DOCSLIB.ORG

A Mathematical Framework Towards Efficient Clifford-Based Homomorphic Cryptosystems Using P-Adic Numbers

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

A MATHEMATICAL FRAMEWORK TOWARDS EFFICIENT CLIFFORD-BASED HOMOMORPHIC CRYPTOSYSTEMS USING P-ADIC NUMBERS by DAVID WILLIAM HONORIO ARAUJO DA SILVA B.S.B.A., Universidade Potiguar (Brazil), 2012 M.S.C.S., University of Colorado Colorado Springs, 2017 A dissertation submitted to the Graduate Faculty of the University of Colorado Colorado Springs in partial fulfillment of the requirements for the degree of Doctor of Philosophy Department of Computer Science 2020 © Copyright by David William Honorio Araujo da Silva 2020 All Rights Reserved This dissertation for the Doctor of Philosophy degree by David William Honorio Araujo da Silva has been approved for the Department of Computer Science by Edward C. Chow, Chair Carlos Paz de Araujo Chuan Yue Sang-Yoon Chang Philip Brown 30 November 2020 Date ii Honorio Araujo da Silva, David William (Ph.D., Engineering: Computer Science) A Mathematical Framework Towards Efficient Clifford-Based Homomorphic Cryptosystems using p-adic Numbers Dissertation directed by Professor Edward C. Chow ABSTRACT As we observe the advances in cryptography throughout history, we can see that cryptog- raphy needs to follow society’s changes in general as it gets more and more sophisticated. One critical example of this fact is that there was a time were having a message writ- ten in plain language was enough to hide information from uneducated soldiers. The next step was to apply simple replacements of letters in the message, which quickly evolved to more elaborated scramble techniques. Indeed, until the late 20th century, cryptography was considered an art. Creativity was the single most crucial strategy when producing a new encryption function. However, the advent of computers and the advances in cryptanalysis generated a demand for data security science. In the theory of cryptography, anything un- til the 1980s is considered classical cryptography. From the 1980s, modern definitions of security arose, and thus the cryptography studies and practiced from that time on is re- ferred to as modern cryptography. However, society continues to evolve. New events might change modern definitions of security even further, as is the case, to cite a few examples, the realization of large-scale quantum computers and an eventual default requirement for secure computation. If these two events became a reality today, many of the current crypto- graphic tools would be entirely or partially compromised. It seems to us that their pursuit of new ideas in cryptography must never end as we must provide proper and timely answers to such changes in society as they occur. Our motivation starts by inquiring if there are mathematical tools currently receiving none or little attention by the cryptographic com- munity that could be instrumental in producing new, efficient, and further advantageous cryptographic constructions with the ability to address the abrupt changes in the reality of cryptography such as quantum computers and secure computation. For this reason, we iii propose the use of the finite-segment p-adic arithmetic (Hensel codes) and Clifford geometric Algebra (GA) as the mathematics foundations for the construction of several homomorphic cryptographic tools such as somewhat homomorphic encryption schemes, key update, and key exchange protocols, hash algorithm, homomorphic encryption for special applications including edge computing, homomorphic image processing, and distributed computation. We discuss the security characteristics of constructions based on Hensel codes and GA by examining a leveled fully homomorphic encryption scheme based on Hensel codes whose se- curity is associated with the approximate-gcd problem and implementation of lattice-based cryptography with GA. We also introduce a mapping between arbitrary dimensional vec- tors and matrices to multivectors, which allow us to replace vector and matrix algebra by GA in constructing quantum-resistant lattice-based cryptography. We demonstrate how to use Hensel codes and GA in isolation for cryptography and different ways of combining the two mathematics foundations in a single solution. Finally, we introduce mapping between Hensel codes and multivectors in GA, which allows us to have two algebraic structures into a single one. Our work is the first exposition of a family of cryptographic functions based on Hensel codes and GA, which from concrete examples of application-specific scenarios we evolve to an application-agnostic framework, where Hensel codes and GA and explored as a mathematical framework for the production of efficient general-purpose algorithms that can satisfy modern definitions of security and also stand as candidate solutions for the era of quantum-resistant cryptography and secure computation. iv DEDICATION This dissertation is dedicated to my wife Cimaria, my son Johnathan, my daughters Samara and Sarah, and my parents Janildo and Elisabete. I could never do or be anything without you all in my life. I love you all much more than I am able to describe. v ACKNOWLEDGEMENTS I would like to thank God, first and foremost, and His Son Jesus Christ, for renewing in me every day the certainty that it is worthwhile to live a life with purpose and do not measure efforts in the search for what is good, perfect and pleasant, even in the midst of my many imperfections and limitations; Dr. Carlos Araujo for believing in me since day one, for teaching me that seeking the impossible is an honorable mission and for investing in my academic and professional growth; Dr. Edward Chow for being an encouraging ad- visor, for truly believing in the potential of my research and for keeping a supporting and positive attitude even when I faced some challenging circumstances through the course of my academic pursue; Greg Jones for being a tireless source of inspiration, a constant help- ing hand and someone I can always count on; Dr. Sang-Yoon Chang for accepting being part of my committee, for demonstrating interest in my work and for providing feedback on how to improve my research; Dr. Philip Brown for accepting being part of my committee, for being eager to contribute with my research and for the significant collaboration in one publication; Dr. Chuan Yue for accepting being part of my committee. Hanes Oliveira, Jordan Pattee, and Bhagiradh Kantheti for being trench partners, research companions, for sharing moments of tension and relaxation, for helping in my research in many ways, and for being supportive in all situations; Marcelo Xavier for countless discussions on the most varied ideas, for investing time to understand my challenges in order to help me, and for always believing that the state of impossibility of the impossible is uncertain until proven otherwise. This dissertation would not have been possible without the valuable contribution of each one of you. vi Table of Contents CHAPTER 1 Introduction 1 1.1 Motivation . 4 1.2 Contributions . 5 1.3 Two Important Related Work . 6 1.3.1 Clifford Geometric Algebra . 6 1.3.2 p-adic Numbers . 7 2 Research Questions, Metrics and Methodology 10 2.1 General-Purpose Mathematical Framework . 10 2.2 Mathematical Framework Applied to Cryptography . 12 2.3 Metrics and Methodology . 13 3 Homomorphic Encryption 16 3.1 Requirements . 18 3.2 HE Classes . 19 3.3 Key Contributions . 20 3.4 Conclusions . 26 4 p-Adic Numbers 27 4.1 A Compact Tutorial . 27 4.1.1 Basic Definitions . 28 4.1.2 Finite-Segment p-adic Arithmetic . 28 4.2 Homomorphic Data Encoding . 36 4.2.1 Performance . 37 4.3 Encrypting Rational Numbers . 38 vii 4.3.1 RSA with Rational Numbers . 40 4.4 Adding Randomness to Deterministic Algorithms . 42 4.4.1 Randomized RSA . 42 4.5 Pairing Functions . 45 4.5.1 p-adic Pairing . 46 4.6 Distributed Computation . 47 4.6.1 Description of the Scheme . 49 4.6.1.1 Security of the Scheme . 51 4.7 Conclusions . 52 5 Clifford Geometric Algebra 54 5.1 A Compact Tutorial . 55 5.1.1 Basic Definitions . 55 5.1.2 Basic Definitions in G2 ........................... 57 5.1.3 Basic Definitions in G3 ........................... 59 5.2 A First Experiment Towards FHE Based on GA . 65 5.2.1 Auxiliary Algorithms . 65 5.2.2 The Main Construction . 67 5.2.3 Performance . 68 5.2.4 General Considerations . 70 5.3 A Framework for Homomorphic Image Processing . 70 5.3.1 Auxiliary Algorithms . 71 5.3.2 The Main Construction . 72 5.3.3 Homomorphic Image Processing . 73 5.3.4 Homomorphic Results . 75 5.3.5 Performance . 75 5.3.6 General Considerations . 77 5.4 Multivector Packing Schemes . 77 5.4.1 Multivector Packing Schemes . 78 5.4.2 Clifford Eigenvalue Packing Scheme . 78 viii 5.4.3 Complex Magnitude Squared Packing Scheme . 79 5.5 Concealment Schemes . 81 5.5.1 Clifford Sylvester’s Equation Concealment (CSEC) . 82 5.5.2 Modular Concealment (MC) . 83 5.5.3 General Considerations . 84 5.6 Experimental Key Update . 85 5.6.1 HE Scheme . 85 5.6.2 Key Update Protocol . 86 5.6.3 Application . 86 5.6.4 General Considerations . 88 5.7 Further Cryptographic Experiments . 89 5.7.1 Auxiliary Algorithms . 89 5.7.2 Key Exchange Protocol . 91 5.7.3 Edge Computing Protocol . 93 5.7.4 Hash Algorithm . 94 5.7.5 Private-Key Encryption Scheme . 95 5.8 Conclusions . 97 6 Security with p-adic Numbers and GA 98 6.1 Private-Key Leveled FHE Scheme . 98 6.2 Target Definitions . 99 6.2.1 The Concrete Construction . 101 6.3 Security . 103 6.3.1 Proof by Reduction . 104 6.3.2 Weaker Version of our Scheme . 108 6.3.3 Factorization Attacks . 109 6.3.3.1 Instance With One Prime . 109 6.3.3.2 Instance With Two Primes - Option 1 . 110 6.3.3.3 Instance With Two Primes - Option 2 .
Recommended publications
  • 21. Orthonormal Bases

    21. Orthonormal Bases

    21. Orthonormal Bases The canonical/standard basis 011 001 001 B C B C B C B0C B1C B0C e1 = B.C ; e2 = B.C ; : : : ; en = B.C B.C B.C B.C @.A @.A @.A 0 0 1 has many useful properties. • Each of the standard basis vectors has unit length: q p T jjeijj = ei ei = ei ei = 1: • The standard basis vectors are orthogonal (in other words, at right angles or perpendicular). T ei ej = ei ej = 0 when i 6= j This is summarized by ( 1 i = j eT e = δ = ; i j ij 0 i 6= j where δij is the Kronecker delta. Notice that the Kronecker delta gives the entries of the identity matrix. Given column vectors v and w, we have seen that the dot product v w is the same as the matrix multiplication vT w. This is the inner product on n T R . We can also form the outer product vw , which gives a square matrix. 1 The outer product on the standard basis vectors is interesting. Set T Π1 = e1e1 011 B C B0C = B.C 1 0 ::: 0 B.C @.A 0 01 0 ::: 01 B C B0 0 ::: 0C = B. .C B. .C @. .A 0 0 ::: 0 . T Πn = enen 001 B C B0C = B.C 0 0 ::: 1 B.C @.A 1 00 0 ::: 01 B C B0 0 ::: 0C = B. .C B. .C @. .A 0 0 ::: 1 In short, Πi is the diagonal square matrix with a 1 in the ith diagonal position and zeros everywhere else.
  • Partitioned (Or Block) Matrices This Version: 29 Nov 2018

    Partitioned (Or Block) Matrices This Version: 29 Nov 2018

    Partitioned (or Block) Matrices This version: 29 Nov 2018 Intermediate Econometrics / Forecasting Class Notes Instructor: Anthony Tay It is frequently convenient to partition matrices into smaller sub-matrices. e.g. 2 3 2 1 3 2 3 2 1 3 4 1 1 0 7 4 1 1 0 7 A B (2×2) (2×3) 3 1 1 0 0 = 3 1 1 0 0 = C I 1 3 0 1 0 1 3 0 1 0 (3×2) (3×3) 2 0 0 0 1 2 0 0 0 1 The same matrix can be partitioned in several different ways. For instance, we can write the previous matrix as 2 3 2 1 3 2 3 2 1 3 4 1 1 0 7 4 1 1 0 7 a b0 (1×1) (1×4) 3 1 1 0 0 = 3 1 1 0 0 = c D 1 3 0 1 0 1 3 0 1 0 (4×1) (4×4) 2 0 0 0 1 2 0 0 0 1 One reason partitioning is useful is that we can do matrix addition and multiplication with blocks, as though the blocks are elements, as long as the blocks are conformable for the operations. For instance: A B D E A + D B + E (2×2) (2×3) (2×2) (2×3) (2×2) (2×3) + = C I C F 2C I + F (3×2) (3×3) (3×2) (3×3) (3×2) (3×3) A B d E Ad + BF AE + BG (2×2) (2×3) (2×1) (2×3) (2×1) (2×3) = C I F G Cd + F CE + G (3×2) (3×3) (3×1) (3×3) (3×1) (3×3) | {z } | {z } | {z } (5×5) (5×4) (5×4) 1 Intermediate Econometrics / Forecasting 2 Examples (1) Let 1 2 1 1 2 1 c 1 4 2 3 4 2 3 h i A = = = a a a and c = c 1 2 3 2 3 0 1 3 0 1 c 0 1 3 0 1 3 3 c1 h i then Ac = a1 a2 a3 c2 = c1a1 + c2a2 + c3a3 c3 The product Ac produces a linear combination of the columns of A.
  • Practical Homomorphic Encryption and Cryptanalysis

    Practical Homomorphic Encryption and Cryptanalysis

    Practical Homomorphic Encryption and Cryptanalysis Dissertation zur Erlangung des Doktorgrades der Naturwissenschaften (Dr. rer. nat.) an der Fakult¨atf¨urMathematik der Ruhr-Universit¨atBochum vorgelegt von Dipl. Ing. Matthias Minihold unter der Betreuung von Prof. Dr. Alexander May Bochum April 2019 First reviewer: Prof. Dr. Alexander May Second reviewer: Prof. Dr. Gregor Leander Date of oral examination (Defense): 3rd May 2019 Author's declaration The work presented in this thesis is the result of original research carried out by the candidate, partly in collaboration with others, whilst enrolled in and carried out in accordance with the requirements of the Department of Mathematics at Ruhr-University Bochum as a candidate for the degree of doctor rerum naturalium (Dr. rer. nat.). Except where indicated by reference in the text, the work is the candidates own work and has not been submitted for any other degree or award in any other university or educational establishment. Views expressed in this dissertation are those of the author. Place, Date Signature Chapter 1 Abstract My thesis on Practical Homomorphic Encryption and Cryptanalysis, is dedicated to efficient homomor- phic constructions, underlying primitives, and their practical security vetted by cryptanalytic methods. The wide-spread RSA cryptosystem serves as an early (partially) homomorphic example of a public- key encryption scheme, whose security reduction leads to problems believed to be have lower solution- complexity on average than nowadays fully homomorphic encryption schemes are based on. The reader goes on a journey towards designing a practical fully homomorphic encryption scheme, and one exemplary application of growing importance: privacy-preserving use of machine learning.
  • Handout 9 More Matrix Properties; the Transpose

    Handout 9 More Matrix Properties; the Transpose

    Handout 9 More matrix properties; the transpose Square matrix properties These properties only apply to a square matrix, i.e. n £ n. ² The leading diagonal is the diagonal line consisting of the entries a11, a22, a33, . ann. ² A diagonal matrix has zeros everywhere except the leading diagonal. ² The identity matrix I has zeros o® the leading diagonal, and 1 for each entry on the diagonal. It is a special case of a diagonal matrix, and A I = I A = A for any n £ n matrix A. ² An upper triangular matrix has all its non-zero entries on or above the leading diagonal. ² A lower triangular matrix has all its non-zero entries on or below the leading diagonal. ² A symmetric matrix has the same entries below and above the diagonal: aij = aji for any values of i and j between 1 and n. ² An antisymmetric or skew-symmetric matrix has the opposite entries below and above the diagonal: aij = ¡aji for any values of i and j between 1 and n. This automatically means the digaonal entries must all be zero. Transpose To transpose a matrix, we reect it across the line given by the leading diagonal a11, a22 etc. In general the result is a di®erent shape to the original matrix: a11 a21 a11 a12 a13 > > A = A = 0 a12 a22 1 [A ]ij = A : µ a21 a22 a23 ¶ ji a13 a23 @ A > ² If A is m £ n then A is n £ m. > ² The transpose of a symmetric matrix is itself: A = A (recalling that only square matrices can be symmetric).
  • A Survey on the Provable Security Using Indistinguishability Notion on Cryptographic Encryption Schemes

    A Survey on the Provable Security Using Indistinguishability Notion on Cryptographic Encryption Schemes

    A SURVEY ON THE PROVABLE SECURITY USING INDISTINGUISHABILITY NOTION ON CRYPTOGRAPHIC ENCRYPTION SCHEMES A THESIS SUBMITTED TO THE GRADUATE SCHOOL OF APPLIED MATHEMATICS OF MIDDLE EAST TECHNICAL UNIVERSITY BY EMRE AYAR IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF MASTER OF SCIENCE IN CRYPTOGRAPHY FEBRUARY 2018 Approval of the thesis: A SURVEY ON THE PROVABLE SECURITY USING INDISTINGUISHABILITY NOTION ON CRYPTOGRAPHIC ENCRYPTION SCHEMES submitted by EMRE AYAR in partial fulfillment of the requirements for the degree of Master of Science in Department of Cryptography, Middle East Technical University by, Prof. Dr. Om¨ ur¨ Ugur˘ Director, Graduate School of Applied Mathematics Prof. Dr. Ferruh Ozbudak¨ Head of Department, Cryptography Assoc. Prof. Dr. Ali Doganaksoy˘ Supervisor, Cryptography, METU Dr. Onur Koc¸ak Co-supervisor, TUB¨ ITAK˙ - UEKAE, Istanbul˙ Examining Committee Members: Assoc. Prof. Dr. Murat Cenk Cryptography, METU Assoc. Prof. Dr. Ali Doganaksoy˘ Department of Mathematics, METU Assist. Prof. Dr. Fatih Sulak Department of Mathematics, Atılım University Date: I hereby declare that all information in this document has been obtained and presented in accordance with academic rules and ethical conduct. I also declare that, as required by these rules and conduct, I have fully cited and referenced all material and results that are not original to this work. Name, Last Name: EMRE AYAR Signature : v vi ABSTRACT A SURVEY ON THE PROVABLE SECURITY USING INDISTINGUISHABILITY NOTION ON CRYPTOGRAPHIC ENCRYPTION SCHEMES Ayar, Emre M.S., Department of Cryptography Supervisor : Assoc. Prof. Dr. Ali Doganaksoy˘ Co-Supervisor : Dr. Onur Koc¸ak February 2018, 44 pages For an encryption scheme, instead of Shannon’s perfect security definition, Goldwasser and Micali defined a realistic provable security called semantic security.
  • Week 8-9. Inner Product Spaces. (Revised Version) Section 3.1 Dot Product As an Inner Product

    Week 8-9. Inner Product Spaces. (Revised Version) Section 3.1 Dot Product As an Inner Product

    Math 2051 W2008 Margo Kondratieva Week 8-9. Inner product spaces. (revised version) Section 3.1 Dot product as an inner product. Consider a linear (vector) space V . (Let us restrict ourselves to only real spaces that is we will not deal with complex numbers and vectors.) De¯nition 1. An inner product on V is a function which assigns a real number, denoted by < ~u;~v> to every pair of vectors ~u;~v 2 V such that (1) < ~u;~v>=< ~v; ~u> for all ~u;~v 2 V ; (2) < ~u + ~v; ~w>=< ~u;~w> + < ~v; ~w> for all ~u;~v; ~w 2 V ; (3) < k~u;~v>= k < ~u;~v> for any k 2 R and ~u;~v 2 V . (4) < ~v;~v>¸ 0 for all ~v 2 V , and < ~v;~v>= 0 only for ~v = ~0. De¯nition 2. Inner product space is a vector space equipped with an inner product. Pn It is straightforward to check that the dot product introduces by ~u ¢ ~v = j=1 ujvj is an inner product. You are advised to verify all the properties listed in the de¯nition, as an exercise. The dot product is also called Euclidian inner product. De¯nition 3. Euclidian vector space is Rn equipped with Euclidian inner product < ~u;~v>= ~u¢~v. De¯nition 4. A square matrix A is called positive de¯nite if ~vT A~v> 0 for any vector ~v 6= ~0. · ¸ 2 0 Problem 1. Show that is positive de¯nite. 0 3 Solution: Take ~v = (x; y)T . Then ~vT A~v = 2x2 + 3y2 > 0 for (x; y) 6= (0; 0).
  • On Notions of Security for Deterministic Encryption, and Efficient Constructions Without Random Oracles

    On Notions of Security for Deterministic Encryption, and Efficient Constructions Without Random Oracles

    A preliminary version of this paper appears in Advances in Cryptology - CRYPTO 2008, 28th Annual International Cryptology Conference, D. Wagner ed., LNCS, Springer, 2008. This is the full version. On Notions of Security for Deterministic Encryption, and Efficient Constructions without Random Oracles Alexandra Boldyreva∗ Serge Fehr† Adam O’Neill∗ Abstract The study of deterministic public-key encryption was initiated by Bellare et al. (CRYPTO ’07), who provided the “strongest possible” notion of security for this primitive (called PRIV) and con- structions in the random oracle (RO) model. We focus on constructing efficient deterministic encryption schemes without random oracles. To do so, we propose a slightly weaker notion of security, saying that no partial information about encrypted messages should be leaked as long as each message is a-priori hard-to-guess given the others (while PRIV did not have the latter restriction). Nevertheless, we argue that this version seems adequate for certain practical applica- tions. We show equivalence of this definition to single-message and indistinguishability-based ones, which are easier to work with. Then we give general constructions of both chosen-plaintext (CPA) and chosen-ciphertext-attack (CCA) secure deterministic encryption schemes, as well as efficient instantiations of them under standard number-theoretic assumptions. Our constructions build on the recently-introduced framework of Peikert and Waters (STOC ’08) for constructing CCA-secure probabilistic encryption schemes, extending it to the deterministic-encryption setting and yielding some improvements to their original results as well. Keywords: Public-key encryption, deterministic encryption, lossy trapdoor functions, leftover hash lemma, standard model. ∗ College of Computing, Georgia Institute of Technology, 266 Ferst Drive, Atlanta, GA 30332, USA.
  • Formalizing Public Key Cryptography

    Formalizing Public Key Cryptography

    Cryptography CS 555 Topic 29: Formalizing Public Key Cryptography 1 Recap • Key Management • Diffie Hellman Key Exchange • Password Authenticated Key Exchange (PAKEs) 2 Public Key Encryption: Basic Terminology • Plaintext/Plaintext Space • A message m c • Ciphertext ∈ ℳ • Public/Private Key Pair , ∈ ∈ 3 Public Key Encryption Syntax • Three Algorithms • Gen(1 , ) (Key-generation algorithm) • Input: Random Bits R Alice must run key generation • Output: , algorithm in advance an publishes the public key: pk • Enc ( ) (Encryption algorithm) pk ∈ • Decsk( ) (Decryption algorithm) • Input: Secret∈ key sk and a ciphertex c • Output: a plaintext message m Assumption: Adversary only gets to see pk (not sk) ∈ ℳ • Invariant: Decsk(Encpk(m))=m 4 Chosen-Plaintext Attacks • Model ability of adversary to control or influence what the honest parties encrypt. • Historical Example: Battle of Midway (WWII). • US Navy cryptanalysts were able to break Japanese code by tricking Japanese navy into encrypting a particular message • Private Key Cryptography 5 Recap CPA-Security (Symmetric Key Crypto) m0,1,m1,1 c1 = EncK(mb,1) m0,2,m1,2 c2 = EncK(mb,2) m0,3,m1,3 c3 = EncK(mb,3) … b’ Random bit b (negligible) s. t K = Gen(.) 1 Pr = + ( ) ∀ ∃ 2 6 ′ ≤ Chosen-Plaintext Attacks • Model ability of adversary to control or influence what the honest parties encrypt. • Private Key Crypto • Attacker tricks victim into encrypting particular messages • Public Key Cryptography • The attacker already has the public key pk • Can encrypt any message s/he wants! • CPA Security is critical! 7 CPA-Security (PubK , n ) Public Key:LR pk−cpa , A Π 1 1 = 0 1 , = 2 , 2 0 1 3 3 = 0 1 … b’ Random bit b (negligible) s.
  • New Foundations for Geometric Algebra1

    New Foundations for Geometric Algebra1

    Text published in the electronic journal Clifford Analysis, Clifford Algebras and their Applications vol. 2, No. 3 (2013) pp. 193-211 New foundations for geometric algebra1 Ramon González Calvet Institut Pere Calders, Campus Universitat Autònoma de Barcelona, 08193 Cerdanyola del Vallès, Spain E-mail : [email protected] Abstract. New foundations for geometric algebra are proposed based upon the existing isomorphisms between geometric and matrix algebras. Each geometric algebra always has a faithful real matrix representation with a periodicity of 8. On the other hand, each matrix algebra is always embedded in a geometric algebra of a convenient dimension. The geometric product is also isomorphic to the matrix product, and many vector transformations such as rotations, axial symmetries and Lorentz transformations can be written in a form isomorphic to a similarity transformation of matrices. We collect the idea Dirac applied to develop the relativistic electron equation when he took a basis of matrices for the geometric algebra instead of a basis of geometric vectors. Of course, this way of understanding the geometric algebra requires new definitions: the geometric vector space is defined as the algebraic subspace that generates the rest of the matrix algebra by addition and multiplication; isometries are simply defined as the similarity transformations of matrices as shown above, and finally the norm of any element of the geometric algebra is defined as the nth root of the determinant of its representative matrix of order n. The main idea of this proposal is an arithmetic point of view consisting of reversing the roles of matrix and geometric algebras in the sense that geometric algebra is a way of accessing, working and understanding the most fundamental conception of matrix algebra as the algebra of transformations of multiple quantities.
  • Matrix Determinants

    Matrix Determinants

    MATRIX DETERMINANTS Summary Uses ................................................................................................................................................. 1 1‐ Reminder ‐ Definition and components of a matrix ................................................................ 1 2‐ The matrix determinant .......................................................................................................... 2 3‐ Calculation of the determinant for a matrix ................................................................. 2 4‐ Exercise .................................................................................................................................... 3 5‐ Definition of a minor ............................................................................................................... 3 6‐ Definition of a cofactor ............................................................................................................ 4 7‐ Cofactor expansion – a method to calculate the determinant ............................................... 4 8‐ Calculate the determinant for a matrix ........................................................................ 5 9‐ Alternative method to calculate determinants ....................................................................... 6 10‐ Exercise .................................................................................................................................... 7 11‐ Determinants of square matrices of dimensions 4x4 and greater ........................................
  • Arx: an Encrypted Database Using Semantically Secure Encryption

    Arx: an Encrypted Database Using Semantically Secure Encryption

    Arx: An Encrypted Database using Semantically Secure Encryption Rishabh Poddar Tobias Boelter Raluca Ada Popa UC Berkeley UC Berkeley UC Berkeley [email protected] [email protected] [email protected] ABSTRACT some of which are property-preserving by design (denoted In recent years, encrypted databases have emerged as a PPE schemes), e.g., order-preserving encryption (OPE) [8, promising direction that provides data confidentiality with- 9, 71] or deterministic encryption (DET). OPE and DET out sacrificing functionality: queries are executed on en- are designed to reveal the order and the equality relation crypted data. However, many practical proposals rely on a between data items, respectively, to enable fast order and set of weak encryption schemes that have been shown to leak equality operations. However, while these PPE schemes con- sensitive data. In this paper, we propose Arx, a practical fer protection in some specific settings, a series of recent and functionally rich database system that encrypts the data attacks [26, 37, 61] have shown that given certain auxiliary only with semantically secure encryption schemes. We show information, an attacker can extract significant sensitive in- that Arx supports real applications such as ShareLaTeX with formation from the order and equality relations revealed by a modest performance overhead. these schemes. These works demonstrate offline attacks in which the attacker steals a PPE-encrypted database and PVLDB Reference Format: analyzes it offline. Rishabh Poddar, Tobias Boelter, and Raluca Ada Popa. Arx: Leakage from queries refers to what an (online) attacker An Encrypted Database using Semantically Secure Encryption. PVLDB, 12(11): 1664-1678, 2019.
  • 6 Inner Product Spaces

    6 Inner Product Spaces

    Lectures 16,17,18 6 Inner Product Spaces 6.1 Basic Definition Parallelogram law, the ability to measure angle between two vectors and in particular, the concept of perpendicularity make the euclidean space quite a special type of a vector space. Essentially all these are consequences of the dot product. Thus, it makes sense to look for operations which share the basic properties of the dot product. In this section we shall briefly discuss this. Definition 6.1 Let V be a vector space. By an inner product on V we mean a binary operation, which associates a scalar say u, v for each pair of vectors u, v) in V, satisfying h i the following properties for all u, v, w in V and α, β any scalar. (Let “ ” denote the complex − conjugate of a complex number.) (1) u, v = v, u (Hermitian property or conjugate symmetry); h i h i (2) u, αv + βw = α u, v + β u, w (sesquilinearity); h i h i h i (3) v, v > 0 if v =0 (positivity). h i 6 A vector space with an inner product is called an inner product space. Remark 6.1 (i) Observe that we have not mentioned whether V is a real vector space or a complex vector space. The above definition includes both the cases. The only difference is that if K = R then the conjugation is just the identity. Thus for real vector spaces, (1) will becomes ‘symmetric property’ since for a real number c, we have c¯ = c. (ii) Combining (1) and (2) we obtain (2’) αu + βv, w =α ¯ u, w + β¯ v, w .