|
Naor–Reingold Pseudorandom Function
In 1997, Moni Naor and Omer Reingold described efficient constructions for various cryptographic primitives in private key as well as public-key cryptography. Their result is the construction of an efficient pseudorandom function. Let ''p'' and ''l'' be prime numbers with ''l'' , ''p''−1. Select an element ''g'' ∈ ^* of multiplicative order ''l''. Then for each ''(n+1)''-dimensional vector ''a'' = (''a''''0'''',a''''1'', ..., ''a''''n'')∈ (\mathbb F_)^ they define the function :f_(x) = g^ \in \mathbb F_p where ''x'' = ''x''''1'' ... ''x''''n'' is the bit representation of integer ''x'', 0 ≤ ''x'' ≤ 2''n''−1, with some extra leading zeros if necessary. Example Let ''p'' = 7 and ''l'' = 3; so ''l'' , ''p''−1. Select ''g'' = 4 ∈ ^* of multiplicative order 3 (since 43 = 64 ≡ 1 mod 7). For ''n'' = 3, ''a'' = (1, 1, 2, 1) and ''x'' = 5 (the bit representation of 5 is 101), we can compute f_(5) as follows: :f_(x) = g ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Moni Naor
Moni Naor ( he, מוני נאור) is an Israeli Israeli may refer to: * Something of, from, or related to the State of Israel * Israelis, citizens or permanent residents of the State of Israel * Modern Hebrew, a language * ''Israeli'' (newspaper), published from 2006 to 2008 * Guni Israeli ... computer scientist, currently a professor at the Weizmann Institute of Science. Naor received his Ph.D. in 1989 at the University of California, Berkeley. His advisor was Manuel Blum. He works in various fields of computer science, mainly the foundations of cryptography. He is notable for initiating research on public key systems secure against chosen ciphertext attack and creating Malleability (cryptography), non-malleable cryptography, visual cryptography (with Adi Shamir), and suggesting various methods for verifying that users of a computer system are human (leading to the notion of CAPTCHA). His research on Small-bias sample space, give a general framework for combining small k- ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Group (mathematics)
In mathematics, a group is a Set (mathematics), set and an Binary operation, operation that combines any two Element (mathematics), elements of the set to produce a third element of the set, in such a way that the operation is Associative property, associative, an identity element exists and every element has an Inverse element, inverse. These three axioms hold for Number#Main classification, number systems and many other mathematical structures. For example, the integers together with the addition operation form a group. The concept of a group and the axioms that define it were elaborated for handling, in a unified way, essential structural properties of very different mathematical entities such as numbers, geometric shapes and polynomial roots. Because the concept of groups is ubiquitous in numerous areas both within and outside mathematics, some authors consider it as a central organizing principle of contemporary mathematics. In geometry groups arise naturally in the study of ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Generalized Inversive Congruential Pseudorandom Numbers
An approach to nonlinear congruential methods of generating uniform pseudorandom numbers in the interval primes p_1,\dots ,p_r \ge 5 will be present here. Let \mathbb_ = \ . For integers a,b \in \mathbb_ with gcd (a,m) = 1 a generalized inversive congruential sequence (y_)_ of elements of \mathbb_ is defined by : y_ = : y_\equiv a y_^ + b \pmod m \textn \geqslant 0 where \varphi(m)=(p_-1)\dots (p_-1) denotes the number of positive integers less than ''m'' which are relatively prime In mathematics, two integers and are coprime, relatively prime or mutually prime if the only positive integer that is a divisor of both of them is 1. Consequently, any prime number that divides does not divide , and vice versa. This is equivale ... to ''m''. Example Let take m = 15 = 3 \times 5\, a=2 , b=3 and y_0= 1. Hence \varphi (m)= 2 \times 4=8 \, and the sequence (y_)_=(1,5,13,2,4,7,1,\dots ) is not maximum. The result below shows that these sequences are closely rel ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Finite Field
In mathematics, a finite field or Galois field (so-named in honor of Évariste Galois) is a field that contains a finite number of elements. As with any field, a finite field is a set on which the operations of multiplication, addition, subtraction and division are defined and satisfy certain basic rules. The most common examples of finite fields are given by the integers mod when is a prime number. The ''order'' of a finite field is its number of elements, which is either a prime number or a prime power. For every prime number and every positive integer there are fields of order p^k, all of which are isomorphic. Finite fields are fundamental in a number of areas of mathematics and computer science, including number theory, algebraic geometry, Galois theory, finite geometry, cryptography and coding theory. Properties A finite field is a finite set which is a field; this means that multiplication, addition, subtraction and division (excluding division by zero) are ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Decisional Diffie–Hellman Assumption
The decisional Diffie–Hellman (DDH) assumption is a computational hardness assumption about a certain problem involving discrete logarithms in cyclic groups. It is used as the basis to prove the security of many cryptographic protocols, most notably the ElGamal and Cramer–Shoup cryptosystems. Definition Consider a (multiplicative) cyclic group G of order q, and with generator g. The DDH assumption states that, given g^a and g^b for uniformly and independently chosen a,b \in \mathbb_q, the value g^ "looks like" a random element in G. This intuitive notion can be formally stated by saying that the following two probability distributions are computationally indistinguishable (in the security parameter, n=\log(q)): * (g^a,g^b,g^), where a and b are randomly and independently chosen from \mathbb_q. * (g^a,g^b,g^c), where a,b,c are randomly and independently chosen from \mathbb_q. Triples of the first kind are often called DDH triplet or DDH tuples. Relation to other assumptions ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Subgroup
In group theory, a branch of mathematics, given a group ''G'' under a binary operation ∗, a subset ''H'' of ''G'' is called a subgroup of ''G'' if ''H'' also forms a group under the operation ∗. More precisely, ''H'' is a subgroup of ''G'' if the restriction of ∗ to is a group operation on ''H''. This is often denoted , read as "''H'' is a subgroup of ''G''". The trivial subgroup of any group is the subgroup consisting of just the identity element. A proper subgroup of a group ''G'' is a subgroup ''H'' which is a proper subset of ''G'' (that is, ). This is often represented notationally by , read as "''H'' is a proper subgroup of ''G''". Some authors also exclude the trivial group from being proper (that is, ). If ''H'' is a subgroup of ''G'', then ''G'' is sometimes called an overgroup of ''H''. The same definitions apply more generally when ''G'' is an arbitrary semigroup, but this article will only deal with subgroups of groups. Subgroup tests Suppose th ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Sequence
In mathematics, a sequence is an enumerated collection of objects in which repetitions are allowed and order matters. Like a set, it contains members (also called ''elements'', or ''terms''). The number of elements (possibly infinite) is called the ''length'' of the sequence. Unlike a set, the same elements can appear multiple times at different positions in a sequence, and unlike a set, the order does matter. Formally, a sequence can be defined as a function from natural numbers (the positions of elements in the sequence) to the elements at each position. The notion of a sequence can be generalized to an indexed family, defined as a function from an ''arbitrary'' index set. For example, (M, A, R, Y) is a sequence of letters with the letter 'M' first and 'Y' last. This sequence differs from (A, R, M, Y). Also, the sequence (1, 1, 2, 3, 5, 8), which contains the number 1 at two different positions, is a valid sequence. Sequences can be ''finite'', as in these examples, or ''infi ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Elliptic Curve
In mathematics, an elliptic curve is a smooth, projective, algebraic curve of genus one, on which there is a specified point . An elliptic curve is defined over a field and describes points in , the Cartesian product of with itself. If the field's characteristic is different from 2 and 3, then the curve can be described as a plane algebraic curve which consists of solutions for: :y^2 = x^3 + ax + b for some coefficients and in . The curve is required to be non-singular, which means that the curve has no cusps or self-intersections. (This is equivalent to the condition , that is, being square-free in .) It is always understood that the curve is really sitting in the projective plane, with the point being the unique point at infinity. Many sources define an elliptic curve to be simply a curve given by an equation of this form. (When the coefficient field has characteristic 2 or 3, the above equation is not quite general enough to include all non-singular cubic cu ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Inversive Congruential Generator
Inversive congruential generators are a type of nonlinear congruential pseudorandom number generator, which use the modular multiplicative inverse (if it exists) to generate the next number in a sequence. The standard formula for an inversive congruential generator, modulo some prime ''q'' is: : x_0 = \text, : x_ = \begin (ax_i^ + c) \bmod q & \text x_i \ne 0, \\ c & \text x_i = 0. \end Such a generator is denoted symbolically as and is said to be an ICG with parameters ''q'', ''a'', ''c'' and seed ''seed''. Period The sequence (x_n)_ must have x_i = x_j after finitely many steps, and since the next element depends only on its direct predecessor, also x_ = x_ etc. The maximum possible period for the modulus ''q'' is ''q'' itself, i.e. the sequence includes every value from 0 to ''q'' − 1 before repeating. A sufficient condition for the sequence to have the maximum possible period is to choose ''a'' and ''c'' such that the polynomial f(x) = x^2 - cx - a \in \mathbb F_q /math> ( ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Uniform Distribution (discrete)
In probability theory and statistics, the discrete uniform distribution is a symmetric probability distribution wherein a finite number of values are equally likely to be observed; every one of ''n'' values has equal probability 1/''n''. Another way of saying "discrete uniform distribution" would be "a known, finite number of outcomes equally likely to happen". A simple example of the discrete uniform distribution is throwing a fair dice. The possible values are 1, 2, 3, 4, 5, 6, and each time the die is thrown the probability of a given score is 1/6. If two dice are thrown and their values added, the resulting distribution is no longer uniform because not all sums have equal probability. Although it is convenient to describe discrete uniform distributions over integers, such as this, one can also consider discrete uniform distributions over any finite set. For instance, a random permutation is a permutation generated uniformly from the permutations of a given length, and a unif ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Recurrence Relation
In mathematics, a recurrence relation is an equation according to which the nth term of a sequence of numbers is equal to some combination of the previous terms. Often, only k previous terms of the sequence appear in the equation, for a parameter k that is independent of n; this number k is called the ''order'' of the relation. If the values of the first k numbers in the sequence have been given, the rest of the sequence can be calculated by repeatedly applying the equation. In ''linear recurrences'', the th term is equated to a linear function of the k previous terms. A famous example is the recurrence for the Fibonacci numbers, F_n=F_+F_ where the order k is two and the linear function merely adds the two previous terms. This example is a linear recurrence with constant coefficients, because the coefficients of the linear function (1 and 1) are constants that do not depend on n. For these recurrences, one can express the general term of the sequence as a closed-form expression o ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Negligible Function
In mathematics, a negligible function is a function \mu:\mathbb\to\mathbb such that for every positive integer ''c'' there exists an integer ''N''''c'' such that for all ''x'' > ''N''''c'', :, \mu(x), 0 such that for all ''x'' > ''N''poly : , \mu(x), 0, there exists a positive number \delta>0 such that , x-x_0, N_\varepsilon ::, \mu(x), 0 by the functions 1/x^c where c>0 or by 1/\operatorname(x) where \operatorname(x) is a positive polynomial. This leads to the definitions of negligible functions given at the top of this article. Since the constants \varepsilon>0 can be expressed as 1/\operatorname(x) with a constant polynomial this shows that negligible functions are a subset of the infinitesimal functions. Use in cryptography In complexity-based modern cryptography, a security scheme is ''provably secure'' if the probability of security failure (e.g., inverting a one-way function, distinguishing cryptographically strong pseudorandom bits from truly ran ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
