p adic dynamical systems and cryptography
play

p -Adic Dynamical Systems and Cryptography Non-Archimedean View on T - PowerPoint PPT Presentation

Mar 07, 2024 •112 likes •2.1k views

p -Adic Dynamical Systems and Cryptography Non-Archimedean View on T -functions Vladimir Anashin Russian State University for the Humanities Faculty of Information Security p -Adic Dynamical Systems and Cryptography p. 1/65 T -functions:

  1. Why dynamical systems? An autonomous dynamical system is a suite � X , μ, f � , where X is a phase space (usually a metric space), μ is a measure on X (e.g., probabilistic one); f : X → X is a measurable mapping (usually, continuous). A trajectory of the point x 0 is a sequence x 0 , x 1 = f ( x 0 ) , . . . , x i +1 = f ( x i ) = f i +1 ( x 0 ) , . . . . � Dynamical systems theory prompts a very natural approach: Let � X , μ, f � be a dynamical system with discrete time. Take a point x 0 ∈ X as a key, and use the trajectory as a source of pseudorandomness. p -Adic Dynamical Systems and Cryptography – p. 11/65

  2. To make this approach to stream cipher design meaningful, the following questions must be answered: How one could evaluate the trajectory on a digital computer? p -Adic Dynamical Systems and Cryptography – p. 12/65

  3. To make this approach to stream cipher design meaningful, the following questions must be answered: How one could evaluate the trajectory on a digital computer? What will be the performance? p -Adic Dynamical Systems and Cryptography – p. 12/65

  4. To make this approach to stream cipher design meaningful, the following questions must be answered: How one could evaluate the trajectory on a digital computer? What will be the performance? How pseudorandom is the so produced sequence? p -Adic Dynamical Systems and Cryptography – p. 12/65

  5. To make this approach to stream cipher design meaningful, the following questions must be answered: How one could evaluate the trajectory on a digital computer? What will be the performance? How pseudorandom is the so produced sequence? Is the corresponding generator secure? p -Adic Dynamical Systems and Cryptography – p. 12/65

  6. Any use of chaos? Since early 90 th intensive studies were undertaken in the chaos-based cryptography . The leading idea of the latter is quite natural: Take a chaotic map f and make it discrete! The trajectory will hopefully look like random since the mapping is chaotic (that is, sensitive to small perturbations of the initial state). p -Adic Dynamical Systems and Cryptography – p. 13/65

  7. Bad news Results of such a straightforward approach turned out to be rather disappointing: p -Adic Dynamical Systems and Cryptography – p. 14/65

  8. Bad news Results of such a straightforward approach turned out to be rather disappointing: Example. A discrete version of the doubling map (Bernoulli shift) f ( x ) = (2 ∙ x ) mod 1 is x i +1 ≡ 2 ∙ x i (mod 2 n ) becomes 0 after at most n iterations!!! p -Adic Dynamical Systems and Cryptography – p. 14/65

  9. Bad news Results of such a straightforward approach turned out to be rather disappointing: Example. A discrete version of the doubling map (Bernoulli shift) becomes 0 after at most n iterations!!! One more example . A discrete version of the tent map f ( x ) = 1 − 2 ∙ | x − 1 2 | on [0 , 1] always falls in very short cycles, of length n at most!!! p -Adic Dynamical Systems and Cryptography – p. 14/65

  10. Bad news Results of such a straightforward approach turned out to be rather disappointing: Example. A discrete version of the doubling map (Bernoulli shift) becomes 0 after at most n iterations!!! One more example . A discrete version of the tent map always falls in very short cycles, of length n at most!!! Yet another example . A discrete version of the logistic map f ( x ) = 4 ∙ x ∙ (1 − x ) mod 1 becomes 0 after at most n 2 iterations!!! p -Adic Dynamical Systems and Cryptography – p. 14/65

  11. L. Kocarev. Chaos-Based Cryptography: A Brief Overview (2001): Despite a huge number of papers published in the field of chaos-based cryptography, the impact that this research has made on conventional cryptography is rather marginal . This is due to two reasons: First, almost all chaos-based cryptographic algorithms use dynamical systems defined on the set of real numbers , and therefore are difficult for practical realization and circuit implementation. p -Adic Dynamical Systems and Cryptography – p. 15/65

  12. L. Kocarev. Chaos-Based Cryptography: A Brief Overview (2001): Despite a huge number of papers published in the field of chaos-based cryptography, the impact that this research has made on conventional cryptography is rather marginal . First, almost all chaos-based cryptographic algorithms are difficult for practical realization and circuit implementation. Second, security and performance of almost all proposed chaos-based methods are not analyzed in terms of the techniques developed in cryptography. Moreover, most of the proposed methods generate cryptographically weak and slow algorithms . p -Adic Dynamical Systems and Cryptography – p. 15/65

  13. Shujun Li. When Chaos Meets Computers (2004): Digital computers are absolutely incapable of showing true long-time dynamics of some chaotic systems, including the tent map, the Bernoulli shift map and their analogues, even in a high-precision floating-point arithmetic. Although the results cannot directly generalized to most chaotic systems, the risk of using digital computers to numerically study continuous dynamical systems is shown clearly. As a result, we reach the old saying that “it is impossible to do everything with computers only”. p -Adic Dynamical Systems and Cryptography – p. 16/65

  14. Despite these pessimistic conclusions of the two of key researchers of chaos-based cryptography, there are very promising developments in stream cipher design related to dynamical systems theory. p -Adic Dynamical Systems and Cryptography – p. 17/65

  15. Despite these pessimistic conclusions of the two of key researchers of chaos-based cryptography, there are very promising developments in stream cipher design related to dynamical systems theory. Surprisingly, these developments are related neither to real nor to complex, but to the non-Archimedean dynamical systems theory! p -Adic Dynamical Systems and Cryptography – p. 17/65

  16. What is a good PRNG? A cryptographic PRNG must meet the following conditions: For (almost) all keys the output sequences must be pseudorandom (i.e., undistinguishable from a truly random sequence up to the tests of T ). p -Adic Dynamical Systems and Cryptography – p. 18/65

  17. What is a good PRNG? A cryptographic PRNG must meet the following conditions: For (almost) all keys the output sequences must be pseudorandom (i.e., undistinguishable from a truly random sequence up to the tests of T ). Given a segment y j , y j +1 , . . . , y j + s − 1 of the output sequence, finding the corresponding key must be infeasible (in some properly defined sense). p -Adic Dynamical Systems and Cryptography – p. 18/65

  18. What is a good PRNG? A cryptographic PRNG must meet the following conditions: For (almost) all keys the output sequences must be pseudorandom (i.e., undistinguishable from a truly random sequence up to the tests of T ). Given a segment y j , y j +1 , . . . , y j + s − 1 of the output sequence, finding the corresponding key must be infeasible (in some properly defined sense). The PRNG must be suitable for software (or hardware) implementation; the performance must be sufficiently fast. p -Adic Dynamical Systems and Cryptography – p. 18/65

  19. In other words: The state update function f must provide pseudorandomness ; in particular, it must guarantee uniform distribution and long period of the state update sequence { x i } . p -Adic Dynamical Systems and Cryptography – p. 19/65

  20. In other words: The state update function f must provide pseudorandomness The output function G must not spoil the pseudorandomness (in particular, the output sequence { y i } must be uniformly distributed and must have long period); and moreover, G must make the PRNG secure (in particular, given y i , it must be difficult to find x i from the equation y i = G ( x i ) ). p -Adic Dynamical Systems and Cryptography – p. 19/65

  21. In other words: The state update function f must provide pseudorandomness The output function G must not spoil the pseudorandomness ; and moreover, G must make the PRNG secure To make the PRNG suitable for software/hardware implementations, both f and G must be compositions of basic microprocessor instructions. p -Adic Dynamical Systems and Cryptography – p. 19/65

  22. Designing PRNG To satisfy condition 1 (of 3) a good secure PRNG must meet, one could take the state update function f : Z / 2 n → Z / 2 n with a single cycle property ; that is, f permutes elements of Z / 2 n cyclically. The state update sequence x 0 , x 1 = f ( x 0 ) , . . . , x i +1 = f ( x i ) = f i +1 ( x 0 ) , . . . of n -bit words will have then the longest possible period (of length 2 n ), and strict uniform distribution ; that is, each n -bit word will occur at the period exactly once. p -Adic Dynamical Systems and Cryptography – p. 20/65

  23. Designing PRNG To satisfy the first part of condition 2 one could take a balanced mapping G : Z / 2 n → Z / 2 k . That is, to each k -bit word the mapping G maps the same number of n -bit words (hence; k ≤ n ). For k = n balanced mappings are just invertible (that is, bijective, one-to-one) mappings. For k ≪ n balanced functions could be of use to satisfy the second part of the condition 2, since the equation y i = G ( x i ) has too many solutions then, 2 n − k . p -Adic Dynamical Systems and Cryptography – p. 20/65

  24. Designing PRNG To satisfy condition 3, one must know how to construct single cycle (respectively, balanced) mappings out of basic microprocessor instructions, which include: integer arithmetic operations (addition, multiplication,...) bitwise logical operations ( OR , XOR , AND , NOT ) machine operations (shifts, masking, sometimes cyclic shifts). p -Adic Dynamical Systems and Cryptography – p. 20/65

  25. Designing PRNG To satisfy condition 3, one must know how to construct single cycle (respectively, balanced) mappings out of basic microprocessor instructions, which include: integer arithmetic operations (addition, multiplication,...) bitwise logical operations ( OR , XOR , AND , NOT ) machine operations (shifts, masking, sometimes cyclic shifts). This could be done with the use of 2 -adic analysis! p -Adic Dynamical Systems and Cryptography – p. 20/65

  26. More attentive look ... Let z = δ 0 ( z ) + δ 1 ( z ) ∙ 2 + δ 2 ( z ) ∙ 2 2 + δ 3 ( z ) ∙ 2 3 + ∙ ∙ ∙ be a base-2 expansion for z ∈ N 0 ; then: y XOR z = y ⊕ z is a bitwise addition modulo 2: δ j ( y XOR z ) ≡ δ j ( y ) + δ j ( z ) (mod 2) ; y AND z is a bitwise multiplication modulo 2: δ j ( y AND z ) ≡ δ j ( y ) ∙ δ j ( z ) (mod 2) ; ⌊ z 2 ⌋ is a shift towards less significant bits; 2 ∙ z is a shift towards more significant bits; y AND z is the masking of z with the mask y ; z (mod 2 k ) = z AND (2 k − 1) is a reduction of z modulo 2 k p -Adic Dynamical Systems and Cryptography – p. 21/65

  27. ... and tiny observations All basic chip operations, with the only exception of cyclic shifts, are well defined on the space Z 2 of all 2-adic integers. p -Adic Dynamical Systems and Cryptography – p. 22/65

  28. ... and tiny observations All basic chip operations, with the only exception of cyclic shifts, are well defined on the space Z 2 of all 2-adic integers. The space Z 2 could be thought of as a set of all countable infinite binary sequences. p -Adic Dynamical Systems and Cryptography – p. 22/65

  29. ... and tiny observations All basic chip operations, with the only exception of cyclic shifts, are well defined on the space Z 2 of all 2-adic integers. The following example proves that . . . 11111 = − 1 . . . . 1 1 1 1 + . . . 0 0 0 1 . . . 0 0 0 0 p -Adic Dynamical Systems and Cryptography – p. 22/65

  30. Do you know that . . . 1010101 = − 1 3 ? . . . 0 1 0 1 0 1 × . . . 0 0 0 0 1 1 . . . 0 1 0 1 0 1 + . . . 1 0 1 0 1 . . . 1 1 1 1 1 1 p -Adic Dynamical Systems and Cryptography – p. 23/65

  31. Do you know that . . . 1010101 = − 1 3 ? A calculator knows that either! p -Adic Dynamical Systems and Cryptography – p. 23/65

  32. A short 2-adic tour Sequences with only finite number of 1 ’s correspond to non-negative rational integers in their base-2 expansions: . . . 00011 = 3 p -Adic Dynamical Systems and Cryptography – p. 24/65

  33. A short 2-adic tour Sequences with only finite number of 0 ’s correspond to negative rational integers: . . . 111100 = − 4 p -Adic Dynamical Systems and Cryptography – p. 24/65

  34. A short 2-adic tour Eventually periodic sequences correspond to rational numbers represented by irreducible fractions with odd denominators: . . . 1010101 = − 1 3 p -Adic Dynamical Systems and Cryptography – p. 24/65

  35. A short 2-adic tour Sequences that are not (eventually) periodic correspond to no rational number: . . . 01111011101101 p -Adic Dynamical Systems and Cryptography – p. 24/65

  36. A short 2-adic tour Distance: d 2 ( u, v ) = 2 − k iff (mod 2 k ); u �≡ v (mod 2 k +1 ) u ≡ v The longer are common initial segments of sequences the closer are the points! The space Z 2 is complete with respect to the 2 -adic distance (metric) d 2 , and compact. p -Adic Dynamical Systems and Cryptography – p. 24/65

  37. A short 2-adic tour As usual, the norm is � u � 2 = d 2 ( u, 0) . The higher power of 2 is a factor of a 2-adic integer the smaller the integer is! p -Adic Dynamical Systems and Cryptography – p. 24/65

  38. A short 2-adic tour Once distance and norm are defined, notions of limits, convergent series, continuous functions, derivatives, etc., become meaningful: d 2 ( − 1 , 3) = � ( − 1) − 3 � 2 = � − 4 � 2 = 1 2 2 = 1 4 ; d 2 n →∞ 2 n = 0 ; lim ∞ 4 i � ln( − 3) = − i is a 2-adic integer! i =1 p -Adic Dynamical Systems and Cryptography – p. 24/65

  39. More observations Basic chip operations (with the exception of cyclic shifts) are well defined continuous Z 2 -valued functions of 2-adic integer arguments. p -Adic Dynamical Systems and Cryptography – p. 25/65

  40. More observations Basic chip operations (with the exception of cyclic shifts) are well defined continuous Z 2 -valued functions of 2-adic integer arguments. Moreover, all mentioned functions (with the exception of those defined by shifts towards less significant bits) satisfy Lipschitz condition with coefficient 1 with respect to the 2-adic metric. p -Adic Dynamical Systems and Cryptography – p. 25/65

  41. More observations Basic chip operations (with the exception of cyclic shifts) are well defined continuous Z 2 -valued functions of 2-adic integer arguments. All compositions F of basic chip instructions (with the exceptions of cyclic shifts, and shifts towards less significant bits) satisfy Lipschitz condition with coefficient 1: � F ( a ) − F ( b ) � 2 ≤ � a − b � 2 p -Adic Dynamical Systems and Cryptography – p. 25/65

  42. Terminology notes The condition (mod 2 k ) whenever a ≡ b (mod 2 k ) F ( a ) ≡ F ( b ) is equivalent to the condition � F ( a ) − F ( b ) � 2 ≤ � a − b � 2 That is, F satisfy Lipschitz condition with coefficient 1 iff F is a compatible mapping of the ring Z 2 into itself. p -Adic Dynamical Systems and Cryptography – p. 26/65

  43. Terminology notes The condition (mod 2 k ) whenever a ≡ b (mod 2 k ) F ( a ) ≡ F ( b ) is equivalent to the condition � F ( a ) − F ( b ) � 2 ≤ � a − b � 2 That is, F satisfy Lipschitz condition with coefficient 1 iff F is a compatible mapping of the ring Z 2 into itself. ‘Compatible’ is an algebraic term. In cryptography they used to speak of ‘ T -functions on n -bit words’ instead of ‘compatible mappings of the residue ring Z / 2 n into itself’. p -Adic Dynamical Systems and Cryptography – p. 26/65

  44. Terminology notes This is a univariate T -function F : F �→ ( ψ 0 ( χ 0 ); ψ 1 ( χ 0 , χ 1 ); ψ 2 ( χ 0 , χ 1 , χ 2 ); . . . ) . ( χ 0 , χ 1 , χ 2 , . . . ) Here χ j ∈ { 0 , 1 } , and each ψ j ( χ 0 , . . . , χ j ) is a Boolean function in Boolean variables χ 0 , . . . , χ j . Thus, F sends a number with the base-2 expansion χ 0 + χ 1 ∙ 2 + χ 2 ∙ 2 2 + ∙ ∙ ∙ to the number with the base-2 expansion ψ 0 ( χ 0 ) + ψ 1 ( χ 0 , χ 1 ) ∙ 2 + ψ 2 ( χ 0 , χ 1 , χ 2 ) ∙ 2 2 + ∙ ∙ ∙ p -Adic Dynamical Systems and Cryptography – p. 26/65

  45. Yet another observation We conclude: T -functions on n -bit words are just approximations of 2 -adic compatible functions (i.e., functions that satisfy Lipschitz condition with coefficient 1) up to a precision 2 − n w. r. t. the 2 -adic metric. That is, a T -function on n -bit words is just a reduction modulo 2 n of a 2 -adic function that satisfy Lipschitz condition with coefficient 1 p -Adic Dynamical Systems and Cryptography – p. 27/65

  46. Yet another observation We conclude: T -functions on n -bit words are just approximations of 2 -adic compatible functions To study properties of compatible functions (hence, properties of T -functions) one may use 2-adic analysis, since compatible functions are continuous. p -Adic Dynamical Systems and Cryptography – p. 27/65

  47. Yet another observation We conclude: T -functions on n -bit words are just approximations of 2 -adic compatible functions To study properties of compatible functions (hence, properties of T -functions) one may use 2-adic analysis In addition to the basic ship operations, to construct compatible functions one may use also subtraction, division by an odd integer, exponentiation of an odd integer p -Adic Dynamical Systems and Cryptography – p. 27/65

  48. Wild functions For instance, a computer evaluates the following wild-looking function correctly, up to the best 2 -adic precision he can achieve: p -Adic Dynamical Systems and Cryptography – p. 28/65

  49. Wild functions For instance, a computer evaluates the following wild-looking function correctly, up to the best 2 -adic precision he can achieve: 8 x 8 � 7 − x AND x 2 + x 3 OR x 4 � 9+10 x 9 1 − 2 ∙ g ( x ) = 3 − 4 ∙ (5 + 6 x 5 ) x 6 XOR x 7 p -Adic Dynamical Systems and Cryptography – p. 28/65

  50. The virtual world is the non-Archimedean world! p -Adic Dynamical Systems and Cryptography – p. 29/65

  51. The virtual world is the non-Archimedean world! All triangles are isosceles! p -Adic Dynamical Systems and Cryptography – p. 29/65

  52. The virtual world is the non-Archimedean world! All triangles are isosceles! Every point inside a circle is a center of the circle! p -Adic Dynamical Systems and Cryptography – p. 29/65

  53. Important: There is a tight connection between the invertibility property/single cycle property of T -functions and metric properties of the corresponding 2 -adic functions p -Adic Dynamical Systems and Cryptography – p. 30/65

  54. More 2-adic analysis The space Z 2 is a measurable space, which is endowed with a natural probabilistic measure, the normalized Haar measure μ 2 . p -Adic Dynamical Systems and Cryptography – p. 31/65

  55. More 2-adic analysis The space Z 2 is a measurable space, which is endowed with a natural probabilistic measure, the normalized Haar measure μ 2 . Namely, the set a + 2 k Z 2 , i.e., the set of all 2 -adic integers that are congruent to a modulo 2 k , is a ball of radius 2 − k . By the definition, the volume of this ball is μ 2 ( a + 2 k Z 2 ) = 2 − k . p -Adic Dynamical Systems and Cryptography – p. 31/65

  56. More 2-adic analysis The space Z 2 is a measurable space, which is endowed with a natural probabilistic measure, the normalized Haar measure μ 2 . The mapping F : S → S of the measurable space S with a probabilistic measure μ is said to preserve measure μ (or to be μ -preserving ) iff μ ( F − 1 ( S )) = μ ( S ) for every measurable subset S ⊂ S . p -Adic Dynamical Systems and Cryptography – p. 31/65

  57. More 2-adic analysis The space Z 2 is a measurable space, which is endowed with a natural probabilistic measure, the normalized Haar measure μ 2 . The mapping F : S → S of the measurable space S with a probabilistic measure μ is said to preserve measure μ (or to be μ -preserving ) iff μ ( F − 1 ( S )) = μ ( S ) for every measurable subset S ⊂ S . A μ -preserving mapping F is said to be ergodic iff μ ( S ) = 1 or μ ( s ) = 0 for every measurable S such that F − 1 ( S ) ⊂ S . p -Adic Dynamical Systems and Cryptography – p. 31/65

  58. More 2-adic analysis The space Z 2 is a measurable space, which is endowed with a natural probabilistic measure, the normalized Haar measure μ 2 . The mapping F : S → S of the measurable space S with a probabilistic measure μ is said to preserve measure μ (or to be μ -preserving ) iff μ ( F − 1 ( S )) = μ ( S ) for every measurable subset S ⊂ S . A μ -preserving mapping F is said to be ergodic iff μ ( S ) = 1 or μ ( s ) = 0 for every measurable S such that F − 1 ( S ) ⊂ S . Loosely speaking, the invariant set of the ergodic mapping is either nothing, or everything. p -Adic Dynamical Systems and Cryptography – p. 31/65

  59. Using 2-adic analysis A compatible mapping F : Z 2 → Z 2 is said to be bijective (resp., transitive) modulo 2 k iff the induced mapping x �→ F ( x ) (mod 2 k ) is a permutation (resp., a permutation with a single cycle) on Z / 2 k . p -Adic Dynamical Systems and Cryptography – p. 32/65

  60. Using 2-adic analysis A compatible mapping F : Z 2 → Z 2 is said to be bijective (resp., transitive) modulo 2 k iff the induced mapping x �→ F ( x ) (mod 2 k ) is a permutation (resp., a permutation with a single cycle) on Z / 2 k . Theorem 1. (Anashin, 2002) A compatible mapping F : Z 2 → Z 2 is bijective ( accordingly, transitive ) modulo 2 k for all k = 1 , 2 , 3 , . . . iff it is measure-preserving ( or, accordingly, ergodic ) with respect to the normalized Haar measure μ 2 on Z 2 p -Adic Dynamical Systems and Cryptography – p. 32/65

  61. Using 2-adic analysis A compatible mapping F : Z 2 → Z 2 is said to be bijective (resp., transitive) modulo 2 k iff the induced mapping x �→ F ( x ) (mod 2 k ) is a permutation (resp., a permutation with a single cycle) on Z / 2 k . measure preservation=invertibility (mod 2 k ) for all k ∈ N ergodicity=single cycle property (mod 2 k ) for all k ∈ N p -Adic Dynamical Systems and Cryptography – p. 32/65

  62. Important: Thus, ergodic functions could serve as state update functions, whereas measure preserving functions could serve as output functions of the PRNG. p -Adic Dynamical Systems and Cryptography – p. 33/65

  63. Important: We must know how to construct ergodic/measure-preserving functions out of basic chip instructions p -Adic Dynamical Systems and Cryptography – p. 33/65

  64. Using 2-adic analysis once again To construct measure-preserving/ergodic functions, very often we could use the following effect, which is due to the ‘2-adic smoothness’ of compatible functions: A compatible function F : Z 2 → Z 2 is measure-preserving/ergodic iff the corresponding T -function F (mod 2 n ) on n -bit words (which is merely an approximation of F with precision 1 2 n ) is invertible/with a single cycle property! p -Adic Dynamical Systems and Cryptography – p. 34/65

  65. Using 2-adic analysis once again For crypto matters this gives: To verify whether a T -function is invertible/with a single cycle property on N -bit words (where N is big) one should check whether it is invertible/with a single cycle property on n -bit words, where n is often rather small! p -Adic Dynamical Systems and Cryptography – p. 34/65

  66. Using 2-adic derivations Theorem 2. (Anashin, 1993) Let a compatible function F : Z 2 → Z 2 be uniformly differentiable on Z 2 . Then F is ergodic if and only if it is transitive modulo 2 N 2 ( F )+2 Here N 2 ( F ) is such that � � F ( x + h ) − F ( x ) ≤ 1 − F ′ ( x ) � � � � h 4 � � 2 whenever � h � 2 ≤ 2 − N 2 ( F ) . p -Adic Dynamical Systems and Cryptography – p. 35/65

  67. Using 2-adic derivations Theorem 2. (Anashin, 1993) Let a compatible function F : Z 2 → Z 2 be uniformly differentiable on Z 2 . Then F is ergodic if and only if it is transitive modulo 2 N 2 ( F )+2 Example. (Klimov and Shamir, 2002) The function x + ( x 2 OR 5) is ergodic. p -Adic Dynamical Systems and Cryptography – p. 35/65

  68. Using 2-adic derivations Theorem 2. (Anashin, 1993) Let a compatible function F : Z 2 → Z 2 be uniformly differentiable on Z 2 . Then F is ergodic if and only if it is transitive modulo 2 N 2 ( F )+2 Example. (Klimov and Shamir, 2002) The function x + ( x 2 OR 5) is ergodic. Note: In their publication Klimov and Shamir write that “...neither the invertibility nor the cycle structure of x + ( x 2 OR 5) could be determined by his ( i.e., Anashin’s ) techniques.” Quite the opposite, this could be easily determined by these techniques: p -Adic Dynamical Systems and Cryptography – p. 35/65

  69. Using 2-adic derivations Theorem 2. (Anashin, 1993) Let a compatible function F : Z 2 → Z 2 be uniformly differentiable on Z 2 . Then F is ergodic if and only if it is transitive modulo 2 N 2 ( F )+2 Example. (Klimov and Shamir, 2002) The function x + ( x 2 OR 5) is ergodic. Proof. The function F ( x ) = x + ( x 2 OR 5) is uniformly differentiable on Z 2 : F ′ ( x ) = 1 + 2 x ∙ ( x OR 5) ′ = 1 + 2 x , and N 2 ( F ) = 3 since obviously ( x + h ) OR 5 = ( x OR 5) + h whenever h ≡ 0 (mod 8) . Now to prove that F is ergodic, in view of the above theorem it suffices to demonstrate that F induces a permutation with a single cycle on Z / 32 . One verifies this by direct calculations. p -Adic Dynamical Systems and Cryptography – p. 35/65

  70. How to determine ergodic functions? The following results, as well as the preceding ones, remain true (with some minor exceptions) for arbitrary prime p . Any function F : Z p → Z p could be represented by Mahler’s interpolation series : F ( x ) = � ∞ � x � j =0 c j for j suitable c j ∈ Z p . Recall  x ( x − 1) ∙ ∙ ∙ ( x − i + 1) � x � , for i = 1 , 2 , . . . ;  = i ! i 1 , for i = 0 .  An attempt to find an answer in terms of Mahler’s interpolation series looks quite natural! p -Adic Dynamical Systems and Cryptography – p. 36/65

Recommend

p -adic dynamical systems of finite order Michel Matignon Institut of Mathematics, University

p -adic dynamical systems of finite order Michel Matignon Institut of Mathematics, University

p -adic dynamical systems of finite order Michel Matignon Institut of Mathematics, University Bordeaux 1 ANR Berko Michel Matignon (IMB) p -adic dynamical systems of finite order ANR Berko,Bordeaux, June 2011 1 / 33 Introduction Abstract In

335 views • 33 slides
Strongly self-absorbing C -dynamical systems Classification and dynamical systems I: C

Strongly self-absorbing C -dynamical systems Classification and dynamical systems I: C

Strongly self-absorbing C -dynamical systems Classification and dynamical systems I: C -algebras Mittag-Leffler institute, Stockholm Gbor Szab WWU Mnster February 2016 1 / 24 Background & Motivation 1 Strongly

646 views • 53 slides
Lecture 5: Basic Dynamical Systems CS 344R/393R: Robotics Benjamin Kuipers Dynamical Systems

Lecture 5: Basic Dynamical Systems CS 344R/393R: Robotics Benjamin Kuipers Dynamical Systems

Lecture 5: Basic Dynamical Systems CS 344R/393R: Robotics Benjamin Kuipers Dynamical Systems A dynamical system changes continuously (almost always) according to n x = F ( x ) where x A controller is defined to change the

272 views • 15 slides
Statistics of spike trains: A dynamical systems Statistics of spike trains: A dynamical systems

Statistics of spike trains: A dynamical systems Statistics of spike trains: A dynamical systems

Statistics of spike trains: A dynamical systems Statistics of spike trains: A dynamical systems perspective. perspective. Bruno Cessac, Horacio Rostro, Juan-Carlos Vasquez, Thierry Viville Multiples scales. Non linear and collective

823 views • 70 slides
HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography &

HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography &

HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography & http://cseweb.ucsd.edu/users/mihir/cse207/ Brief History: Proliferation of computers and communication systems in 1960s brought with it a demand to protect

273 views • 24 slides
Figures from Zorich, 2008 Some low-dimensional dynamical systems induce a dynamical system of the

Figures from Zorich, 2008 Some low-dimensional dynamical systems induce a dynamical system of the

Genus 2 translation surface obtained by identifying parallel sides of the regular octagon Conical singularity, cone angle 6 Figures from Zorich, 2008 Some low-dimensional dynamical systems induce a dynamical system of the same class on

642 views • 50 slides
ADIC 2.0 Status and Plans Boyana Norris Beata Winnicka Argonne National Laboratory April 15,

ADIC 2.0 Status and Plans Boyana Norris Beata Winnicka Argonne National Laboratory April 15,

ADIC 2.0 Status and Plans Boyana Norris Beata Winnicka Argonne National Laboratory April 15, 2005 Nice Outline Quick ADIC 1.1 summary Whats new ADIC 2.0? ADIC 2.0 architecture and implementation. Current status Future work Example

262 views • 15 slides
p -Adic numbers and complex systems September 712, 2015, Belgrade International Conference

p -Adic numbers and complex systems September 712, 2015, Belgrade International Conference

S. V. Kozyrev Steklov Mathematical Institute p -Adic numbers and complex systems September 712, 2015, Belgrade International Conference p-ADICS.2015 Hierarchical approximations for complex systems, Hierarchy trees, buildings, wavelets,

424 views • 27 slides
Toposym 2016 Dynamical systems S. Garcia-Ferreira Ellis Semigroup Dynamical systems on compact

Toposym 2016 Dynamical systems S. Garcia-Ferreira Ellis Semigroup Dynamical systems on compact

Toposym 2016 Dynamical systems S. Garcia-Ferreira Ellis Semigroup Dynamical systems on compact metric Countable spaces countable spaces Ultrafilters p-limit points p-iterate Cardinality S. Garcia-Ferreira Countable case Coauthors: Y.

1.59k views • 120 slides
Monotone Dynamical Systems: A Quick Tour Hal Smith A R I Z O N A S T A T E U N I V E R S I T Y

Monotone Dynamical Systems: A Quick Tour Hal Smith A R I Z O N A S T A T E U N I V E R S I T Y

Monotone Dynamical Systems: A Quick Tour Hal Smith A R I Z O N A S T A T E U N I V E R S I T Y H.L. Smith (ASU) Monotone Dynamical Systems Sontagfest, May 23, 2011 1 / 16 Monotone Dynamical System State space: metric space ( X , d ) with a

533 views • 26 slides
Stability results for non-autonomous dynamical systems Cecilia Gonz alez Tokman (

Stability results for non-autonomous dynamical systems Cecilia Gonz alez Tokman (

Stability results for non-autonomous dynamical systems Cecilia Gonz alez Tokman ( Collaborators: G. Froyland, R. Murray & A. Quas ) New Developments in Open Dynamical Systems and Their Applications Banff International Research Station, 19

738 views • 59 slides
ANALYSIS of EUCLIDEAN ALGORITHMS An Arithmetical Instance of Dynamical Analysis Dynamical

ANALYSIS of EUCLIDEAN ALGORITHMS An Arithmetical Instance of Dynamical Analysis Dynamical

ANALYSIS of EUCLIDEAN ALGORITHMS An Arithmetical Instance of Dynamical Analysis Dynamical Analysis := Analysis of Algorithms + Dynamical Systems Brigitte Vall ee (CNRS and Universit e de Caen, France) Results obtained with : Ali Akhavi ,

1.73k views • 125 slides
ANALYSIS of EUCLIDEAN ALGORITHMS An Arithmetical Instance of Dynamical Analysis Dynamical

ANALYSIS of EUCLIDEAN ALGORITHMS An Arithmetical Instance of Dynamical Analysis Dynamical

ANALYSIS of EUCLIDEAN ALGORITHMS An Arithmetical Instance of Dynamical Analysis Dynamical Analysis := Analysis of Algorithms + Dynamical Systems Brigitte Vall ee (CNRS and Universit e de Caen, France) Results obtained with : Ali Akhavi ,

893 views • 55 slides
Rigorous computations for infinite dimensional dynamical systems Jean-Philippe Lessard Southern

Rigorous computations for infinite dimensional dynamical systems Jean-Philippe Lessard Southern

Rigorous computations for infinite dimensional dynamical systems Jean-Philippe Lessard Southern Ontario Dynamics Day Toronto April 12th, 2013 What is a dynamical system? What is a dynamical system? Popular answer: a math subject that

1.38k views • 105 slides
Coxeter Theory and Discrete Dynamical Systems Matthew Macauley Department of Mathematics

Coxeter Theory and Discrete Dynamical Systems Matthew Macauley Department of Mathematics

Acyclic Orientations Sequential Dynamical Systems Coxeter Groups Summary References Coxeter Theory and Discrete Dynamical Systems Matthew Macauley Department of Mathematics University of California, Santa Barbara Network Dynamics and

648 views • 48 slides
On the uniform convergence of Cesaro averages for C -dynamical systems Francesco Fidaleo

On the uniform convergence of Cesaro averages for C -dynamical systems Francesco Fidaleo

On the uniform convergence of Cesaro averages for C -dynamical systems Francesco Fidaleo University of Tor Vergata August 5, 2019 introduction Let p A , q be a C -dynamical system based on an identity-preserving -endomorphism of

443 views • 20 slides
Magma 2010 Conference on p -adic L -functions p -adic L -functions, (Stark-) Heegner points, and

Magma 2010 Conference on p -adic L -functions p -adic L -functions, (Stark-) Heegner points, and

Magma 2010 Conference on p -adic L -functions p -adic L -functions, (Stark-) Heegner points, and computer algebra Henri Darmon McGill University February 22, 2010 Thank you To the Magma group, and to M. Greenberg, X.-F. Roblot, M. Watkins,

459 views • 33 slides
Escape rates, entropy and Lyapunov exponents in dynamical systems with holes Mark Demers

Escape rates, entropy and Lyapunov exponents in dynamical systems with holes Mark Demers

Escape rates, entropy and Lyapunov exponents in dynamical systems with holes Mark Demers Fairfield University Hyperbolic Dynamical Systems in the Sciences Corinaldo, Italy May 31 - June 4, 2010 joint work with P. Wright and L.-S. Young Mark

367 views • 18 slides
Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information:

Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information:

Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information: Using microscopic physical state of quantum systems (spin of atoms/sub-atomic particles, polarization of photons etc.) to encode information

1.95k views • 154 slides
A general mechanism of diffusion in Hamiltonian Systems DYNAMICAL SYSTEMS: FROM GEOMETRY TO

A general mechanism of diffusion in Hamiltonian Systems DYNAMICAL SYSTEMS: FROM GEOMETRY TO

A general mechanism of diffusion in Hamiltonian Systems DYNAMICAL SYSTEMS: FROM GEOMETRY TO MECHANICS Marian Gidea 1 Rafael de la Llave 2 and Tere Seara 3 1 Yeshiva University, New York 2 Georgia Institute of Technology, Atlanta 3 Universitat

508 views • 34 slides
Homotopy theories of dynamical systems Rick Jardine University of Western Ontario July 15, 2013

Homotopy theories of dynamical systems Rick Jardine University of Western Ontario July 15, 2013

Homotopy theories of dynamical systems Rick Jardine University of Western Ontario July 15, 2013 Rick Jardine Homotopy theories of dynamical systems Dynamical systems A dynamical system (or S-dynamical system , or S-space ) is a map of

408 views • 28 slides
Systems Engineering and Architecture Richard M. Murray Control and Dynamical Systems California

Systems Engineering and Architecture Richard M. Murray Control and Dynamical Systems California

Systems Engineering and Architecture Richard M. Murray Control and Dynamical Systems California Institute of Technology Design Principles in Biological Systems 21 April 2008 Product Systems Engineering Systems engineering methodology

408 views • 18 slides
System Analysis and Optimizations of Human Actuated Dynamical Systems Sangjae Bae, Sang Min Han,

System Analysis and Optimizations of Human Actuated Dynamical Systems Sangjae Bae, Sang Min Han,

System Analysis and Optimizations of Human Actuated Dynamical Systems Sangjae Bae, Sang Min Han, Scott J. Moura July 5, 2018 S. Bae et al (UC Berkeley) 2018 TBSI ene2XX July 5, 2018 1 / 35 Human Actuated Dynamical Systems (HADS)? Dynamical

696 views • 44 slides
Functorial Construction E := a ring (in fact field) of p -adic power series in X 1

Functorial Construction E := a ring (in fact field) of p -adic power series in X 1

Fourier Transformation in the p -adic Langlands program p -ADICS 2015 Enno Nagel http://www.math.jussieu.fr/~nagel Belgrade, 7 September 2015 p -adic Langlands program 1 From Characteristic 0 to p 2 Fourier Transform 3 Number Theory

628 views • 18 slides

More recommend