DOCSLIB.ORG

Differentially 4-Uniform Bijections by Permuting the Inverse Function

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Differentially 4-Uniform Bijections by Permuting the Inverse Function Di®erentially 4-Uniform Bijections by Permuting the Inverse Function Deng Tang1;2 Claude Carlet2 Xiaohu Tang1 Abstract Block ciphers use Substitution boxes (S-boxes) to create confusion into the cryp- tosystems. Functions used as S-boxes should have low di®erential uniformity, high nonlinearity and algebraic degree larger than 3 (preferably strictly larger). They should be fastly computable; from this viewpoint, it is better when they are in even number of variables. In addition, the functions should be bijections in a Substitution-Permutation Network. Almost perfect nonlinear (APN) functions have the lowest di®erential uni- formity 2 and the existence of APN bijections over F2n for even n ¸ 8 is a big open problem. In the present paper, we focus on constructing di®erentially 4-uniform bijec- tions suitable for designing S-boxes for block ciphers. Based on the idea of permuting the inverse function, we design a construction providing a large number of di®erentially 4-uniform bijections with maximum algebraic degree and high nonlinearity. For every even n ¸ 12, we mathematically prove that the functions in a subclass of the con- structed class are CCZ-inequivalent to known di®erentially 4-uniform power functions and to quadratic functions. This is the ¯rst mathematical proof that an in¯nite class of di®erentially 4-uniform bijections is CCZ-inequivalent to known di®erentially 4-uniform power functions and to quadratic functions. We also get a general lower bound on the nonlinearity of our functions, which can be very high in some cases, and obtain three improved lower bounds on the nonlinearity for three special subcases of functions which are extremely large. Keywords: block cipher, substitution box, di®erentially 4-uniform bijection, CCZ- equivalence, nonlinearity. 1Provincial Key Lab of Information Coding and Transmission, Institute of Mobile Communications, Southwest Jiaotong University, Chengdu, 610031, China. 2LAGA, Universities of Paris 8 and Paris 13; CNRS, UMR 7539. Address: University of Paris 8, Depart- ment of Mathematics, 2 rue de la libert¶e,93526 Saint-Denis cedex 02, France. Email: [email protected] (D. Tang), [email protected] (C. Carlet), [email protected] (X. Tang) 1 1 Introduction The generally accepted design principles for block ciphers and stream ciphers are con- fusion and di®usion; they were introduced by Shannon in [12]. Confusion means making the relation between the ciphertext and the plaintext as complex as possible for the at- tacker and di®usion is the spreading out of the influence of one or several arbitrary bits of the plaintext or/and of the key over the output bits. In block ciphers, the confusion property is provided by Substitution boxes (S-boxes) with good cryptographic properties and the di®usion is created by (generally) linear transformations with large branch number (related to codes of large minimum distance). In addition, S-boxes must be bijective in Substitution-Permutation Networks (like the Advanced Encryption Standard, AES). In the present paper, we concentrate on the design of bijective S-boxes. An S-box with n input bits and m output bits is a multiple-output Boolean function which is often called an (n; m)-function or (if the values n and m are omitted) a vectorial Boolean function. The S-boxes used in cryptosystems should satisfy all relevant design criteria simultaneously in order to be resistant against the known attacks and, hopefully, against some attacks which may exist but are not yet e±cient and might be improved in the future. Linear cryptanalysis is a known-plaintext attack based on the existence of linear relations satis¯ed with a probability signi¯cantly di®erent from 1/2, relating the plaintext bits, the ciphertext bits and the key bits. To contribute to resisting linear cryptanalysis [10], S-boxes used in cryptosystems should have high nonlinearity. The di®erential attack, developed by Biham and Shamir [1], is a chosen-plaintext attack that exploits the correlation between the input and output di®erences of a pair of plaintext blocks through the network of transformations with same key. The di®erential attack has a substantial impact on the design of block encryption algorithms. After this attack was invented, Nyberg [11] proposed the concept of di®erential ±-uniformity (see De¯nition 1 below), for measuring the ability of a given function to contribute to resisting this attack. For a given (n; m)-function G, the value of ± should be as small as possible. It is well-known that the smallest possible value of ± is 2 when n = m; the functions achieving this value are called almost perfect nonlinear (APN). Furthermore, functions used as S-boxes should have algebraic degree as high as possible, or at least not low, to resist the higher order di®erential attack [8] introduced by Knudsen. The algebraic degree of 2 is very weak but a degree of 3 seems not enough and a degree at least 4 is safer. In addition, functions would better have high graph algebraic immunity to resist the algebraic attacks (this attack is not yet e±cient but we must consider the possibility it becomes e±cient in the future). Moreover, we need the S-boxes to be e±ciently computable, which in software is easier if the number n of input bits is even; in fact, the best is to take n equal to a power of 2, since this allows decomposing optimally the computation of the output in F2n into computations in sub¯elds. In hardware, n does not need to be a power of 2, but we like in general the cryptosystems to be e±ciently 2 implementable in both hardware and software (which is also more convenient for the design of the whole cipher); for instance the number of input and output bits of the S-boxes of the AES is 8. Up to now, there is only one sporadic example of APN bijection for n = 6, found in [3] and it is a big open problem to know whether there exist APN bijections over F2n for even n ¸ 8. So, for resisting di®erential attacks in even dimensions, we need to choose di®erentially 4-uniform bijections as S-boxes when n is even. Di®erential 4-uniformity is not optimal but it can withstand di®erential attacks in an e±cient way. For example, the AES uses a di®erentially 4-uniform bijection with 8 input bits. By now, only a few classes of di®erentially 4-uniform bijections in even dimensions have been found, some of them are listed in [5, 14]. We list all known APN bijections and di®erentially 4-uniform bijections in even dimensions below for the convenience of the reader. Clearly, the functions xd and x2id are a±ne equivalent for every i, so we only list one value of d for each cyclotomic coset of 2 mod 2n ¡ 1. Besides, any bijection is CCZ-equivalent (see de¯nition in Section 2) to its compositional inverse, so we also omit d¡1 when d is co-prime with 2n ¡ 1. ² There is only one example of APN bijection on 6 variables, given by J. Dillon [3] (the problem of ¯nding an example of APN bijections in even number of variables had been open for ten years). But it is CCZ-equivalent to a quadratic function, which may be vulnerable by the higher order di®erential attack, and its expression is complex, which leads to ine±cient implementation in both hardware and software. ² The inverse function x2n¡2 is bijective and is di®erentially 4-uniform when n is even [11]; it is used as the S-box of the AES with n = 8. This class of functions has best known nonlinearity 2n¡1 ¡2n=2 and has maximum algebraic degree n¡1. But it is the worst possible with respect to algebraic attacks since if we denote y = x¡1 then we have the bilinear relation x2y = x. As mentioned above, though the algebraic attacks are not yet e±cient, they represent a threat. A possible way to repair this weakness will be to compose the inverse function with a simple permutation, see below. ² The Gold functions x2i+1 such that gcd(i; n) = 2 are di®erentially 4-uniform. Some- times, functions in this class are bijective since gcd(2i + 1; 2n ¡ 1) divides gcd(22i ¡ 1; 2n ¡ 1) = 2gcd(2i;n) ¡ 1; hence if n ´ 2 [mod 4], the function is bijective, but n is not a power of 2 and more problematically this class of functions is quadratic and can not be used as S-box. ² The Kasami functions x22i¡2i+1 such that n ´ 2 [mod 4] and gcd(i; n) = 2 are di®erentially 4-uniform. Sometimes, functions in this class are bijective as well. This class of functions never reaches the maximum algebraic degree n ¡ 1 (but this may not be a problem). More problematically, it is related to quadratic functions when it 2i i 23i+1 i n is bijective, since 2 ¡ 2 + 1 = 2i+1 , 2 + 1 is co-prime with 2 ¡ 1 when n ´ 2 [mod ¡1 4] and gcd(i; n) = 2; this implies that it has the form F (x) = Q1(x)Q2 (x) where Q1 3 and Q2 are quadratic permutations. Maybe this could be used in an extended higher order di®erential attack. So this function, which is clearly the most interesting power function to be used as S-box, would represent some risk. ² The function x2n=2+n=4+1 is di®erentially 4-uniform [2] and has best known nonlinearity 2n¡1 ¡ 2n=2 as well.
Load more

Recommended publications
  • Mathematics 144 Set Theory Fall 2012 Version
    MATHEMATICS 144 SET THEORY FALL 2012 VERSION Table of Contents I. General considerations.……………………………………………………………………………………………………….1 1. Overview of the course…………………………………………………………………………………………………1 2. Historical background and motivation………………………………………………………….………………4 3. Selected problems………………………………………………………………………………………………………13 I I. Basic concepts. ………………………………………………………………………………………………………………….15 1. Topics from logic…………………………………………………………………………………………………………16 2. Notation and first steps………………………………………………………………………………………………26 3. Simple examples…………………………………………………………………………………………………………30 I I I. Constructions in set theory.………………………………………………………………………………..……….34 1. Boolean algebra operations.……………………………………………………………………………………….34 2. Ordered pairs and Cartesian products……………………………………………………………………… ….40 3. Larger constructions………………………………………………………………………………………………..….42 4. A convenient assumption………………………………………………………………………………………… ….45 I V. Relations and functions ……………………………………………………………………………………………….49 1.Binary relations………………………………………………………………………………………………………… ….49 2. Partial and linear orderings……………………………..………………………………………………… ………… 56 3. Functions…………………………………………………………………………………………………………… ….…….. 61 4. Composite and inverse function.…………………………………………………………………………… …….. 70 5. Constructions involving functions ………………………………………………………………………… ……… 77 6. Order types……………………………………………………………………………………………………… …………… 80 i V. Number systems and set theory …………………………………………………………………………………. 84 1. The Natural Numbers and Integers…………………………………………………………………………….83 2. Finite induction
    [Show full text]
  • Biography Paper – Georg Cantor
    Mike Garkie Math 4010 – History of Math UCD Denver 4/1/08 Biography Paper – Georg Cantor Few mathematicians are house-hold names; perhaps only Newton and Euclid would qualify. But there is a second tier of mathematicians, those whose names might not be familiar, but whose discoveries are part of everyday math. Examples here are Napier with logarithms, Cauchy with limits and Georg Cantor (1845 – 1918) with sets. In fact, those who superficially familier with Georg Cantor probably have two impressions of the man: First, as a consequence of thinking about sets, Cantor developed a theory of the actual infinite. And second, that Cantor was a troubled genius, crippled by Freudian conflict and mental illness. The first impression is fundamentally true. Cantor almost single-handedly overturned the Aristotle’s concept of the potential infinite by developing the concept of transfinite numbers. And, even though Bolzano and Frege made significant contributions, “Set theory … is the creation of one person, Georg Cantor.” [4] The second impression is mostly false. Cantor certainly did suffer from mental illness later in his life, but the other emotional baggage assigned to him is mostly due his early biographers, particularly the infamous E.T. Bell in Men Of Mathematics [7]. In the racially charged atmosphere of 1930’s Europe, the sensational story mathematician who turned the idea of infinity on its head and went crazy in the process, probably make for good reading. The drama of the controversy over Cantor’s ideas only added spice. 1 Fortunately, modern scholars have corrected the errors and biases in older biographies.
    [Show full text]
  • SRB MEASURES for ALMOST AXIOM a DIFFEOMORPHISMS José Alves, Renaud Leplaideur
    SRB MEASURES FOR ALMOST AXIOM A DIFFEOMORPHISMS José Alves, Renaud Leplaideur To cite this version: José Alves, Renaud Leplaideur. SRB MEASURES FOR ALMOST AXIOM A DIFFEOMORPHISMS. 2013. hal-00778407 HAL Id: hal-00778407 https://hal.archives-ouvertes.fr/hal-00778407 Preprint submitted on 20 Jan 2013 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. SRB MEASURES FOR ALMOST AXIOM A DIFFEOMORPHISMS JOSE´ F. ALVES AND RENAUD LEPLAIDEUR Abstract. We consider a diffeomorphism f of a compact manifold M which is Almost Axiom A, i.e. f is hyperbolic in a neighborhood of some compact f-invariant set, except in some singular set of neutral points. We prove that if there exists some f-invariant set of hyperbolic points with positive unstable-Lebesgue measure such that for every point in this set the stable and unstable leaves are \long enough", then f admits a probability SRB measure. Contents 1. Introduction 2 1.1. Background 2 1.2. Statement of results 2 1.3. Overview 4 2. Markov rectangles 5 2.1. Neighborhood of critical zone 5 2.2. First generation of rectangles 6 2.3. Second generation rectangles 7 2.4.
    [Show full text]
  • Bounding, Splitting and Almost Disjointness
    Bounding, splitting and almost disjointness Jonathan Schilhan Advisor: Vera Fischer Kurt G¨odelResearch Center Fakult¨atf¨urMathematik, Universit¨atWien Abstract This bachelor thesis provides an introduction to set theory, cardinal character- istics of the continuum and the generalized cardinal characteristics on arbitrary regular cardinals. It covers the well known ZFC relations of the bounding, the dominating, the almost disjointness and the splitting number as well as some more recent results about their generalizations to regular uncountable cardinals. We also present an overview on the currently known consistency results and formulate open questions. 1 CONTENTS Contents Introduction 3 1 Prerequisites 5 1.1 Model Theory/Predicate Logic . .5 1.2 Ordinals/Cardinals . .6 1.2.1 Ordinals . .7 1.2.2 Cardinals . .9 1.2.3 Regular Cardinals . 10 2 Cardinal Characteristics of the continuum 11 2.1 The bounding and the dominating number . 11 2.2 Splitting and mad families . 13 3 Cardinal Characteristics on regular uncountable cardinals 16 3.1 Generalized bounding, splitting and almost disjointness . 16 3.2 An unexpected inequality between the bounding and splitting numbers . 18 3.2.1 Elementary Submodels . 18 3.2.2 Filters and Ideals . 19 3.2.3 Proof of Theorem 3.2.1 (s(κ) ≤ b(κ)) . 20 3.3 A relation between generalized dominating and mad families . 23 References 28 2 Introduction @0 Since it was proven that the continuum hypothesis (2 = @1) is independent of the axioms of ZFC, the natural question arises what value 2@0 could take and it was shown @0 that 2 could be consistently nearly anything.
    [Show full text]
  • Almost-Free E-Rings of Cardinality ℵ1 Rudige¨ R Gob¨ El, Saharon Shelah and Lutz Strung¨ Mann
    Sh:785 Canad. J. Math. Vol. 55 (4), 2003 pp. 750–765 Almost-Free E-Rings of Cardinality @1 Rudige¨ r Gob¨ el, Saharon Shelah and Lutz Strung¨ mann Abstract. An E-ring is a unital ring R such that every endomorphism of the underlying abelian group R+ is multiplication by some ring element. The existence of almost-free E-rings of cardinality greater @ than 2 0 is undecidable in ZFC. While they exist in Godel'¨ s universe, they do not exist in other models @ of set theory. For a regular cardinal @1 ≤ λ ≤ 2 0 we construct E-rings of cardinality λ in ZFC which have @1-free additive structure. For λ = @1 we therefore obtain the existence of almost-free E-rings of cardinality @1 in ZFC. 1 Introduction + Recall that a unital ring R is an E-ring if the evaluation map ": EndZ(R ) ! R given by ' 7! '(1) is a bijection. Thus every endomorphism of the abelian group R+ is multiplication by some element r 2 R. E-rings were introduced by Schultz [20] and easy examples are subrings of the rationals Q or pure subrings of the ring of p-adic integers. Schultz characterized E-rings of finite rank and the books by Feigelstock [9, 10] and an article [18] survey the results obtained in the eighties, see also [8, 19]. In a natural way the notion of E-rings extends to modules by calling a left R-module M an E(R)-module or just E-module if HomZ(R; M) = HomR(R; M) holds, see [1].
    [Show full text]
  • The Axiom of Choice and Its Implications
    THE AXIOM OF CHOICE AND ITS IMPLICATIONS KEVIN BARNUM Abstract. In this paper we will look at the Axiom of Choice and some of the various implications it has. These implications include a number of equivalent statements, and also some less accepted ideas. The proofs discussed will give us an idea of why the Axiom of Choice is so powerful, but also so controversial. Contents 1. Introduction 1 2. The Axiom of Choice and Its Equivalents 1 2.1. The Axiom of Choice and its Well-known Equivalents 1 2.2. Some Other Less Well-known Equivalents of the Axiom of Choice 3 3. Applications of the Axiom of Choice 5 3.1. Equivalence Between The Axiom of Choice and the Claim that Every Vector Space has a Basis 5 3.2. Some More Applications of the Axiom of Choice 6 4. Controversial Results 10 Acknowledgments 11 References 11 1. Introduction The Axiom of Choice states that for any family of nonempty disjoint sets, there exists a set that consists of exactly one element from each element of the family. It seems strange at first that such an innocuous sounding idea can be so powerful and controversial, but it certainly is both. To understand why, we will start by looking at some statements that are equivalent to the axiom of choice. Many of these equivalences are very useful, and we devote much time to one, namely, that every vector space has a basis. We go on from there to see a few more applications of the Axiom of Choice and its equivalents, and finish by looking at some of the reasons why the Axiom of Choice is so controversial.
    [Show full text]
  • Cardinal Invariants Concerning Functions Whose Sum Is Almost Continuous Krzysztof Ciesielski West Virginia University, [email protected]
    View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by The Research Repository @ WVU (West Virginia University) Faculty Scholarship 1995 Cardinal Invariants Concerning Functions Whose Sum Is Almost Continuous Krzysztof Ciesielski West Virginia University, [email protected] Follow this and additional works at: https://researchrepository.wvu.edu/faculty_publications Part of the Mathematics Commons Digital Commons Citation Ciesielski, Krzysztof, "Cardinal Invariants Concerning Functions Whose Sum Is Almost Continuous" (1995). Faculty Scholarship. 822. https://researchrepository.wvu.edu/faculty_publications/822 This Article is brought to you for free and open access by The Research Repository @ WVU. It has been accepted for inclusion in Faculty Scholarship by an authorized administrator of The Research Repository @ WVU. For more information, please contact [email protected]. Cardinal invariants concerning functions whose sum is almost continuous. Krzysztof Ciesielski1, Department of Mathematics, West Virginia University, Mor- gantown, WV 26506-6310 ([email protected]) Arnold W. Miller1, York University, Department of Mathematics, North York, Ontario M3J 1P3, Canada, Permanent address: University of Wisconsin-Madison, Department of Mathematics, Van Vleck Hall, 480 Lincoln Drive, Madison, Wis- consin 53706-1388, USA ([email protected]) Abstract Let A stand for the class of all almost continuous functions from R to R and let A(A) be the smallest cardinality of a family F ⊆ RR for which there is no g: R → R with the property that f + g ∈ A for all f ∈ F . We define cardinal number A(D) for the class D of all real functions with the Darboux property similarly.
    [Show full text]
  • Georg Cantor English Version
    GEORG CANTOR (March 3, 1845 – January 6, 1918) by HEINZ KLAUS STRICK, Germany There is hardly another mathematician whose reputation among his contemporary colleagues reflected such a wide disparity of opinion: for some, GEORG FERDINAND LUDWIG PHILIPP CANTOR was a corruptor of youth (KRONECKER), while for others, he was an exceptionally gifted mathematical researcher (DAVID HILBERT 1925: Let no one be allowed to drive us from the paradise that CANTOR created for us.) GEORG CANTOR’s father was a successful merchant and stockbroker in St. Petersburg, where he lived with his family, which included six children, in the large German colony until he was forced by ill health to move to the milder climate of Germany. In Russia, GEORG was instructed by private tutors. He then attended secondary schools in Wiesbaden and Darmstadt. After he had completed his schooling with excellent grades, particularly in mathematics, his father acceded to his son’s request to pursue mathematical studies in Zurich. GEORG CANTOR could equally well have chosen a career as a violinist, in which case he would have continued the tradition of his two grandmothers, both of whom were active as respected professional musicians in St. Petersburg. When in 1863 his father died, CANTOR transferred to Berlin, where he attended lectures by KARL WEIERSTRASS, ERNST EDUARD KUMMER, and LEOPOLD KRONECKER. On completing his doctorate in 1867 with a dissertation on a topic in number theory, CANTOR did not obtain a permanent academic position. He taught for a while at a girls’ school and at an institution for training teachers, all the while working on his habilitation thesis, which led to a teaching position at the university in Halle.
    [Show full text]
  • Almost-At-A-Distance-Accepted
    Almost at-a-distance Andrew McKenzie (Kansas) and Lydia Newkirk (Rutgers) accepted draft in Linguistics & Philosophy [email protected] [email protected] https://doi.org/10.1007/s10988-019-09275-6 Abstract We claim that the meaning of the adverbial almost contains both a scalar proximity measure and a modal that allows it to work sometimes when proximity fails, what we call the at-a-distance reading. Essentially, almost can hold if the proposition follows from the normal uninterrupted out- comes of adding a small enough number of premises to a selection of rel- evant facts. Almost at-a-distance is blocked when the temporal properties of the topic time and Davidsonian event prevent normal outcomes from coming true when they need to. This approach to almost differs from the two general approaches that have emerged in the literature, by replacing the negative polar condition (not p) with a positive antecedent condition that entails not p while avoid- ing the numerous well-documented complications of employing a polar condition. Since this approach to almost involves a circumstantial base with a non-interrupting ordering source, almost behaves in certain ways like the progressive, and shows contextual variability of the same kinds that we see with premise sets. 1 Introduction The adverbial almost has a clear intuitive meaning, but has proven very difficult to reconcile with a formal semantics. Two basic approaches characterize our understanding of almost in the literature. Under scalar alternative accounts, almost p holds when p is false but some close alternative proposition q is true. Modal closeness accounts argue that almost p holds of world w when p is false in w, but true in some close alternative world w0.
    [Show full text]
  • Equivalents to the Axiom of Choice and Their Uses A
    EQUIVALENTS TO THE AXIOM OF CHOICE AND THEIR USES A Thesis Presented to The Faculty of the Department of Mathematics California State University, Los Angeles In Partial Fulfillment of the Requirements for the Degree Master of Science in Mathematics By James Szufu Yang c 2015 James Szufu Yang ALL RIGHTS RESERVED ii The thesis of James Szufu Yang is approved. Mike Krebs, Ph.D. Kristin Webster, Ph.D. Michael Hoffman, Ph.D., Committee Chair Grant Fraser, Ph.D., Department Chair California State University, Los Angeles June 2015 iii ABSTRACT Equivalents to the Axiom of Choice and Their Uses By James Szufu Yang In set theory, the Axiom of Choice (AC) was formulated in 1904 by Ernst Zermelo. It is an addition to the older Zermelo-Fraenkel (ZF) set theory. We call it Zermelo-Fraenkel set theory with the Axiom of Choice and abbreviate it as ZFC. This paper starts with an introduction to the foundations of ZFC set the- ory, which includes the Zermelo-Fraenkel axioms, partially ordered sets (posets), the Cartesian product, the Axiom of Choice, and their related proofs. It then intro- duces several equivalent forms of the Axiom of Choice and proves that they are all equivalent. In the end, equivalents to the Axiom of Choice are used to prove a few fundamental theorems in set theory, linear analysis, and abstract algebra. This paper is concluded by a brief review of the work in it, followed by a few points of interest for further study in mathematics and/or set theory. iv ACKNOWLEDGMENTS Between the two department requirements to complete a master's degree in mathematics − the comprehensive exams and a thesis, I really wanted to experience doing a research and writing a serious academic paper.
    [Show full text]
  • Canonical Models for Fragments of the Axiom of Choice∗
    Canonical models for fragments of the axiom of choice∗ Paul Larson y Jindˇrich Zapletal z Miami University University of Florida June 23, 2015 Abstract We develop a technology for investigation of natural forcing extensions of the model L(R) which satisfy such statements as \there is an ultrafil- ter" or \there is a total selector for the Vitali equivalence relation". The technology reduces many questions about ZF implications between con- sequences of the axiom of choice to natural ZFC forcing problems. 1 Introduction In this paper, we develop a technology for obtaining certain type of consistency results in choiceless set theory, showing that various consequences of the axiom of choice are independent of each other. We will consider the consequences of a certain syntactical form. 2 ! Definition 1.1. AΣ1 sentence Φ is tame if it is of the form 9A ⊂ ! (8~x 2 !! 9~y 2 A φ(~x;~y))^(8~x 2 A (~x)), where φ, are formulas which contain only numerical quantifiers and do not refer to A anymore, and may refer to a fixed analytic subset of 2! as a predicate. The formula are called the resolvent of the sentence. This is a syntactical class familiar from the general treatment of cardinal invari- ants in [11, Section 6.1]. It is clear that many consequences of Axiom of Choice are of this form: Example 1.2. The following statements are tame consequences of the axiom of choice: 1. there is a nonprincipal ultrafilter on !. The resolvent formula is \T rng(x) is infinite”; ∗2000 AMS subject classification 03E17, 03E40.
    [Show full text]
  • Regularity Properties and Determinacy
    Regularity Properties and Determinacy MSc Thesis (Afstudeerscriptie) written by Yurii Khomskii (born September 5, 1980 in Moscow, Russia) under the supervision of Dr. Benedikt L¨owe, and submitted to the Board of Examiners in partial fulfillment of the requirements for the degree of MSc in Logic at the Universiteit van Amsterdam. Date of the public defense: Members of the Thesis Committee: August 14, 2007 Dr. Benedikt L¨owe Prof. Dr. Jouko V¨a¨an¨anen Prof. Dr. Joel David Hamkins Prof. Dr. Peter van Emde Boas Brian Semmes i Contents 0. Introduction............................ 1 1. Preliminaries ........................... 4 1.1 Notation. ........................... 4 1.2 The Real Numbers. ...................... 5 1.3 Trees. ............................. 6 1.4 The Forcing Notions. ..................... 7 2. ClasswiseConsequencesofDeterminacy . 11 2.1 Regularity Properties. .................... 11 2.2 Infinite Games. ........................ 14 2.3 Classwise Implications. .................... 16 3. The Marczewski-Burstin Algebra and the Baire Property . 20 3.1 MB and BP. ......................... 20 3.2 Fusion Sequences. ...................... 23 3.3 Counter-examples. ...................... 26 4. DeterminacyandtheBaireProperty.. 29 4.1 Generalized MB-algebras. .................. 29 4.2 Determinacy and BP(P). ................... 31 4.3 Determinacy and wBP(P). .................. 34 5. Determinacy andAsymmetric Properties. 39 5.1 The Asymmetric Properties. ................. 39 5.2 The General Definition of Asym(P). ............. 43 5.3 Determinacy and Asym(P). ................. 46 ii iii 0. Introduction One of the most intriguing developments of modern set theory is the investi- gation of two-player infinite games of perfect information. Of course, it is clear that applied game theory, as any other branch of mathematics, can be modeled in set theory. But we are talking about the converse: the use of infinite games as a tool to study fundamental set theoretic questions.
    [Show full text]