DOCSLIB.ORG

On Graph-Based Cryptographic Hash Functions

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Universite´ catholique de Louvain Ecole polytechnique de Louvain Laboratoire de Microelectronique´ On graph-based cryptographic hash functions Christophe Petit Th`esesoutenue en vue de l'obtention du grade de Docteur en Sciences Appliqu´ees Composition du jury: Pr Jean-Jacques Quisquater (UCL - DICE) { Promoteur Pr Jean-Pierre Tignol (UCL - MATH) { Promoteur Pr Olivier Pereira (UCL - DICE) Dr Kristin Lauter (Microsoft Research) Pr Bart Preneel (KULeuven) Pr Gilles Z´emor(Bordeaux I) Pr Jean-Pierre Raskin (UCL - EMIC) { Pr´esident Louvain-la-Neuve, Belgique May 2009 ii Abstract Hash functions are an invaluable tool for cryptography. They must primarily satisfy collision resistance, but standardized hash functions like SHA also satisfy stronger properties needed for the wide range of their applications. The design of many hash functions including SHA is based on a compression function that is close to a block cipher and on a domain extension transform like Merkle-Damg˚ard.However, recent attacks against the collision resistance of SHA-1 suggest investigating new designs. The expander hash design, proposed in the early nineties by Z´emorand Tillich and recently rediscovered by Charles, Goren and Lauter, consists in defining a cryptographic hash function from an expander graph. The design is simple and elegant and important hash function properties can be interpreted as graph properties. When Cayley expander graphs are used, collision resistance reduces to the hardness of group-theoretical problems. Although these problems are not classical in cryptography, they appear in different forms in other fields and in at least one case, they have remained unbroken since 1994. This thesis studies the expander hash design, its main strengths and weak- nesses and the security and efficiency of currently existing instances. We in- troduce new functions, the Morgenstern hash function and the vectorial and projective versions of the Z´emor-Tillich function. We study the security of particular constructions. We present new algorithms breaking the preimage resistance of the LPS hash function and the collision and preimage resis- tances of the Morgenstern hash function. We improve collision and preimage attacks against Z´emor-Tillich and we describe hard and easy components of collision search for this function. We capture the malleability of expander hashes by two definitions of the literature and we describe its positive and negative consequences for applications. Finally, we introduce ZesT, an all- purpose hash function based on Z´emor-Tillich, keeping its provable collision resistance and its parallelism but avoiding its malleability. Our function is provably secure, parallelizable, scalable, admits a wide range of (very) effi- cient implementations and can be used as a general-purpose hash function. iii iv Acknowledgements My first thanks for this thesis go to Professor Jean-Jacques Quisquater for accepting to serve as my advisor. Even though Jean-Jacques sometimes appears to be flying around the world, he has always also been a safe haven to me. I owe him these years at UCL CRYPTO group, very interesting collaborations with top international researchers, great scientific and career advices, interesting discussions and a careful review of my scientific work. Professor Olivier Pereira has been perfectly complementary to Jean-Jacques. I appreciated his great availability for patiently explaining me subtleties of security definitions and proofs, his encyclopedic knowledge of the literature and his meticulous review of my thesis and some of my papers. I am grateful to Dr. Kristin Lauter and to Professor Daniele Micciancio for arranging my stay in San Diego. These three months were a very great life experience both from personal and scientific points of view. I am especially grateful to Kristin for the collaboration we started, the work we published together, the lights she provided me on the mathematics subjacent to LPS and Pizer hashes, and finally for accepting to serve in my thesis committee. Many thanks also for the funny moments I spent with you and your family in San Diego. I am also very grateful to Professor Gilles Z´emor and to Dr. Jean-Pierre Tillich for the interesting and fruitful collaboration we started these last months. I owe them two of my favorite works so far, patient explanations of the ideas that lead them to invent the expander hash design and a careful review of large parts of this thesis. Thank you also, Gilles, for accepting to serve in my thesis committee. I would also like to thank Professor Jean-Pierre Tignol for patiently teach- ing me on quaternion algebras and elliptic curves and for his very conscien- tious review of this text, and Professor Bart Preneel for accepting to serve in my thesis committee. I thank all my co-authors and the anonymous reviewers of my papers. What I have learnt from each of you has served and will keep serving me in the future. I thank Nicolas and Giacomo whose help was precious in evaluating v vi the performances of ZesT. I would also like to thank all the members of the UCL CRYPTO group and of the UCSD Cryptography and Security group for the atmospheres full of friendship and of research stimulation that I found in both places. I am especially grateful to Sylvie Baudine, heart and soul of the UCL Crypto group, for her permanent enthusiasm, her incredible efficiency and for her tracking down English errors throughout this text. As I remember some periods of doubts and stress during these years, I also remember receiving strong support and advices from colleagues that I like to call my friends; I remember playing games and drinking beers with them and I remember our Tuesday's gastronomic lunches. With all these respects, I have special thanks to address to Fran¸cois,Julien, Olmar, Chong- Hee, Giacomo and Philippe. I thank the Belgian National Science Foundation (FRS-FNRS) for its financial support and the excellent working conditions I benefited from during my thesis. Finally, I would like to thank my family and all my friends for their friendship and support in life since I have known them. For everything, un tout grand merci, thank you so much, much´ısimasgracias. Contents 1 Cryptographic hash functions from expander graphs 1 I Introduction 5 2 Cryptographic hash functions 7 2.1 Meaning of \security" in cryptography . .9 2.1.1 Computational security . .9 2.1.2 Security reductions . 11 2.2 Preimage, second preimage and collision resistances . 12 2.2.1 Preimage resistance . 14 2.2.2 Second preimage resistance . 16 2.2.3 Collision resistance . 17 2.2.4 Implications . 18 2.3 Other security notions for hash functions . 18 2.3.1 Universal hash functions . 19 2.3.2 Pseudo-random functions . 20 2.3.3 Perfectly one-way probabilistic hash functions . 22 2.3.4 The Random Oracle model . 23 2.4 The Merkle-Damg˚ardtransform . 25 2.5 Popular attacks on hash functions . 27 2.5.1 Complexity limits for the feasibility of attacks . 28 2.5.2 Generic attacks . 29 2.5.3 Attacks on iterated hash functions . 30 2.5.4 Differential cryptanalysis . 31 2.5.5 On \meaningful" collisions . 32 2.5.6 Beyond collision resistance . 32 2.6 Applications . 33 2.6.1 Message authentication codes . 33 2.6.2 Digital signatures . 36 2.6.3 Other applications . 39 vii viii CONTENTS 2.7 Further readings . 42 3 The reductionist approach to cryptographic hash functions 43 3.1 Early instances of CRHF . 45 3.1.1 Factorization-based hash functions . 45 3.1.2 Discrete logarithm-based hash functions . 48 3.1.3 Knapsack-based hash functions . 49 3.2 The Very Smooth Hash (VSH) . 52 3.2.1 The VSSR assumption . 53 3.2.2 The Very Smooth Hash algorithm . 53 3.2.3 Cube-VSH, Fast-VSH and VSH-DL . 55 3.2.4 Pros and contras of VSH . 55 3.3 The SWIFFT hash function . 56 3.3.1 The SWIFFT algorithm . 57 3.3.2 Pros and contras of SWIFFT . 59 3.4 Block-cipher based hash functions . 60 3.4.1 The Ideal Cipher model . 60 3.4.2 Main constructions . 61 3.4.3 Pros and contra . 64 3.5 Expander hashes: pros and contras . 64 3.6 Conclusion and further readings . 66 II Expander Hashes 69 4 From expander graphs to expander hashes 71 4.1 Expander graphs . 72 4.1.1 Basic definitions and notations . 73 4.1.2 Expanding properties . 76 4.1.3 Random walks on expander graphs . 79 4.1.4 Cayley graphs . 84 4.2 Expander hashes . 86 4.2.1 General construction . 86 4.2.2 Cayley hashes . 89 4.2.3 Paths and cycles-finding problems . 90 4.2.4 Balance, representation and factorization problems . 92 4.2.5 Output distribution and randomness extraction . 94 4.2.6 Generic attacks against expander and Cayley hashes . 95 4.2.7 Malleability properties . 98 4.3 Expander hashes proposals . 99 4.3.1 Necessary requirements . 99 CONTENTS ix 4.3.2 Z´emor'sfirst proposal . 100 4.3.3 Z´emor-Tillich hash function . 101 4.3.4 LPS hash function . 102 4.3.5 Morgenstern hash function . 104 4.3.6 Pizer hash function . 106 4.4 Revisiting some previous schemes . 107 5 Cryptanalytic results on ZT hash 111 5.1 On the group SL(2; F2n ) and the generators A0 and A1 .... 112 5.1.1 Subgroups of SL(2; F2n )................. 113 5.1.2 Homomorphism from SL(2; F2[X]) . 115 5.1.3 On powers of elements . 116 5.2 Positive security results on ZT hash . 118 5.3 Previous results on ZT hash . 120 5.3.1 Invertibility for short messages . 120 5.3.2 Charnes-Pieprzyck attack .
Recommended publications
  • The Association for Women in Mathematics: How and Why It Was

    The Association for Women in Mathematics: How and Why It Was

    Mathematical Communities t’s 2011 and the Association for Women in Mathematics The Association (AWM) is celebrating 40 years of supporting and II promoting female students, teachers, and researchers. It’s a joyous occasion filled with good food, warm for Women conversation, and great mathematics—four plenary lectures and eighteen special sessions. There’s even a song for the conference, titled ‘‘((3 + 1) 9 3 + 1) 9 3 + 1 Anniversary in Mathematics: How of the AWM’’ and sung (robustly!) to the tune of ‘‘This Land is Your Land’’ [ICERM 2011]. The spirit of community and and Why It Was the beautiful mathematics on display during ‘‘40 Years and Counting: AWM’s Celebration of Women in Mathematics’’ are truly a triumph for the organization and for women in Founded, and Why mathematics. It’s Still Needed in the 21st Century SARAH J. GREENWALD,ANNE M. LEGGETT, AND JILL E. THOMLEY This column is a forum for discussion of mathematical communities throughout the world, and through all time. Our definition of ‘‘mathematical community’’ is Participants from the Special Session in Number Theory at the broadest: ‘‘schools’’ of mathematics, circles of AWM’s 40th Anniversary Celebration. Back row: Cristina Ballantine, Melanie Matchett Wood, Jackie Anderson, Alina correspondence, mathematical societies, student Bucur, Ekin Ozman, Adriana Salerno, Laura Hall-Seelig, Li-Mei organizations, extra-curricular educational activities Lim, Michelle Manes, Kristin Lauter; Middle row: Brooke Feigon, Jessica Libertini-Mikhaylov, Jen Balakrishnan, Renate (math camps, math museums, math clubs), and more. Scheidler; Front row: Lola Thompson, Hatice Sahinoglu, Bianca Viray, Alice Silverberg, Nadia Heninger. (Photo Cour- What we say about the communities is just as tesy of Kiran Kedlaya.) unrestricted.
  • An Advance Visual Model for Animating Behavior of Cryptographic Protocols

    An Advance Visual Model for Animating Behavior of Cryptographic Protocols

    An Advance Visual Model for Animating Behavior of Cryptographic Protocols Mabroka Ali Mayouf Maeref1*, Fatma Alghali2, Khadija Abied2 1 Sebha University, Faculty of Science, Department of Computer Science, P. O. Box 18758 Sebha, Libya, Libyan. 2 Sebha University of Libya, Sebha, Libya. * Corresponding author. Tel.: 00218-925132935; email: [email protected] Manuscript submitted February 13, 2015; accepted July 5, 2015. doi: 10.17706/jcp.10.5.336-346 Abstract: Visual form description benefits from the ability of visualization to provide precise and clear description of object behavior especially if the visual form is extracted from the real world. It provides clear definition of object and the behavior of that object. Although the current descriptions of cryptographic protocol components and operations use a different visual representation, the cryptographic protocols behaviors are not actually reflected. This characteristic is required and included within our proposed visual model. The model uses visual form and scenario-based approach for describing cryptographic protocol behavior and thus increasing the ability to describe more complicated protocol in a simple and easy way. Key words: Animation, cryptographic protocols, interactive tool, visualization. 1. Introduction Cryptographic protocols (CPs) mostly combine both theory and practice [1], [2]. These cause protocol complexity describing and understanding. Therefore, separating the mathematical part from the protocol behavior should provide feeling of how the protocol works, thus increasing the ability to describe and to gain confidence in reflecting more complicated information about CPs, as well as to generate interest to know about other more complex protocol concepts. Several researchers realized the use of visual model and animation techniques to reflect the explanation of the learning objectives and their benefits [3]-[11].
  • (1) Hash Functions (2) MAC MDC OWHF CRHF UOWHF

    (1) Hash Functions (2) MAC MDC OWHF CRHF UOWHF

    Hash functions (1) are secure; they can be reduced to @ @ 2 classes based on linear transfor- @ @ mations of variables. The properties @ of these 12 schemes with respect to @ @ Hash Functions: Past, Present and Future weaknesses of the underlying block @ @ cipher are studied. The same ap- proach can be extended to study keyed hash functions (MACs) based - -63102392168 on block ciphers and hash functions h Bart Preneel based on modular arithmetic. Fi- nally a new attack is presented on a scheme suggested by R. Merkle. Katholieke Universiteit Leuven This slide is now shown at the Asi- acrypt 2005 in the beautiful city of bartDOTpreneel(AT)esatDOTkuleuvenDOTbe Chennai during a presentation on the state of hash functions. http://homes.esat.kuleuven.be/ preneel ∼ 5 December 2005 3 Outline Hash functions (2) Definitions • cryptographic hash function Z Z Applications Z Z • Z Z General Attacks = ZZ~ • MAC MDC Constructions @ @ • @ @ Custom Designed Hash Functions @ • © @R Hash Functions Based on Block Ciphers OWHF ? CRHF • Hash Functions Based on Algebraic Operations UOWHF • Pseudo-randomness • This talk: only MDCs (Manipulation Detection Codes), which are Conclusions often called `hash functions' • 2 4 Informal definitions (1) Informal definitions (3) preimage resistant 2nd preimage resistant 6) take a preimage resistant hash function; add an input bit b and • replace one input bit by the sum modulo 2 of this input bit and b 2nd preimage resistant preimage resistant 6) if h is OWHF, h is 2nd preimage resistant but not preimage • resistant
  • Item Box Subject Author Title Exps Pages Size Inches Pub. Date Grand

    Item Box Subject Author Title Exps Pages Size Inches Pub. Date Grand

    Item Box Subject Author Title Exps Pages Size Inches Pub. Date Grand Total: 3, 139, 369, 104, 343, 159, [and the 210 Namibian 51, 612, 191, 21, 44, 1, 39, 95, 428, docs so far is 2809] (2599) Central Africa:3 1 Central Africa—General Economics UNECA Subregional Strategies 19 32 8x11.5 Hints to Businessmen Visiting The London Board of 2 Central Africa—General Economics Congo (Brazzaville), Chad, Gabon 19 32 4.75x7.125 Trade and Central African Republic Purpose and Perfection Pottery as 3 Central Africa—General Art The Smithsonian Institution 3 4 8x9.25 a Woman's Art in Central Africa Botswana:139 National Institute of Access to Manual Skills Training in 1 Botswana—Bibliographies Bibliography Development and Cultural Botswana: An Annotated 9 13 8x11.5 Research Bibliography Social Thandiwe Kgosidintsi and 2 Botswana—Bibliographies Sciences—Information Publishing in Botswana 2 2 8.5x11 Neil Parsons Science National Institute of 3 Botswana—Bibliographies Bibliography Development Rearch and Working Papers 5 8 5.75x8.25 Documentation University of Botswana and Department of Library Studies 1 Botswana—Social Sciences Social Sciences 28 25 8.25x11.75 Swaziland Prospectus Social Refugees In Botswana: a Policy of 2 Botswana—Social Sciences United Nations 3 7 4.125x10.5 Sciences—Refugees Resettlement Projet De College Exterieur Du 3 Botswana—Social Sciences Social Sciences unknown 3 3 8.25x11.75 Botswana Community Relations in Botswana, with special reference to Francistown. Statement 4 Botswana—Social Sciences Social Sciences Republic of Botswana Delivered to the National Assembly 4 5 5.5x8 1971 by His Honor the Vice President Dt.
  • Algorithm Construction of Hli Hash Function

    Algorithm Construction of Hli Hash Function

    Far East Journal of Mathematical Sciences (FJMS) © 2014 Pushpa Publishing House, Allahabad, India Published Online: April 2014 Available online at http://pphmj.com/journals/fjms.htm Volume 86, Number 1, 2014, Pages 23-36 ALGORITHM CONSTRUCTION OF HLI HASH FUNCTION Rachmawati Dwi Estuningsih1, Sugi Guritman2 and Bib P. Silalahi2 1Academy of Chemical Analysis of Bogor Jl. Pangeran Sogiri No 283 Tanah Baru Bogor Utara, Kota Bogor, Jawa Barat Indonesia 2Bogor Agricultural Institute Indonesia Abstract Hash function based on lattices believed to have a strong security proof based on the worst-case hardness. In 2008, Lyubashevsky et al. proposed SWIFFT, a hash function that corresponds to the ring R = n Z p[]α ()α + 1 . We construct HLI, a hash function that corresponds to a simple expression over modular polynomial ring R f , p = Z p[]x f ()x . We choose a monic and irreducible polynomial f (x) = xn − x − 1 to obtain the hash function is collision resistant. Thus, the number of operations in hash function is calculated and compared with SWIFFT. Thus, the number of operations in hash function is calculated and compared with SWIFFT. 1. Introduction Cryptography is the study of mathematical techniques related to aspects Received: September 19, 2013; Revised: January 27, 2014; Accepted: February 7, 2014 2010 Mathematics Subject Classification: 94A60. Keywords and phrases: hash function, modular polynomial ring, ideal lattice. 24 Rachmawati Dwi Estuningsih, Sugi Guritman and Bib P. Silalahi of information security relating confidentiality, data integrity, entity authentication, and data origin authentication. Data integrity is a service, which is associated with the conversion of data carried out by unauthorized parties [5].
  • Bash Scripts for Avpres Verify Manifest(1)

    Bash Scripts for Avpres Verify Manifest(1)

    verify_manifest(1) Bash Scripts for AVpres verify_manifest(1) NAME verify_manifest - Verify a checksum manifest of a folder or file SYNOPSIS verify_manifest -i input_path [-m manifest_file] verify_manifest -h | -x DESCRIPTION Bash AVpres is a collection of Bash scripts for audio-visual preservation. One of these small programs is verify_manifest.Itcreates a checksum manifest of a folder or file. Bash version 3.2 is required, but we strongly advise to use the current version 5.1. OPTIONS BASIC OPTIONS -i input_path,--input=input_path path to an input folder or file -m manifest_file,--manifest=manifest_file path to the manifest file If this parameter is not passed, then the script uses for a folder: <input_path>_<algorithm>.txt and for a file: <input_path>_<extension>_<algorithm>.txt ADVA NCED OPTIONS The arguments of the advanced options can be overwritten by the user.Please remember that anystring containing spaces must be quoted, or its spaces must be escaped. --algorithm=(xxh32|xxh64|xxh128|md5|sha1|sha256|sha512|crc32) We advise to use a faster non-cryptographic hash functions, because we consider that, for archival purposes, there is no necessity to apply a more complexunkeyed cryptographic hash function. The algorithm name can be passed in upper or lower case letters. The default algorithm is xxHash 128: --algorithm=xxh128 Note that until end of 2020 the default algorithm was MD5, which has the same checksum size than the xxHash 128 algorithm. Therefore, if you verity files with an MD5 checksum, then you may pass the option --algorithm=md5 in order to speed-up the verification. Also xxHash 32 and CRC-32 have the same checksum size.
  • Hash Functions and Thetitle NIST of Shapresentation-3 Competition

    Hash Functions and Thetitle NIST of Shapresentation-3 Competition

    The First 30 Years of Cryptographic Hash Functions and theTitle NIST of SHAPresentation-3 Competition Bart Preneel COSIC/Kath. Univ. Leuven (Belgium) Session ID: CRYP-202 Session Classification: Hash functions decoded Insert presenter logo here on slide master Hash functions X.509 Annex D RIPEMD-160 MDC-2 SHA-256 SHA-3 MD2, MD4, MD5 SHA-512 SHA-1 This is an input to a crypto- graphic hash function. The input is a very long string, that is reduced by the hash function to a string of fixed length. There are 1A3FD4128A198FB3CA345932 additional security conditions: it h should be very hard to find an input hashing to a given value (a preimage) or to find two colliding inputs (a collision). Hash function history 101 DES RSA 1980 single block ad hoc length schemes HARDWARE MD2 MD4 1990 SNEFRU double MD5 block security SHA-1 length reduction for RIPEMD-160 factoring, SHA-2 2000 AES permu- DLOG, lattices Whirlpool SOFTWARE tations SHA-3 2010 Applications • digital signatures • data authentication • protection of passwords • confirmation of knowledge/commitment • micropayments • pseudo-random string generation/key derivation • construction of MAC algorithms, stream ciphers, block ciphers,… Agenda Definitions Iterations (modes) Compression functions SHA-{0,1,2,3} Bits and bytes 5 Hash function flavors cryptographic hash function this talk MAC MDC OWHF CRHF UOWHF (TCR) Security requirements (n-bit result) preimage 2nd preimage collision ? x ? ? ? h h h h h h(x) h(x) = h(x‘) h(x) = h(x‘) 2n 2n 2n/2 Informal definitions (1) • no secret parameters
  • A Matter of Security, Privacy and Trust

    A Matter of Security, Privacy and Trust

    A matter of security, privacy and trust: A study of the principles and values of encryption in New Zealand Michael Dizon Ryan Ko Wayne Rumbles Patricia Gonzalez Philip McHugh Anthony Meehan Acknowledgements This study was funded by grants from the New Zealand Law Foundation and the University of Waikato. We would like to express our gratitude to our project collaborators and members of the Advisory Board – Prof Bert-Jaap Koops (Tilburg University), Prof Lyria Bennett Moses (UNSW Sydney), Prof Alana Maurushat (Western Sydney University), and Associate Professor Alex Sims (University of Auckland) – for their support as well as feedback on specific parts of this report. We would also like to thank Patricia Gonzalez, Joseph Graddy, Philip McHugh, Anthony Meehan, Jean Murray and Peter Upson for their valuable research assistance and other contributions to this study. Michael Dizon, Ryan Ko and Wayne Rumbles Principal investigators December 2019 Executive summary Cybersecurity is crucial for ensuring the safety and well-being of the general public, businesses, government, and the country as a whole. New Zealand has a reasonably comprehensive and well-grounded legal regime and strategy for dealing with cybersecurity matters. However, there is one area that deserves further attention and discussion – encryption. Encryption is at the heart of and underpins many of the technologies and technical processes used for computer and network security, but current laws and policies do not expressly cover this significant technology. The principal objective of this study is to identify the principles and values of encryption in New Zealand with a view to informing future developments of encryption- related laws and policies.
  • Implementation and Evaluation of Secure Industrial Ethernet Communication

    Implementation and Evaluation of Secure Industrial Ethernet Communication

    Implementation and Evaluation of Secure Industrial Ethernet Communication Master of Science Thesis, Communication Engineering KAN YU Department of Signals and Systems CHALMERS UNIVERSITY OF TECHNOLOGY Göteborg, Sweden, August 2010 Page 2/88 Abstract Automation network security becomes increasingly important due to the introduction of Ethernet- based fieldbus protocols and cryptographic algorithms play a vital important role in these protocols. Choosing the most suitable cryptographic algorithms under consideration of security and performance according to different application cases is essential. In this thesis, we first present a comprehensive survey of most commonly used cryptographic algorithms which can be applied in automation networks and then identify our candidates based on existing literature and related works for further evaluation in ARM platform for industrial purpose. Finally, according to our evaluation results, we choose suitable algorithms for different applications: for symmetric algorithms, Twofish is recommended for best performance and eXtended Tiny Encryption Algorithm (XTEA) and Corrected Block Tiny Encryption Algorithm (XXTEA) are recommended for the least footprint; for Message Authentication Code (MAC) algorithms, UMAC is strongly recommended for excellent speed; for asymmetric algorithms, Elliptic Curve Cryptography (ECC) has much better performance than RSA at the same security level in our platform. Page 3/88 TABLE OF CONTENTS 1 INTRODUCTION ..................................................................................................................................
  • Hash Functions

    Hash Functions

    11 Hash Functions Suppose you share a huge le with a friend, but you are not sure whether you both have the same version of the le. You could send your version of the le to your friend and they could compare to their version. Is there any way to check that involves less communication than this? Let’s call your version of the le x (a string) and your friend’s version y. The goal is to determine whether x = y. A natural approach is to agree on some deterministic function H, compute H¹xº, and send it to your friend. Your friend can compute H¹yº and, since H is deterministic, compare the result to your H¹xº. In order for this method to be fool-proof, we need H to have the property that dierent inputs always map to dierent outputs — in other words, H must be injective (1-to-1). Unfortunately, if H is injective and H : f0; 1gin ! f0; 1gout is injective, then out > in. This means that sending H¹xº is no better/shorter than sending x itself! Let us call a pair ¹x;yº a collision in H if x , y and H¹xº = H¹yº. An injective function has no collisions. One common theme in cryptography is that you don’t always need something to be impossible; it’s often enough for that thing to be just highly unlikely. Instead of saying that H should have no collisions, what if we just say that collisions should be hard (for polynomial-time algorithms) to nd? An H with this property will probably be good enough for anything we care about.
  • Download Instructions—Portal

    Download Instructions—Portal

    Download instructions These instructions are recommended to download big files. How to download and verify files from downloads.gvsig.org • H ow to download files • G NU/Linux Systems • MacO S X Systems • Windows Systems • H ow to validate the downloaded files How to download files The files distributed on this site can be downloaded using different access protocols, the ones currently available are FTP, HTTP and RSYNC. The base URL of the site for the different protocols is: • ftp://gvsig.org/ • http://downloads.gvsig.org/ • r sync://gvsig.org/downloads/ To download files using the first two protocols is recommended to use client programs able to resume partial downloads, as it is usual to have transfer interruptions when downloading big files like DVD images. There are multiple free (and multi platform) programs to download files using different protocols (in our case we are interested in FTP and HTTP), from them we can highlight curl (http://curl.haxx.se/) and wget (http://www.gnu.org/software/wget/) from the command line ones and Free Download Manager from the GUI ones (this one is only for Windows systems). The curl program is included in MacOS X and is available for almost all GNU/Linux distributions. It can be downloaded in source code or in binary form for different operating systems from the project web site. The wget program is also included in almost all GNU/Linux distributions and its source code or binaries of the program for different systems can be downloaded from this page. Next we will explain how to download files from the most usual operating systems using the programs referenced earlier: • G NU/Linux Systems • MacO S X Systems • Windows Systems The use of rsync (available from the URL http://samba.org/rsync/) it is left as an exercise for the reader, we will only said that it is advised to use the --partial option to avoid problems when there transfers are interrupted.
  • Program of the Sessions San Diego, California, January 9–12, 2013

    Program of the Sessions San Diego, California, January 9–12, 2013

    Program of the Sessions San Diego, California, January 9–12, 2013 AMS Short Course on Random Matrices, Part Monday, January 7 I MAA Short Course on Conceptual Climate Models, Part I 9:00 AM –3:45PM Room 4, Upper Level, San Diego Convention Center 8:30 AM –5:30PM Room 5B, Upper Level, San Diego Convention Center Organizer: Van Vu,YaleUniversity Organizers: Esther Widiasih,University of Arizona 8:00AM Registration outside Room 5A, SDCC Mary Lou Zeeman,Bowdoin upper level. College 9:00AM Random Matrices: The Universality James Walsh, Oberlin (5) phenomenon for Wigner ensemble. College Preliminary report. 7:30AM Registration outside Room 5A, SDCC Terence Tao, University of California Los upper level. Angles 8:30AM Zero-dimensional energy balance models. 10:45AM Universality of random matrices and (1) Hans Kaper, Georgetown University (6) Dyson Brownian Motion. Preliminary 10:30AM Hands-on Session: Dynamics of energy report. (2) balance models, I. Laszlo Erdos, LMU, Munich Anna Barry*, Institute for Math and Its Applications, and Samantha 2:30PM Free probability and Random matrices. Oestreicher*, University of Minnesota (7) Preliminary report. Alice Guionnet, Massachusetts Institute 2:00PM One-dimensional energy balance models. of Technology (3) Hans Kaper, Georgetown University 4:00PM Hands-on Session: Dynamics of energy NSF-EHR Grant Proposal Writing Workshop (4) balance models, II. Anna Barry*, Institute for Math and Its Applications, and Samantha 3:00 PM –6:00PM Marina Ballroom Oestreicher*, University of Minnesota F, 3rd Floor, Marriott The time limit for each AMS contributed paper in the sessions meeting will be found in Volume 34, Issue 1 of Abstracts is ten minutes.