Improved distinguishers for HC-128

HC-128 is an eSTREAM final portfolio stream cipher. Several authors have investigated its security and, in particular, distinguishing attacks have been considered. Still, no one has been able to provide a distinguisher stronger than the one presented by Wu in the original HC-128 paper. In this paper we first argue that the keystream requirement in Wu’s original attack is underestimated by a factor of almost 2⁸. Our revised analysis shows that the keystream complexity of Wu’s original attack is 2^160.471 32-bit keystream blocks. We then go on to investigate two new types of distinguishers on HC-128. One of them, a distinguisher counting the number of zeros in created blocks of bits, gives a biased distribution that requires 2^143.537 such constructed block samples (2^152.537 32-bit keystream blocks). For fairness, the same metric is used to compare our attack to Wu’s, and our improvement is significant compared to Wu’s original result. Furthermore, the vector-based methodology used is general and can be applied to any cryptographic primitive that reveals a suitable probability distribution.     

Ramanujan — Fourier series and a theorem of Ingham

Given two arithmetical functions f, g, we derive, under suitable conditions, asymptotic formulas for the convolution sums ∑ _n≤N f (n) _g (n + h) for a fixed number h. To this end, we develop the theory of Ramanujan expansions for arithmetical functions. Our results give new proofs of some old results of Ingham proved by him in 1927 using different techniques.     

On the Behaviour of the spectral characteristic of Feigenbaum’s map

Let T _g : [?1, 1] ?? [?1, 1] be the Feigenbaum map. It is well known that T _g has a Cantor-type attractor F and a unique invariant measure ??₀ supported on F. The corresponding unitary operator (U _g ??)(x) = ??(g(x)) has pure point spectrum consisting of eigenvalues ?? _n,r , n ?? 1, 0 ?? r ?? 2 ^n?1 ? 1 with eigenfunctions e _r ⁽ⁿ⁾ (x). Suppose that f ?? C ¹([?1, 1]), f?? is absolutely continuous on [?1, 1] and f?? ?? L ^p ([?1, 1], d??₀), p > 1. Consider the sum of the amplitudes of the spectral measure of f: $$ Sn(f): = \sum\limits_{r = 0}^{2^n - 1} {|\rho _r^{(n)} |^2 ,\rho _r^{(n)} = \int\limits_{ - 1}^1 {f(x)\overline {e_r^{(n)} (x)} d\mu _o } } (x). $$ Using the thermodynamic formalism for T _g we prove that S _n (f) ?? 2^?n q ⁿ , as n ?? ??, where the constant q ?? (0, 1) does not depend on f.     

Multiplicative representations of integers

Lehh ≧ 2, and let ?=(B ₁, …,B _h ), whereB ₁ ? N={1, 2, 3, …} fori=1, …,h. Denote by g_?(n) the number of representations ofn in the formn=b ₁ …b _h , whereb _i ∈B _i . If v (n) > 0 for alln >n ₀, then ? is anasymptotic multiplicative system of order h. The setB is anasymptotic multiplicative basis of order h ifn=b ₁ …b _n is solvable withb _i ∈B for alln >n ₀. Denote byg(n) the number of such representations ofn. LetM(h) be the set of all pairs (s, t), wheres=lim g_? (n) andt=lim g_? (n) for some multiplicative system ? of orderh. It is proved that {fx129-1} In particular, it follows thats ≧ 2 impliest=∞. A corollary is a theorem of Erdös that ifB is a multiplicative basis of orderh ≧ 2, then lim g_? g(n)=∞. Similar results are obtained for asymptotic union bases of finite subsets of N and for asymptotic least common multiple bases of integers.     

Non-Commutative Polynomial Solutions to Partial Differential Equations

This paper extends the notion of a differential equation to the space of polynomials p in non-commutative variables x = (x ₁, . . . , x _g ). The directional derivative D[p, x _i , h] of p in x _i is a polynomial in x and a non-commuting variable h. When all variables commute, D[p, x _i , h] is equal to h?p/?x _i . This paper classifies all non-commutative polynomial solutions to a special class of partial differential equations, including the non-commutative extension of Laplace??s equation. Of interest also are non-commutative subharmonic polynomials. A non-commutative polynomial is subharmonic if its non-commutative Laplacian takes positive-semidefinite matrix values whenever matrices X ₁, . . . , X _g , H are substituted for the variables x ₁, . . . , x _g , h. This paper shows that a homogeneous subharmonic polynomial which is bounded below is a harmonic polynomial??that is, a non-commutative solution to Laplace??s equation??plus a sum of squares of harmonic polynomials.     

On the g-Ary Expansions of Apéry, Motzkin, Schröder and Other Combinatorial Numbers

Let g ≥ 2 be an integer and let (u _n ) _n≥1  be a sequence of integers which satisfies a relation u _n+1 = h(n)u _n for a rational function h(X). For example, various combinatorial numbers as well as their products satisfy relations of this type. Here, we show that under some mild technical assumptions the number of nonzero digits of u _n in base g is large on a set of n of asymptotic density 1. We also extend this result to a class of sequences satisfying relations of second order u _n+2 = h ₁(n)u _n+1 + h ₂(n)u _n with two nonconstant rational functions ${h_1(X), h_2(X) \in {\mathbb Q} [X]}Let g ≥ 2 be an integer and let (u _n ) _n≥1  be a sequence of integers which satisfies a relation u _n+1 = h(n)u _n for a rational function h(X). For example, various combinatorial numbers as well as their products satisfy relations of this type. Here, we show that under some mild technical assumptions the number of nonzero digits of u _n in base g is large on a set of n of asymptotic density 1. We also extend this result to a class of sequences satisfying relations of second order u _n+2 = h ₁(n)u _n+1 + h ₂(n)u _n with two nonconstant rational functions h₁(X), h₂(X) ? \mathbb Q [X]{h_1(X), h_2(X) \in {\mathbb Q} [X]}. This class includes the Apéry, Delannoy, Motzkin, and Schr?der numbers.     

Linear maps on matrices: the invariance of symmetric polynomials

Let L be a linear map on the space M_n of all n by n complex matrices. Let h(x₁,…,x_n) be a symmetric polynomial. If X is a matrix in M_n with eigenvalues λ₁,…,λ_n, denote h(λ₁,…,λ_n) by h(X). For a large class of polynomials h, we determine the structure of the linear maps L for which h(X)=h(L(X)), for all X in M_n.     

Finite Subsequences of Shift Register Sequences

In a stream cipher a cryptogram is produced from a binary datastream by modulo-2-adding it to a keystream sequence. The securityof the system relies on the inability of an interceptor to determinethis keystream sequence. One obvious requirement for such asystem is that there should be sufficiently many possibilitiesfor the keystream sequence that the interceptor cannot possiblytry them all. In this paper we consider the likelihood of an interceptor beingable to decipher the cryptogram correctly even though he maybe trying the wrong keystream sequence. This possibility arisesbecause the length of any particular message is likely to beconsiderably shorter than the period of the keystream sequence,and thus only a comparatively small section of the keystreamsequence is used. Hence, if the interceptor tries a sequencewhich intersects (i.e. agrees) with the keystream sequence inthe appropriate positions, he will deduce the message correctly. A number of the standard methods for generating keystream sequencesuse shift registers as ‘building blocks’. So welook in considerable detail at the number of intersections (ofvarious lengths) for sequences generated by two different shiftregisters. We also show that if a keystream sequence has linearequivalence n, then the local linear equivalence of any subsequenceof length at least 2n is n. This means that if the message haslength at least 2n and the keystream sequence has linear equivalencen, then there is no other sequence of linear equivalence lessthan n+1 which can be used to decipher correctly.     

A normal criterion about two families of meromorphic functions concerning shared values

In this paper, we mainly discuss the normality of two families of functions concerning shared values and proved: Let F and G be two families of functions meromorphic on a domain D■C,a1, a2, a3, a4 be four distinct finite complex numbers. If G is normal, and for every f ∈ F , there exists g ∈ G such that f(z) and g(z) share the values a1, a2, a3, a4, then F is normal on D.     

Rekurrente zahlentheoretische Funktionen in mehreren Variablen

Some results of C. Methfessel (Multiplicative and additive recurrent sequences, Arch. Math. 63, 321–328 (1994)) on recurrent multiplicative arithmetical functions are generalized to the case of several variables. As ?[X ₁,…, X _r ] for r ≧ 2 is no principal ideal domain it is necessary to prove some elementary algebraic facts on the calculation of recurrent functions in several variables. The main tool is a vector space duality between ?[X ₁,…, X _r ] and the space of all functions f : ?^r → ?. This gives a correspondence between spaces of recurrent functions and ideals in ?[X ₁,…, X _r ]. The practical calculation can be done using Groebner bases. It is proved that a multiplicative function g in r variables which satisfies enough recurrences is of the form g (n ₁…, n _r )=n ₁ ^l … n _r ^rl h (n ₁ …, n _r ), with h multiplicative and periodic in each variable.     

A homomorphic characterization of regular languages

Every regular language R (over any alphabet) can be represented in the form $\text{R = h}{}_4\text{h}{}^{\mathrm{?1}}{}_3\text{h}{}_2\text{h}{}^{\mathrm{?1}}{}_1\text{(110)}$ where h₁, h₂, h₃, and h₄ are homomorphisms. Furthermore, if n is sufficiently large, then $\text{R = g}{}_3\text{g}{}^{\mathrm{?1}}{}_2\text{g}{}_1\text{({1, …, n}10)}$ where, g₁, g₂, and g₃ are homomorphisms.     

Curvature and mechanics

Classical or Newtonian Mechanics is put in the setting of Riemannian Geometry as a simple mechanical system (M, K, V), where M is a manifold which represents a configuration space, K and V are the kinetic and potential energies respectively of the system. To study the geometry of a simple mechanical system, we study the curvatures of the mechanical manifold (M_h, g_h) relative to a total energy value h, where M_h is an admissible configuration space and g_h the Jacobi metric relative to the energy value h. We call these curvatures h-mechanical curvatures of the simple mechanical system.Results are obtained on the signs of h-mechanical curvature for a general simple mechanical system in a neighborhood of the boundary ?M_h = {xεM: V(x) = h} and in a neighborhood of a critical point of the potential function V. Also we construct $\text{m = (}\text{n}\text{2}\text{) (n =}\text{dim}\text{M)}$ functions defined globally on M_h, called curvature functions which characterize the sign of the h-mechanical curvature. Applications are made to the Kepler problem and the three-body problem.     

On R-robustly entropy-expansive diffeomorphisms

For a homoclinic class H(p _f ) of f ?? Diff¹(M), f?OH(p _f ) is called R-robustly entropy-expansive if for g in a locally residual subset around f, the set ?? _? (x) = {y ?? M: dist(g ⁿ (x), g ⁿ (y)) ?? g3 (?n ?? ?)} has zero topological entropy for each x ?? H(p _g ). We prove that there exists an open and dense set around f such that for every g in it, H(p _g ) admits a dominated splitting of the form E ?? F ₁ ?? ... ?? F _k ?? G where all of F _i are one-dimensional and non-hyperbolic, which extends a result of Pacifico and Vieitez for robustly entropy-expansive diffeomorphisms. Some relevant consequences are also shown.     

Rigidity of noncompact complete manifolds with harmonic curvature

Let (M, g) be a noncompact complete n-manifold with harmonic curvature and positive Sobolev constant. Assume that the L ₂ norms of the traceless Ricci curvature are finite. We prove that (M, g) is Einstein if n ?? 5 and the L _n/2 norms of the Weyl curvature and traceless Ricci curvature are small enough.     

On a generalization of Minkowski's convex body theorem

Given a lattice $\text{Λ ? R}{}^{\mathrm{n}}$ and a bounded function g(x), x ∈ Rⁿ, vanishing outside of a bounded set, the functions ?(x)$\text{g}\text{?}\text{(x)?}$max_u∈Λg(u +x), ?(x)?Σ_{u∈Λ g(u +x)}, and ?₊(x)?Σ_u∈Λ max_{v∈Λ min {g(v + x); g(u + v + x)}} are defined and periodic mod Λ on Rⁿ. In the paper we prove that ?(x) + ?₊(x) ? 2?(x) ≥ ?(x) + h?₊(x) ? 2?(x) holds for all x ∈ Rⁿ, where h(x) is any “truncation” of g by a constant c ≥ 0, i.e., any function of the form h(x)?g(x) if g(x) ≤ c and h(x)?c if g(x) > c. This inequality easily implies some known estimations in the geometry of numbers due to Rado [1] and Cassels [2]. Moreover, some sharper and more general results are also derived from it. In the paper another inequality of a similar type is also proved.     

Asymptotics of eigenvalues of A regular boundary-value problem

We study a boundary-value problem x ⁽ⁿ⁾ + Fx = λx, U _h(x) = 0, h = 1,..., n, where functions x are given on the interval [0, 1], a linear continuous operator F acts from a Hölder space H ^y into a Sobolev space W ₁ ^n+s , U _h are linear continuous functional defined in the space $H^{k_h } $ , and k _h ≤ n + s - 1 are nonnegative integers. We introduce a concept of k-regular-boundary conditions U _h(x)=0, h = 1, ..., n and deduce the following asymptotic formula for eigenvalues of the boundary-value problem with boundary conditions of the indicated type: $\lambda _v = \left( {i2\pi v + c_ \pm + O(|v|^\kappa )} \right)^n $ , v = ± N, ± N ± 1,..., which is true for upper and lower sets of signs and the constants κ≥0 and c _± depend on boundary conditions.     

On the log-concavity of Hilbert series of Veronese subrings and Ehrhart series

For every positive integer n, consider the linear operator U _n on polynomials of degree at most d with integer coefficients defined as follows: if we write ${\frac{h(t)}{(1 - t)^{d + 1}}=\sum_{m \geq 0} g(m) \, t^{m}}For every positive integer n, consider the linear operator U _n on polynomials of degree at most d with integer coefficients defined as follows: if we write \frach(t)(1 - t)^{d + 1}=?_{m 3 0} g(m)  t^m{\frac{h(t)}{(1 - t)^{d + 1}}=\sum_{m \geq 0} g(m) \, t^{m}} , for some polynomial g(m) with rational coefficients, then \fracU_nh(t)(1- t)^d+1 = ?_{m 3 0}g(nm)  t^m{\frac{{\rm{U}}_{n}h(t)}{(1- t)^{d+1}} = \sum_{m \geq 0}g(nm) \, t^{m}} . We show that there exists a positive integer n _d , depending only on d, such that if h(t) is a polynomial of degree at most d with nonnegative integer coefficients and h(0) = 1, then for n ≥ n _d , U _n h(t) has simple, real, negative roots and positive, strictly log concave and strictly unimodal coefficients. Applications are given to Ehrhart δ-polynomials and unimodular triangulations of dilations of lattice polytopes, as well as Hilbert series of Veronese subrings of Cohen–Macauley graded rings.     

Normal families of meromorphic functions and shared functions

The paper is devoted to the normal families of meromorphic functions and shared functions. Generalizing a result of Chang (2013), we prove the following theorem. Let h (≠≡ 0,∞) be a meromorphic function on a domain D and let k be a positive integer. Let F be a family of meromorphic functions on D, all of whose zeros have multiplicity at least k + 2, such that for each pair of functions f and g from F, f and g share the value 0, and f^(k) and g^(k) share the function h. If for every f ∈ F, at each common zero of f and h the multiplicities m_f for f and m_h for h satisfy m_f ≥ m_h + k + 1 for k > 1 and m_f ≥ 2m_h + 3 for k = 1, and at each common pole of f and h, the multiplicities nf for f and nh for h satisfy n_f ≥ n_h + 1, then the family F is normal on D.     

Functional equations in a p-adic context

Recently, in the complex context, several results were obtained concerning functional equations of the form P(f)=Q(g) where P and Q are polynomials of only two or three terms whose coefficients are small functions: in certain cases the equation does not admit any pair of admissible solutions and in other cases it only admits pairs of solutions that are of a very particular type. Here we consider similar questions when the ground field is a p-adic complete algebraically closed field of characteristic 0 and we derive results that are often analogous. For instance, if fn+a₁fn−m+b₁=c(g−n+a₂gn−m+b₂), with ai, bj small functions with regard to f, g and a₂b₂ non-identically 0, then and f=hg with . However, contrary to the complex context, here results apply not only to meromorphic functions defined in the whole field but also to unbounded meromorphic functions defined inside an open disc. The main tool is the p-adic Nevanlinna theory.     

Topological classification of affine operators on unitary and Euclidean spaces

We study affine operators on a unitary or Euclidean space U up to topological conjugacy. An affine operator is a map f:U→U of the form f(x)=Ax+b, in which A:U→U is a linear operator and b∈U. Two affine operators f and g are said to be topologically conjugate if g=h^-1fh for some homeomorphism h:U→U.If an affine operator f(x)=Ax+b has a fixed point, then f is topologically conjugate to its linear part A. The problem of classifying linear operators up to topological conjugacy was studied by Kuiper and Robbin [Topological classification of linear endomorphisms, Invent. Math. 19 (2) (1973) 83-106] and other authors.Let f:U→U be an affine operator without fixed point. We prove that f is topologically conjugate to an affine operator g:U→U such that U is an orthogonal direct sum of g-invariant subspaces V and W,

•

the restriction g∣V of g to V is an affine operator that in some orthonormal basis of V has the form

(x₁,x₂,…,x_n)?(x₁+1,x₂,…,x_n-1,εx_n)