Simon R. Blackburn

Comments on "Theory and applications of cellular automata in cryptography" [with reply]

The cipher systems based on Cellular Automata proposed by Nandi et al are a ne and are insecure Index Terms Cryptography block ciphers stream ciphers cellular automata

Efficient multiplicative sharing schemes

Multiplicative threshold schemes are useful tools in threshold cryptography. For example, such schemes can be used with a wide variety of practical homomorphic cryptosystems (such as the RSA, the El Gamal and elliptic curve systems) for threshold decryption, signatures, or proofs. The paper describes a new recursive construction for multiplicative threshold schemes which makes it possible to extend the number of users of such schemes for a relatively small expansion of the share size. We discuss certain properties of the schemes, such as the information rate and zero knowledge aspects. The paper extends the Karnin-Greene-Hellman bound on the parameters of ideal secret sharing schemes to schemes which are not necessarily ideal and then uses this as a yardstick to compare the performance of currently known multiplicative sharing schemes.

Predicting nonlinear pseudorandom number generators

Let p be a prime and let a and b be elements of the finite field Fp of p elements. The inversive congruential generator (ICG) is a sequence (u n ) of pseudorandom numbers defined by the relation u n+1 ≡ au -1 n +b mod p. We show that if sufficiently many of the most significant bits of several consecutive values u n of the ICG are given, one can recover the initial value u 0 (even in the case where the coefficients a and b are not known). We also obtain similar results for the quadratic congruential generator (QCG), v n+1 ≡ f(v n ) mod p, where f ∈ F p [X]. This suggests that for cryptographic applications ICG and QCG should be used with great care. Our results are somewhat similar to those known for the linear congruential generator (LCG), x n+1 ≡ ax n + b mod p, but they apply only to much longer bit strings. We also estimate limits of some heuristic approaches, which still remain much weaker than those known for LCG.

Perfect Hash Families

An (n, q, t)-perfect hash family of size s consists of a set V of order n, a set F of order q, and a sequence ?1, ?2, ?, ?s of functions from V to F with the following property. For all t-subsets X?V, there exists i?{1, 2, ?, s} such that ?i is injective when restricted to X. An (n, q, t)-perfect hash family of minimal size is known as optimal. The paper presents a probabilistic existence result for perfect hash families which improves on the well known result of Mehlhorn for many parameter sets. The probabilistic methods are strong enough to establish the size of an optimal perfect hash family in many cases. The paper also gives several explicit constructions of classes of perfect hash families.

Optimal Linear Perfect Hash Families

LetVbe a set of ordernand letFbe a set of orderq. A setS?{?:V?F} of functions fromVtoFis an (n,q,t)-perfect hash familyif for allX?Vwith |X|=t, there exists??Swhich is injective when restricted toX. Perfect hash families arise in compiler design, in circuit complexity theory and in cryptography. LetSbe an (n,q,t)-perfect hash family. The paper provides lower bounds on |S|, which better previously known lower bounds for many parameter sets. The paper exhibits new classes of perfect hash families which show that these lower bounds are realistic.

Efficient Key Predistribution for Grid-Based Wireless Sensor Networks

In this paper we propose a new key predistribution scheme for wireless sensor networks in which the sensors are arranged in a square grid. We describe how Costas arrays can be used for key predistribution in these networks, then define distinct difference configurations, a more general structure that provides a flexible choice of parameters in such schemes. We give examples of distinct difference configurations with good properties for key distribution, and demonstrate that the resulting schemes provide more efficient key predistribution on square grid networks than other schemes appearing in the literature.

Permutation Polynomials, de Bruijn Sequences, and Linear Complexity

The paper establishes a connection between the theory of permutation polynomials and the question of whether a de Bruijn sequence over a general finite field of a given linear complexity exists. The connection is used both to construct span 1 de Bruijn sequences (permutations) of a range of linear complexities and to prove non-existence results for arbitrary spans. Upper and lower bounds for the linear complexity of a de Bruijn sequence of spannover a finite field are established. Constructions are given to show that the upper bound is always tight, and that the lower bound is also tight in many cases.

Predicting the Inversive Generator

Let p be a prime and let a and b be integers modulo p. The inversive congruential generator (ICG) is a sequence (u n ) of pseudorandom numbers defined by the relation \(U_{n+1}\equiv au{^{-1}_{n}}+b {\rm mod} p\).We show that if b and sufficiently many of the most significant bits of three consecutive values u n of the ICG are given, one can recover in polynomial time the initial value u 0 (even in the case where the coefficient a is unknown) provided that the initial value u 0 does not lie in a certain small subset of exceptional values.

A bound on the size of separating hash families

The paper provides an upper bound on the size of a (generalized) separating hash family, a notion introduced by Stinson, Wei and Chen. The upper bound generalizes and unifies several previously known bounds which apply in special cases, namely bounds on perfect hash families, frameproof codes, secure frameproof codes and separating hash families of small type.

An upper bound on the size of a code with the k -identifiable parent property

The paper gives an upper bound on the size of a q-ary code of length n that has the k-identifiable parent property. One consequence of this bound is that the optimal rate of such a code is determined in many cases when q → ∞ with k and n fixed.