❤ ✜①❡s ✮

✺✼ ✴ ✹✽

Pa Pb Pc Pd

λ1 λ2

▼✐rr♦r ❚❤❡♦r②✿ ❚♦② ❊①❛♠♣❧❡ ✷

• ❙②st❡♠ ♦❢ ❡q✉❛t✐♦♥s✿

Pa ⊕ Pb = λ1 Pc ⊕ Pd = λ2 ■❢ λ1 = 0 ♦r λ2 = 0

• ❈♦♥tr❛❞✐❝t✐♦♥✿ Pa = Pb ♦r Pb = Pc
• ❙❝❤❡♠❡ ✐s ❞❡❣❡♥❡r❛t❡

■❢ λ1, λ2 = 0

• 2n ❝❤♦✐❝❡s ❢♦r Pa ✭✇❤✐❝❤ ✜①❡s Pb✮
• ❋♦r Pc ❛♥❞ Pd ✇❡ r❡q✉✐r❡
• Pc = Pa, Pb
• Pd = λ2 ⊕ Pc = Pa, Pb
• ❆t ❧❡❛st 2n − 4 ❝❤♦✐❝❡s ❢♦r Pc ✭✇❤✐❝❤ ✜①❡s Pd✮

✺✼ ✴ ✹✽

Pa Pb Pc Pd

λ1 λ2

▼✐rr♦r ❚❤❡♦r②✿ ❚♦② ❊①❛♠♣❧❡ ✸

• ❙②st❡♠ ♦❢ ❡q✉❛t✐♦♥s✿

Pa ⊕ Pb = λ1 Pb ⊕ Pc = λ2 Pc ⊕ Pa = λ3

• ❆ss✉♠❡ λi = 0 ❛♥❞ λi = λj

■❢ ❈♦♥tr❛❞✐❝t✐♦♥✿ ❡q✉❛t✐♦♥s s✉♠ t♦ ❙❝❤❡♠❡ ❝♦♥t❛✐♥s ❛ ❝✐r❝❧❡ ■❢ ❖♥❡ r❡❞✉♥❞❛♥t ❡q✉❛t✐♦♥✱ ♥♦ ❝♦♥tr❛❞✐❝t✐♦♥ ❙t✐❧❧ ❝♦✉♥t❡❞ ❛s ❝✐r❝❧❡

✺✽ ✴ ✹✽

Pa Pb Pc

λ1 λ2 λ3

▼✐rr♦r ❚❤❡♦r②✿ ❚♦② ❊①❛♠♣❧❡ ✸

• ❙②st❡♠ ♦❢ ❡q✉❛t✐♦♥s✿

Pa ⊕ Pb = λ1 Pb ⊕ Pc = λ2 Pc ⊕ Pa = λ3

• ❆ss✉♠❡ λi = 0 ❛♥❞ λi = λj

■❢ λ1 ⊕ λ2 ⊕ λ3 = 0

• ❈♦♥tr❛❞✐❝t✐♦♥✿ ❡q✉❛t✐♦♥s s✉♠ t♦ 0 = λ1 ⊕ λ2 ⊕ λ3
• ❙❝❤❡♠❡ ❝♦♥t❛✐♥s ❛ ❝✐r❝❧❡

■❢ ❖♥❡ r❡❞✉♥❞❛♥t ❡q✉❛t✐♦♥✱ ♥♦ ❝♦♥tr❛❞✐❝t✐♦♥ ❙t✐❧❧ ❝♦✉♥t❡❞ ❛s ❝✐r❝❧❡

✺✽ ✴ ✹✽

Pa Pb Pc

λ1 λ2 λ3

▼✐rr♦r ❚❤❡♦r②✿ ❚♦② ❊①❛♠♣❧❡ ✸

• ❙②st❡♠ ♦❢ ❡q✉❛t✐♦♥s✿

Pa ⊕ Pb = λ1 Pb ⊕ Pc = λ2 Pc ⊕ Pa = λ3

• ❆ss✉♠❡ λi = 0 ❛♥❞ λi = λj

■❢ λ1 ⊕ λ2 ⊕ λ3 = 0

• ❈♦♥tr❛❞✐❝t✐♦♥✿ ❡q✉❛t✐♦♥s s✉♠ t♦ 0 = λ1 ⊕ λ2 ⊕ λ3
• ❙❝❤❡♠❡ ❝♦♥t❛✐♥s ❛ ❝✐r❝❧❡

■❢ λ1 ⊕ λ2 ⊕ λ3 = 0

• ❖♥❡ r❡❞✉♥❞❛♥t ❡q✉❛t✐♦♥✱ ♥♦ ❝♦♥tr❛❞✐❝t✐♦♥
• ❙t✐❧❧ ❝♦✉♥t❡❞ ❛s ❝✐r❝❧❡

✺✽ ✴ ✹✽

Pa Pb Pc

λ1 λ2 λ3

▼✐rr♦r ❚❤❡♦r②✿ ❚✇♦ Pr♦❜❧❡♠❛t✐❝ ❈❛s❡s

❈✐r❝❧❡ ❉❡❣❡♥❡r❛❝②

Pa1 = Pb5 Pb1 = Pa2 Pb2 = Pa3 Pb3 = Pa4 Pb4 = Pa5

λ1 λ2 λ3 λ4 λ5

Pa1 =Pa2 Pb1 Pa3 =Pa4 Pb4 = Pa5 Pb2 =Pb3

λ1 λ2 λ3 λ4

Pa8 Pb7 = Pb8

λ1 ⊕ λ2 ⊕ · · · ⊕ λ7

Pb5 = Pa6 Pb6 = Pb7

λ6 λ5 λ7 ✺✾ ✴ ✹✽

▼✐rr♦r ❚❤❡♦r②✿ ▼❛✐♥ ❘❡s✉❧t

❙②st❡♠ ♦❢ ❊q✉❛t✐♦♥s

• r ❞✐st✐♥❝t ✉♥❦♥♦✇♥s P = {P1, . . . , Pr}
• ❙②st❡♠ ♦❢ ❡q✉❛t✐♦♥s Pai ⊕ Pbi = λi
• ❙✉r❥❡❝t✐♦♥ ϕ : {a1, b1, . . . , aq, bq} → {1, . . . , r}

▼❛✐♥ ❘❡s✉❧t ■❢ t❤❡ s②st❡♠ ♦❢ ❡q✉❛t✐♦♥s ✐s ❝✐r❝❧❡✲❢r❡❡ ❛♥❞ ♥♦♥✲❞❡❣❡♥❡r❛t❡✱ t❤❡ ♥✉♠❜❡r ♦❢ s♦❧✉t✐♦♥s t♦ P s✉❝❤ t❤❛t Pa = Pb ❢♦r ❛❧❧ ❞✐st✐♥❝t a, b ∈ {1, . . . , r} ✐s ❛t ❧❡❛st (2n)r 2nq ♣r♦✈✐❞❡❞ t❤❡ ♠❛①✐♠✉♠ tr❡❡ s✐③❡ ξ s❛t✐s✜❡s (ξ − 1)2 · r ≤ 2n/67

✻✵ ✴ ✹✽

▼✐rr♦r ❚❤❡♦r② ❆♣♣❧✐❡❞ t♦ ❳♦P

x

1· 0·

p p y

• ❡♥❡r❛❧ ❙❡tt✐♥❣
• ❆❞✈❡rs❛r② ❣❡ts tr❛♥s❝r✐♣t τ = {(x1, y1), . . . , (xq, yq)}

❊❛❝❤ t✉♣❧❡ ❝♦rr❡s♣♦♥❞s t♦ ❛♥❞ ❊❛❝❤ t✉♣❧❡ ❝♦rr❡s♣♦♥❞s t♦ ❙②st❡♠ ♦❢ ❡q✉❛t✐♦♥s ■♥♣✉ts t♦ ❛r❡ ❛❧❧ ❞✐st✐♥❝t✿ ✉♥❦♥♦✇♥s

✻✶ ✴ ✹✽

▼✐rr♦r ❚❤❡♦r② ❆♣♣❧✐❡❞ t♦ ❳♦P

x

1· 0·

p p y

• ❡♥❡r❛❧ ❙❡tt✐♥❣
• ❆❞✈❡rs❛r② ❣❡ts tr❛♥s❝r✐♣t τ = {(x1, y1), . . . , (xq, yq)}
• ❊❛❝❤ t✉♣❧❡ ❝♦rr❡s♣♦♥❞s t♦ xi → p(0xi) =: Pai ❛♥❞

❊❛❝❤ t✉♣❧❡ ❝♦rr❡s♣♦♥❞s t♦ xi → p(1xi) =: Pbi ❙②st❡♠ ♦❢ ❡q✉❛t✐♦♥s ■♥♣✉ts t♦ ❛r❡ ❛❧❧ ❞✐st✐♥❝t✿ ✉♥❦♥♦✇♥s

✻✶ ✴ ✹✽

▼✐rr♦r ❚❤❡♦r② ❆♣♣❧✐❡❞ t♦ ❳♦P

x

1· 0·

p p y

• ❡♥❡r❛❧ ❙❡tt✐♥❣
• ❆❞✈❡rs❛r② ❣❡ts tr❛♥s❝r✐♣t τ = {(x1, y1), . . . , (xq, yq)}
• ❊❛❝❤ t✉♣❧❡ ❝♦rr❡s♣♦♥❞s t♦ xi → p(0xi) =: Pai ❛♥❞

❊❛❝❤ t✉♣❧❡ ❝♦rr❡s♣♦♥❞s t♦ xi → p(1xi) =: Pbi

• ❙②st❡♠ ♦❢ q ❡q✉❛t✐♦♥s Pai ⊕ Pbi = yi

■♥♣✉ts t♦ ❛r❡ ❛❧❧ ❞✐st✐♥❝t✿ ✉♥❦♥♦✇♥s

✻✶ ✴ ✹✽

▼✐rr♦r ❚❤❡♦r② ❆♣♣❧✐❡❞ t♦ ❳♦P

x

1· 0·

p p y

• ❡♥❡r❛❧ ❙❡tt✐♥❣
• ❆❞✈❡rs❛r② ❣❡ts tr❛♥s❝r✐♣t τ = {(x1, y1), . . . , (xq, yq)}
• ❊❛❝❤ t✉♣❧❡ ❝♦rr❡s♣♦♥❞s t♦ xi → p(0xi) =: Pai ❛♥❞

❊❛❝❤ t✉♣❧❡ ❝♦rr❡s♣♦♥❞s t♦ xi → p(1xi) =: Pbi

• ❙②st❡♠ ♦❢ q ❡q✉❛t✐♦♥s Pai ⊕ Pbi = yi
• ■♥♣✉ts t♦ p ❛r❡ ❛❧❧ ❞✐st✐♥❝t✿ 2q ✉♥❦♥♦✇♥s

✻✶ ✴ ✹✽

▼✐rr♦r ❚❤❡♦r② ❆♣♣❧✐❡❞ t♦ ❳♦P

Pa1 Pb1 Pa2 Pb2 Paq Pbq · · ·

y1 y2 yq

❆♣♣❧②✐♥❣ ▼✐rr♦r ❚❤❡♦r② ❈✐r❝❧❡✲❢r❡❡✿ ♥♦ ❝♦❧❧✐s✐♦♥s ✐♥ ✐♥♣✉ts t♦ ◆♦♥✲❞❡❣❡♥❡r❛t❡✿ ♣r♦✈✐❞❡❞ t❤❛t ❢♦r ❛❧❧

❈❛❧❧ t❤✐s ❛ ❜❛❞ tr❛♥s❝r✐♣t

▼❛①✐♠✉♠ tr❡❡ s✐③❡ ■❢ ✿ ❛t ❧❡❛st s♦❧✉t✐♦♥s t♦ ✉♥❦♥♦✇♥s

✻✷ ✴ ✹✽

▼✐rr♦r ❚❤❡♦r② ❆♣♣❧✐❡❞ t♦ ❳♦P

Pa1 Pb1 Pa2 Pb2 Paq Pbq · · ·

y1 y2 yq

❆♣♣❧②✐♥❣ ▼✐rr♦r ❚❤❡♦r②

• ❈✐r❝❧❡✲❢r❡❡✿ ♥♦ ❝♦❧❧✐s✐♦♥s ✐♥ ✐♥♣✉ts t♦ p
• ◆♦♥✲❞❡❣❡♥❡r❛t❡✿ ♣r♦✈✐❞❡❞ t❤❛t yi = 0 ❢♦r ❛❧❧ i

− → ❈❛❧❧ t❤✐s ❛ ❜❛❞ tr❛♥s❝r✐♣t

• ▼❛①✐♠✉♠ tr❡❡ s✐③❡ 2

■❢ ✿ ❛t ❧❡❛st s♦❧✉t✐♦♥s t♦ ✉♥❦♥♦✇♥s

✻✷ ✴ ✹✽

▼✐rr♦r ❚❤❡♦r② ❆♣♣❧✐❡❞ t♦ ❳♦P

Pa1 Pb1 Pa2 Pb2 Paq Pbq · · ·

y1 y2 yq

❆♣♣❧②✐♥❣ ▼✐rr♦r ❚❤❡♦r②

• ❈✐r❝❧❡✲❢r❡❡✿ ♥♦ ❝♦❧❧✐s✐♦♥s ✐♥ ✐♥♣✉ts t♦ p
• ◆♦♥✲❞❡❣❡♥❡r❛t❡✿ ♣r♦✈✐❞❡❞ t❤❛t yi = 0 ❢♦r ❛❧❧ i

− → ❈❛❧❧ t❤✐s ❛ ❜❛❞ tr❛♥s❝r✐♣t

• ▼❛①✐♠✉♠ tr❡❡ s✐③❡ 2
• ■❢ 2q ≤ 2n/67✿ ❛t ❧❡❛st (2n)2q

2nq

s♦❧✉t✐♦♥s t♦ ✉♥❦♥♦✇♥s

✻✷ ✴ ✹✽

▼✐rr♦r ❚❤❡♦r② ❆♣♣❧✐❡❞ t♦ ❳♦P

❍✲❈♦❡✣❝✐❡♥t ❚❡❝❤♥✐q✉❡ ❬P❛t✾✶✱P❛t✵✽✱❈❙✶✹❪ ▲❡t ε ≥ 0 ❜❡ s✉❝❤ t❤❛t ❢♦r ❛❧❧ ❣♦♦❞ tr❛♥s❝r✐♣ts τ✿ Pr [XoP ❣✐✈❡s τ] Pr [f ❣✐✈❡s τ] ≥ 1 − ε ❚❤❡♥✱ Advprf

XoP(q) ≤ ε + Pr [❜❛❞ tr❛♥s❝r✐♣t ❢♦r f]

❇❛❞ tr❛♥s❝r✐♣t✿ ✐❢ ❢♦r s♦♠❡

❜❛❞ tr❛♥s❝r✐♣t ❢♦r

❋♦r ❛♥② ❣♦♦❞ tr❛♥s❝r✐♣t✿

❣✐✈❡s ❣✐✈❡s

✻✸ ✴ ✹✽

▼✐rr♦r ❚❤❡♦r② ❆♣♣❧✐❡❞ t♦ ❳♦P

❍✲❈♦❡✣❝✐❡♥t ❚❡❝❤♥✐q✉❡ ❬P❛t✾✶✱P❛t✵✽✱❈❙✶✹❪ ▲❡t ε ≥ 0 ❜❡ s✉❝❤ t❤❛t ❢♦r ❛❧❧ ❣♦♦❞ tr❛♥s❝r✐♣ts τ✿ Pr [XoP ❣✐✈❡s τ] Pr [f ❣✐✈❡s τ] ≥ 1 − ε ❚❤❡♥✱ Advprf

XoP(q) ≤ ε + Pr [❜❛❞ tr❛♥s❝r✐♣t ❢♦r f]

• ❇❛❞ tr❛♥s❝r✐♣t✿ ✐❢ yi = 0 ❢♦r s♦♠❡ i
• Pr [❜❛❞ tr❛♥s❝r✐♣t ❢♦r f] = q/2n

❋♦r ❛♥② ❣♦♦❞ tr❛♥s❝r✐♣t✿

❣✐✈❡s ❣✐✈❡s

✻✸ ✴ ✹✽

▼✐rr♦r ❚❤❡♦r② ❆♣♣❧✐❡❞ t♦ ❳♦P

❍✲❈♦❡✣❝✐❡♥t ❚❡❝❤♥✐q✉❡ ❬P❛t✾✶✱P❛t✵✽✱❈❙✶✹❪ ▲❡t ε ≥ 0 ❜❡ s✉❝❤ t❤❛t ❢♦r ❛❧❧ ❣♦♦❞ tr❛♥s❝r✐♣ts τ✿ Pr [XoP ❣✐✈❡s τ] Pr [f ❣✐✈❡s τ] ≥ 1 − ε ❚❤❡♥✱ Advprf

XoP(q) ≤ ε + Pr [❜❛❞ tr❛♥s❝r✐♣t ❢♦r f]

• ❇❛❞ tr❛♥s❝r✐♣t✿ ✐❢ yi = 0 ❢♦r s♦♠❡ i
• Pr [❜❛❞ tr❛♥s❝r✐♣t ❢♦r f] = q/2n
• ❋♦r ❛♥② ❣♦♦❞ tr❛♥s❝r✐♣t✿
• Pr [XoP ❣✐✈❡s τ] ≥ (2n)2q

2nq

·

1 (2n)2q

❣✐✈❡s

✻✸ ✴ ✹✽

▼✐rr♦r ❚❤❡♦r② ❆♣♣❧✐❡❞ t♦ ❳♦P

❍✲❈♦❡✣❝✐❡♥t ❚❡❝❤♥✐q✉❡ ❬P❛t✾✶✱P❛t✵✽✱❈❙✶✹❪ ▲❡t ε ≥ 0 ❜❡ s✉❝❤ t❤❛t ❢♦r ❛❧❧ ❣♦♦❞ tr❛♥s❝r✐♣ts τ✿ Pr [XoP ❣✐✈❡s τ] Pr [f ❣✐✈❡s τ] ≥ 1 − ε ❚❤❡♥✱ Advprf

XoP(q) ≤ ε + Pr [❜❛❞ tr❛♥s❝r✐♣t ❢♦r f]

• ❇❛❞ tr❛♥s❝r✐♣t✿ ✐❢ yi = 0 ❢♦r s♦♠❡ i
• Pr [❜❛❞ tr❛♥s❝r✐♣t ❢♦r f] = q/2n
• ❋♦r ❛♥② ❣♦♦❞ tr❛♥s❝r✐♣t✿
• Pr [XoP ❣✐✈❡s τ] ≥ (2n)2q

2nq

·

1 (2n)2q

• Pr [f ❣✐✈❡s τ] =

1 2nq

✻✸ ✴ ✹✽

▼✐rr♦r ❚❤❡♦r② ❆♣♣❧✐❡❞ t♦ ❳♦P

❍✲❈♦❡✣❝✐❡♥t ❚❡❝❤♥✐q✉❡ ❬P❛t✾✶✱P❛t✵✽✱❈❙✶✹❪ ▲❡t ε ≥ 0 ❜❡ s✉❝❤ t❤❛t ❢♦r ❛❧❧ ❣♦♦❞ tr❛♥s❝r✐♣ts τ✿ Pr [XoP ❣✐✈❡s τ] Pr [f ❣✐✈❡s τ] ≥ 1 − ε ❚❤❡♥✱ Advprf

XoP(q) ≤ ε + Pr [❜❛❞ tr❛♥s❝r✐♣t ❢♦r f]

• ❇❛❞ tr❛♥s❝r✐♣t✿ ✐❢ yi = 0 ❢♦r s♦♠❡ i
• Pr [❜❛❞ tr❛♥s❝r✐♣t ❢♦r f] = q/2n
• ❋♦r ❛♥② ❣♦♦❞ tr❛♥s❝r✐♣t✿
• Pr [XoP ❣✐✈❡s τ] ≥ (2n)2q

2nq

·

1 (2n)2q

• Pr [f ❣✐✈❡s τ] =

1 2nq

✻✸ ✴ ✹✽

• ε = 0

▼✐rr♦r ❚❤❡♦r② ❆♣♣❧✐❡❞ t♦ ❳♦P

❍✲❈♦❡✣❝✐❡♥t ❚❡❝❤♥✐q✉❡ ❬P❛t✾✶✱P❛t✵✽✱❈❙✶✹❪ ▲❡t ε ≥ 0 ❜❡ s✉❝❤ t❤❛t ❢♦r ❛❧❧ ❣♦♦❞ tr❛♥s❝r✐♣ts τ✿ Pr [XoP ❣✐✈❡s τ] Pr [f ❣✐✈❡s τ] ≥ 1 − ε ❚❤❡♥✱ Advprf

XoP(q) ≤ ε + Pr [❜❛❞ tr❛♥s❝r✐♣t ❢♦r f]

• ❇❛❞ tr❛♥s❝r✐♣t✿ ✐❢ yi = 0 ❢♦r s♦♠❡ i
• Pr [❜❛❞ tr❛♥s❝r✐♣t ❢♦r f] = q/2n
• ❋♦r ❛♥② ❣♦♦❞ tr❛♥s❝r✐♣t✿
• Pr [XoP ❣✐✈❡s τ] ≥ (2n)2q

2nq

·

1 (2n)2q

• Pr [f ❣✐✈❡s τ] =

1 2nq

Advprf

XoP(q) ≤ q/2n

✻✸ ✴ ✹✽

• ε = 0

◆❡✇ ▲♦♦❦ ❛t ▼✐rr♦r ❚❤❡♦r②

❊♥❝r②♣t❡❞ ❉❛✈✐❡s✲▼❡②❡r ❛♥❞ ■ts ❉✉❛❧✿ ❚♦✇❛r❞s ❖♣t✐♠❛❧ ❙❡❝✉r✐t② ❯s✐♥❣ ▼✐rr♦r ❚❤❡♦r②

▼❡♥♥✐♥❦✱ ◆❡✈❡s✱ ❈❘❨P❚❖ ✷✵✶✼

• ❘❡❢✉r❜✐s❤ ❛♥❞ ♠♦❞❡r♥✐③❡ ♠✐rr♦r t❤❡♦r②
• Pr♦✈❡ ♦♣t✐♠❛❧ P❘❋ s❡❝✉r✐t② ♦❢✿

❊✭❲❈✮❉▼ ❬❈❙✶✻❪

x p1 p2 y

h(m)

❊❉▼❉

x p1 p2 y

✻✹ ✴ ✹✽