|
|
| Line 1: |
Line 1: |
| {{Infobox cryptographic hash function
| | There are also many businesses that are now offering the fixed gear bike, kromica fixie and takara fixie bikes, much to the delight of many biking aficionados. Each hole is made up differently and your driver is not always the best way to start a hole. High end mountain bikes use carbon fibre frames, or other, more exotic materials to reduce weight and keep stiffness up. Generally speaking, a good, durable mountain bike starts at about $600 and goes up from there. Why would I want to change, even for a day, the most important and shaping event in my life. <br><br>If you have any inquiries relating to where and how to use [http://demo.wpmlm.com/activity/p/446378/ Women mountain bike sizing.], you can contact us at our website. You can choose from many different suspensions on your bike, make sure the suspension you choose is going to fit the type of cycling you intend for it. 3 width are versatile, and can be used on low mountain trails and the alpencross. From free shipping on all the bikes across the US, the Road Bike Outlet makes consumers happy anywhere within 1 to 6 days. From personal experience they can be not easy to maintain by yourself so a mechanical system may be better for you. It will be business as normal, very successful business as normal. <br><br>They are electricity assisted, meaning electric power is used in response to the rider's pedaling power, with pedaling staying the key driver. People now prefer to have the simplest design in their bikes as long as it can get the job well done. The tube sits next to your mouth so you can sip as you ride. In no time you'll be cruising through the woods and getting into great shape. If you really want a quality bike which will hold up to the rough terrain with out costing a fortune, this is a great choice. <br><br>These people are discovering the benefits of having a strong fit body. Cold and long winters at high altitude are perfect conditions for winter recreation. This article is to help you when buying a new bike. Next, there is also a seat in the bike for the riders to sit during the riding. The best way to narrow down your options is to determine the components that are most important to you, such as the forks, rear derailleur and wheels. <br><br>If you can afford it, a full suspension mountain bike is always worth the purchase. Listed below are some of the common terms which you will come across. The price may generally differ depending on the condition of the bike and on how new the model really is. I've always been curious about this aspect of dating, because very few women have comparable experiences. It's about the journey and all that it entails, learning about yourself, making friends, being helped, and of course, helping others along the way". |
| | name = SWIFFT
| |
| | image =
| |
| | caption =
| |
| <!-- General -->
| |
| | designers = Vadim Lyubashevsky, Daniele Micciancio, Chris Peikert, Alon Rosen
| |
| | publish date = 2008
| |
| | series =
| |
| | derived from =
| |
| | derived to =
| |
| | related to = FFT-based algorithms
| |
| | certification =
| |
| <!-- Detail -->
| |
| | digest size =
| |
| | structure =
| |
| | rounds =
| |
| | cryptanalysis =
| |
| }}
| |
| | |
| In [[cryptography]], '''SWIFFT''' is a collection of [[Provably secure cryptographic hash function|provably secure]] [[cryptographic hash function|hash functions]]. It is based on the concept of the [[Fast Fourier Transform]] (FFT). SWIFFT is not the first hash function based on FFT, but it sets itself apart by providing a mathematical proof of its security. It also uses the [[Lenstra-Lenstra-Lovász lattice basis reduction algorithm|LLL basis reduction algorithm]]. It can be shown that finding collisions in SWIFFT is as least as difficult as finding short vectors in cyclic/[[Ideal lattice cryptography|ideal lattices]] in the ''worst case''. By giving a security reduction to the worst case scenario of a difficult mathematical problem SWIFFT gives a much stronger security guarantee than most other [[provably secure cryptographic hash function|cryptographic hash functions]].
| |
| | |
| Unlike many other provably secure hash functions, the algorithm is quite fast, yielding a throughput of 40MB/s on a 3.2 GHz Intel Pentium 4. Although SWIFFT satisfies many desirable cryptographic and statistical properties, it was not designed to be an "all-purpose" cryptographic hash function. For example, it is not a [[pseudorandom function]], and would not be a suitable instantiation of a [[random oracle]]. The algorithm is less efficient than most traditional hash functions that do not give a proof of their collision-resistance. Therefore, its practical use would lie mostly in applications where the proof of collision-resistance is particularly valuable, such as digital signatures that must remain trustworthy for a long time.
| |
| | |
| A modification of SWIFFT called [[SWIFFTX]] was proposed as a candidate for SHA-3 function to the [[NIST hash function competition]]<ref>{{cite web|url=http://www.eecs.harvard.edu/~alon/PAPERS/lattices/swifftx.pdf|title=SWIFFTX: A Proposal for the SHA-3 Standard|author=Daniele Micciancio|coauthors=Yuriy Arbitman, Gil Dogon, Vadim Lyubashevsky, Chris Peikert, Alon Rosen|accessdate=2008-11-18}}</ref> and was rejected in the first round.<ref>{{cite web|url=http://csrc.nist.gov/groups/ST/hash/sha-3/Round2/submissions_rnd2.html|title=Second Round Candidates|publisher=[[National Institute of Standards and Technology]]|date=January 19, 2010|accessdate=February 14, 2010}}</ref>
| |
| | |
| ==The Algorithm==
| |
| The algorithm is as follows:<ref>[http://www.eecs.harvard.edu/~alon/PAPERS/lattices/swifft.pdf "SWIFFT: A Modest Proposal for FFT Hashing"]</ref>
| |
| #Let the [[polynomial]] variable be called <math>\alpha</math>
| |
| #'''Input''': message <math>M</math> of length <math>mn</math>
| |
| #Convert <math>M</math> to a collection of <math>m</math> polynomials <math>p_i</math> in a certain [[polynomial ring]] <math>R</math> with binary coefficients.
| |
| #Compute the Fourier coefficients of each <math>p_i</math> using SWIFFT.
| |
| #Define the Fourier coefficients of <math>a_i</math>, so that they are fixed and depend on a family of SWIFFT.
| |
| #Point-wise multiply the Fourier coefficients <math>p_i</math> with the Fourier coefficients of <math>a_i</math> for each <math>i</math>.
| |
| #Use inverse FFT to obtain <math>m</math> polynomials <math>f_i</math> of degree <math><2n</math>.
| |
| #Compute <math>f = \sum_{i=1}^m (f_i)</math> modulo <math>p</math> and <math>\alpha^n+1</math>.
| |
| #Convert <math>f</math> to <math>n\log(p)</math> bits and '''output''' it.
| |
| | |
| * The [[Fast fourier transform|FFT]] operation in step 4 is easy to invert, and is performed to achieve [[Confusion and diffusion|diffusion]], that is, to mix the input bits.
| |
| * The [[linear combination]] in step 6 achieves [[Confusion and diffusion|confusion]], since it compresses the input.
| |
| * This is just a high level description of what the algorithm does, some more advanced optimizations are used to finally yield a high performing algorithm.
| |
| | |
| ===Example===
| |
| We choose concrete values for the parameters ''n'', ''m'', and ''p'' as follows: ''n'' = 64, ''m''= 16, ''p''= 257. For these parameters, any fixed compression function in the family takes a binary input of length ''mn'' = 1024 bits (128 bytes), to an output in the range <math> \mathbb{Z}^n_p </math>, which has size <math> p^n = 257^{64}</math>. An output in <math> \mathbb{Z}^n_p </math> can easily be represented using 528 bits (66 bytes).
| |
| | |
| ==Algebraic description==
| |
| The SWIFFT functions can be described as a simple algebraic expression over some [[polynomial ring]] <math>R</math>. A family of these functions depends on three main parameters: let <math>n</math> be a power of 2, let <math>m > 0</math> be a small integer, and let <math>p > 0</math> be a modulus (not necessarily [[prime]], but is convenient to choose it prime). Define <math>R</math> to be the ring <math>R = \mathbb{Z}_p[\alpha]/(\alpha^n + 1)</math>, i.e., the ring of polynomials in <math>\alpha </math> having integer coefficients, modulo <math>p</math> and <math>\alpha^n +1</math>. An element of <math>R</math> can be written as a polynomial of degree <math>< n</math> having coefficients in <math>Z_p</math>. A certain function in the SWIFFT family is specified by <math>m</math> fixed elements <math>a_1,\ldots,a_m \in R</math> of the ring <math>R</math>, that are called multipliers. The function corresponds to the following equation over the ring ''R'':
| |
| | |
| <math> \sum_{i=1}^m (a_i \cdot x_i) </math>
| |
| | |
| The <math>x_1,\ldots, x_m \in R</math> are polynomials with binary coefficients, and corresponding to the binary input of length <math>mn</math>.
| |
| | |
| ==Computing the polynomial product==
| |
| To compute the above expression, the main problem is to compute the polynomial products <math> a_i \cdot x_i </math>. A fast way to compute these products is given by the [[convolution theorem]]. This says that under certain restrictions the following holds:
| |
| | |
| : <math>\mathcal{F}\{f*g\} = \mathcal{F}\{f\} \cdot \mathcal{F}\{g\}</math>
| |
| Here <math>\mathcal{F}</math> denotes the [[Fourier transform]] and <math>\cdot</math> denotes the pointwise product. In the general case of the convolution theorem <math>*</math> does not denote multiplication but [[convolution]]. It can however be shown that polynomial multiplication is a convolution.
| |
| | |
| ===Fast Fourier Transform===
| |
| For finding the Fourier transform we will use FFT ([[Fast Fourier Transform]]) which finds the transform in <math> O(n \log(n))</math>time. The multiplication algorithm now goes as follows:
| |
| We use FFT to compute (all at once) the [[Fourier coefficients]] of each polynomial. Then we pointwise multiply the respective Fourier coefficients of the two polynomials, and finally we us an inverse FFT to return a polynomial of degree <math>< 2n</math>.
| |
| | |
| ===Number-theoretic transform===
| |
| Instead of the normal Fourier transform SWIFFT uses the [[Number-theoretic transform]]. Number-theoretic transform uses roots of unity in <math>\mathbb{Z}_p</math> instead of complex roots of unity. To make this work, we need to ensure that <math>\mathbb{Z}_p</math> is a [[finite field]], and that primitive 2''n''<sup>th</sup> roots of unity exist in this field. This can be done by taking <math>p</math> prime such that <math>2n</math> divides <math>p-1</math>.
| |
| | |
| ==Parameter Choice==
| |
| The parameters ''m'',''p'',''n'' are subject to the following restrictions:
| |
| * ''n'' must be a power of 2
| |
| * ''p'' must be prime
| |
| * ''p''-1 must be a multiple of 2''n''
| |
| * <math>\log(p)</math> must be greater than ''m'' (otherwise the output will not be smaller than the input)
| |
| | |
| A possible choice is ''n''=64, ''m''=16, ''p''=257. We get a throughput of about 40MB/s, security of about <math>2^{106}</math> operations for finding collisions, and a digest size of 512 bits.
| |
| | |
| ==Statistical Properties==
| |
| * '''(Universal hashing).''' The SWIFFT family of functions is [[Universal hashing|universal]]. It means that for any fixed distinct <math>x, x*</math>, the probability (over the random choice of <math>f</math> from the family) that <math>f(x) = f(x*)</math> is the inverse of the size of the range.
| |
| * '''(Regularity).''' SWIFFT family of compression functions is regular. A function <math>f</math> is said to be regular if, for an input <math>x</math> chosen uniformly at random from the domain, the output <math>f(x)</math> is distributed uniformly over the range.
| |
| | |
| * '''(Randomness extractor).''' SWIFFT is a [[randomness extractor]]. For hash tables and related applications, it is usually desirable for the outputs of the hash function to be distributed uniformly (or as close to uniformly as possible), even when the inputs are not uniform. Hash functions that give such guarantees are known as [[randomness extractor]]s, because they ''distill'' the non-uniform randomness of the input down to an (almost) uniformly-distributed output. Formally, randomness extraction is actually a property of a family of functions, from which one function is chosen at random (and obliviously to the input).
| |
| | |
| ==Cryptographic Properties and Security==
| |
| * SWIFFT is not [[Pseudorandom function family|pseudorandom]], due to linearity. For any function <math>f</math> from our family and any two inputs <math>x_1</math>, <math>x_2</math> such that <math>x_1+x_2</math> is also a valid input, we have that <math>f(x_1)+f(x_2) = f(x_1+x_2)</math>. This relation is very unlikely to hold for a random function, so an adversary can easily distinguish our functions from a random function.
| |
| * It is not claimed by the authors that SWIFFT functions behave like a [[random oracle]]. A function is said to behave like a random oracle if it acts like a truly random function. This differs from pseudorandomness in that the function is fixed and public.
| |
| * SWIFFT family is [[Provably secure cryptographic hash function|provably]] collision resistant (in an asymptotic sense), under a relatively mild assumption about the [[Worst-case complexity|worst-case]] difficulty of finding short vectors in cyclic/ideal lattices. This implies that the family is also second preimage resistant.
| |
| | |
| ===Theoretical Security===
| |
| SWIFFT is an example of a [[provably secure cryptographic hash function]]. As with most security proofs, the security proof of SWIFFT relies on a [[Polynomial-time reduction|reduction]] to a certain difficult to solve mathematical problem. Note that this means that the security of SWIFFT relies strongly on the difficulty of this mathematical problem.
| |
| | |
| The reduction in the case of SWIFFT is to the problem of finding short vectors in cyclic/[[Ideal lattice cryptography|ideal lattices]]. It can be proven that the following holds:
| |
| Suppose we have an algorithm that for a random version of SWIFFT given by <math>f</math> can find collisions in <math>f</math> within some feasible time <math>T</math>, and with probability <math>p</math>. It is allowed that the algorithm only works in a small but noticeable fraction of the family SWIFFT. Then we can find also an algorithm <math>f_2</math> which can ''always'' find a short vector in ''any'' ideal lattice over the ring <math>\mathbb{Z}_p[\alpha]/(\alpha^n + 1)</math> in some feasible time <math>T_2</math>, depending on <math>T</math> and <math>p</math>.
| |
| This means that finding collisions in SWIFFT is at least as difficult as the worst case scenario of finding short vectors in a lattice over <math>\mathbb{Z}_p[\alpha]/(\alpha^n + 1)</math>. At the moment the fastest algorithms for finding short vectors are all exponential in <math>n</math>. Note that this ensures that there is no significant set of "weak instances" where the security of SWIFFT is weak. This guarantee is not given by most other provably secure hash functions.
| |
| | |
| ===Practical Security===
| |
| Known working attacks are: Generalized Birthday Attack, which takes 2<sup>106</sup> operations and inversion attacks which takes 2<sup>448</sup> operations for a standard parameter choice. This is usually considered to be enough to render an attack by an adversary infeasible.
| |
| | |
| ==Notes==
| |
| <references />
| |
| | |
| ==References==
| |
| * Vadim Lyubashevsky, Daniele Micciancio, Chris Peikert, Alon Rosen (2008).[http://www.eecs.harvard.edu/~alon/PAPERS/lattices/swifft.pdf "SWIFFT: A Modest Proposal for FFT Hashing"].
| |
| * An ECRYPT hash SWIFFT website. http://ehash.iaik.tugraz.at/wiki/SWIFFT
| |
| | |
| [[Category:Cryptographic hash functions]]
| |
There are also many businesses that are now offering the fixed gear bike, kromica fixie and takara fixie bikes, much to the delight of many biking aficionados. Each hole is made up differently and your driver is not always the best way to start a hole. High end mountain bikes use carbon fibre frames, or other, more exotic materials to reduce weight and keep stiffness up. Generally speaking, a good, durable mountain bike starts at about $600 and goes up from there. Why would I want to change, even for a day, the most important and shaping event in my life.
If you have any inquiries relating to where and how to use Women mountain bike sizing., you can contact us at our website. You can choose from many different suspensions on your bike, make sure the suspension you choose is going to fit the type of cycling you intend for it. 3 width are versatile, and can be used on low mountain trails and the alpencross. From free shipping on all the bikes across the US, the Road Bike Outlet makes consumers happy anywhere within 1 to 6 days. From personal experience they can be not easy to maintain by yourself so a mechanical system may be better for you. It will be business as normal, very successful business as normal.
They are electricity assisted, meaning electric power is used in response to the rider's pedaling power, with pedaling staying the key driver. People now prefer to have the simplest design in their bikes as long as it can get the job well done. The tube sits next to your mouth so you can sip as you ride. In no time you'll be cruising through the woods and getting into great shape. If you really want a quality bike which will hold up to the rough terrain with out costing a fortune, this is a great choice.
These people are discovering the benefits of having a strong fit body. Cold and long winters at high altitude are perfect conditions for winter recreation. This article is to help you when buying a new bike. Next, there is also a seat in the bike for the riders to sit during the riding. The best way to narrow down your options is to determine the components that are most important to you, such as the forks, rear derailleur and wheels.
If you can afford it, a full suspension mountain bike is always worth the purchase. Listed below are some of the common terms which you will come across. The price may generally differ depending on the condition of the bike and on how new the model really is. I've always been curious about this aspect of dating, because very few women have comparable experiences. It's about the journey and all that it entails, learning about yourself, making friends, being helped, and of course, helping others along the way".