Key alternating ciphers based on involutions

In this work, we study the security of Even–Mansour type ciphers whose encryption and decryption are based on a common primitive, namely an involution. Such ciphers possibly allow efficient hardware implementation as the same circuit is shared for encryption and decryption, and thus expected to be more suitable for lightweight environment in which low power consumption and implementation costs are desirable. With this motivation, we consider a single-round Even–Mansour cipher using an involution as its underlying primitive. The decryption of such a cipher is the same as encryption only with the order of the round keys reversed. It is known that such a cipher permits a birthday-bound attack using only construction queries, but whether it provides provable security in the range below the birthday bound has remained. We prove that the Even–Mansour cipher based on a random involution is as secure as the permutation-based one when the number of construction queries is limited by the birthday bound. In order to achieve security beyond the birthday bound, we propose a two-round Even–Mansour-like construction, dubbed \(\mathsf {EMSI}\), based on a single involution I using a fixed permutation \(\sigma \) in the middle layer. Specifically, \(\mathsf {EMSI}\) encrypts a plaintext u by computing

$$\begin{aligned} v=I\left( \sigma \left( I(u\oplus k_0)\right) \oplus k_1\right) \oplus k_2 \end{aligned}$$

with the key schedule \(\gamma =(\gamma _0,\gamma _1,\gamma _2)\) generating three round keys \(k_0=\gamma _0(k)\), \(k_1=\gamma _1(k)\) and \(k_2=\gamma _2(k)\) from an n-bit master key k. We prove that if the key schedule \(\gamma =(\gamma _0,\gamma _1,\gamma _2)\) satisfies a certain condition, and \(\sigma \) is a linear orthomorphism, then this construction is secure up to \(2^{\frac{2n}{3}}\) construction and permutation queries. \(\mathsf {EMSI}\) is the first construction that uses a single involution—a primitive weaker than a truly random permutation—and that provides security beyond the birthday bound at the same time. Encryption and decryption of \(\mathsf {EMSI}\) are the same except for the key schedule and the middle layer. Since encryption and decryption are both based on a common primitive, \(\mathsf {EMSI}\) is expected to be particularly suitable for modes of operation that use both encryption and decryption of the underlying block cipher such as OCB3.

     

Block decomposition of permutations and Schur-positivity

The block number of a permutation is the maximum number of components in its expression as a direct sum. We show that, for 321-avoiding permutations, the set of left-to-right maxima has the same distribution when the block number is assumed to be k, as when the last descent of the inverse is assumed to be at position \(n - k\). This result is analogous to the Foata–Schützenberger equidistribution theorem, and implies that the quasi-symmetric generating function of the descent set over 321-avoiding permutations with a prescribed number of blocks is Schur-positive.     

A Generating Tree Approach to <Emphasis Type="Italic">k</Emphasis>-Nonnesting Partitions and Permutations

We describe a generating tree approach to the enumeration and exhaustive generation of k-nonnesting set partitions and permutations. Unlike previous work in the literature which uses the connections of these objects to Young tableaux and restricted lattice walks, our approach deals directly with partition and permutation diagrams. We provide explicit functional equations for the generating functions, with k as a parameter. Key to the solution is a superset of diagrams that permit semi-arcs. Many of the resulting counting sequences also count other well-known objects, such as Baxter permutations, and Young tableaux of bounded height.     

Discriminator positively complete classes of ternary logic

The article addresses the operator of positive closure on the set P _k of functions of k-valued logic. For each k ? 3, k ≠ 4, the set H _k of all homogeneous functions from P _k is proved to form an atom in the lattice of the positively closed classes from P _k . Also, we find all 17 positively closed classes from P ₃ containing the class H ₃ (i.e., discriminator positively closed classes). Positively generating systems of these classes are defined.     

On the <Emphasis Type="Italic">α</Emphasis>-superposition of functions of a <Emphasis Type="Italic">k</Emphasis>-valued logic

We reveal a relation between the operations of α-completion and closure for the systems of functions of a k-valued logic. For k = 3, 4 we construct the α-bases consisting of two binary operations. We prove that the complete system T of functions of a 4-valued logic containing all permutations of the set E ₄ = {0, 1, 2, 3} and the operation of addition modulo 4 is not α-complete, whereas its α-completion [T _α] will be an α-complete system.     

Pattern Avoidance in Poset Permutations

We extend the concept of pattern avoidance in permutations on a totally ordered set to pattern avoidance in permutations on partially ordered sets. The number of permutations on P that avoid the pattern p is denoted A v _P (p). We extend a proof of Simion and Schmidt to show that A v _P (132)=A v _P (123) for any poset P, and we exactly classify the posets for which equality holds.     

Semigroup and Metric Characteristics of Locally Primitive Matrices and Digraphs

The notion of local primitivity for a quadratic 0, 1-matrix of size n × n is extended to any part of the matrix which need not be a rectangular submatrix. A similar generalization is carried out for any set B of pairs of initial and final vertices of the paths in an n-vertex digraph, B ? {(i, j) : 1 ≤ i, j ≤ n}. We establish the relationship between the local B-exponent of a matrix (digraph) and its characteristics such as the cyclic depth and period, the number of nonprimitive matrices, and the number of nonidempotentmatrices in the multiplicative semigroup of all quadratic 0, 1-matrices of order n, etc. We obtain a criterion of B-primitivity and an upper bound for the B-exponent. We also introduce some new metric characteristics for a locally primitive digraph Γ: the k, r-exporadius, the k, r-expocenter, where 1 ≤ k, r ≤ n, and the matex which is defined as the matrix of order n of all local exponents in the digraph Γ. An example of computation of the matex is given for the n-vertex Wielandt digraph. Using the introduced characteristics, we propose an idea for algorithmically constructing realizable s-boxes (elements of round functions of block ciphers) with a relatively wide range of sizes.     

New bounds of permutation codes under Hamming metric and Kendall’s $$\tau $$-metric

Permutation codes are widely studied objects due to their numerous applications in various areas, such as power line communications, block ciphers, and the rank modulation scheme for flash memories. Several kinds of metrics are considered for permutation codes according to their specific applications. This paper concerns some improvements on the bounds of permutation codes under Hamming metric and Kendall’s \(\tau \)-metric respectively, using mainly a graph coloring approach. Specifically, under Hamming metric, we improve the Gilbert–Varshamov bound asymptotically by a factor n, when the minimum Hamming distance d is fixed and the code length n goes to infinity. Under Kendall’s \(\tau \)-metric, we narrow the gap between the known lower bounds and upper bounds. Besides, we also obtain some sporadic results under Kendall’s \(\tau \)-metric for small parameters.     

Principal blocks and p-radical groups

Let G be a finite group and k a field of characteristic p > 0. In this paper, we obtain several equivalent conditions to determine whether the principal block B₀ of a finite p-solvable group G is p-radical, which means that B₀ has the property that e₀(k_P)^G is semisimple as a kG-module, where P is a Sylow p-subgroup of G, k_P is the trivial kP-module, (k_P)^G is the induced module, and e₀ is the block idempotent of B₀. We also give the complete classification of a finite p-solvable group G which has not more than three simple B₀-modules where B₀ is p-radical.     

On increasing subsequences of minimal Erdös-Szekeres permutations

Let π be a minimal Erdös-Szekeres permutation of 1, 2, ..., n ², and let l _n,k be the length of the longest increasing subsequence in the segment (π(1), ..., π(k)). Under uniform measure we establish an exponentially decaying bound of the upper tail probability for l _n,k , and as a consequence we obtain a complete convergence, which is an improvement of Romik’s recent result. We also give a precise lower exponential tail for l _n,k .     

Some irreducibility and indecomposability results for truncated binomial polynomials of small degree

In this paper, we show that the truncated binomial polynomials defined by \(P_{n,k}(x)={\sum }_{j=0}^{k} {n \choose j} x^{j}\) are irreducible for each k≤6 and every n≥k+2. Under the same assumption n≥k+2, we also show that the polynomial P _n,k cannot be expressed as a composition P _n,k (x) = g(h(x)) with \(g \in \mathbb {Q}[x]\) of degree at least 2 and a quadratic polynomial \(h \in \mathbb {Q}[x]\). Finally, we show that for k≥2 and m,n≥k+1 the roots of the polynomial P _m,k cannot be obtained from the roots of P _n,k , where m≠n, by a linear map.     

Interval <Emphasis Type="Italic">k</Emphasis>-Graphs and Orders

An interval k-graph is the intersection graph of a family of intervals of the real line partitioned into k classes with vertices adjacent if and only if their corresponding intervals intersect and belong to different classes. In this paper we study the cocomparability interval k-graphs; that is, the interval k-graphs whose complements have a transitive orientation and are therefore the incomparability graphs of strict partial orders. For brevity we call these orders interval k-orders. We characterize the kind of interval representations a cocomparability interval k-graph must have, and identify the structure that guarantees an order is an interval k-order. The case k =?2 is peculiar: cocomparability interval 2-graphs (equivalently proper- or unit-interval bigraphs, bipartite permutation graphs, and complements of proper circular-arc graphs to name a few) have been characterized in many ways, but we show that analogous characterizations do not hold if k >?2. We characterize the cocomparability interval 3-graphs via one forbidden subgraph and hence interval 3-orders via one forbidden suborder.     

Calculating the Number of Functions with a Given Endomorphism

An iterative procedure is proposed for calculating the number of k-valued functions of n variables such that each one has an endomorphism different from any constant and permutation. Based on this procedure, formulas are found for the number of three-valued functions of n variables such that each one has nontrivial endomorphisms. For any arbitrary semigroup of endomorphisms, the power is found of the set of all three-valued functions of n variables such that each one has endomorphisms from a specified semigroup.     

Inequalities between best polynomial approximations and some smoothness characteristics in the space <Emphasis Type="Italic">L</Emphasis> <Subscript>2</Subscript> and widths of classes of functions

We obtain exact constants in Jackson-type inequalities for smoothness characteristics Λ_k(f), k ∈ N, defined by averaging the kth-order finite differences of functions f ∈ L₂. On the basis of this, for differentiable functions in the classes L₂^r, r ∈ N, we refine the constants in Jackson-type inequalities containing the kth-order modulus of continuity ω_k. For classes of functions defined by their smoothness characteristics Λ_k(f) and majorants Φ satisfying a number of conditions, we calculate the exact values of certain n-widths.     

On teaching sets for 2-threshold functions of two variables

We consider k-threshold functions of n variables, i.e. the functions representable as the conjunction of k threshold functions. For n = 2, k = 2, we give upper bounds for the cardinality of the minimal teaching set depending on the various properties of the function.     

New Cases of the Polynomial Solvability of the Independent Set Problem for Graphs with Forbidden Paths

The independent set problem is solvable in polynomial time for the graphs not containing the path P _k for any fixed k. If the induced path P _k is forbidden then the complexity of this problem is unknown for k > 6. We consider the intermediate cases that the induced path P _k and some of its spanning supergraphs are forbidden. We prove the solvability of the independent set problem in polynomial time for the following cases: (1) the supergraphs whose minimal degree is less than k/2 are forbidden; (2) the supergraphs whose complementary graph has more than k/2 edges are forbidden; (3) the supergraphs from which we can obtain P _k by means of graph intersection are forbidden.     

A Rolle Type Theorem for Cyclicity of Zeros of Families of Analytic Functions

Let \({\{ {f_{\lambda ;j}}\} _{\lambda \in V;1 \leqslant j \leqslant k}}\) be families of holomorphic functions in the open unit disk \({\text{D}} \subset {\Bbb C}\) ? ? depending holomorphically on a parameter λ ∈ V ? ? ⁿ . We establish a Rolle type theorem for the generalized multiplicity (called cyclicity) of zeros of the family of univariate holomorphic functions \({\left\{ {\sum\nolimits_{j = 1}^k {{f_{\lambda ;j}}} } \right\}_{\lambda \in V}}\) at 0 ∈ D. As a corollary, we estimate the cyclicity of the family of generalized exponential polynomials, that is, the family of entire functions of the form \(\sum\nolimits_{k = 1}^m {{P_k}(z){e^{{Q_k}(z)}}} \), z ∈ ?, where P _k and Q _k are holomorphic polynomials of degrees p and q, respectively, parameterized by vectors of coefficients of P _k and Q _k .     

On Ranks of Polynomials

Let V be a vector space over a field k, P : V → k, d ≥?3. We show the existence of a function C(r, d) such that rank(P) ≤ C(r, d) for any field k, char(k) > d, a finite-dimensional k-vector space V and a polynomial P : V → k of degree d such that rank(?P/?t) ≤ r for all t ∈ V ??0. Our proof of this theorem is based on the application of results on Gowers norms for finite fields k. We don’t know a direct proof even in the case when k = ?.     

Paranormal Elements in Normed Algebra

For a normed algebra A and natural numbers k we introduce and investigate the ∥ · ∥ closed classes P _k (A). We show that P₁(A) is a subset of P _k (A) for all k. If T in P₁(A), then Tⁿ lies in P₁(A) for all natural n. If A is unital, U, V ∈ A are such that ∥U∥ = ∥V∥ = 1, VU = I and T lies in P _k (A), then UTV lies in P _k (A) for all natural k. Let A be unital, then 1) if an element T in P₁(A) is right invertible, then any right inverse element T^?1 lies in P₁(A); 2) for ßßIßß = 1 the class P₁(A) consists of normaloid elements; 3) if the spectrum of an element T, T ∈ P₁(A) lies on the unit circle, then ∥TX∥ = ∥X∥ for all X ∈ A. If A = B(H), then the class P₁(A) coincides with the set of all paranormal operators on a Hilbert space H.     

On the relational complexity of a finite permutation group

The relational complexity \(\rho (X,G)\) of a finite permutation group is the least k for which the group can be viewed as an automorphism group acting naturally on a homogeneous relational system whose relations are k-ary (an explicit permutation group theoretic version of this definition is also given). In the context of primitive permutation groups, the natural questions are (a) rough estimates, or (preferably) precise values for \(\rho \) in natural cases; and (b) a rough determination of the primitive permutation groups with \(\rho \) either very small (bounded) or very large (much larger than the logarithm of the degree). The rough version of (a) is relevant to (b). Our main result is an explicit characterization of the binary (\(\rho =2\)) primitive affine permutation groups. We also compute the precise relational complexity of \({{\mathrm{Alt}}}_n\) acting on k-sets, correcting (Cherlin in Sporadic homogeneous structures. In: The Gelfand Mathematical Seminars, 1996–1999, pp. 15–48, Birkhäuser 2000, Example 5).