• Aucun résultat trouvé

Differential Equivalences on SBoxes

N/A
N/A
Info
Télécharger
Protected

Academic year: 2021

Partager "Differential Equivalences on SBoxes"

Copied!
65
0
0

Chargement.... (Voir le texte intégral maintenant)

Texte intégral

(1)

HAL Id: hal-02346302

https://hal.archives-ouvertes.fr/hal-02346302

Submitted on 5 Nov 2019

HAL is a multi-disciplinary open access archive for the deposit and dissemination of sci- entific research documents, whether they are pub- lished or not. The documents may come from teaching and research institutions in France or abroad, or from public or private research centers.

L’archive ouverte pluridisciplinaire HAL, est destinée au dépôt et à la diffusion de documents scientifiques de niveau recherche, publiés ou non, émanant des établissements d’enseignement et de recherche français ou étrangers, des laboratoires publics ou privés.

Differential Equivalences on SBoxes

Valentin Suder, Christina Boura, Anne Canteaut, Jérémy Jean

To cite this version:

Valentin Suder, Christina Boura, Anne Canteaut, Jérémy Jean. Differential Equivalences on SBoxes.

CAEN2018, Cryptography and Algorithmic Number Theory, Jun 2018, CAEN, France. �hal-02346302�

(2)

CAEN2018, Cryptography and Algorithmic Number Theory June 21, 2018

Differential Equivalences on SBoxes

Valentin SUDER

(Université Rouen Normandie, France)

Joint work with Christina BOURA

(UVSQ)

, Anne CANTEAUT

(inria Paris, France)

and

Jérémy JEAN

(ANSSI, France)

(3)

Outline

Introduction

Symmetric cryptography Differentiality

Equivalences Results

Equivalences Main contributions

First Step for a classification Algorithm

Experimental Results Special case

Conclusion

(4)

Introduction Symmetric cryptography

Symmetric Cryptography

Symmetric Cryptography

Cryptographic algorithms and protocols where the secret is identical between communicating parties.

I

Block ciphers

I

Stream ciphers

I

Hash functions

1 / 19

(5)

Introduction Symmetric cryptography

Design of Block ciphers

Block cipher

A block cipher is a function

E : F

κ2

× F

m2

→ F

m2

(k, P ) 7→ C = E(k, P ) := E

k

(P )

such that for any fixed key k ∈ F

κ2

, E

k

is bijective over F

m2

. Problem?

Usually, a block cipher is a set of 2

80

permutations of S

2128

. Solution: Iterative construction

E

k

= R

`−1

R

`−2

◦ · · · ◦ R

1

R

0

|{z}

L◦SB◦Addk0

,

SB : F

m2

= F

n2

× F

n2

× . . . → F

m2

= F

n2

× F

n2

× . . .

X = (x

0

, x

1

, . . . ) 7→ (F

0

(x

0

), F

1

(x

1

), . . . )

Functions F

i

’s are usually called SBoxes.

(6)

Introduction Symmetric cryptography

Design of Block ciphers

Block cipher

A block cipher is a function

E : F

κ2

× F

m2

→ F

m2

(k, P ) 7→ C = E(k, P ) := E

k

(P )

such that for any fixed key k ∈ F

κ2

, E

k

is bijective over F

m2

.

Problem? Usually, a block cipher is a set of 2

80

permutations of S

2128

.

Solution: Iterative construction

E

k

= R

`−1

R

`−2

◦ · · · ◦ R

1

R

0

|{z}

L◦SB◦Addk0

,

SB : F

m2

= F

n2

× F

n2

× . . . → F

m2

= F

n2

× F

n2

× . . . X = (x

0

, x

1

, . . . ) 7→ (F

0

(x

0

), F

1

(x

1

), . . . ) Functions F

i

’s are usually called SBoxes.

2 / 19

(7)

Introduction Symmetric cryptography

Design of Block ciphers

Block cipher

A block cipher is a function

E : F

κ2

× F

m2

→ F

m2

(k, P ) 7→ C = E(k, P ) := E

k

(P )

such that for any fixed key k ∈ F

κ2

, E

k

is bijective over F

m2

.

Problem? Usually, a block cipher is a set of 2

80

permutations of S

2128

. Solution: Iterative construction

E

k

= R

`−1

R

`−2

◦ · · · ◦ R

1

R

0

|{z}

L◦SB◦Addk0

,

SB : F

m2

= F

n2

× F

n2

× . . . → F

m2

= F

n2

× F

n2

× . . .

X = (x

0

, x

1

, . . . ) 7→ (F

0

(x

0

), F

1

(x

1

), . . . )

Functions F

i

’s are usually called SBoxes.

(8)

Introduction Symmetric cryptography

Design of Block ciphers

Block cipher

A block cipher is a function

E : F

κ2

× F

m2

→ F

m2

(k, P ) 7→ C = E(k, P ) := E

k

(P )

such that for any fixed key k ∈ F

κ2

, E

k

is bijective over F

m2

.

Problem? Usually, a block cipher is a set of 2

80

permutations of S

2128

. Solution: Iterative construction

E

k

= R

`−1

R

`−2

◦ · · · ◦ R

1

R

0

|{z}

L◦SB◦Addk0

,

SB : F

m2

= F

n2

× F

n2

× . . . → F

m2

= F

n2

× F

n2

× . . . X = (x

0

, x

1

, . . . ) 7→ (F

0

(x

0

), F

1

(x

1

), . . . ) Functions F

i

’s are usually called SBoxes.

2 / 19

(9)

Introduction Differentiality

Differential Criteria

F : F

n2

→ F

n2

Derivatives in direction α ∈ F

n2

α

F : F

n2

→ F

n2

x 7→ F (x) + F (x + α)

Differential Uniformity [Nyberg 94]

δ

F

= max

α∈Fn2\{0},β∈Fn2

# { x | ∆

α

F (x) = β }

Whenever δ

F

= 2 (minimal value), the function F is said to be

APN (’Almost Perfect Nonlinear’) .

(10)

Introduction Differentiality

Example

Differences Distribution Table (DDT) Table of size 2

n

× 2

n

, with entries:

D

F

(α, β) = # { x ∈ F

n2

| ∆

α

F (x) = β } , ∀ α, β ∈ F

n2

.

DF β

0 1 2 3 4 5 6 7

0 8 . . . .

1 . 2 . 2 . 2 . 2

2 . . 2 2 . . 2 2

α 3 . 2 2 . . 2 2 .

4 . . . . 2 2 2 2

5 . 2 . 2 2 . 2 .

6 . . 2 2 2 2 . .

7 . 2 2 . 2 . . 2

DF0 β

0 1 2 3 4 5 6 7

0 8 . . . .

1 . . 8 . . . . .

2 . . . 4 . . 4 .

3 . 2 . . 6 . . .

4 . . . . 2 . 2 4

5 . 2 . 2 . . 2 2

6 . 2 . 2 . 4 . .

7 . 2 . . . 4 . 2

4 / 19

(11)

Introduction Differentiality

Big APN Problem

APN functions ⇒ Best resistance to differential cryptanalysis!

1. Very few known APN functions . . .

2. . . . even fewer known bijective APN functions (none when n = 4)

’Big APN Problem’ :

Is there any bijective APN functions over F

2n

, when n is even ? Answer (?) : In 2009, Dillon et al. found only one example for n = 6. Since then, nothing more (or very little) . . .

3. Few (bijective) functions are known with δ = 4.

K. A. Browning, J. F. Dillon, M. T. McQuistan and A. J. Wolfe, An APN Permutation in Dimension Six,

Fq9 (Selected Papers), Contemporary Mathematics, 2010.

(12)

Introduction Equivalences

Some equivalence classes

F : F

2n

→ F

2n

The differential uniformity δ(F ) of F is an invariant under:

I

compositional inverse (if F is bijective): δ(F

−1

) = δ(F )

I

affine permutations: δ(F ) = δ(A

1

FA

2

+ A

0

)

EA-equivalence ( ∼

EA

)

I

Graph equivalence: G

F0

= {L (x , F (x)) } = L ( G

F

), δ(F ) = δ(F

0

)

CCZ-equivalence ( ∼

CCZ

)

MG

F

=

| | |

1 . . . x . . . 2n−1

| | |

| | |

F(1) . . . F(x) . . . F(2n−1)

| | |

EA-Eq

6⇐ CCZ-Eq

6 / 19

(13)

Introduction Equivalences

Some equivalence classes

F : F

2n

→ F

2n

The differential uniformity δ(F ) of F is an invariant under:

I

compositional inverse (if F is bijective): δ(F

−1

) = δ(F )

I

affine permutations: δ(F ) = δ(A

1

FA

2

+ A

0

)

EA-equivalence ( ∼

EA

)

I

Graph equivalence: G

F0

= {L (x , F (x)) } = L ( G

F

), δ(F ) = δ(F

0

)

CCZ-equivalence ( ∼

CCZ

)

MG

F

=

| | |

1 . . . x . . . 2n−1

| | |

| | |

F(1) . . . F(x) . . . F(2n−1)

| | |

EA-Eq

6⇐ CCZ-Eq

(14)

Introduction Equivalences

Some equivalence classes

F : F

2n

→ F

2n

The differential uniformity δ(F ) of F is an invariant under:

I

compositional inverse (if F is bijective): δ(F

−1

) = δ(F )

I

affine permutations: δ(F ) = δ(A

1

FA

2

+ A

0

)

EA-equivalence ( ∼

EA

)

I

Graph equivalence: G

F0

= {L (x , F (x)) } = L ( G

F

), δ(F ) = δ(F

0

)

CCZ-equivalence ( ∼

CCZ

)

MG

F

=

| | |

1 . . . x . . . 2n−1

| | |

| | |

F(1) . . . F(x) . . . F(2n−1)

| | |

EA-Eq

6⇐ CCZ-Eq

6 / 19

(15)

Introduction Equivalences

Some equivalence classes

F : F

2n

→ F

2n

The differential uniformity δ(F ) of F is an invariant under:

I

compositional inverse (if F is bijective): δ(F

−1

) = δ(F )

I

affine permutations: δ(F ) = δ(A

1

FA

2

+ A

0

)

EA-equivalence ( ∼

EA

)

I

Graph equivalence: G

F0

= {L (x , F (x)) } = L ( G

F

), δ(F ) = δ(F

0

)

CCZ-equivalence ( ∼

CCZ

)

MG

F

=

| | |

1 . . . x . . . 2n−1

| | |

| | |

F(1) . . . F(x) . . . F(2n−1)

| | |

EA-Eq

6⇐ CCZ-Eq

6 / 19

(16)

Introduction Equivalences

Link with other areas

F : F

2n

→ F

2n

Carlet-Charpin-Zinoviev (1998)

F is APN if and only if the minimal distance of the linear code with parity check matrix MG

F

is 5.

Coulter-Henderson (1999)

If F is APN then the incidence structure of G

F

is a (2

2n

, 2

n

)- semibiplane.

Let F be quadratic, i.e. F (x) = P

i,j

c

i,j

x

2i+2j

∈ F

2n

[x]. F APN ⇒ semifields, dual hyperoval, rank-metric code,. . .

.. .

not only cryptography benefits from research on APN functions.

7 / 19

(17)

Introduction Equivalences

Link with other areas

F : F

2n

→ F

2n

Carlet-Charpin-Zinoviev (1998)

F is APN if and only if the minimal distance of the linear code with parity check matrix MG

F

is 5.

Coulter-Henderson (1999)

If F is APN then the incidence structure of G

F

is a (2

2n

, 2

n

)- semibiplane.

Let F be quadratic, i.e. F (x) = P

i,j

c

i,j

x

2i+2j

∈ F

2n

[x]. F APN ⇒ semifields, dual hyperoval, rank-metric code,. . .

.. .

not only cryptography benefits from research on

APN functions.

(18)

Introduction Equivalences

Link with other areas

F : F

2n

→ F

2n

Carlet-Charpin-Zinoviev (1998)

F is APN if and only if the minimal distance of the linear code with parity check matrix MG

F

is 5.

Coulter-Henderson (1999)

If F is APN then the incidence structure of G

F

is a (2

2n

, 2

n

)- semibiplane.

Let F be quadratic, i.e. F (x) = P

i,j

c

i,j

x

2i+2j

∈ F

2n

[x].

F APN ⇒ semifields, dual hyperoval, rank-metric code,. . . .. .

not only cryptography benefits from research on APN functions.

7 / 19

(19)

Introduction Equivalences

Link with other areas

F : F

2n

→ F

2n

Carlet-Charpin-Zinoviev (1998)

F is APN if and only if the minimal distance of the linear code with parity check matrix MG

F

is 5.

Coulter-Henderson (1999)

If F is APN then the incidence structure of G

F

is a (2

2n

, 2

n

)- semibiplane.

Let F be quadratic, i.e. F (x) = P

i,j

c

i,j

x

2i+2j

∈ F

2n

[x].

F APN ⇒ semifields, dual hyperoval, rank-metric code,. . . .. .

not only cryptography benefits from research on

APN functions.

(20)

Outline

Introduction

Symmetric cryptography Differentiality

Equivalences

Results

Equivalences Main contributions

First Step for a classification Algorithm

Experimental Results Special case

Conclusion

(21)

Results Equivalences

Differential equivalences of SBoxes

F, G : F

n2

→ F

n2

Definitions :

Differences Distribution Table (DDT) Table of size 2

n

× 2

n

, with entries:

D

F

(α, β) = # { x ∈ F

n2

| ∆

α

F (x) = β } , ∀ α, β ∈ F

n2

. Indicator of a DDT

Boolean function γ

F

: F

n×n2

→ F

2

,

γ

F

(α, β) = 0 ⇔ δ

F

(α, β) = 0 or α = 0.

⇒ Two equivalences:

I

F

D

G ⇔ D

F

= D

G

,

I

F

γ

G ⇔ γ

F

= γ

G

.

(22)

Results Equivalences

Differential equivalences of SBoxes

F, G : F

n2

→ F

n2

Definitions :

Differences Distribution Table (DDT) Table of size 2

n

× 2

n

, with entries:

D

F

(α, β) = # { x ∈ F

n2

| ∆

α

F (x) = β } , ∀ α, β ∈ F

n2

. Indicator of a DDT

Boolean function γ

F

: F

n×n2

→ F

2

,

γ

F

(α, β) = 0 ⇔ δ

F

(α, β) = 0 or α = 0.

⇒ Two equivalences:

I

F

D

G ⇔ D

F

= D

G

,

I

F

γ

G ⇔ γ

F

= γ

G

.

8 / 19

(23)

Results Equivalences

Motivation, Origin

Differential Equivalence

In odd characteristic, Perfect Nonlinear (PN) functions are such that all of their derivatives are bijective ⇒ all PN functions have the same DDT.

Gorodilova introduced the γ-equivalence, while working on APN monomial quadratic functions (aka Gold functions, aka APN functions of the type x 7→ x

2i+1

) .

A Gorodilova,

On a remarkable property of APN Gold functions, Cryptology ePrint Archive, 2016.

(24)

Results Equivalences

Examples

n=4

F = [ 0,1,2,3,4,5,6,7,8,9,10,11,12,13,15,14 ], G = [ 0,1,3,2,5,4,7,6,8,9,10,11,12,13,14,15 ].

D

F

=

16 . . . . . . . . . . . . . . .

. 16 . . . . . . . . . . . . . .

. . 12 4 . . . . . . . . . . . .

. . 4 12 . . . . . . . . . . . .

. . . . 12 4 . . . . . . . . . .

. . . . 4 12 . . . . . . . . . .

. . . . . . 12 4 . . . . . . . .

. . . . . . 4 12 . . . . . . . .

. . . . . . . . 12 4 . . . . . .

. . . . . . . . 4 12 . . . . . .

. . . . . . . . . . 12 4 . . . .

. . . . . . . . . . 4 12 . . . .

. . . . . . . . . . . . 12 4 . .

. . . . . . . . . . . . 4 12 . .

. . . . . . . . . . . . . . 12 4

. . . . . . . . . . . . . . 4 12

= γ

F

10 / 19

(25)

Results Equivalences

Examples

n=4

F = [ 0,1,2,3,4,5,6,7,8,9,10,11,12,13,15,14 ], G = [ 0,1,3,2,5,4,7,6,8,9,10,11,12,13,14,15 ].

D

G

=

16 . . . . . . . . . . . . . . .

. 16 . . . . . . . . . . . . . .

. . 12 4 . . . . . . . . . . . .

. . 4 12 . . . . . . . . . . . .

. . . . 12 4 . . . . . . . . . .

. . . . 4 12 . . . . . . . . . .

. . . . . . 12 4 . . . . . . . .

. . . . . . 4 12 . . . . . . . .

. . . . . . . . 4 12 . . . . . .

. . . . . . . . 12 4 . . . . . .

. . . . . . . . . . 4 12 . . . .

. . . . . . . . . . 12 4 . . . .

. . . . . . . . . . . . 4 12 . .

. . . . . . . . . . . . 12 4 . .

. . . . . . . . . . . . . . 4 12

. . . . . . . . . . . . . . 12 4

6

= D

F

= γ

F

(26)

Results Equivalences

Examples

n=4

F = [ 0,1,2,3,4,5,6,7,8,9,10,11,12,13,15,14 ], G = [ 0,1,3,2,5,4,7,6,8,9,10,11,12,13,14,15 ].

γ

G

=

(0 . . . . . . . . . . . . . . .

. 1 . . . . . . . . . . . . . .

. . 1 1 . . . . . . . . . . . .

. . 1 1 . . . . . . . . . . . .

. . . . 1 1 . . . . . . . . . .

. . . . 1 1 . . . . . . . . . .

. . . . . . 1 1 . . . . . . . .

. . . . . . 1 1 . . . . . . . .

. . . . . . . . 1 1 . . . . . .

. . . . . . . . 1 1 . . . . . .

. . . . . . . . . . 1 1 . . . .

. . . . . . . . . . 1 1 . . . .

. . . . . . . . . . . . 1 1 . .

. . . . . . . . . . . . 1 1 . .

. . . . . . . . . . . . . . 1 1

. . . . . . . . . . . . . . 1 1)

= γ

F

10 / 19

(27)

Results Equivalences

Examples

n=4

F = [ 0,1,2,3,4,5,6,7,8,9,10,11,12,13,15,14 ], G = [ 0,1,3,2,5,4,7,6,8,9,10,11,12,13,14,15 ].

γ

G

=

(0 . . . . . . . . . . . . . . .

. 1 . . . . . . . . . . . . . .

. . 1 1 . . . . . . . . . . . .

. . 1 1 . . . . . . . . . . . .

. . . . 1 1 . . . . . . . . . .

. . . . 1 1 . . . . . . . . . .

. . . . . . 1 1 . . . . . . . .

. . . . . . 1 1 . . . . . . . .

. . . . . . . . 1 1 . . . . . .

. . . . . . . . 1 1 . . . . . .

. . . . . . . . . . 1 1 . . . .

. . . . . . . . . . 1 1 . . . .

. . . . . . . . . . . . 1 1 . .

. . . . . . . . . . . . 1 1 . .

. . . . . . . . . . . . . . 1 1

. . . . . . . . . . . . . . 1 1)

= γ

F

(28)

Results Equivalences

Properties

F, G : F

n2

→ F

n2

Basic:

I

F

D

GF

γ

G ( 6⇐ )

I

for any a, b ∈ F

n2

,

F (x) ∼

D

G(x) = F (x + a) + b

in that case, F and G are said to be trivially equivalent.

A little more advanced:

I

if F and G are either APN or quadratic (or both), then F

D

GF

γ

G

11 / 19

(29)

Results Main contributions

What are the functions that share the same DDT?

the same indicator? How many of them exist?

Contributions :

• Using EA-Eq and CCZ-Eq to help the classification

• a recursive algorithm to compute equivalence classes. Input : a DDT (resp. indicator),

Output : every functions having this DDT (resp. indicator)

research for some known functions.

new fact about APN permutations.

C. Boura, A. Canteaut, J. Jean and V. Suder, Two Notions of Differential Equivalence on SBoxes, DCC, Design, Codes and Cryptography, To appear.

(30)

Results Main contributions

What are the functions that share the same DDT?

the same indicator? How many of them exist?

Contributions :

• Using EA-Eq and CCZ-Eq to help the classification

• a recursive algorithm to compute equivalence classes.

Input : a DDT (resp. indicator),

Output : every functions having this DDT (resp. indicator)

research for some known functions.

new fact about APN permutations.

C. Boura, A. Canteaut, J. Jean and V. Suder, Two Notions of Differential Equivalence on SBoxes, DCC, Design, Codes and Cryptography, To appear.

12 / 19

(31)

Results First Step for a classification

Relation to CCZ-Eq and EA-Eq

Gorodilova (2016) For F

EA

G ,

F

0

γ

F ⇒ ∃ G

0

γ

G s.t. G

0

EA

F

0

Boura-Canteaut-Jean-S. [WCC’17] For F

EA

G ,

F

0

DDT

F ⇒ ∃ G

0

DDT

G s.t. G

0

EA

F

0

Boura-Canteaut-Jean-S. [DCC] For F

CCZ

G,

F

0

DDT

F ⇒ ∃ G

0

DDT

G s.t. G

0

CCZ

F

0

(32)

Results First Step for a classification

Relation to CCZ-Eq and EA-Eq

Gorodilova (2016) For F

EA

G ,

F

0

γ

F ⇒ ∃ G

0

γ

G s.t. G

0

EA

F

0

Boura-Canteaut-Jean-S. [WCC’17]

For F

EA

G ,

F

0

DDT

F ⇒ ∃ G

0

DDT

G s.t. G

0

EA

F

0

Boura-Canteaut-Jean-S. [DCC] For F

CCZ

G,

F

0

DDT

F ⇒ ∃ G

0

DDT

G s.t. G

0

CCZ

F

0

13 / 19

(33)

Results First Step for a classification

Relation to CCZ-Eq and EA-Eq

Gorodilova (2016) For F

EA

G ,

F

0

γ

F ⇒ ∃ G

0

γ

G s.t. G

0

EA

F

0

Boura-Canteaut-Jean-S. [WCC’17]

For F

EA

G ,

F

0

DDT

F ⇒ ∃ G

0

DDT

G s.t. G

0

EA

F

0

Boura-Canteaut-Jean-S. [DCC]

For F

CCZ

G,

F

0

DDT

F ⇒ ∃ G

0

DDT

G s.t. G

0

CCZ

F

0

(34)

Results Algorithm

Overview

Input : a DDT (resp. indicator),

Output : every functions having this DDT (resp. indicator)

Idea: Recursive Tree-traversal algorithm

I

Tree of depth 2

n

, each nodes at a level i corresponds to one possible value for F (i )

I

From the constraints of the DDT and the values F (0), . . . , F (i − 1):

• find all possible values for F (i)

for each of them, move on to the next step F(i + 1), and backtrack if necessary

Pruning trick: We can fix F (0) and F (1):

G(x + 1) + G (1) := F (x) ∼

D

G (x) so that

F (0) = 0, and F (1) = ∆

1

F (0) = ∆

1

G (0)

14 / 19

(35)

Results Algorithm

Overview

Input : a DDT (resp. indicator),

Output : every functions having this DDT (resp. indicator)

Idea: Recursive Tree-traversal algorithm

I

Tree of depth 2

n

, each nodes at a level i corresponds to one possible value for F (i )

I

From the constraints of the DDT and the values F (0), . . . , F (i − 1):

• find all possible values for F (i)

for each of them, move on to the next step F(i + 1), and backtrack if necessary

Pruning trick: We can fix F (0) and F (1):

G(x + 1) + G (1) := F (x) ∼

D

G (x) so that

F (0) = 0, and F (1) = ∆

1

F (0) = ∆

1

G (0)

(36)

Results Algorithm

Overview

Input : a DDT (resp. indicator),

Output : every functions having this DDT (resp. indicator)

Idea: Recursive Tree-traversal algorithm

I

Tree of depth 2

n

, each nodes at a level i corresponds to one possible value for F (i )

I

From the constraints of the DDT and the values F (0), . . . , F (i − 1):

• find all possible values for F (i)

for each of them, move on to the next step F (i + 1), and backtrack if necessary

Pruning trick: We can fix F (0) and F (1):

G(x + 1) + G (1) := F (x) ∼

D

G (x) so that

F (0) = 0, and F (1) = ∆

1

F (0) = ∆

1

G (0)

14 / 19

(37)

Results Algorithm

Overview

Input : a DDT (resp. indicator),

Output : every functions having this DDT (resp. indicator)

Idea: Recursive Tree-traversal algorithm

I

Tree of depth 2

n

, each nodes at a level i corresponds to one possible value for F (i )

I

From the constraints of the DDT and the values F (0), . . . , F (i − 1):

• find all possible values for F (i)

for each of them, move on to the next step F (i + 1), and backtrack if necessary

Pruning trick: We can fix F (0) and F (1):

G(x + 1) + G (1) := F (x) ∼

D

G (x) so that

F (0) = 0, and F (1) = ∆

1

F (0) = ∆

1

G (0)

(38)

Results Algorithm

Example

F

32

R

i

:= {j | D(i, j) 6= 0}

D 0 1 2 3 4 5 6 7

0 8 . . . .

1 . 2 . 2 . 2 . 2

2 . . 2 2 . . 2 2

3 . 2 2 . . 2 2 .

4 . . . . 2 2 2 2

5 . 2 . 2 2 . 2 .

6 . . 2 2 2 2 . .

7 . 2 2 . 2 . . 2

0. Set F(0) = 0

1. F (0) + F (1) ∈ R

1

= {1, 3, 5, 7} Set F(1) = 1

2. F (0) + F (2) ∈ R

2

= {2, 3, 6, 7}

3. F (0) + F (3) ∈ R

3

= {1, 2, 5, 6} 4. F (0) + F (4) ∈ R

4

= {4, 5, 6, 7} 5. F (0) + F (5) ∈ R

5

= {1, 3, 4, 6}

. . .

15 / 19

(39)

Results Algorithm

Example

F

32

R

i

:= {j | D(i, j) 6= 0}

D 0 1 2 3 4 5 6 7

0 8 . . . .

1 . 2 . 2 . 2 . 2

2 . . 2 2 . . 2 2

3 . 2 2 . . 2 2 .

4 . . . . 2 2 2 2

5 . 2 . 2 2 . 2 .

6 . . 2 2 2 2 . .

7 . 2 2 . 2 . . 2

0. Set F(0) = 0

1. F (0) + F (1) ∈ R

1

= {1, 3, 5, 7}

Set F(1) = 1

2. F (0) + F (2) ∈ R

2

= {2, 3, 6, 7}

3. F (0) + F (3) ∈ R

3

= {1, 2, 5, 6} 4. F (0) + F (4) ∈ R

4

= {4, 5, 6, 7} 5. F (0) + F (5) ∈ R

5

= {1, 3, 4, 6}

. .

.

(40)

Results Algorithm

Example

F

32

R

i

:= {j | D(i, j) 6= 0}

D 0 1 2 3 4 5 6 7

0 8 . . . .

1 . 2 . 2 . 2 . 2

2 . . 2 2 . . 2 2

3 . 2 2 . . 2 2 .

4 . . . . 2 2 2 2

5 . 2 . 2 2 . 2 .

6 . . 2 2 2 2 . .

7 . 2 2 . 2 . . 2

0. Set F(0) = 0

1. F (0) + F (1) ∈ R

1

= {1, 3, 5, 7}

Set F(1) = 1

2. F (0) + F (2) ∈ R

2

= {2, 3, 6, 7}

3. F (0) + F (3) ∈ R

3

= {1, 2, 5, 6} 4. F (0) + F (4) ∈ R

4

= {4, 5, 6, 7} 5. F (0) + F (5) ∈ R

5

= {1, 3, 4, 6}

. . .

15 / 19

(41)

Results Algorithm

Example

F

32

R

i

:= {j | D(i, j) 6= 0}

D 0 1 2 3 4 5 6 7

0 8 . . . .

1 . 2 . 2 . 2 . 2

2 . . 2 2 . . 2 2

3 . 2 2 . . 2 2 .

4 . . . . 2 2 2 2

5 . 2 . 2 2 . 2 .

6 . . 2 2 2 2 . .

7 . 2 2 . 2 . . 2

0. Set F(0) = 0

1. F (0) + F (1) ∈ R

1

= {1, 3, 5, 7}

Set F(1) = 1

2. F (0) + F (2) ∈ R

2

= {2, 3, 6, 7} and F (1) + F (2) ∈ R

3

= {1, 2, 5, 6}

3. F (0) + F (3) ∈ R

3

= {1, 2, 5, 6} 4. F (0) + F (4) ∈ R

4

= {4, 5, 6, 7} 5. F (0) + F (5) ∈ R

5

= {1, 3, 4, 6}

. .

.

(42)

Results Algorithm

Example

F

32

R

i

:= {j | D(i, j) 6= 0}

D 0 1 2 3 4 5 6 7

0 8 . . . .

1 . 2 . 2 . 2 . 2

2 . . 2 2 . . 2 2

3 . 2 2 . . 2 2 .

4 . . . . 2 2 2 2

5 . 2 . 2 2 . 2 .

6 . . 2 2 2 2 . .

7 . 2 2 . 2 . . 2

0. Set F(0) = 0

1. F (0) + F (1) ∈ R

1

= {1, 3, 5, 7}

Set F(1) = 1

2. F (0) + F (2) ∈ R

2

= {2, 3, 6, 7} and F (1) + F (2) ∈ R

3

= {1, 2, 5, 6} thus F (2) ∈ F (0)+R

1

∩F (1)+R

3

= {3, 7}

3. F (0) + F (3) ∈ R

3

= {1, 2, 5, 6} 4. F (0) + F (4) ∈ R

4

= {4, 5, 6, 7} 5. F (0) + F (5) ∈ R

5

= {1, 3, 4, 6}

. . .

15 / 19

(43)

Results Algorithm

Example

F

32

R

i

:= {j | D(i, j) 6= 0}

D 0 1 2 3 4 5 6 7

0 8 . . . .

1 . 2 . 2 . 2 . 2

2 . . 2 2 . . 2 2

3 . 2 2 . . 2 2 .

4 . . . . 2 2 2 2

5 . 2 . 2 2 . 2 .

6 . . 2 2 2 2 . .

7 . 2 2 . 2 . . 2

0. Set F(0) = 0

1. F (0) + F (1) ∈ R

1

= {1, 3, 5, 7}

Set F(1) = 1

2. F (0) + F (2) ∈ R

2

= {2, 3, 6, 7} and F (1) + F (2) ∈ R

3

= {1, 2, 5, 6} thus F (2) ∈ F (0)+R

1

∩F (1)+R

3

= {3, 7}

3. F (0) + F (3) ∈ R

3

= {1, 2, 5, 6}

4. F (0) + F (4) ∈ R

4

= {4, 5, 6, 7} 5. F (0) + F (5) ∈ R

5

= {1, 3, 4, 6}

. .

.

(44)

Results Algorithm

Example

F

32

R

i

:= {j | D(i, j) 6= 0}

D 0 1 2 3 4 5 6 7

0 8 . . . .

1 . 2 . 2 . 2 . 2

2 . . 2 2 . . 2 2

3 . 2 2 . . 2 2 .

4 . . . . 2 2 2 2

5 . 2 . 2 2 . 2 .

6 . . 2 2 2 2 . .

7 . 2 2 . 2 . . 2

0. Set F(0) = 0

1. F (0) + F (1) ∈ R

1

= {1, 3, 5, 7}

Set F(1) = 1

2. F (0) + F (2) ∈ R

2

= {2, 3, 6, 7} and F (1) + F (2) ∈ R

3

= {1, 2, 5, 6} thus F (2) ∈ F (0)+R

1

∩F (1)+R

3

= {3, 7}

3. F (0) + F (3) ∈ R

3

= {1, 2, 5, 6} and F (1) + F (3) ∈ R

2

= {2, 3, 6, 7}

4. F (0) + F (4) ∈ R

4

= {4, 5, 6, 7} 5. F (0) + F (5) ∈ R

5

= {1, 3, 4, 6}

. . .

15 / 19

(45)

Results Algorithm

Example

F

32

R

i

:= {j | D(i, j) 6= 0}

D 0 1 2 3 4 5 6 7

0 8 . . . .

1 . 2 . 2 . 2 . 2

2 . . 2 2 . . 2 2

3 . 2 2 . . 2 2 .

4 . . . . 2 2 2 2

5 . 2 . 2 2 . 2 .

6 . . 2 2 2 2 . .

7 . 2 2 . 2 . . 2

0. Set F(0) = 0

1. F (0) + F (1) ∈ R

1

= {1, 3, 5, 7}

Set F(1) = 1

2. F (0) + F (2) ∈ R

2

= {2, 3, 6, 7} and F (1) + F (2) ∈ R

3

= {1, 2, 5, 6} thus F (2) ∈ F (0)+R

1

∩F (1)+R

3

= {3, 7}

3. F (0) + F (3) ∈ R

3

= {1, 2, 5, 6} and F (1) + F (3) ∈ R

2

= {2, 3, 6, 7} and F (2) + F (3) ∈ R

1

= {1, 3, 5, 7}

4. F (0) + F (4) ∈ R

4

= {4, 5, 6, 7} 5. F (0) + F (5) ∈ R

5

= {1, 3, 4, 6}

. .

.

(46)

Results Algorithm

Example

F

32

R

i

:= {j | D(i, j) 6= 0}

D 0 1 2 3 4 5 6 7

0 8 . . . .

1 . 2 . 2 . 2 . 2

2 . . 2 2 . . 2 2

3 . 2 2 . . 2 2 .

4 . . . . 2 2 2 2

5 . 2 . 2 2 . 2 .

6 . . 2 2 2 2 . .

7 . 2 2 . 2 . . 2

0. Set F(0) = 0

1. F (0) + F (1) ∈ R

1

= {1, 3, 5, 7}

Set F(1) = 1

2. F (0) + F (2) ∈ R

2

= {2, 3, 6, 7} and F (1) + F (2) ∈ R

3

= {1, 2, 5, 6} thus F (2) ∈ F (0)+R

1

∩F (1)+R

3

= {3, 7}

3. F (0) + F (3) ∈ R

3

= {1, 2, 5, 6} and F (1) + F (3) ∈ R

2

= {2, 3, 6, 7} and F (2) + F (3) ∈ R

1

= {1, 3, 5, 7} thus F (3) ∈ {2, 6} (OR {2, 6})

4. F (0) + F (4) ∈ R

4

= {4, 5, 6, 7} 5. F (0) + F (5) ∈ R

5

= {1, 3, 4, 6}

. . .

15 / 19

(47)

Results Algorithm

Example

F

32

R

i

:= {j | D(i, j) 6= 0}

D 0 1 2 3 4 5 6 7

0 8 . . . .

1 . 2 . 2 . 2 . 2

2 . . 2 2 . . 2 2

3 . 2 2 . . 2 2 .

4 . . . . 2 2 2 2

5 . 2 . 2 2 . 2 .

6 . . 2 2 2 2 . .

7 . 2 2 . 2 . . 2

0. Set F(0) = 0

1. F (0) + F (1) ∈ R

1

= {1, 3, 5, 7}

Set F(1) = 1

2. F (0) + F (2) ∈ R

2

= {2, 3, 6, 7} and F (1) + F (2) ∈ R

3

= {1, 2, 5, 6} thus F (2) ∈ F (0)+R

1

∩F (1)+R

3

= {3, 7}

3. F (0) + F (3) ∈ R

3

= {1, 2, 5, 6} and F (1) + F (3) ∈ R

2

= {2, 3, 6, 7} and F (2) + F (3) ∈ R

1

= {1, 3, 5, 7} thus

F (3) ∈ {2, 6} (OR {2, 6}) 4. F (0) + F (4) ∈ R

4

= {4, 5, 6, 7}

5. F (0) + F (5) ∈ R

5

= {1, 3, 4, 6} . .

.

(48)

Results Algorithm

Example

F

32

R

i

:= {j | D(i, j) 6= 0}

D 0 1 2 3 4 5 6 7

0 8 . . . .

1 . 2 . 2 . 2 . 2

2 . . 2 2 . . 2 2

3 . 2 2 . . 2 2 .

4 . . . . 2 2 2 2

5 . 2 . 2 2 . 2 .

6 . . 2 2 2 2 . .

7 . 2 2 . 2 . . 2

0. Set F(0) = 0

1. F (0) + F (1) ∈ R

1

= {1, 3, 5, 7}

Set F(1) = 1

2. F (0) + F (2) ∈ R

2

= {2, 3, 6, 7} and F (1) + F (2) ∈ R

3

= {1, 2, 5, 6} thus F (2) ∈ F (0)+R

1

∩F (1)+R

3

= {3, 7}

3. F (0) + F (3) ∈ R

3

= {1, 2, 5, 6} and F (1) + F (3) ∈ R

2

= {2, 3, 6, 7} and F (2) + F (3) ∈ R

1

= {1, 3, 5, 7} thus

F (3) ∈ {2, 6} (OR {2, 6})

4. F (0) + F (4) ∈ R

4

= {4, 5, 6, 7} and F (1) + F (4) ∈ R

5

= {1, 3, 4, 6}

5. F (0) + F (5) ∈ R

5

= {1, 3, 4, 6} . .

.

15 / 19

(49)

Results Algorithm

Example

F

32

R

i

:= {j | D(i, j) 6= 0}

D 0 1 2 3 4 5 6 7

0 8 . . . .

1 . 2 . 2 . 2 . 2

2 . . 2 2 . . 2 2

3 . 2 2 . . 2 2 .

4 . . . . 2 2 2 2

5 . 2 . 2 2 . 2 .

6 . . 2 2 2 2 . .

7 . 2 2 . 2 . . 2

0. Set F(0) = 0

1. F (0) + F (1) ∈ R

1

= {1, 3, 5, 7}

Set F(1) = 1

2. F (0) + F (2) ∈ R

2

= {2, 3, 6, 7} and F (1) + F (2) ∈ R

3

= {1, 2, 5, 6} thus F (2) ∈ F (0)+R

1

∩F (1)+R

3

= {3, 7}

3. F (0) + F (3) ∈ R

3

= {1, 2, 5, 6} and F (1) + F (3) ∈ R

2

= {2, 3, 6, 7} and F (2) + F (3) ∈ R

1

= {1, 3, 5, 7} thus

F (3) ∈ {2, 6} (OR {2, 6})

4. F (0) + F (4) ∈ R

4

= {4, 5, 6, 7} and F (1) + F (4) ∈ R

5

= {1, 3, 4, 6} and F (2) + F (4) ∈ R

6

= {2, 3, 4, 5}

5. F (0) + F (5) ∈ R

5

= {1, 3, 4, 6} . .

.

(50)

Results Algorithm

Example

F

32

R

i

:= {j | D(i, j) 6= 0}

D 0 1 2 3 4 5 6 7

0 8 . . . .

1 . 2 . 2 . 2 . 2

2 . . 2 2 . . 2 2

3 . 2 2 . . 2 2 .

4 . . . . 2 2 2 2

5 . 2 . 2 2 . 2 .

6 . . 2 2 2 2 . .

7 . 2 2 . 2 . . 2

0. Set F(0) = 0

1. F (0) + F (1) ∈ R

1

= {1, 3, 5, 7}

Set F(1) = 1

2. F (0) + F (2) ∈ R

2

= {2, 3, 6, 7} and F (1) + F (2) ∈ R

3

= {1, 2, 5, 6} thus F (2) ∈ F (0)+R

1

∩F (1)+R

3

= {3, 7}

3. F (0) + F (3) ∈ R

3

= {1, 2, 5, 6} and F (1) + F (3) ∈ R

2

= {2, 3, 6, 7} and F (2) + F (3) ∈ R

1

= {1, 3, 5, 7} thus

F (3) ∈ {2, 6} (OR {2, 6})

4. F (0) + F (4) ∈ R

4

= {4, 5, 6, 7} and F (1) + F (4) ∈ R

5

= {1, 3, 4, 6} and F (2) + F (4) ∈ R

6

= {2, 3, 4, 5} and F (3) + F (4) ∈ R

7

= {1, 2, 4, 7}

5. F (0) + F (5) ∈ R

5

= {1, 3, 4, 6} . .

.

15 / 19

(51)

Results Algorithm

Example

F

32

R

i

:= {j | D(i, j) 6= 0}

D 0 1 2 3 4 5 6 7

0 8 . . . .

1 . 2 . 2 . 2 . 2

2 . . 2 2 . . 2 2

3 . 2 2 . . 2 2 .

4 . . . . 2 2 2 2

5 . 2 . 2 2 . 2 .

6 . . 2 2 2 2 . .

7 . 2 2 . 2 . . 2

0. Set F(0) = 0

1. F (0) + F (1) ∈ R

1

= {1, 3, 5, 7}

Set F(1) = 1

2. F (0) + F (2) ∈ R

2

= {2, 3, 6, 7} and F (1) + F (2) ∈ R

3

= {1, 2, 5, 6} thus F (2) ∈ F (0)+R

1

∩F (1)+R

3

= {3, 7}

3. F (0) + F (3) ∈ R

3

= {1, 2, 5, 6} and F (1) + F (3) ∈ R

2

= {2, 3, 6, 7} and F (2) + F (3) ∈ R

1

= {1, 3, 5, 7} thus

F (3) ∈ {2, 6} (OR {2, 6})

4. F (0) + F (4) ∈ R

4

= {4, 5, 6, 7} and F (1) + F (4) ∈ R

5

= {1, 3, 4, 6} and F (2) + F (4) ∈ R

6

= {2, 3, 4, 5} and F (3) + F (4) ∈ R

7

= {1, 2, 4, 7} thus F (4) ∈ {∅} if F (2) = 3 and F (3) = 2

5. F (0) + F (5) ∈ R

5

= {1, 3, 4, 6} . .

.

Références

Télécharger maintenant ( PDF - 65 Page - 0.97 MB )

Documents relatifs

Diagonals of rational functions and selected differential Galois groups

This natural emergence in physics of n-fold integrals that are diagonals of rational functions, such that their associated linear differential operators correspond to

Equivalence for Differential Equations

In the paper [2] , we have seen that every differential equation can be expressed as a Pfaffian system satisfying the structure equation and the integration of a given equation

Differential Equations for Algebraic Functions

We show that the linear differential equation of minimal order has coefficients whose degree is cubic in the degree of the function.. We also show that there exists a lin-

Faster Evaluation of SBoxes via Common Shares

Our technique is based on using common shares between secret variables, in order to reduce the number of finite field multiplications.. For AES, we get an equivalent of 2.8 non-

Private Similarity Computation in Distributed Systems: from Cryptography to Differential Privacy

The threshold similarity is very appealing with respect to privacy as it guarantees that the output of the similarity computation only reveals one bit of information, which

Level spacing functions and non linear differential equations

we exploit these relations to deduce the power series at t = 0, and the asymptotic behaviour at t = cc, of the various level spacing functions of the random matrix theory..

A “canonical functions” approach to the solution of two coupled differential equations of scattering theory

The system of two coupled Schrodmger differential equations (CE) arising m the close-coupling descnption of electron~atom scattering is considered A « canonical functions » approach

How to estimate the differential acceleration in a two-species atom interferometer to test the equivalence principle

We propose a scheme for testing the weak equivalence principle (Universality of Free Fall) using an atom-interferometric measurement of the local differential acceleration between