DOCSLIB.ORG

POST QUANTUM CRYPTOGRAPHY: IMPLEMENTING ALTERNATIVE PUBLIC KEY SCHEMES on EMBEDDED DEVICES Preparing for the Rise of Quantum Computers

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
POST QUANTUM CRYPTOGRAPHY: IMPLEMENTING ALTERNATIVE PUBLIC KEY SCHEMES on EMBEDDED DEVICES Preparing for the Rise of Quantum Computers POST QUANTUM CRYPTOGRAPHY: IMPLEMENTING ALTERNATIVE PUBLIC KEY SCHEMES ON EMBEDDED DEVICES Preparing for the Rise of Quantum Computers DISSERTATION for the degree of Doktor-Ingenieur of the Faculty of Electrical Engineering and Information Technology at the Ruhr-University Bochum, Germany by Stefan Heyse Bochum, October 2013 Post Quantum Cryptography: Implementing Alternative Public Key Schemes on Embedded Devices Copyright © 2013 by Stefan Heyse. All rights reserved. Printed in Germany. F¨ur Mandy, Captain Chaos und den B¨oarn. Author’s contact information: [email protected] www.schnufff.de Thesis Advisor: Prof. Dr.-Ing. Christof Paar Ruhr-University Bochum, Germany Secondary Referee: Prof. Paulo S. L. M. Barreto Universidade de S˜ao Paulo, Brasil Tertiary Referee: Prof. Tim E. G¨uneysu Ruhr-University Bochum, Germany Thesis submitted: October 8, 2013 Thesis defense: November 26, 2013. v “If you want to succeed, double your failure rate.” (Tom Watson, IBM). “Kaffee dehydriert den K¨orper nicht. Ich w¨are sonst schon Staub.” (Franz Kafka) vii Abstract Almost all of today’s security systems rely on cryptographic primitives as core c components which are usually considered the most trusted part of the system. The realization of these primitives on the underlying platform plays a crucial role for any real-world deployment. In this thesis, we discuss new primitives in public-key cryptography that could serve as alterna- tives to the currently used RSA, ECC and discrete logarithm cryptosystems. Analyzing these primitives in the first part of this thesis from an implementer’s perspective, we show advantages of the new primitives. Moreover, by implementing them on embedded systems with restricted resources, we investigate if these schemes have already evolved into real alternatives to the current cryptosystems. The second and main part of this work explores the potential of code-based cryptography, namely the McEliece and Niederreiter cryptosystems. After discussing the classical description and a modern variant, we evaluate different implementation possibilities, e. g., decoders, con- stant weight encoders and conversions to achieve CCA2-security. Afterwards, we evaluate the performance of the schemes using plain binary Goppa codes, quasi-dyadic Goppa codes and quasi-cyclic MDPC codes on smartcard class microcontrollers and a range of FPGAs. We also point out weaknesses in a straightforward implementation that can leak the secret key or the plaintext by means of side channel attacks. The third part is twofold. At first, we investigates the most promising members of Multivariate Quadratics Public Key Scheme (MQPKS) and its variants, namely Unbalanced Oil and Vinegar (UOV), Rainbow and Enhanced TTS (enTTS). UOV resisted all kinds of attacks for 13 years and can be considered one of the best examined MQPKS. We describe implementations of UOV, Rainbow and enTTS on an 8-bit microcontroller. To address the problem of large keys, we used several optimizations and also implemented the 0/1-UOV scheme introduced at CHES 2011. To achieve a security level usable in practice on the selected device, all recent attacks are summarized and parameters for standard security levels are given. To allow judgement of scaling, the schemes are implemented for the most common security levels in embedded systems of 64, 80 and 128 bits symmetric security. This allows a direct comparison of the four schemes for the first time, because they are implemented for the same security levels on the same platform. The second contribution is an implementation of the modern symmetric authentication pro- tocol LaPin, which is based on Ring-Learning-Parity-with-Noise (Ring-LPN). We show that, compared to classical AES-based protocols, LaPin has a very compact memory footprint while at the same time achieving a performance at the same order of magnitude. Keywords Embedded systems, Alternative Public-Key Schemes, Code-based, MQ-based, LPN, FPGA, Microcontroller. x Kurzfassung Nahezu alle heutigen Sicherheitssysteme beruhen auf kryptographischen Primitiven als Kern- komponenten, welche in der Regel als vertrauenswurdigster¨ Teil des Sytems gelten. Die Reali- sierung dieser Primitiven auf der zugrunde liegenden Plattform spielt eine entscheidende Rolle fur¨ jeden realen Einsatz. In dieser Arbeit werden neue Primitiven fur¨ Public-Key-Kryptographie diskutiert, die sich als potenzielle Alternativen zu den derzeit verwendeten RSA und ECC Kryp- tosystemen etablieren k¨onnten. Die Analyse dieser Primitiven im ersten Teil der Arbeit aus der Perspektive eines Entwicklers zeigt die Vorteile der neuen Systeme. Daruber¨ hinaus wird unter- sucht durch die Implementierung auf eingebetteten Systemen mit eingeschr¨ankten Ressourcen, ob sich diese Verfahren bereits zu echten Alternativen entwickelt haben. Die zweite und wichtigste Teil der Arbeit untersucht das Potenzial der kodierungsbasierten Kryptographie, namentlich das McEliece und Niederreiter Kryptosystem. Nach einer Diskussion der klassischen Beschreibung und einer modernen Variante werden verschiedene Umsetzungs- aspekte prA˜ ¤sentiert, z. B. Decoder, Encoder und Festgewichtskonvertierungen um CCA2- Sicherheit zu erreichen. Anschließend wird die Leistung der Systeme mit einfachen bin¨aren Goppa Codes, quasi-dyadischen Goppa Codes und quasi-zyklischen MDPC Codes auf Mikro- controller der Smartcard-Klasse und einer Reihe von FPGAs evaluiert. Daruberhinaus¨ wird auf Schw¨achen in einer einfachen Implementierung hingewiesen, die den geheimen Schlussel¨ oder den Klartext mittels Seitenkanal-Angriffen extrahieren k¨onnen. Der dritte Teil pr¨asentiert zwei weitere alternative Kryptosysteme. Zun¨achst werden die viel- versprechendsten Mitglieder der MQPKS-Familie sowie deren Varianten, UOV, Rainbow und enTTS untersucht. UOV widerstand in den vergangenen 13 Jahre allen Arten von Angriffen und kann als eines der bestuntersuchtesten MQPKS angesehen werden. Anschliessend werden Implementierungen von UOV, Rainbow und enTTS auf einem 8-Bit-Mikrocontroller evaluiert. Um das Problem der großen Schlussel¨ zu addressieren, werden einige Optimierungen ausgewer- tet, sowie das 0/1-UOV Schemata implementiert. Um eine praktisch nutzbare Sicherheitsstufe auf dem ausgew¨ahlten Ger¨at zu gew¨ahrleisten, werden alle jungsten¨ Angriffe zusammengefasst und Parameter fur¨ Standard-Sicherheitsstufen angegeben. Um die Skalierung zu beurteilen, werden die Verfahren mit den g¨angigsten Sicherheitsstufen fur¨ eingebetteten Systeme 264, 280 und 2128 bits symmetrischer Sicherheit implementiert. Der zweite Beitrag ist eine Umsetzung des modernen symmetrischen Authentifizierungsprotokoll LaPin, welches auf dem Ring-LPN- Problem basiert. Es wird gezeigt dass, mit klassischen AES-basierten Protokollen verglichen, LaPin einen sehr kompakte Speicherbedarf hat, w¨ahrend zur gleichen Zeit eine Leistung in der gleichen Gr¨oßenordnung erreicht wird. Schlagworte. Eingebettete Systeme , Alternative Public-Key-Verfahren,Codierungsbasierte Kryptographie, MQ-basierte Kryptographie , LPN, FPGA, Microcontroller. xii Acknowledgements This thesis would have been impossible without the inspiring working atmosphere at the EmSec group. I would like to express my gratitude to my PhD supervisor Christof Paar. He always gave me the freedom to try things out, while at the same time encouraging me to focus on the impor- tant parts. Special thanks go to all my colleges, especially Tim G¨uneysu, Amir Moradi, Markus Kasper, KaOs (Timo Kasper and David Oswald), Ingo von Maurich and Thomas P¨oppelmann. At all times I could ask them stupid questions and they found the time to discuss them with me. And of course I would like to thank my office mate Ralf Zimmermann. I will never get the picture of him riding a pony in a bee costume out of my head. Beside this strange imagination, we are the best rubber ducking team ever. A great “thank you” goes to the students I supervised during my PhD time: Without them, many parts of this thesis would be much smaller. Especially I would like to thank Olga Paustjan, Peter Czypek, Hannes Hudde and Gennadi Stamm. I am also very gratefull to the international community for the support I received. A lot of mathematicians accepted me as an engineer and answered my endless stream of questions. A big “thank you” goes to Nicolas Sendrier, Christiane Peters, Paulo Baretto, Rafael Misoczky, Dan Bernstein and Tanja Lange. Very often I felt ignorant of higher math and a second later I had to explain some basic engineering facts. Thank you for the nice time. And finally, a big “thank you” to our team assistant Irmgard K¨uhn. She took all the adminis- trative load off my shoulders and always found a kind word for everyone. Without C8H10N4O2, this wouldn’t exist! Table of Contents Preface ............................................ vii Abstract ............................................ vii Kurzfassung .......................................... x Acknowledgements ......................................xiii I The Preliminaries 1 1 Introduction 5 1.1 Motivation ....................................... 5 1.2 Thesis Outline ..................................... 6 1.3 Summary of Research Contributions ......................... 6 2 Overview 9 2.1 Alternatives to Classical PKC ............................. 10 2.1.1 Hash-Based Cryptography ........................... 10 2.1.2 Code-Based Cryptography ........................... 11 2.1.3 Multivariate-Quadratic Cryptography .................... 11 2.1.4 Lattice-Based Cryptography .......................... 12 2.1.5 Summary ...................................
Load more

Recommended publications
  • Semi-Exact Control Functionals from Sard's Method Arxiv:2002.00033V4
    Semi-Exact Control Functionals From Sard's Method Leah F. South1, Toni Karvonen2, Chris Nemeth3, Mark Girolami4;2, Chris. J. Oates5;2 1Queensland University of Technology, Australia 2The Alan Turing Institute, UK 3Lancaster University, UK 4University of Cambridge, UK 5Newcastle University, UK May 7, 2021 Abstract The numerical approximation of posterior expected quantities of interest is considered. A novel control variate technique is proposed for post-processing of Markov chain Monte Carlo output, based both on Stein's method and an approach to numerical integration due to Sard. The resulting estimators are proven to be polynomially exact in the Gaussian context, while empiri- cal results suggest the estimators approximate a Gaussian cubature method near the Bernstein-von-Mises limit. The main theoretical result establishes a bias-correction property in settings where the Markov chain does not leave the posterior invariant. Empirical results are presented across a selection of Bayesian inference tasks. All methods used in this paper are available in the R package ZVCV. Keywords: control variate; Stein operator; variance reduction. arXiv:2002.00033v4 [stat.CO] 6 May 2021 1 Introduction This paper focuses on the numerical approximation of integrals of the form Z I(f) = f(x)p(x)dx; where f is a function of interest and p is a positive and continuously differentiable probability density on Rd, under the restriction that p and its gradient can only be evaluated pointwise up to an intractable normalisation constant. The standard approach to computing I(f) in this context is to simulate the first n steps of a 1 (i) 1 p-invariant Markov chain (x )i=1, possibly after an initial burn-in period, and to take the average along the sample path as an approximation to the integral: n 1 X I(f) I (f) = f(x(i)): (1) MC n ≈ i=1 See Chapters 6{10 of Robert and Casella (2013) for background.
    [Show full text]
  • Equivalence of Hidden Markov Models with Continuous Observations
    Equivalence of Hidden Markov Models with Continuous Observations Oscar Darwin Department of Computer Science, Oxford University, United Kingdom Stefan Kiefer Department of Computer Science, Oxford University, United Kingdom Abstract We consider Hidden Markov Models that emit sequences of observations that are drawn from continuous distributions. For example, such a model may emit a sequence of numbers, each of which is drawn from a uniform distribution, but the support of the uniform distribution depends on the state of the Hidden Markov Model. Such models generalise the more common version where each observation is drawn from a finite alphabet. We prove that one can determine in polynomial time whether two Hidden Markov Models with continuous observations are equivalent. 2012 ACM Subject Classification Theory of computation → Random walks and Markov chains; Mathematics of computing → Stochastic processes; Theory of computation → Logic and verification Keywords and phrases Markov chains, equivalence, probabilistic systems, verification Digital Object Identifier 10.4230/LIPIcs.CVIT.2016.23 1 Introduction A (discrete-time, finite-state) Hidden Markov Model (HMM) (often called labelled Markov chain) has a finite set Q of states and for each state a probability distribution over its possible successor states. For any two states q, q0, whenever the state changes from q to q0, the HMM samples and then emits a random observation according to a probability distribution D(q, q0). For example, consider the following diagram visualising a HMM: 1 (a) 2 1 ( 1 a + 3 b) q q 2 (b) 2 4 4 1 2 3 1 (a) 3 In state q , the successor state is q or q , with probability 1 each.
    [Show full text]
  • Extreme Points of the Vandermonde Determinant and Phenomenological Modelling with Power Exponential Functions 2019 Isbn 978-91-7485-431-2 Issn 1651-4238 P.O
    Mälardalen University Doctoral Dissertation 293 Karl Lundengård Lundengård Karl Extreme points of the Vandermonde determinant and phenomenological EXTREME POINTS OF THE VANDERMONDE DETERMINANT AND PHENOMENOLOGICAL MODELLING WITH POWER EXPONENTIAL FUNCTIONS modelling with power exponential functions Karl Lundengård Address: P.O. Box 883, SE-721 23 Västerås. Sweden ISBN 978-91-7485-431-2 Address: P.O. Box 325, SE-631 05 Eskilstuna. Sweden E-mail: [email protected] Web: www.mdh.se ISSN 1651-4238 2019 1 Mälardalen University Press Dissertations No. 293 EXTREME POINTS OF THE VANDERMONDE DETERMINANT AND PHENOMENOLOGICAL MODELLING WITH POWER EXPONENTIAL FUNCTIONS Karl Lundengård 2019 School of Education, Culture and Communication 2 Copyright © Karl Lundengård, 2019 ISBN 978-91-7485-431-2 ISSN 1651-4238 Printed by E-Print AB, Stockholm, Sweden 3 Mälardalen University Press Dissertations No. 293 EXTREME POINTS OF THE VANDERMONDE DETERMINANT AND PHENOMENOLOGICAL MODELLING WITH POWER EXPONENTIAL FUNCTIONS Karl Lundengård Akademisk avhandling som för avläggande av filosofie doktorsexamen i matematik/tillämpad matematik vid Akademin för utbildning, kultur och kommunikation kommer att offentligen försvaras torsdagen den 26 september 2019, 13.15 i Delta, Mälardalens högskola, Västerås. Fakultetsopponent: Professor Palle Jorgensen, University of Iowa Akademin för utbildning, kultur och kommunikation 4 Abstract This thesis discusses two topics, finding the extreme points of the Vandermonde determinant on various surfaces and phenomenological modelling using power-exponential functions. The relation between these two problems is that they are both related to methods for curve-fitting. Two applications of the mathematical models and methods are also discussed, modelling of electrostatic discharge currents for use in electromagnetic compatibility and modelling of mortality rates for humans.
    [Show full text]
  • On Identities Associated with a Discriminant
    ON IDENTITIES ASSOCIATED WITH A DISCRIMINANT by M. J. NEWELL (Received 26th April 1972, revised 22nd October 1972) 1. Introduction If the elements of a symmetric matrix lie in the real field it is well known that the roots of its characteristic equation are real. This implies that the discrimi- nant of that equation (i.e. the product of the squared differences of the roots) is a polynomial in the elements which is non-negative and the same must be true for the leading coefficients of all the other Sturm functions associated with the characteristic equation. One would expect that it should be possible to express them as a sum of squares. Conversely, such an expression would establish the reality of the roots. The discriminant of a symmetric matrix of order three has been considered by (1) Kummer (1843), (2) Tannery (1883), (3) Watson (1956). The last two authors established by different methods such an identity first given by Kummer who, however, gave no indication of the method used. In this paper it is shown that a similar identity exists when the order is n and Rummer's identity is then derived for the case n = 3. The extension of these results to Hermitian matrices is immediate if, as usual, square is replaced by squared modulus. 2. Preliminary result If the elements of any real square matrix X of order n are written without repetition in one row and in the order in which they appear in the successive rows of X we may denote this arrangement of n2 elements by •*11> -*12> •••> Xrs> •••> %„„• Similarly we denote by x^ the typical element of the corresponding arrange- ment for the matrix Xk which is the A:th power of X.
    [Show full text]
  • Abelianization of Matrix Orthogonal Polynomials
    Abelianization of Matrix Orthogonal Polynomials 1 M. Bertola†‡♦ , † Department of Mathematics and Statistics, Concordia University 1455 de Maisonneuve W., Montr´eal, Qu´ebec, Canada H3G 1M8 ‡ SISSA, International School for Advanced Studies, via Bonomea 265, Trieste, Italy ♦ Centre de recherches math´ematiques, Universit´ede Montr´eal C. P. 6128, succ. centre ville, Montr´eal, Qu´ebec, Canada H3C 3J7 Abstract The main goal of the paper is to connect matrix polynomial biorthogonality on a contour in the plane with a suitable notion of scalar, multi-point Pad´eapproximation on an arbitrary Riemann surface endowed with a rational map to the Riemann sphere. To this end we introduce an appropriate notion of (scalar) multi-point Pad´eapproximation on a Riemann surface and corresponding notion of biorthogonality of sections of the semi- canonical bundle (half-differentials). Several examples are offered in illustration of the new notions. Contents 1 Introduction 2 Summaryofresults. ................................... ...... 2 Half-differentials...................................... ...... 2 Notations........................................... ..... 4 2 Biorthogonality on a Riemann surface 4 2.1 Guide example: (multi-point) Pad´eapproximations in genus 0 . .................. 4 Example:single-pointcase. .. .. .. .. .. .. .. .. .. .. .. .. ....... 5 Example:multi-pointcase. ............................... ...... 5 2.2 Higher genus Riemann surfaces and biorthogonality . .................. 5 Szeg¨okernel. ....................................... .....
    [Show full text]
  • Extreme Points of the Vandermonde Determinant in Numerical
    Mälardalen University Doctoral Dissertation 327 Asaph Keikara Muhumuza Extreme points of the Vandermonde determinant in numerical EXTREME POINTS OF THE VANDERMONDE DETERMINANT IN NUMERICAL APPROXIMATION, RANDOM MATRIX THEORY AND FINANCIAL MATHEMATICS approximation, random matrix theory and financial mathematics Asaph Keikara Muhumuza Address: P.O. Box 883, SE-721 23 Västerås. Sweden ISBN 978-91-7485-484-8 2020 Address: P.O. Box 325, SE-631 05 Eskilstuna. Sweden E-mail: [email protected] Web: www.mdh.se ISSN 1651-4238 1 Mälardalen University Press Dissertations No. 327 EXTREME POINTS OF THE VANDERMONDE DETERMINANT IN NUMERICAL APPROXIMATION, RANDOM MATRIX THEORY AND FINANCIAL MATHEMATICS Asaph Keikara Muhumuza 2020 School of Education, Culture and Communication 2 Copyright © Asaph Keikara Muhumuza, 2020 ISBN 978-91-7485-484-8 ISSN 1651-4238 Printed by E-Print AB, Stockholm, Sweden 3 Mälardalen University Press Dissertations No. 327 EXTREME POINTS OF THE VANDERMONDE DETERMINANT IN NUMERICAL APPROXIMATION, RANDOM MATRIX THEORY AND FINANCIAL MATHEMATICS Asaph Keikara Muhumuza Akademisk avhandling som för avläggande av filosofie doktorsexamen i matematik/tillämpad matematik vid Akademin för utbildning, kultur och kommunikation kommer att offentligen försvaras måndagen den 14 december 2020, 15.15 i Lambda +(digitalt Zoom), Mälardalens Högskola, Västerås. Fakultetsopponent: Docent Olga Liivapuu, Estonian University of Life Sciences Akademin för utbildning, kultur och kommunikation 4 Abstract This thesis discusses the extreme points of the Vandermonde determinant on various surfaces, their applications in numerical approximation, random matrix theory and financial mathematics. Some mathematical models that employ these extreme points such as curve fitting, data smoothing, experimental design, electrostatics, risk control in finance and method for finding the extreme points on certain surfaces are demonstrated.
    [Show full text]
  • 2. Kernel Cubature 19 2.1 Reproducing Kernel Hilbert Spaces
    nitmtAdagirein airtel otetrapeD rapeD rapeD tnemt tnemt tnemt fo fo fo lE lE lE tce r tce r tce r laci laci laci reenignE reenignE reenignE gni gni gni dna dna dna tamotuA tamotuA tamotuA noi noi noi - o t l aA - o- t o t l aA l aA DD DD DD Kernel-BasedKernel-Basedernel-Based andandand BayesianBayesianBayesian K 061 061 061 / / / 9102 9102 9102 nenov r aK i noT nenov nenov r aK r aK i noT i noT MMethodsMethodsethods forforfor NumericalNumericalNumerical IIntegrationIntegrationntegration TTonioniToni Karvonen Karvonen Karvonen noi targetnI laci remuN rof sdohteM nai seyaB dna desaB- lenreK noi targetnI laci remuN rof sdohteM nai seyaB dna desaB- lenreK noi targetnI laci remuN rof sdohteM nai seyaB dna desaB- lenreK BUSINESSBUSINESSBUSINESS + + + ECONOMYECONOMYECONOMY NSI I I NBS NBS NBS 879 - 879 - 879 - 259 - 259 - 259 06 - - 06 - 06 - 3078 - 3078 0 - 3078 0 - ( 0 p ( r p ( i r n p i t r n i t n de t ) de ) de ) ARTARTART + + + NSI I I NBS NBS NBS 879 - 879 - 879 - 259 - 259 - 259 06 - - 06 - 06 - 4078 - 4078 7 - 4078 7 - ( 7 ( dp ( f dp ) f dp ) f ) DESIGNDESIGNDESIGN + + + NSI I I NSS NSS NSS 9971 - 9971 - 9971 - 4394 4394 ( 4394 p ( r p ( i r n p i t r n i t n de t ) de ) de ) ARCHITECTUREARCHITECTUREARCHITECTURE NSI I I NSS NSS NSS 9971 - 9971 - 9971 - 2494 2494 ( 2494 ( dp ( f dp ) f dp ) f ) SCIENCESCIENCESCIENCE + + + TECHNOLOGYTECHNOLOGYTECHNOLOGY tirvn tlaA ot laA ot laA ot isrevinU isrevinU yt isrevinU yt yt CROSSOVERCROSSOVERCROSSOVER gni reenignE laci r tcelE fo loohcS loohcS fo loohcS fo fo tcelE r tcelE r tcelE r laci laci laci reenignE reenignE reenignE gni gni gni DOCTORALDOCTORALDOCTORAL o aou n n engElc c Ef nm rapeD rapeD rapeD tnemt tnemt tnemt fo fo fo lE lE lE tce r tce r tce r laci laci laci reenignE reenignE reenignE gni gni gni dna dna dna tamotuA tamotuA tamotuA noi noi noi DOCTORALDOCTORALDOCTORAL DISSERTATIONSDISSERTATIONSDISSERTATIONS +adahia*GMFTSH9 +adahia*GMFTSH9 +adahia*GMFTSH9 yt isrevinU ot laA yt isrevinU fi.otlaa.www www .
    [Show full text]
  • Inverse of the Vandermonde Matrix with Applications
    NASA TECHNICAL NOTE -NASA --TN D-3547I (?,I h d INVERSE OF THE VANDERMONDE MATRIX W1TH APPLICATIONS by L. Richard Turner Lewis Researcb Center CleveZand, Ohio NATIONAL AERONAUTICS AND SPACE ADMINISTRATION 0 WASHINGTON, D. C. AUGUST 1966 1 f P i I II TECH LIBRARY KAFB, NM INVERSE OF THE VANDERMONDE MATRIX WITH APPLICATIONS By L. Richard Turner Lewis Research Center Cleveland, Ohio NATIONAL AERONAUTICS AND SPACE ADMINISTRATION For sale by the Clearinghouse for Federal Scientific and Technical Information Springfield, Virginia 22151 - Price $1.00 INVERSE OF THE VANDERMONDE MATRIX WITH APPLICATIONS by L. Richard Turner Lewis Research Center SUMMARY The inverse of the Vandermonde matrix is given in the form of the product U-lL- 1 of two triangular matrices by the display of generating formulas from which the elements of U-l and L-' may be directly computed. From these, it is directly possible to gen- erate special formulas for the approximation of linear transforms such as integrals, in- terpolants, and derivates for a variety of functions that behave as P(x)f(x), where P(x) is a polynomial and f(x) is generally not a polynomial and may have localized singular- ities. INTRODUCTION The Vandermonde matrix, sometimes called an alternant matrix, comes from the approximation by a polynomial of degree n - 1 of a function f(x) with known values at n distinct values of the independent variable x. Many important functions of applied analysis cannot be well represented by polyno- mials, but these functions are accurately represented as products of polynomials by other functions that may not be analytic in the sense of function theory but can be effec- tively manipulated.
    [Show full text]
  • A Computational Primer on BLOCK ERROR-CORRECTING CODES
    UPC FACULTAT DE MATEMÀTIQUES I ESTADÍSTICA A computational primer on BLOCK ERROR-CORRECTING CODES Sebastià Xambó i Descamps January 2003 January 2003 c Sebastià Xambó i Descamps Departament de Matemàtica Aplicada II Universitat Politècnica de Catalunya email: [email protected] Preface There is a unique way to teach: to lead the other person through the same experience with which you learned. Óscar Villarroya, cognitive scientist.1 In this book, the mathematical aspects in our presentation of the basic theory of block error-correcting codes go together, in mutual reinforcement, with computational discussions, implementations and examples of all the relevant concepts, functions and algorithms. We hope that this approach will facilitate the reading and be serviceable to mathematicians, computer scientists and engineers interested in block error-correcting codes.2 In this hypertex pdf version, the examples can be run with just a mouse click. Moreover, the examples can be modified by users and saved to their local facilities for later work. The program that handles the computations in the examples, together with the interface that handles the editing (mathematics and text), here will be called WIRIS/cc. More specifically, WIRIS stands for the interface, the (remote) computational engine and the associated language, and cc stands for the extension of WIRIS that takes care of the computational aspects that are more specific of error-correcting codes. WIRIS/cc is an important ingredient in our presentation, but we do not presuppose any knowledge of it. As it is very easy to learn and use, it is introduced gradually, according to the needs of our presentation.
    [Show full text]
  • Development and Evaluation of a Code-Based Cryptography Library for Constrained Devices
    Development and Evaluation of a Code-based Cryptography Library for Constrained Devices Hans Christoph Hudde Master’s Thesis. February 7, 2013. Chair for Embedded Security – Prof. Dr.-Ing. Christof Paar Advisor: Dipl.-Ing. Stefan Heyse EMSEC Abstract Code-based cryptography is a promising candidate for the diversification of today’s public-key cryptosystems, most of which rely on the hardness of either the Factorization or the Discrete logarithm problem. Both are known to be breakable using an efficient quantum algorithm due to Peter Shor. In contrast, Code-based cryptography is based on the problem of decoding unknown error-correcting codes, which is known to be -hard. N P There exist two basic schemes based on Code-based cryptography, which are named after their inventors Robert McEliece and Harald Niederreiter. Both share the problem of requiring huge key lengths compared to conventional cryptosystems such as RSA, which makes their implementation on embedded devices with very limited ressources challenging. In this thesis, we present an implementation of modern variants of both schemes for AVR microcontrollers and evaluate several different methods of syndrome compu- tation, decoding and root extraction. The implementation includes an adaption of the Berlekamp-Massey-Sugiyama algorithm to binary codes achieving the same level of error- correction as the Patterson algorithm. Moreover we implemented two conversions that turn the McEliece and Niederreiter schemes into CCA2-secure cryptosystems. Our implementation is able to provide a security level of up to 128-bit on an ATxmega256 and hence is capable of fulfilling real-world security requirements. Moreover, the imple- mentation outperforms comparable implementations of RSA and ECC in terms of data throughput and achieves a higher performance than previous implementations of the McEliece and Niederreiter cryptosystems.
    [Show full text]
  • Calculating Matrix Rank Using a Generalization Of
    CALCULATING MATRIX RANK USING A GENERALIZATION OF THE WRONSKIAN A Thesis Presented to The Faculty of the Department of Mathematics California State University, Los Angeles In Partial Fulfillment of the Requirements for the Degree Master of Science in Mathematics By Jayson Grassi June 2016 c 2016 Jayson Grassi ALL RIGHTS RESERVED ii The thesis of Jayson Grassi is approved. Gary Brookfield, PhD., Committee Chair Adam Fuller, PhD. Kristin Webster, PhD. Grant Fraser, PhD., Department Chair California State University, Los Angeles June 2016 iii ABSTRACT Calculating Matrix Rank Using a Generalization of the Wronskian By Jayson Grassi By mapping the rows/columns of a matrix, M, to a set of polynomials, and then calculating the Wronskian of that set we can deterimine whether or not the rows/columns of M are linearly independent. However, if the rows/columns of M are linearly dependent, the Wronskian does not provide any additional insight into the exact dimension of the span of these vectors. We call the dimension of the span of the rows/columns of a matrix M, the rank of M. In this thesis we define the rank of a two variable polynomial and show that there is a natural mapping between matrices and polynomials of two variables that preserves rank. Using this mapping, we take concepts that apply to single vari- able polynomials, like Wronskians, and generalize them to two variable polynomials. Finally we show how these tools can be used to calculate the rank of a matrix. iv ACKNOWLEDGMENTS My deepest thanks goes to Dr. Brookfield, without whom this thesis would have never come to fruition.
    [Show full text]
  • The Partition Function of Log-Gases with Multiple Odd Charges
    The Partition Function of Log-Gases with Multiple Odd Charges Elisha D. Wolff Jonathan M. Wells August 12, 2021 Abstract We use techniques in the shuffle algebra to present a formula for the partition function of a one- dimensional log-gas comprised of particles of (possibly) different integer charges at certain inverse tem- perature β in terms of the Berezin integral of an associated non-homogeneous alternating tensor. This generalizes previously known results by removing the restriction on the number of species of odd charge. Our methods provide a unified framework extending the de Bruijn integral identities from classical β- ensembles (β = 1, 2, 4) to multicomponent ensembles, as well as to iterated integrals of more general determinantal integrands. Keywords: Partition function, Berezin integral, Pfaffian, Hyperpfaffian, Grand canonical ensemble, Shuffle algebra 1 Introduction Suppose a finite number of charged particles are placed on an infinite wire represented by the real line. The charges of the particles are assumed to be integers with the same sign, and the particles are assumed to repel each other with logarithmic interactions. We assume any two particles of the same charge, which we will call same species, are indistinguishable. The wire is imbued with a potential which discourages the particles from escaping to infinity in either direction, and heat is applied to the system according to a parameter we call the inverse temperature β. arXiv:2105.14378v2 [math-ph] 11 Aug 2021 We consider two ensembles: 1. The Canonical Ensemble, in which the number of particles of each species is fixed; in this case, we say fixed population.
    [Show full text]