Results 1  10
of
44
Random Mapping Statistics
 IN ADVANCES IN CRYPTOLOGY
, 1990
"... Random mappings from a finite set into itself are either a heuristic or an exact model for a variety of applications in random number generation, computational number theory, cryptography, and the analysis of algorithms at large. This paper introduces a general framework in which the analysis of ..."
Abstract

Cited by 87 (6 self)
 Add to MetaCart
Random mappings from a finite set into itself are either a heuristic or an exact model for a variety of applications in random number generation, computational number theory, cryptography, and the analysis of algorithms at large. This paper introduces a general framework in which the analysis of about twenty characteristic parameters of random mappings is carried out: These parameters are studied systematically through the use of generating functions and singularity analysis. In particular, an open problem of Knuth is solved, namely that of finding the expected diameter of a random mapping. The same approach is applicable to a larger class of discrete combinatorial models and possibilities of automated analysis using symbolic manipulation systems ("computer algebra") are also briefly discussed.
Coalescent Random Forests
 J. COMBINATORIAL THEORY A
, 1998
"... Various enumerations of labeled trees and forests, including Cayley's formula n n\Gamma2 for the number of trees labeled by [n], and Cayley's multinomial expansion over trees, are derived from the following coalescent construction of a sequence of random forests (R n ; R n\Gamma1 ; : ..."
Abstract

Cited by 39 (18 self)
 Add to MetaCart
Various enumerations of labeled trees and forests, including Cayley's formula n n\Gamma2 for the number of trees labeled by [n], and Cayley's multinomial expansion over trees, are derived from the following coalescent construction of a sequence of random forests (R n ; R n\Gamma1 ; : : : ; R 1 ) such that R k has uniform distribution over the set of all forests of k rooted trees labeled by [n]. Let R n be the trivial forest with n root vertices and no edges. For n k 2, given that R n ; : : : ; R k have been defined so that R k is a rooted forest of k trees, define R k\Gamma1 by addition to R k of a single edge picked uniformly at random from the set of n(k \Gamma 1) edges which when added to R k yield a rooted forest of k \Gamma 1 trees. This coalescent construction is related to a model for a physical process of clustering or coagulation, the additive coalescent in which a system of masses is subject to binary coalescent collisions, with each pair of masses of magnitude...
On Random Walks For Pollard's Rho Method
 Mathematics of Computation
, 2000
"... . We consider Pollard's rho method for discrete logarithm computation. Usually, in the analysis of its running time the assumption is made that a random walk in the underlying group is simulated. We show that this assumption does not hold for the walk originally suggested by Pollard: its per ..."
Abstract

Cited by 33 (5 self)
 Add to MetaCart
(Show Context)
. We consider Pollard's rho method for discrete logarithm computation. Usually, in the analysis of its running time the assumption is made that a random walk in the underlying group is simulated. We show that this assumption does not hold for the walk originally suggested by Pollard: its performance is worse than in the random case. We study alternative walks that can be efficiently applied to compute discrete logarithms. We introduce a class of walks that lead to the same performance as expected in the random case. We show that this holds for arbitrarily large prime group orders, thus making Pollard's rho method for prime group orders about 20% faster than before. 1. Introduction Let G be a finite cyclic group, written multiplicatively, and generated by the group element g. We define the discrete logarithm problem (DLP) as follows: given a group element h, find the least nonnegative integer x such that h = g x . We write x = log g h and call it the discrete logarithm of h...
SquareRoot Algorithms For The Discrete Logarithm Problem (a Survey)
 In Public Key Cryptography and Computational Number Theory, Walter de Gruyter
, 2001
"... The best algorithms to compute discrete logarithms in arbitrary groups (of prime order) are the babystep giantstep method, the rho method and the kangaroo method. The first two have (expected) running time O( p n) group operations (n denoting the group order), thereby matching Shoup's lower b ..."
Abstract

Cited by 32 (0 self)
 Add to MetaCart
(Show Context)
The best algorithms to compute discrete logarithms in arbitrary groups (of prime order) are the babystep giantstep method, the rho method and the kangaroo method. The first two have (expected) running time O( p n) group operations (n denoting the group order), thereby matching Shoup's lower bounds. While the babystep giantstep method is deterministic but with large memory requirements, the rho and the kangaroo method are probabilistic but can be implemented very space efficiently, and they can be parallelized with linear speedup. In this paper, we present the state of the art in these methods.
Independent process approximations for random combinatorial structures
 Advances in mathematics
"... Many random combinatorial objects have a component structure whose joint distribution is equal to that of a process of mutually independent random variables, conditioned on the value of a weighted sum of the variables. It is interesting to compare the combinatorial structure directly to the independ ..."
Abstract

Cited by 30 (4 self)
 Add to MetaCart
(Show Context)
Many random combinatorial objects have a component structure whose joint distribution is equal to that of a process of mutually independent random variables, conditioned on the value of a weighted sum of the variables. It is interesting to compare the combinatorial structure directly to the independent discrete process, without renormalizing. The quality of approximation can often be conveniently quantified in terms of total variation distance, for functionals which observe part, but not all, of the combinatorial and independent processes. Among the examples are combinatorial assemblies (e.g., permutations, random mapping functions, and partitions of a set), multisets (e.g, polynomials over a finite field, mapping patterns and partitions of an integer), and selections (e.g., partitions of an integer into distinct parts, and squarefree polynomials over finite fields). We consider issues common to all the above examples, including equalities and upper bounds for total variation distances, existence of limiting processes, heuristics for good approximations, the relation to standard generating functions, moment formulas and recursions for computing densities, refinement to the process which counts the number of parts of each possible type, the effect of further conditioning on events of moderate probability, large deviation theory and nonuniform measures on combinatorial objects, and the possibility of getting useful results by overpowering the conditioning. 0 1994 Amdcmic Pres, Inc. Contents. 1. Introduction. 1.1.
A Hardware Design Model for Cryptographic Algorithms
, 1992
"... . A hardware implementation model is proposed that can be used in the design of stream ciphers, block ciphers and cryptographic hash functions. The cryptographic finite state machine (CFSM) model is no mathematical tool, but a set of criteria that have to be met by a real hardware finite state machi ..."
Abstract

Cited by 16 (6 self)
 Add to MetaCart
. A hardware implementation model is proposed that can be used in the design of stream ciphers, block ciphers and cryptographic hash functions. The cryptographic finite state machine (CFSM) model is no mathematical tool, but a set of criteria that have to be met by a real hardware finite state machine that will be used in the implementation of a cryptographic algorithm. Diffusion is studied by means of the diffusion graph and dependence matrix. For the study of confusion differential cryptanalysis is used. In the paper the design of a highspeed cryptographic coprocessor is presented called Subterranean. This coprocessor can be used for both cryptographic pseudorandom sequence generation and cryptographic hashing. It can be implemented in a straightforward way as (part of) a chip. The small gatedelay allows high clockfrequencies, and even a moderate estimation of 20 MHz leads to a (stream)encryption speed of 0.3 Gbit/s and hashing speed of 0.6 Gbit/sec. Keywords: Hardware Cryptograph...
Limit theorems for combinatorial structures via discrete process approximations. Random Structures and Algorithms
, 1992
"... Discrete functional limit theorems, which give independent process approximations for the joint distribution of the component structure of combinatorial objects such as permutations and mappings, have recently become available. In this article, we demonstrate the power of these theorems to provide e ..."
Abstract

Cited by 16 (1 self)
 Add to MetaCart
(Show Context)
Discrete functional limit theorems, which give independent process approximations for the joint distribution of the component structure of combinatorial objects such as permutations and mappings, have recently become available. In this article, we demonstrate the power of these theorems to provide elementary proofs of a variety of new and old limit theorems, including results previously proved by complicated analytical methods. Among the examples we treat are Brownian motion limit theorems for the cycle counts of a random permutation or the component counts of a random mapping, a Poisson limit law for the core of a random mapping, a generalization of the ErdosTurin Law for the logorder of a random permutation and the smallest component size of a random permutation, approximations to the joint laws of the smallest cycle sizes of a random mapping, and a limit distribution for the difference between the total number of cycles and the number of
Boolean Dynamics with Random Couplings
, 2002
"... This paper reviews a class of generic dissipative dynamical systems called NK models. In these models, the dynamics of N elements, defined as Boolean variables, develop step by step, clocked by a discrete time variable. Each of the N Boolean elements at a given time is given a value which depends ..."
Abstract

Cited by 13 (0 self)
 Add to MetaCart
This paper reviews a class of generic dissipative dynamical systems called NK models. In these models, the dynamics of N elements, defined as Boolean variables, develop step by step, clocked by a discrete time variable. Each of the N Boolean elements at a given time is given a value which depends upon K elements in the previous time step. We review the work of many authors on the behavior of the models, looking particularly at the structure and lengths of their cycles, the sizes of their basins of attraction, and the flow of information through the systems. In the limit of infinite N, there is a phase transition between a chaotic and an ordered phase, with a critical phase in between. We argue that the behavior of this system depends significantly on the topology of the network connections. If the elements are placed upon a lattice with dimension d, the system shows correlations related to the standard percolation or directed percolation phase transition on such a lattice. On the other hand, a very different behavior is seen in the Kauffman net in which all spins are equally likely to be coupled to a given spin. In this situation, coupling loops are mostly suppressed, and the behavior of the system is much more like that of a mean field theory. We also describe possible applications of the models to, for example, genetic networks, cell differentiation, evolution, democracy in social systems and neural networks.
On the Iteration of Certain Quadratic Maps over GF(p)
"... We consider the properties of certain graphs based on iteration of the quadratic maps x ! x and x ! x 2 over a finite field GF(p). ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
We consider the properties of certain graphs based on iteration of the quadratic maps x ! x and x ! x 2 over a finite field GF(p).