to be intractable by quantum computers. Due to significant research advancements in recent years, lattice-based schemes have now become practical and appear to be a very viable alternative to number-theoretic cryptography. In this paper we focus on recent developments and the current state-of-the-art in lattice

Abstract. In this paper, we investigate the Mixed-integer Linear Programming (MILP) modelling of the differential and linear behavior of a wide rang of block ciphers. The differential and linear behavior of the transformations involved in a block cipher can be described by a set P ⊆ {0, 1}n ⊆ Rn. We show that P is exactly the set of all 0-1 solutions of the H-representation of the convex hull of P. In addition, we can find a small number of inequalities in the H-representation of the convex hull of P such that the set of all 0-1 solutions of these inequalities equals P. Based on these discoveries and MILP technique, we propose an automatic method for finding high probability (related-key) differential or linear characteristics of block ciphers. Compared with Sun et al.’s heuristic method presented in Asiacrypt 2014, the new method is exact for most ciphers in the sense that every feasible 0-1 solution of the MILP model generated by the new method corresponds to a valid characteristic, and therefore there is no need to repeatedly add valid cutting-off inequalities into the MILP model as is done in Sun et al.’s method; the new method is more powerful which allows us to get the exact lower bounds of the number of differentially or linearly active S-boxes; and the new method is more efficient which is able to obtain characteristic enjoying higher probability or covering more rounds of a cipher with less computational effort.

interpretation for the common practice of using the oracle estimator as a gold standard against which practical approaches are compared.

I would like to thank my parents for always believing in me. I would also like to thank my supervisors Richard Lindner and Johannes Buchmann for their useful comments and suggestions on how to improve the queality of the thesis. Not on last place I would like to thank Vadim Lyubashevsky and Luis Carlos Coronado Garcia for their kindness and readiness to answer my questions. Warranty I hereby warrant that the content of this thesis is the direct result of my own work and that any use made in it of published or unpublished material is fully and correctly referenced. I also warrant that the presented work has

Abstract not found

Abstract not found

of the signal complexity. In practice, this enables lower sampling rates that can be more easily achieved by current hardware designs. The primary bottleneck that limits ADC sam-pling rates is quantization, i.e., higher bit-depths impose lower sampling rates. Thus, the decreased sampling rates of CS ADCs

Implementational aspects of code-based cryptography

This article gives theoretical insights into the performance of K-SVD, a dictionary learning algorithm that has gained significant popularity in practical applications. The particular question studied here is when a dictionary Φ ∈ Rd×K can be recovered as local minimum of the minimisation criterion

All rights reserved.