trt t rs - - PowerPoint PPT Presentation

■♥tr♦❞✉❝t✐♦♥ t♦ ❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs

❇❛rt ▼❡♥♥✐♥❦ ❘❛❞❜♦✉❞ ❯♥✐✈❡rs✐t② ✭❚❤❡ ◆❡t❤❡r❧❛♥❞s✮

❙✉♠♠❡r s❝❤♦♦❧ ♦♥ r❡❛❧✲✇♦r❧❞ ❝r②♣t♦ ❛♥❞ ♣r✐✈❛❝② ❏✉♥❡ ✺✱ ✷✵✶✼

✶ ✴ ✺✸

❆✉t❤❡♥t✐❝❛t❡❞ ❊♥❝r②♣t✐♦♥

❆

← − − − − − − − − − − − − − − − − − − − − − − − − − − − − → ❇ ❊♥❝r②♣t✐♦♥ ◆♦ ♦✉ts✐❞❡r ❝❛♥ ❧❡❛r♥ ❛♥②t❤✐♥❣ ❛❜♦✉t ❞❛t❛ ❆✉t❤❡♥t✐❝❛t✐♦♥ ◆♦ ♦✉ts✐❞❡r ❝❛♥ ♠❛♥✐♣✉❧❛t❡ ❞❛t❛

✷ ✴ ✺✸

❆✉t❤❡♥t✐❝❛t❡❞ ❊♥❝r②♣t✐♦♥

❆

← − − − − − − − − − − − − − − − − − − − − − − − − − − − − → ❇ − − − − − → ← − − − − − ❊♥❝r②♣t✐♦♥ ◆♦ ♦✉ts✐❞❡r ❝❛♥ ❧❡❛r♥ ❛♥②t❤✐♥❣ ❛❜♦✉t ❞❛t❛ ❆✉t❤❡♥t✐❝❛t✐♦♥ ◆♦ ♦✉ts✐❞❡r ❝❛♥ ♠❛♥✐♣✉❧❛t❡ ❞❛t❛

✷ ✴ ✺✸

❆✉t❤❡♥t✐❝❛t❡❞ ❊♥❝r②♣t✐♦♥

❆

← − − − − − − − − − − − − − − − − − − − − − − − − − − − − → ❇ − − − − − → ← − − − − − ❊♥❝r②♣t✐♦♥

• ◆♦ ♦✉ts✐❞❡r ❝❛♥ ❧❡❛r♥ ❛♥②t❤✐♥❣ ❛❜♦✉t ❞❛t❛

❆✉t❤❡♥t✐❝❛t✐♦♥ ◆♦ ♦✉ts✐❞❡r ❝❛♥ ♠❛♥✐♣✉❧❛t❡ ❞❛t❛

✷ ✴ ✺✸

❆✉t❤❡♥t✐❝❛t❡❞ ❊♥❝r②♣t✐♦♥

❆

← − − − − − − − − − − − − − − − − − − − − − − − − − − − − → ❇ − − − − − → ← − − − − − ❊♥❝r②♣t✐♦♥

• ◆♦ ♦✉ts✐❞❡r ❝❛♥ ❧❡❛r♥ ❛♥②t❤✐♥❣ ❛❜♦✉t ❞❛t❛

❆✉t❤❡♥t✐❝❛t✐♦♥

• ◆♦ ♦✉ts✐❞❡r ❝❛♥ ♠❛♥✐♣✉❧❛t❡ ❞❛t❛

✷ ✴ ✺✸

❆✉t❤❡♥t✐❝❛t❡❞ ❊♥❝r②♣t✐♦♥

A, M N C, T

AE

k

• ❈✐♣❤❡rt❡①t C ❡♥❝r②♣t✐♦♥ ♦❢ ♠❡ss❛❣❡ M
• ❚❛❣ T ❛✉t❤❡♥t✐❝❛t❡s ❛ss♦❝✐❛t❡❞ ❞❛t❛ A ❛♥❞ ♠❡ss❛❣❡ M

◆♦♥❝❡ r❛♥❞♦♠✐③❡s t❤❡ s❝❤❡♠❡

✸ ✴ ✺✸

❆✉t❤❡♥t✐❝❛t❡❞ ❊♥❝r②♣t✐♦♥

A, M N C, T

AE

k

• ❈✐♣❤❡rt❡①t C ❡♥❝r②♣t✐♦♥ ♦❢ ♠❡ss❛❣❡ M
• ❚❛❣ T ❛✉t❤❡♥t✐❝❛t❡s ❛ss♦❝✐❛t❡❞ ❞❛t❛ A ❛♥❞ ♠❡ss❛❣❡ M
• ◆♦♥❝❡ N r❛♥❞♦♠✐③❡s t❤❡ s❝❤❡♠❡

✸ ✴ ✺✸

❈❆❊❙❆❘ ❈♦♠♣❡t✐t✐♦♥ ❈♦♠♣❡t✐t✐♦♥ ❢♦r ❆✉t❤❡♥t✐❝❛t❡❞ ❊♥❝r②♣t✐♦♥✿ ❙❡❝✉r✐t②✱ ❆♣♣❧✐❝❛❜✐❧✐t②✱ ❛♥❞ ❘♦❜✉st♥❡ss

• ♦❛❧✿ ♣♦rt❢♦❧✐♦ ♦❢ ❛✉t❤❡♥t✐❝❛t❡❞ ❡♥❝r②♣t✐♦♥ s❝❤❡♠❡s

▼❛r ✶✺✱ ✷✵✶✹✿ ✺✼ ✜rst r♦✉♥❞ ❝❛♥❞✐❞❛t❡s ❏✉❧ ✼✱ ✷✵✶✺✿ ✷✾✳✺ s❡❝♦♥❞ r♦✉♥❞ ❝❛♥❞✐❞❛t❡s ❆✉❣ ✶✺✱ ✷✵✶✻✿ ✶✻ t❤✐r❞ r♦✉♥❞ ❝❛♥❞✐❞❛t❡s ❄❄✿ ❛♥♥♦✉♥❝❡♠❡♥t ♦❢ ✜♥❛❧✐sts ❉❡❝ ✶✺✱ ✷✵✶✼✿ ❛♥♥♦✉♥❝❡♠❡♥t ♦❢ ✜♥❛❧ ♣♦rt❢♦❧✐♦ ✭❄✮

✹ ✴ ✺✸

❈❆❊❙❆❘ ❈♦♠♣❡t✐t✐♦♥✱ ◆♦t ❚♦ ❇❡ ❈♦♥❢✉s❡❞ ❲✐t❤✿

✺ ✴ ✺✸

❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs

m c

E

k ❚✇❡❛❦✿ ✢❡①✐❜✐❧✐t② t♦ t❤❡ ❝✐♣❤❡r ❊❛❝❤ t✇❡❛❦ ❣✐✈❡s ❞✐✛❡r❡♥t ♣❡r♠✉t❛t✐♦♥

✻ ✴ ✺✸

❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs

m t c k

• E
• ❚✇❡❛❦✿ ✢❡①✐❜✐❧✐t② t♦ t❤❡ ❝✐♣❤❡r
• ❊❛❝❤ t✇❡❛❦ ❣✐✈❡s ❞✐✛❡r❡♥t ♣❡r♠✉t❛t✐♦♥

✻ ✴ ✺✸

❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs ✐♥ ❖❈❇①

A1 A2 Aa M1 M2 Md ⊕Mi C1 C2 Cd T ˜ E

N,tA1 k

˜ E

N,tA2 k

˜ E

N,tAa k

˜ E

N,tM⊕ k

˜ E

N,tM1 k

˜ E

N,tM2 k

˜ E

N,tMd k

• ●❡♥❡r❛❧✐③❡❞ ❖❈❇ ❜② ❘♦❣❛✇❛② ❡t ❛❧✳ ❬❘❇❇❑✵✶✱❘♦❣✵✹✱❑❘✶✶❪

■♥t❡r♥❛❧❧② ❜❛s❡❞ ♦♥ t✇❡❛❦❛❜❧❡ ❜❧♦❝❦❝✐♣❤❡r

❚✇❡❛❦ ✐s ✉♥✐q✉❡ ❢♦r ❡✈❡r② ❡✈❛❧✉❛t✐♦♥ ❉✐✛❡r❡♥t ❜❧♦❝❦s ❛❧✇❛②s tr❛♥s❢♦r♠❡❞ ✉♥❞❡r ❞✐✛❡r❡♥t t✇❡❛❦

❈❤❛♥❣❡ ♦❢ t✇❡❛❦ s❤♦✉❧❞ ❜❡ ❡✣❝✐❡♥t

✼ ✴ ✺✸

❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs ✐♥ ❖❈❇①

A1 A2 Aa M1 M2 Md ⊕Mi C1 C2 Cd T ˜ E

N,tA1 k

˜ E

N,tA2 k

˜ E

N,tAa k

˜ E

N,tM⊕ k

˜ E

N,tM1 k

˜ E

N,tM2 k

˜ E

N,tMd k

• ●❡♥❡r❛❧✐③❡❞ ❖❈❇ ❜② ❘♦❣❛✇❛② ❡t ❛❧✳ ❬❘❇❇❑✵✶✱❘♦❣✵✹✱❑❘✶✶❪
• ■♥t❡r♥❛❧❧② ❜❛s❡❞ ♦♥ t✇❡❛❦❛❜❧❡ ❜❧♦❝❦❝✐♣❤❡r

E

• ❚✇❡❛❦ (N, tweak) ✐s ✉♥✐q✉❡ ❢♦r ❡✈❡r② ❡✈❛❧✉❛t✐♦♥
• ❉✐✛❡r❡♥t ❜❧♦❝❦s ❛❧✇❛②s tr❛♥s❢♦r♠❡❞ ✉♥❞❡r ❞✐✛❡r❡♥t t✇❡❛❦

❈❤❛♥❣❡ ♦❢ t✇❡❛❦ s❤♦✉❧❞ ❜❡ ❡✣❝✐❡♥t

✼ ✴ ✺✸

❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs ✐♥ ❖❈❇①

A1 A2 Aa M1 M2 Md ⊕Mi C1 C2 Cd T ˜ E

N,tA1 k

˜ E

N,tA2 k

˜ E

N,tAa k

˜ E

N,tM⊕ k

˜ E

N,tM1 k

˜ E

N,tM2 k

˜ E

N,tMd k

• ●❡♥❡r❛❧✐③❡❞ ❖❈❇ ❜② ❘♦❣❛✇❛② ❡t ❛❧✳ ❬❘❇❇❑✵✶✱❘♦❣✵✹✱❑❘✶✶❪
• ■♥t❡r♥❛❧❧② ❜❛s❡❞ ♦♥ t✇❡❛❦❛❜❧❡ ❜❧♦❝❦❝✐♣❤❡r

E

• ❚✇❡❛❦ (N, tweak) ✐s ✉♥✐q✉❡ ❢♦r ❡✈❡r② ❡✈❛❧✉❛t✐♦♥
• ❉✐✛❡r❡♥t ❜❧♦❝❦s ❛❧✇❛②s tr❛♥s❢♦r♠❡❞ ✉♥❞❡r ❞✐✛❡r❡♥t t✇❡❛❦
• ❈❤❛♥❣❡ ♦❢ t✇❡❛❦ s❤♦✉❧❞ ❜❡ ❡✣❝✐❡♥t

✼ ✴ ✺✸

❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs ✐♥ ❳❚❙

M1 M2 Md C1 C2 Cd ˜ E i,1

k

˜ E i,2

k

˜ E i,d

k

• ❳❚❙ ♠♦❞❡ ❢♦r ❞✐s❦ ❡♥❝r②♣t✐♦♥
• ❚✇❡❛❦ (i, j) = (s❡❝t♦r, ❜❧♦❝❦) ✉♥✐q✉❡ ❢♦r ❡✈❡r② ❜❧♦❝❦

❈❤❛♥❣❡ ♦❢ t✇❡❛❦ s❤♦✉❧❞ ❜❡ ❡✣❝✐❡♥t ✭❛s ❜❡❢♦r❡✮ ■♥❝r❡♠❡♥t❛❧✐t②✿ ❝❤❛♥❣❡ ✐♥ ♦♥❡ ✭♦r ❢❡✇✮ ❜❧♦❝❦s

✽ ✴ ✺✸

❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs ✐♥ ❳❚❙

M1 M2 Md C1 C2 Cd ˜ E i,1

k

˜ E i,2

k

˜ E i,d

k

• ❳❚❙ ♠♦❞❡ ❢♦r ❞✐s❦ ❡♥❝r②♣t✐♦♥
• ❚✇❡❛❦ (i, j) = (s❡❝t♦r, ❜❧♦❝❦) ✉♥✐q✉❡ ❢♦r ❡✈❡r② ❜❧♦❝❦
• ❈❤❛♥❣❡ ♦❢ t✇❡❛❦ s❤♦✉❧❞ ❜❡ ❡✣❝✐❡♥t ✭❛s ❜❡❢♦r❡✮

■♥❝r❡♠❡♥t❛❧✐t②✿ ❝❤❛♥❣❡ ✐♥ ♦♥❡ ✭♦r ❢❡✇✮ ❜❧♦❝❦s

✽ ✴ ✺✸

❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs ✐♥ ❳❚❙

M1 M′

2 = M2

Md C1 C′

2

Cd ˜ E i,1

k

˜ E i,2

k

˜ E i,d

k

• ❳❚❙ ♠♦❞❡ ❢♦r ❞✐s❦ ❡♥❝r②♣t✐♦♥
• ❚✇❡❛❦ (i, j) = (s❡❝t♦r, ❜❧♦❝❦) ✉♥✐q✉❡ ❢♦r ❡✈❡r② ❜❧♦❝❦
• ❈❤❛♥❣❡ ♦❢ t✇❡❛❦ s❤♦✉❧❞ ❜❡ ❡✣❝✐❡♥t ✭❛s ❜❡❢♦r❡✮
• ■♥❝r❡♠❡♥t❛❧✐t②✿ ❝❤❛♥❣❡ ✐♥ ♦♥❡ ✭♦r ❢❡✇✮ ❜❧♦❝❦s

✽ ✴ ✺✸

❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs ✐♥ ❙❦❡✐♥

config M1 Mℓ iv h

· · · · · · ˜ Econ ˜ Emsg ˜ Emsg ˜ Eout

• ❙❦❡✐♥ ❤❛s❤ ❢✉♥❝t✐♦♥ ❜② ❋❡r❣✉s♦♥ ❡t ❛❧✳ ❬❋▲❙✰✵✼❪
• ❇❛s❡❞ ♦♥ ❚❤r❡❡✜s❤ t✇❡❛❦❛❜❧❡ ❜❧♦❝❦❝✐♣❤❡r
• ❚✇❡❛❦s ✉s❡❞ ❢♦r ❞♦♠❛✐♥ s❡♣❛r❛t✐♦♥

✾ ✴ ✺✸

❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡r ❉❡s✐❣♥s ✐♥ ❈❆❊❙❆❘

• E

t

E

• E

P

• E

❉❡❞✐❝❛t❡❞ ❇❧♦❝❦❝✐♣❤❡r✲❇❛s❡❞ P❡r♠✉t❛t✐♦♥✲❇❛s❡❞ ❑■❆❙❯✱ ❈❇❆✱ ❈❖❇❘❆✱ ✐❋❡❡❞✱ Prøst✱ ❏♦❧t✐❦✱ ▼❛r❜❧❡✱ ❖▼❉✱ P❖❊❚✱ ▼✐♥❛❧♣❤❡r ❙❈❘❊❆▼✱ ❙❍❊▲▲✱ ❆❊❩✱ ❈❖P❆✴ ❉❡♦①②s ❊▲♠❉✱ ❖❈❇✱ ❖❚❘

✶✵ ✴ ✺✸

✜rst r♦✉♥❞✱ s❡❝♦♥❞ r♦✉♥❞✱ t❤✐r❞ r♦✉♥❞

❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡r ❉❡s✐❣♥s ✐♥ ❈❆❊❙❆❘

• E

t

E

• E

P

• E

❉❡❞✐❝❛t❡❞ ❇❧♦❝❦❝✐♣❤❡r✲❇❛s❡❞ P❡r♠✉t❛t✐♦♥✲❇❛s❡❞ ❑■❆❙❯✱ ❈❇❆✱ ❈❖❇❘❆✱ ✐❋❡❡❞✱ Prøst✱ ❏♦❧t✐❦✱ ▼❛r❜❧❡✱ ❖▼❉✱ P❖❊❚✱ ▼✐♥❛❧♣❤❡r ❙❈❘❊❆▼✱ ❙❍❊▲▲✱ ❆❊❩✱ ❈❖P❆✴ ❉❡♦①②s ❊▲♠❉✱ ❖❈❇✱ ❖❚❘

✶✵ ✴ ✺✸

✜rst r♦✉♥❞✱ s❡❝♦♥❞ r♦✉♥❞✱ t❤✐r❞ r♦✉♥❞

❖✉t❧✐♥❡ ❉❡❞✐❝❛t❡❞ ❉❡s✐❣♥ ❇❛s✐❝ ●❡♥❡r✐❝ ❘❡❝✐♣❡ ❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs ❇❛s❡❞ ♦♥ ▼❛s❦✐♥❣ ❇❡②♦♥❞ ▼❛s❦✐♥❣✲❇❛s❡❞ ❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs ❈♦♥❝❧✉s✐♦♥

✶✶ ✴ ✺✸

❖✉t❧✐♥❡ ❉❡❞✐❝❛t❡❞ ❉❡s✐❣♥ ❇❛s✐❝ ●❡♥❡r✐❝ ❘❡❝✐♣❡ ❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs ❇❛s❡❞ ♦♥ ▼❛s❦✐♥❣ ❇❡②♦♥❞ ▼❛s❦✐♥❣✲❇❛s❡❞ ❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs ❈♦♥❝❧✉s✐♦♥

✶✷ ✴ ✺✸

❉❡❞✐❝❛t❡❞ ❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs

• ❍❛st② P✉❞❞✐♥❣ ❈✐♣❤❡r ❬❙❝❤✾✽❪
• ❆❊❙ s✉❜♠✐ss✐♦♥✱ ✏✜rst t✇❡❛❦❛❜❧❡ ❝✐♣❤❡r✑
• ▼❡r❝② ❬❈r♦✵✶❪
• ❉✐s❦ ❡♥❝r②♣t✐♦♥
• ❚❤r❡❡✜s❤ ❬❋▲❙✰✵✼❪
• ❙❍❆✲✸ s✉❜♠✐ss✐♦♥ ❙❦❡✐♥
• ❚❲❊❆❑❊❨ ❢r❛♠❡✇♦r❦ ❬❏◆P✶✹❪
• ❋♦✉r ❈❆❊❙❆❘ s✉❜♠✐ss✐♦♥s
• ❙❑■◆◆❨ ✫ ▼❆◆❚■❙

✶✸ ✴ ✺✸

❚❲❊❆❑❊❨ ❋r❛♠❡✇♦r❦

• ❚❲❊❆❑❊❨ ❜② ❏❡❛♥ ❡t ❛❧✳ ❬❏◆P✶✹❪✿

(k, t) m c

· · · · · · · · · · · ·

f f f g g g g h h h

• f✿ r♦✉♥❞ ❢✉♥❝t✐♦♥
• g✿ s✉❜❦❡② ❝♦♠♣✉t❛t✐♦♥
• h✿ tr❛♥s❢♦r♠❛t✐♦♥ ♦❢ (k, t)

❙❡❝✉r✐t② ♠❡❛s✉r❡❞ t❤r♦✉❣❤ ❝r②♣t❛♥❛❧②s✐s ❖✉r ❢♦❝✉s✿ ♠♦❞✉❧❛r ❞❡s✐❣♥

✶✹ ✴ ✺✸

❚❲❊❆❑❊❨ ❋r❛♠❡✇♦r❦

• ❚❲❊❆❑❊❨ ❜② ❏❡❛♥ ❡t ❛❧✳ ❬❏◆P✶✹❪✿

(k, t) m c

· · · · · · · · · · · ·

f f f g g g g h h h

• f✿ r♦✉♥❞ ❢✉♥❝t✐♦♥
• g✿ s✉❜❦❡② ❝♦♠♣✉t❛t✐♦♥
• h✿ tr❛♥s❢♦r♠❛t✐♦♥ ♦❢ (k, t)
• ❙❡❝✉r✐t② ♠❡❛s✉r❡❞ t❤r♦✉❣❤ ❝r②♣t❛♥❛❧②s✐s
• ❖✉r ❢♦❝✉s✿ ♠♦❞✉❧❛r ❞❡s✐❣♥

✶✹ ✴ ✺✸

❖✉t❧✐♥❡ ❉❡❞✐❝❛t❡❞ ❉❡s✐❣♥ ❇❛s✐❝ ●❡♥❡r✐❝ ❘❡❝✐♣❡ ❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs ❇❛s❡❞ ♦♥ ▼❛s❦✐♥❣ ❇❡②♦♥❞ ▼❛s❦✐♥❣✲❇❛s❡❞ ❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs ❈♦♥❝❧✉s✐♦♥

✶✺ ✴ ✺✸

❇❛s✐❝ ●❡♥❡r✐❝ ❘❡❝✐♣❡

✶ ❉❡t❡r♠✐♥❡ ❛♣♣r♦♣r✐❛t❡ s❡❝✉r✐t② ♠♦❞❡❧ ✷ ❉❡s✐❣♥ t❤❡ s❝❤❡♠❡ ✸ P❡r❢♦r♠ s❡❝✉r✐t② ❛♥❛❧②s✐s

✶✻ ✴ ✺✸

❇❛s✐❝ ●❡♥❡r✐❝ ❘❡❝✐♣❡ ❙t❡♣ ✶✿ ❙❡❝✉r✐t② ▼♦❞❡❧

m c k

• E

t

✳

← − − − − →

✳ ❚✇❡❛❦❛❜❧❡ Ps❡✉❞♦r❛♥❞♦♠ P❡r♠✉t❛t✐♦♥ ❙❡❝✉r✐t② s❤♦✉❧❞ ❧♦♦❦ ❧✐❦❡ r❛♥❞♦♠ ♣❡r♠✉t❛t✐♦♥ ❢♦r ❡✈❡r② ❉✐✛❡r❡♥t t✇❡❛❦s ♣s❡✉❞♦✲✐♥❞❡♣❡♥❞❡♥t ♣❡r♠✉t❛t✐♦♥s ❙tr♦♥❣ ❚✇❡❛❦❛❜❧❡ Ps❡✉❞♦r❛♥❞♦♠ P❡r♠✉t❛t✐♦♥ ❙❡❝✉r✐t② ❆❞✈❡rs❛r② ♠❛② ❤❛✈❡ ❡♥❝r②♣t✐♦♥ ❛♥❞ ❞❡❝r②♣t✐♦♥ ❛❝❝❡ss t♦

✶✼ ✴ ✺✸

❇❛s✐❝ ●❡♥❡r✐❝ ❘❡❝✐♣❡ ❙t❡♣ ✶✿ ❙❡❝✉r✐t② ▼♦❞❡❧

m c k

• E

t

✳

← − − − − →

✳ ❚✇❡❛❦❛❜❧❡ Ps❡✉❞♦r❛♥❞♦♠ P❡r♠✉t❛t✐♦♥ ❙❡❝✉r✐t②

Ek s❤♦✉❧❞ ❧♦♦❦ ❧✐❦❡ r❛♥❞♦♠ ♣❡r♠✉t❛t✐♦♥ ❢♦r ❡✈❡r② t

• ❉✐✛❡r❡♥t t✇❡❛❦s −

→ ♣s❡✉❞♦✲✐♥❞❡♣❡♥❞❡♥t ♣❡r♠✉t❛t✐♦♥s ❙tr♦♥❣ ❚✇❡❛❦❛❜❧❡ Ps❡✉❞♦r❛♥❞♦♠ P❡r♠✉t❛t✐♦♥ ❙❡❝✉r✐t② ❆❞✈❡rs❛r② ♠❛② ❤❛✈❡ ❡♥❝r②♣t✐♦♥ ❛♥❞ ❞❡❝r②♣t✐♦♥ ❛❝❝❡ss t♦

✶✼ ✴ ✺✸

❇❛s✐❝ ●❡♥❡r✐❝ ❘❡❝✐♣❡ ❙t❡♣ ✶✿ ❙❡❝✉r✐t② ▼♦❞❡❧

m c k

• E

t

✳

← − − − − →

✳ ❚✇❡❛❦❛❜❧❡ Ps❡✉❞♦r❛♥❞♦♠ P❡r♠✉t❛t✐♦♥ ❙❡❝✉r✐t②

Ek s❤♦✉❧❞ ❧♦♦❦ ❧✐❦❡ r❛♥❞♦♠ ♣❡r♠✉t❛t✐♦♥ ❢♦r ❡✈❡r② t

• ❉✐✛❡r❡♥t t✇❡❛❦s −

→ ♣s❡✉❞♦✲✐♥❞❡♣❡♥❞❡♥t ♣❡r♠✉t❛t✐♦♥s ❙tr♦♥❣ ❚✇❡❛❦❛❜❧❡ Ps❡✉❞♦r❛♥❞♦♠ P❡r♠✉t❛t✐♦♥ ❙❡❝✉r✐t②

• ❆❞✈❡rs❛r② ♠❛② ❤❛✈❡ ❡♥❝r②♣t✐♦♥ ❛♥❞ ❞❡❝r②♣t✐♦♥ ❛❝❝❡ss t♦

E

✶✼ ✴ ✺✸

❇❛s✐❝ ●❡♥❡r✐❝ ❘❡❝✐♣❡ ❙t❡♣ ✶✿ ❙❡❝✉r✐t② ▼♦❞❡❧

❊①❛♠♣❧❡

A1 A2 Aa M1 M2 Md ⊕Mi C1 C2 Cd T ˜ E

N,tA1 k

˜ E

N,tA2 k

˜ E

N,tAa k

˜ E

N,tM⊕ k

˜ E

N,tM1 k

˜ E

N,tM2 k

˜ E

N,tMd k

• ❚❛❣ ❣❡♥❡r❛t✐♦♥✿

Ek ❡✈❛❧✉❛t❡❞ ✐♥ ❢♦r✇❛r❞ ❞✐r❡❝t✐♦♥ ♦♥❧②

• ❊♥❝r②♣t✐♦♥✴❞❡❝r②♣t✐♦♥✿

Ek ❡✈❛❧✉❛t❡❞ ✐♥ ❜♦t❤ ❞✐r❡❝t✐♦♥s

✶✽ ✴ ✺✸

❇❛s✐❝ ●❡♥❡r✐❝ ❘❡❝✐♣❡ ❙t❡♣ ✷✿ P❧❛②❣r♦✉♥❞

m c

E

k t ?

• ❈♦♥s✐❞❡r ❛ ❜❧♦❝❦❝✐♣❤❡r E ✇✐t❤ κ✲❜✐t ❦❡② ❛♥❞ n✲❜✐t st❛t❡

❍♦✇ t♦ ♠✐♥❣❧❡ t❤❡ t✇❡❛❦ ✐♥t♦ t❤❡ ❡✈❛❧✉❛t✐♦♥❄ ❜❧❡♥❞ ✐t ✇✐t❤ t❤❡ ❦❡② ❜❧❡♥❞ ✐t ✇✐t❤ t❤❡ st❛t❡

✶✾ ✴ ✺✸

❇❛s✐❝ ●❡♥❡r✐❝ ❘❡❝✐♣❡ ❙t❡♣ ✷✿ P❧❛②❣r♦✉♥❞

m c

E

k t ?

• ❈♦♥s✐❞❡r ❛ ❜❧♦❝❦❝✐♣❤❡r E ✇✐t❤ κ✲❜✐t ❦❡② ❛♥❞ n✲❜✐t st❛t❡

❍♦✇ t♦ ♠✐♥❣❧❡ t❤❡ t✇❡❛❦ ✐♥t♦ t❤❡ ❡✈❛❧✉❛t✐♦♥❄

← − − − ← − − −

❜❧❡♥❞ ✐t ✇✐t❤ t❤❡ ❦❡② ❜❧❡♥❞ ✐t ✇✐t❤ t❤❡ st❛t❡

✶✾ ✴ ✺✸

❇❛s✐❝ ●❡♥❡r✐❝ ❘❡❝✐♣❡ ❙t❡♣ ✷✿ P❧❛②❣r♦✉♥❞

m c

E

k t

• ❇❧❡♥❞✐♥❣ t✇❡❛❦ ❛♥❞ ❦❡② ✇♦r❦s✳ ✳ ✳
• ✳ ✳ ✳ ❜✉t✿ ❝❛r❡❢✉❧ ✇✐t❤ r❡❧❛t❡❞✲❦❡② ❛tt❛❝❦s✦

❋♦r ✲♠✐①✐♥❣✱ ❦❡② ❝❛♥ ❜❡ r❡❝♦✈❡r❡❞ ✐♥ ❡✈❛❧✉❛t✐♦♥s ❙❝❤❡♠❡ ✐s ✐♥s❡❝✉r❡ ✐❢ ✐s ❊✈❡♥✲▼❛♥s♦✉r ❚❲❊❆❑❊❨ ❜❧❡♥❞✐♥❣ ✐s ♠♦r❡ ❛❞✈❛♥❝❡❞

✷✵ ✴ ✺✸

❇❛s✐❝ ●❡♥❡r✐❝ ❘❡❝✐♣❡ ❙t❡♣ ✷✿ P❧❛②❣r♦✉♥❞

m c

E

k t

• ❇❧❡♥❞✐♥❣ t✇❡❛❦ ❛♥❞ ❦❡② ✇♦r❦s✳ ✳ ✳
• ✳ ✳ ✳ ❜✉t✿ ❝❛r❡❢✉❧ ✇✐t❤ r❡❧❛t❡❞✲❦❡② ❛tt❛❝❦s✦
• ❋♦r ⊕✲♠✐①✐♥❣✱ ❦❡② ❝❛♥ ❜❡ r❡❝♦✈❡r❡❞ ✐♥ 2κ/2 ❡✈❛❧✉❛t✐♦♥s
• ❙❝❤❡♠❡ ✐s ✐♥s❡❝✉r❡ ✐❢ E ✐s ❊✈❡♥✲▼❛♥s♦✉r

❚❲❊❆❑❊❨ ❜❧❡♥❞✐♥❣ ✐s ♠♦r❡ ❛❞✈❛♥❝❡❞

✷✵ ✴ ✺✸

❇❛s✐❝ ●❡♥❡r✐❝ ❘❡❝✐♣❡ ❙t❡♣ ✷✿ P❧❛②❣r♦✉♥❞

m c

E

k t

• ❇❧❡♥❞✐♥❣ t✇❡❛❦ ❛♥❞ ❦❡② ✇♦r❦s✳ ✳ ✳
• ✳ ✳ ✳ ❜✉t✿ ❝❛r❡❢✉❧ ✇✐t❤ r❡❧❛t❡❞✲❦❡② ❛tt❛❝❦s✦
• ❋♦r ⊕✲♠✐①✐♥❣✱ ❦❡② ❝❛♥ ❜❡ r❡❝♦✈❡r❡❞ ✐♥ 2κ/2 ❡✈❛❧✉❛t✐♦♥s
• ❙❝❤❡♠❡ ✐s ✐♥s❡❝✉r❡ ✐❢ E ✐s ❊✈❡♥✲▼❛♥s♦✉r
• ❚❲❊❆❑❊❨ ❜❧❡♥❞✐♥❣ ✐s ♠♦r❡ ❛❞✈❛♥❝❡❞

✷✵ ✴ ✺✸

❇❛s✐❝ ●❡♥❡r✐❝ ❘❡❝✐♣❡ ❙t❡♣ ✷✿ P❧❛②❣r♦✉♥❞

m c

E

k t

• ❙✐♠♣❧❡ ❜❧❡♥❞✐♥❣ ♦❢ t✇❡❛❦ ❛♥❞ st❛t❡ ❞♦❡s ♥♦t ✇♦r❦

❙♦♠❡ s❡❝r❡❝② r❡q✉✐r❡❞✿ ❙t✐❧❧ ❞♦❡s ♥♦t ✇♦r❦ ✐❢ ❛❞✈❡rs❛r② ❤❛s ❛❝❝❡ss t♦

❚✇♦✲s✐❞❡❞ ♠❛s❦✐♥❣ ♥❡❝❡ss❛r②

✷✶ ✴ ✺✸

❇❛s✐❝ ●❡♥❡r✐❝ ❘❡❝✐♣❡ ❙t❡♣ ✷✿ P❧❛②❣r♦✉♥❞

m c

E

k t

• ❙✐♠♣❧❡ ❜❧❡♥❞✐♥❣ ♦❢ t✇❡❛❦ ❛♥❞ st❛t❡ ❞♦❡s ♥♦t ✇♦r❦

Ek(t, m) = Ek(t ⊕ C, m ⊕ C)

❙♦♠❡ s❡❝r❡❝② r❡q✉✐r❡❞✿ ❙t✐❧❧ ❞♦❡s ♥♦t ✇♦r❦ ✐❢ ❛❞✈❡rs❛r② ❤❛s ❛❝❝❡ss t♦

❚✇♦✲s✐❞❡❞ ♠❛s❦✐♥❣ ♥❡❝❡ss❛r②

✷✶ ✴ ✺✸

❇❛s✐❝ ●❡♥❡r✐❝ ❘❡❝✐♣❡ ❙t❡♣ ✷✿ P❧❛②❣r♦✉♥❞

m c

E

k h ⊗ t

• ❙✐♠♣❧❡ ❜❧❡♥❞✐♥❣ ♦❢ t✇❡❛❦ ❛♥❞ st❛t❡ ❞♦❡s ♥♦t ✇♦r❦

Ek(t, m) = Ek(t ⊕ C, m ⊕ C)

• ❙♦♠❡ s❡❝r❡❝② r❡q✉✐r❡❞✿ h

❙t✐❧❧ ❞♦❡s ♥♦t ✇♦r❦ ✐❢ ❛❞✈❡rs❛r② ❤❛s ❛❝❝❡ss t♦

❚✇♦✲s✐❞❡❞ ♠❛s❦✐♥❣ ♥❡❝❡ss❛r②

✷✶ ✴ ✺✸

❇❛s✐❝ ●❡♥❡r✐❝ ❘❡❝✐♣❡ ❙t❡♣ ✷✿ P❧❛②❣r♦✉♥❞

m c

E

k h ⊗ t

• ❙✐♠♣❧❡ ❜❧❡♥❞✐♥❣ ♦❢ t✇❡❛❦ ❛♥❞ st❛t❡ ❞♦❡s ♥♦t ✇♦r❦

Ek(t, m) = Ek(t ⊕ C, m ⊕ C)

• ❙♦♠❡ s❡❝r❡❝② r❡q✉✐r❡❞✿ h
• ❙t✐❧❧ ❞♦❡s ♥♦t ✇♦r❦ ✐❢ ❛❞✈❡rs❛r② ❤❛s ❛❝❝❡ss t♦

E−1

k

❚✇♦✲s✐❞❡❞ ♠❛s❦✐♥❣ ♥❡❝❡ss❛r②

✷✶ ✴ ✺✸

❇❛s✐❝ ●❡♥❡r✐❝ ❘❡❝✐♣❡ ❙t❡♣ ✷✿ P❧❛②❣r♦✉♥❞

m c

E

k h ⊗ t

• ❙✐♠♣❧❡ ❜❧❡♥❞✐♥❣ ♦❢ t✇❡❛❦ ❛♥❞ st❛t❡ ❞♦❡s ♥♦t ✇♦r❦

Ek(t, m) = Ek(t ⊕ C, m ⊕ C)

• ❙♦♠❡ s❡❝r❡❝② r❡q✉✐r❡❞✿ h
• ❙t✐❧❧ ❞♦❡s ♥♦t ✇♦r❦ ✐❢ ❛❞✈❡rs❛r② ❤❛s ❛❝❝❡ss t♦

E−1

k

E−1

k (t, c) ⊕

E−1

k (t ⊕ C, c) = h ⊗ C

❚✇♦✲s✐❞❡❞ ♠❛s❦✐♥❣ ♥❡❝❡ss❛r②

✷✶ ✴ ✺✸

❇❛s✐❝ ●❡♥❡r✐❝ ❘❡❝✐♣❡ ❙t❡♣ ✷✿ P❧❛②❣r♦✉♥❞

m c

E

k h ⊗ t h ⊗ t

• ❙✐♠♣❧❡ ❜❧❡♥❞✐♥❣ ♦❢ t✇❡❛❦ ❛♥❞ st❛t❡ ❞♦❡s ♥♦t ✇♦r❦

Ek(t, m) = Ek(t ⊕ C, m ⊕ C)

• ❙♦♠❡ s❡❝r❡❝② r❡q✉✐r❡❞✿ h
• ❙t✐❧❧ ❞♦❡s ♥♦t ✇♦r❦ ✐❢ ❛❞✈❡rs❛r② ❤❛s ❛❝❝❡ss t♦

E−1

k

E−1

k (t, c) ⊕

E−1

k (t ⊕ C, c) = h ⊗ C

• ❚✇♦✲s✐❞❡❞ ♠❛s❦✐♥❣ ♥❡❝❡ss❛r②

✷✶ ✴ ✺✸

❇❛s✐❝ ●❡♥❡r✐❝ ❘❡❝✐♣❡ ❙t❡♣ ✷✿ P❧❛②❣r♦✉♥❞

m c

E

k h ⊗ t h ⊗ t

• ❚✇♦✲s✐❞❡❞ s❡❝r❡t ♠❛s❦✐♥❣ s❡❡♠s t♦ ✇♦r❦
• ❈❛♥ ✇❡ ❣❡♥❡r❛❧✐③❡❄
• ❡♥❡r❛❧✐③✐♥❣ ♠❛s❦✐♥❣❄ ❉❡♣❡♥❞s ♦♥ ❢✉♥❝t✐♦♥

❱❛r✐❛t✐♦♥ ✐♥ ♠❛s❦✐♥❣❄ ❉❡♣❡♥❞s ♦♥ ❢✉♥❝t✐♦♥s ❘❡❧❡❛s✐♥❣ s❡❝r❡❝② ✐♥ ❄ ❯s✉❛❧❧② ♥♦ ♣r♦❜❧❡♠

✷✷ ✴ ✺✸

▼❛❥♦r✐t② ♦❢ t✇❡❛❦❛❜❧❡ ❜❧♦❝❦❝✐♣❤❡rs ❢♦❧❧♦✇ ♠❛s❦✲ ✲♠❛s❦ ♣r✐♥❝✐♣❧❡

❇❛s✐❝ ●❡♥❡r✐❝ ❘❡❝✐♣❡ ❙t❡♣ ✷✿ P❧❛②❣r♦✉♥❞

m c

E

k f(t) f(t)

• ❚✇♦✲s✐❞❡❞ s❡❝r❡t ♠❛s❦✐♥❣ s❡❡♠s t♦ ✇♦r❦
• ❈❛♥ ✇❡ ❣❡♥❡r❛❧✐③❡❄
• ●❡♥❡r❛❧✐③✐♥❣ ♠❛s❦✐♥❣❄ ❉❡♣❡♥❞s ♦♥ ❢✉♥❝t✐♦♥ f

❱❛r✐❛t✐♦♥ ✐♥ ♠❛s❦✐♥❣❄ ❉❡♣❡♥❞s ♦♥ ❢✉♥❝t✐♦♥s ❘❡❧❡❛s✐♥❣ s❡❝r❡❝② ✐♥ ❄ ❯s✉❛❧❧② ♥♦ ♣r♦❜❧❡♠

✷✷ ✴ ✺✸

▼❛❥♦r✐t② ♦❢ t✇❡❛❦❛❜❧❡ ❜❧♦❝❦❝✐♣❤❡rs ❢♦❧❧♦✇ ♠❛s❦✲ ✲♠❛s❦ ♣r✐♥❝✐♣❧❡

❇❛s✐❝ ●❡♥❡r✐❝ ❘❡❝✐♣❡ ❙t❡♣ ✷✿ P❧❛②❣r♦✉♥❞

m c

E

k f1(t) f2(t)

• ❚✇♦✲s✐❞❡❞ s❡❝r❡t ♠❛s❦✐♥❣ s❡❡♠s t♦ ✇♦r❦
• ❈❛♥ ✇❡ ❣❡♥❡r❛❧✐③❡❄
• ●❡♥❡r❛❧✐③✐♥❣ ♠❛s❦✐♥❣❄ ❉❡♣❡♥❞s ♦♥ ❢✉♥❝t✐♦♥ f
• ❱❛r✐❛t✐♦♥ ✐♥ ♠❛s❦✐♥❣❄ ❉❡♣❡♥❞s ♦♥ ❢✉♥❝t✐♦♥s f1, f2

❘❡❧❡❛s✐♥❣ s❡❝r❡❝② ✐♥ ❄ ❯s✉❛❧❧② ♥♦ ♣r♦❜❧❡♠

✷✷ ✴ ✺✸

▼❛❥♦r✐t② ♦❢ t✇❡❛❦❛❜❧❡ ❜❧♦❝❦❝✐♣❤❡rs ❢♦❧❧♦✇ ♠❛s❦✲ ✲♠❛s❦ ♣r✐♥❝✐♣❧❡

❇❛s✐❝ ●❡♥❡r✐❝ ❘❡❝✐♣❡ ❙t❡♣ ✷✿ P❧❛②❣r♦✉♥❞

m c

P

f1(t) f2(t)

• ❚✇♦✲s✐❞❡❞ s❡❝r❡t ♠❛s❦✐♥❣ s❡❡♠s t♦ ✇♦r❦
• ❈❛♥ ✇❡ ❣❡♥❡r❛❧✐③❡❄
• ●❡♥❡r❛❧✐③✐♥❣ ♠❛s❦✐♥❣❄ ❉❡♣❡♥❞s ♦♥ ❢✉♥❝t✐♦♥ f
• ❱❛r✐❛t✐♦♥ ✐♥ ♠❛s❦✐♥❣❄ ❉❡♣❡♥❞s ♦♥ ❢✉♥❝t✐♦♥s f1, f2
• ❘❡❧❡❛s✐♥❣ s❡❝r❡❝② ✐♥ E❄ ❯s✉❛❧❧② ♥♦ ♣r♦❜❧❡♠

✷✷ ✴ ✺✸

▼❛❥♦r✐t② ♦❢ t✇❡❛❦❛❜❧❡ ❜❧♦❝❦❝✐♣❤❡rs ❢♦❧❧♦✇ ♠❛s❦✲ ✲♠❛s❦ ♣r✐♥❝✐♣❧❡

❇❛s✐❝ ●❡♥❡r✐❝ ❘❡❝✐♣❡ ❙t❡♣ ✷✿ P❧❛②❣r♦✉♥❞

m c

P

f1(t) f2(t)

• ❚✇♦✲s✐❞❡❞ s❡❝r❡t ♠❛s❦✐♥❣ s❡❡♠s t♦ ✇♦r❦
• ❈❛♥ ✇❡ ❣❡♥❡r❛❧✐③❡❄
• ●❡♥❡r❛❧✐③✐♥❣ ♠❛s❦✐♥❣❄ ❉❡♣❡♥❞s ♦♥ ❢✉♥❝t✐♦♥ f
• ❱❛r✐❛t✐♦♥ ✐♥ ♠❛s❦✐♥❣❄ ❉❡♣❡♥❞s ♦♥ ❢✉♥❝t✐♦♥s f1, f2
• ❘❡❧❡❛s✐♥❣ s❡❝r❡❝② ✐♥ E❄ ❯s✉❛❧❧② ♥♦ ♣r♦❜❧❡♠

✷✷ ✴ ✺✸

▼❛❥♦r✐t② ♦❢ t✇❡❛❦❛❜❧❡ ❜❧♦❝❦❝✐♣❤❡rs ❢♦❧❧♦✇ ♠❛s❦✲Ek/P✲♠❛s❦ ♣r✐♥❝✐♣❧❡

❇❛s✐❝ ●❡♥❡r✐❝ ❘❡❝✐♣❡ ❙t❡♣ ✸✿ ❆♥❛❧②s✐s

m c

Ek/P

f1(t) f2(t)

Ek s❤♦✉❧❞ ✏❧♦♦❦ ❧✐❦❡✑ r❛♥❞♦♠ ♣❡r♠✉t❛t✐♦♥ ❢♦r ❡✈❡r② t

• ❈♦♥s✐❞❡r ❛❞✈❡rs❛r② A t❤❛t ♠❛❦❡s q ❡✈❛❧✉❛t✐♦♥s ♦❢

Ek ❙t❡♣ ✸❛✿

❍♦✇ ♠❛♥② ❡✈❛❧✉❛t✐♦♥s ❞♦❡s ♥❡❡❞ ❛t ♠♦st❄

❙t❡♣ ✸❛✿

❇♦✐❧s ❞♦✇♥ t♦ ✜♥❞✐♥❣ ❣❡♥❡r✐❝ ❛tt❛❝❦s

❙t❡♣ ✸❜✿

❍♦✇ ♠❛♥② ❡✈❛❧✉❛t✐♦♥s ❞♦❡s ♥❡❡❞ ❛t ❧❡❛st❄

❙t❡♣ ✸❜✿

❇♦✐❧s ❞♦✇♥ t♦ ♣r♦✈❛❜❧❡ s❡❝✉r✐t②

✷✸ ✴ ✺✸

❇❛s✐❝ ●❡♥❡r✐❝ ❘❡❝✐♣❡ ❙t❡♣ ✸✿ ❆♥❛❧②s✐s

m c

Ek/P

f1(t) f2(t)

Ek s❤♦✉❧❞ ✏❧♦♦❦ ❧✐❦❡✑ r❛♥❞♦♠ ♣❡r♠✉t❛t✐♦♥ ❢♦r ❡✈❡r② t

• ❈♦♥s✐❞❡r ❛❞✈❡rs❛r② A t❤❛t ♠❛❦❡s q ❡✈❛❧✉❛t✐♦♥s ♦❢

Ek

• ❙t❡♣ ✸❛✿ • ❍♦✇ ♠❛♥② ❡✈❛❧✉❛t✐♦♥s ❞♦❡s A ♥❡❡❞ ❛t ♠♦st❄

❙t❡♣ ✸❛✿ • ❇♦✐❧s ❞♦✇♥ t♦ ✜♥❞✐♥❣ ❣❡♥❡r✐❝ ❛tt❛❝❦s ❙t❡♣ ✸❜✿

❍♦✇ ♠❛♥② ❡✈❛❧✉❛t✐♦♥s ❞♦❡s ♥❡❡❞ ❛t ❧❡❛st❄

❙t❡♣ ✸❜✿

❇♦✐❧s ❞♦✇♥ t♦ ♣r♦✈❛❜❧❡ s❡❝✉r✐t②

✷✸ ✴ ✺✸

❇❛s✐❝ ●❡♥❡r✐❝ ❘❡❝✐♣❡ ❙t❡♣ ✸✿ ❆♥❛❧②s✐s

m c

Ek/P

f1(t) f2(t)

Ek s❤♦✉❧❞ ✏❧♦♦❦ ❧✐❦❡✑ r❛♥❞♦♠ ♣❡r♠✉t❛t✐♦♥ ❢♦r ❡✈❡r② t

• ❈♦♥s✐❞❡r ❛❞✈❡rs❛r② A t❤❛t ♠❛❦❡s q ❡✈❛❧✉❛t✐♦♥s ♦❢

Ek

• ❙t❡♣ ✸❛✿ • ❍♦✇ ♠❛♥② ❡✈❛❧✉❛t✐♦♥s ❞♦❡s A ♥❡❡❞ ❛t ♠♦st❄

❙t❡♣ ✸❛✿ • ❇♦✐❧s ❞♦✇♥ t♦ ✜♥❞✐♥❣ ❣❡♥❡r✐❝ ❛tt❛❝❦s

• ❙t❡♣ ✸❜✿ • ❍♦✇ ♠❛♥② ❡✈❛❧✉❛t✐♦♥s ❞♦❡s A ♥❡❡❞ ❛t ❧❡❛st❄

❙t❡♣ ✸❜✿ • ❇♦✐❧s ❞♦✇♥ t♦ ♣r♦✈❛❜❧❡ s❡❝✉r✐t②

✷✸ ✴ ✺✸

❇❛s✐❝ ●❡♥❡r✐❝ ❘❡❝✐♣❡ ❙t❡♣ ✸❛✿ ●❡♥❡r✐❝ ❆tt❛❝❦

m c

Ek/P

f1(t) f2(t) ❋♦r ❛♥② t✇♦ q✉❡r✐❡s ✱ ✿ ❯♥❧✐❦❡❧② t♦ ❤❛♣♣❡♥ ❢♦r r❛♥❞♦♠ ❢❛♠✐❧② ♦❢ ♣❡r♠✉t❛t✐♦♥s ■♠♣❧✐❝❛t✐♦♥ st✐❧❧ ❤♦❧❞s ✇✐t❤ ❞✐✛❡r❡♥❝❡ ①♦r❡❞ t♦

❙❝❤❡♠❡ ❝❛♥ ❜❡ ❜r♦❦❡♥ ✐♥ ❡✈❛❧✉❛t✐♦♥s

✷✹ ✴ ✺✸

❇❛s✐❝ ●❡♥❡r✐❝ ❘❡❝✐♣❡ ❙t❡♣ ✸❛✿ ●❡♥❡r✐❝ ❆tt❛❝❦

m c

Ek/P

f1(t) f2(t)

• ❋♦r ❛♥② t✇♦ q✉❡r✐❡s (t, m, c)✱ (t′, m′, c′)✿

m ⊕ f1(t) = m′ ⊕ f1(t′) = ⇒ c ⊕ f2(t) = c′ ⊕ f2(t′) ❯♥❧✐❦❡❧② t♦ ❤❛♣♣❡♥ ❢♦r r❛♥❞♦♠ ❢❛♠✐❧② ♦❢ ♣❡r♠✉t❛t✐♦♥s ■♠♣❧✐❝❛t✐♦♥ st✐❧❧ ❤♦❧❞s ✇✐t❤ ❞✐✛❡r❡♥❝❡ ①♦r❡❞ t♦

❙❝❤❡♠❡ ❝❛♥ ❜❡ ❜r♦❦❡♥ ✐♥ ❡✈❛❧✉❛t✐♦♥s

✷✹ ✴ ✺✸

❇❛s✐❝ ●❡♥❡r✐❝ ❘❡❝✐♣❡ ❙t❡♣ ✸❛✿ ●❡♥❡r✐❝ ❆tt❛❝❦

m c

Ek/P

f1(t) f2(t)

• ❋♦r ❛♥② t✇♦ q✉❡r✐❡s (t, m, c)✱ (t′, m′, c′)✿

m ⊕ f1(t) = m′ ⊕ f1(t′) = ⇒ c ⊕ f2(t) = c′ ⊕ f2(t′)

• ❯♥❧✐❦❡❧② t♦ ❤❛♣♣❡♥ ❢♦r r❛♥❞♦♠ ❢❛♠✐❧② ♦❢ ♣❡r♠✉t❛t✐♦♥s

■♠♣❧✐❝❛t✐♦♥ st✐❧❧ ❤♦❧❞s ✇✐t❤ ❞✐✛❡r❡♥❝❡ ①♦r❡❞ t♦

❙❝❤❡♠❡ ❝❛♥ ❜❡ ❜r♦❦❡♥ ✐♥ ❡✈❛❧✉❛t✐♦♥s

✷✹ ✴ ✺✸

❇❛s✐❝ ●❡♥❡r✐❝ ❘❡❝✐♣❡ ❙t❡♣ ✸❛✿ ●❡♥❡r✐❝ ❆tt❛❝❦

m c

Ek/P

f1(t) f2(t)

• ❋♦r ❛♥② t✇♦ q✉❡r✐❡s (t, m, c)✱ (t′, m′, c′)✿

m ⊕ f1(t) = m′ ⊕ f1(t′) = ⇒ c ⊕ f2(t) = c′ ⊕ f2(t′)

• ❯♥❧✐❦❡❧② t♦ ❤❛♣♣❡♥ ❢♦r r❛♥❞♦♠ ❢❛♠✐❧② ♦❢ ♣❡r♠✉t❛t✐♦♥s
• ■♠♣❧✐❝❛t✐♦♥ st✐❧❧ ❤♦❧❞s ✇✐t❤ ❞✐✛❡r❡♥❝❡ C ①♦r❡❞ t♦ m, m′

❙❝❤❡♠❡ ❝❛♥ ❜❡ ❜r♦❦❡♥ ✐♥ ❡✈❛❧✉❛t✐♦♥s

✷✹ ✴ ✺✸

❇❛s✐❝ ●❡♥❡r✐❝ ❘❡❝✐♣❡ ❙t❡♣ ✸❛✿ ●❡♥❡r✐❝ ❆tt❛❝❦

m c

Ek/P

f1(t) f2(t)

• ❋♦r ❛♥② t✇♦ q✉❡r✐❡s (t, m, c)✱ (t′, m′, c′)✿

m ⊕ f1(t) = m′ ⊕ f1(t′) = ⇒ c ⊕ f2(t) = c′ ⊕ f2(t′)

• ❯♥❧✐❦❡❧② t♦ ❤❛♣♣❡♥ ❢♦r r❛♥❞♦♠ ❢❛♠✐❧② ♦❢ ♣❡r♠✉t❛t✐♦♥s
• ■♠♣❧✐❝❛t✐♦♥ st✐❧❧ ❤♦❧❞s ✇✐t❤ ❞✐✛❡r❡♥❝❡ C ①♦r❡❞ t♦ m, m′

❙❝❤❡♠❡ ❝❛♥ ❜❡ ❜r♦❦❡♥ ✐♥ ≈ 2n/2 ❡✈❛❧✉❛t✐♦♥s

✷✹ ✴ ✺✸

❇❛s✐❝ ●❡♥❡r✐❝ ❘❡❝✐♣❡ ❙t❡♣ ✸❜✿ ❙❡❝✉r✐t② Pr♦♦❢

m c

Ek/P

f1(t) f2(t)

• ❚❤❡ ❢✉♥ st❛rts ❤❡r❡✦
• ▼♦r❡ t❡❝❤♥✐❝❛❧ ❛♥❞ ♦❢t❡♥ ♠♦r❡ ✐♥✈♦❧✈❡❞

❚②♣✐❝❛❧ ❛♣♣r♦❛❝❤✿

❈♦♥s✐❞❡r ❛♥② tr❛♥s❝r✐♣t ❛♥ ❛❞✈❡rs❛r② ♠❛② s❡❡ ▼♦st ✬s s❤♦✉❧❞ ❜❡ ❡q✉❛❧❧② ❧✐❦❡❧② ✐♥ ❜♦t❤ ✇♦r❧❞s ❖❞❞ ♦♥❡s s❤♦✉❧❞ ❤❛♣♣❡♥ ✇✐t❤ ✈❡r② s♠❛❧❧ ♣r♦❜❛❜✐❧✐t②

❆❧❧ ❝♦♥str✉❝t✐♦♥s ✐♥ t❤✐s ♣r❡s❡♥t❛t✐♦♥✿ s❡❝✉r❡ ✉♣ t♦ ❡✈❛❧✉❛t✐♦♥s

✷✺ ✴ ✺✸

❇❛s✐❝ ●❡♥❡r✐❝ ❘❡❝✐♣❡ ❙t❡♣ ✸❜✿ ❙❡❝✉r✐t② Pr♦♦❢

m c

Ek/P

f1(t) f2(t)

• ❚❤❡ ❢✉♥ st❛rts ❤❡r❡✦
• ▼♦r❡ t❡❝❤♥✐❝❛❧ ❛♥❞ ♦❢t❡♥ ♠♦r❡ ✐♥✈♦❧✈❡❞
• ❚②♣✐❝❛❧ ❛♣♣r♦❛❝❤✿
• ❈♦♥s✐❞❡r ❛♥② tr❛♥s❝r✐♣t τ ❛♥ ❛❞✈❡rs❛r② ♠❛② s❡❡
• ▼♦st τ✬s s❤♦✉❧❞ ❜❡ ❡q✉❛❧❧② ❧✐❦❡❧② ✐♥ ❜♦t❤ ✇♦r❧❞s
• ❖❞❞ ♦♥❡s s❤♦✉❧❞ ❤❛♣♣❡♥ ✇✐t❤ ✈❡r② s♠❛❧❧ ♣r♦❜❛❜✐❧✐t②

❆❧❧ ❝♦♥str✉❝t✐♦♥s ✐♥ t❤✐s ♣r❡s❡♥t❛t✐♦♥✿ s❡❝✉r❡ ✉♣ t♦ ❡✈❛❧✉❛t✐♦♥s

✷✺ ✴ ✺✸

❇❛s✐❝ ●❡♥❡r✐❝ ❘❡❝✐♣❡ ❙t❡♣ ✸❜✿ ❙❡❝✉r✐t② Pr♦♦❢

m c

Ek/P

f1(t) f2(t)

• ❚❤❡ ❢✉♥ st❛rts ❤❡r❡✦
• ▼♦r❡ t❡❝❤♥✐❝❛❧ ❛♥❞ ♦❢t❡♥ ♠♦r❡ ✐♥✈♦❧✈❡❞
• ❚②♣✐❝❛❧ ❛♣♣r♦❛❝❤✿
• ❈♦♥s✐❞❡r ❛♥② tr❛♥s❝r✐♣t τ ❛♥ ❛❞✈❡rs❛r② ♠❛② s❡❡
• ▼♦st τ✬s s❤♦✉❧❞ ❜❡ ❡q✉❛❧❧② ❧✐❦❡❧② ✐♥ ❜♦t❤ ✇♦r❧❞s
• ❖❞❞ ♦♥❡s s❤♦✉❧❞ ❤❛♣♣❡♥ ✇✐t❤ ✈❡r② s♠❛❧❧ ♣r♦❜❛❜✐❧✐t②

❆❧❧ ❝♦♥str✉❝t✐♦♥s ✐♥ t❤✐s ♣r❡s❡♥t❛t✐♦♥✿ s❡❝✉r❡ ✉♣ t♦ ≈ 2n/2 ❡✈❛❧✉❛t✐♦♥s

✷✺ ✴ ✺✸

❖✉t❧✐♥❡ ❉❡❞✐❝❛t❡❞ ❉❡s✐❣♥ ❇❛s✐❝ ●❡♥❡r✐❝ ❘❡❝✐♣❡ ❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs ❇❛s❡❞ ♦♥ ▼❛s❦✐♥❣

• ❙t❛t❡ ♦❢ t❤❡ ❆rt
• ■♠♣r♦✈❡❞ ❊✣❝✐❡♥❝②
• ■♠♣r♦✈❡❞ ❙❡❝✉r✐t②

❇❡②♦♥❞ ▼❛s❦✐♥❣✲❇❛s❡❞ ❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs ❈♦♥❝❧✉s✐♦♥

✷✻ ✴ ✺✸

❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs ❇❛s❡❞ ♦♥ ▼❛s❦✐♥❣

❇❧♦❝❦❝✐♣❤❡r✲❇❛s❡❞✳

m c tweak-based mask

Ek

t②♣✐❝❛❧❧② ✶✷✽ ❜✐ts

♣P❡r♠✉t❛t✐♦♥✲❇❛s❡❞✳♣

m c tweak-based mask

P

♠✉❝❤ ❧❛r❣❡r✿ ✷✺✻✲✶✻✵✵ ❜✐ts

✷✼ ✴ ✺✸

❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs ❇❛s❡❞ ♦♥ ▼❛s❦✐♥❣

❇❧♦❝❦❝✐♣❤❡r✲❇❛s❡❞✳

m c tweak-based mask

Ek

t②♣✐❝❛❧❧② ✶✷✽ ❜✐ts

♣P❡r♠✉t❛t✐♦♥✲❇❛s❡❞✳♣

m c tweak-based mask

P

♠✉❝❤ ❧❛r❣❡r✿ ✷✺✻✲✶✻✵✵ ❜✐ts

✷✼ ✴ ✺✸

❖r✐❣✐♥❛❧ ❈♦♥str✉❝t✐♦♥s

• LRW1 ❛♥❞ LRW2 ❜② ▲✐s❦♦✈ ❡t ❛❧✳ ❬▲❘❲✵✷❪✿

m c t

Ek Ek

m c h(t)

Ek

• h ✐s ❳❖❘✲✉♥✐✈❡rs❛❧ ❤❛s❤
• ❊✳❣✳✱ h(t) = h ⊗ t ❢♦r n✲❜✐t ✏❦❡②✑ h

✷✽ ✴ ✺✸

P♦✇❡r✐♥❣✲❯♣ ▼❛s❦✐♥❣ ✭❳❊❳✮

• XEX ❜② ❘♦❣❛✇❛② ❬❘♦❣✵✹❪✿

m c 2α3β7γ · Ek(N)

Ek

• (α, β, γ, N) ✐s t✇❡❛❦ ✭s✐♠♣❧✐✜❡❞✮

❯s❡❞ ✐♥ ❖❈❇✷✱ ✶✹ ❈❆❊❙❆❘ ❝❛♥❞✐❞❛t❡s✱ ❛♥❞ ❳❚❙ P❡r♠✉t❛t✐♦♥✲❜❛s❡❞ ✈❛r✐❛♥ts ✐♥ ▼✐♥❛❧♣❤❡r ❛♥❞ Prøst ✭❣❡♥❡r❛❧✐③❡❞ ❜② ❈♦❣❧✐❛t✐ ❡t ❛❧✳ ❬❈▲❙✶✺❪✮

✷✾ ✴ ✺✸

P♦✇❡r✐♥❣✲❯♣ ▼❛s❦✐♥❣ ✭❳❊❳✮

• XEX ❜② ❘♦❣❛✇❛② ❬❘♦❣✵✹❪✿

m c 2α3β7γ · Ek(N)

Ek

• (α, β, γ, N) ✐s t✇❡❛❦ ✭s✐♠♣❧✐✜❡❞✮
• ❯s❡❞ ✐♥ ❖❈❇✷✱ ±✶✹ ❈❆❊❙❆❘ ❝❛♥❞✐❞❛t❡s✱ ❛♥❞ ❳❚❙

P❡r♠✉t❛t✐♦♥✲❜❛s❡❞ ✈❛r✐❛♥ts ✐♥ ▼✐♥❛❧♣❤❡r ❛♥❞ Prøst ✭❣❡♥❡r❛❧✐③❡❞ ❜② ❈♦❣❧✐❛t✐ ❡t ❛❧✳ ❬❈▲❙✶✺❪✮

✷✾ ✴ ✺✸

P♦✇❡r✐♥❣✲❯♣ ▼❛s❦✐♥❣ ✭❳❊❳✮

• XEX ❜② ❘♦❣❛✇❛② ❬❘♦❣✵✹❪✿

m c 2α3β7γ · Ek(N)

Ek

m c 2α3β7γ · (kN ⊕ P(kN))

P

• (α, β, γ, N) ✐s t✇❡❛❦ ✭s✐♠♣❧✐✜❡❞✮
• ❯s❡❞ ✐♥ ❖❈❇✷✱ ±✶✹ ❈❆❊❙❆❘ ❝❛♥❞✐❞❛t❡s✱ ❛♥❞ ❳❚❙
• P❡r♠✉t❛t✐♦♥✲❜❛s❡❞ ✈❛r✐❛♥ts ✐♥ ▼✐♥❛❧♣❤❡r ❛♥❞ Prøst

✭❣❡♥❡r❛❧✐③❡❞ ❜② ❈♦❣❧✐❛t✐ ❡t ❛❧✳ ❬❈▲❙✶✺❪✮

✷✾ ✴ ✺✸

P♦✇❡r✐♥❣✲❯♣ ▼❛s❦✐♥❣ ✐♥ ❖❈❇✷

A1 A2 Aa M1 M2 Md ⊕Mi C1 C2 Cd T ˜ E

N,tA1 k

˜ E

N,tA2 k

˜ E

N,tAa k

˜ E

N,tM⊕ k

˜ E

N,tM1 k

˜ E

N,tM2 k

˜ E

N,tMd k

❯♣❞❛t❡ ♦❢ ♠❛s❦✿

❙❤✐❢t ❛♥❞ ❝♦♥❞✐t✐♦♥❛❧ ❳❖❘

❱❛r✐❛❜❧❡ t✐♠❡ ❝♦♠♣✉t❛t✐♦♥ ❊①♣❡♥s✐✈❡ ♦♥ ❝❡rt❛✐♥ ♣❧❛t❢♦r♠s

✸✵ ✴ ✺✸

L = EK(N)

P♦✇❡r✐♥❣✲❯♣ ▼❛s❦✐♥❣ ✐♥ ❖❈❇✷

A1 A2 Aa M1 M2 Md ⊕Mi C1 C2 Cd T

2·32L 2232L 2a32L 2d3L 2L 22L 2dL 2L 22L 2dL

Ek Ek Ek Ek Ek Ek Ek

❯♣❞❛t❡ ♦❢ ♠❛s❦✿

❙❤✐❢t ❛♥❞ ❝♦♥❞✐t✐♦♥❛❧ ❳❖❘

❱❛r✐❛❜❧❡ t✐♠❡ ❝♦♠♣✉t❛t✐♦♥ ❊①♣❡♥s✐✈❡ ♦♥ ❝❡rt❛✐♥ ♣❧❛t❢♦r♠s

✸✵ ✴ ✺✸

L = EK(N)

P♦✇❡r✐♥❣✲❯♣ ▼❛s❦✐♥❣ ✐♥ ❖❈❇✷

A1 A2 Aa M1 M2 Md ⊕Mi C1 C2 Cd T

2·32L 2232L 2a32L 2d3L 2L 22L 2dL 2L 22L 2dL

Ek Ek Ek Ek Ek Ek Ek

❯♣❞❛t❡ ♦❢ ♠❛s❦✿

❙❤✐❢t ❛♥❞ ❝♦♥❞✐t✐♦♥❛❧ ❳❖❘

❱❛r✐❛❜❧❡ t✐♠❡ ❝♦♠♣✉t❛t✐♦♥ ❊①♣❡♥s✐✈❡ ♦♥ ❝❡rt❛✐♥ ♣❧❛t❢♦r♠s

✸✵ ✴ ✺✸

L = EK(N)

P♦✇❡r✐♥❣✲❯♣ ▼❛s❦✐♥❣ ✐♥ ❖❈❇✷

A1 A2 Aa M1 M2 Md ⊕Mi C1 C2 Cd T

2·32L 2232L 2a32L 2d3L 2L 22L 2dL 2L 22L 2dL

Ek Ek Ek Ek Ek Ek Ek

❯♣❞❛t❡ ♦❢ ♠❛s❦✿

❙❤✐❢t ❛♥❞ ❝♦♥❞✐t✐♦♥❛❧ ❳❖❘

❱❛r✐❛❜❧❡ t✐♠❡ ❝♦♠♣✉t❛t✐♦♥ ❊①♣❡♥s✐✈❡ ♦♥ ❝❡rt❛✐♥ ♣❧❛t❢♦r♠s

✸✵ ✴ ✺✸

L = EK(N)

P♦✇❡r✐♥❣✲❯♣ ▼❛s❦✐♥❣ ✐♥ ❖❈❇✷

A1 A2 Aa M1 M2 Md ⊕Mi C1 C2 Cd T

2·32L 2232L 2a32L 2d3L 2L 22L 2dL 2L 22L 2dL

Ek Ek Ek Ek Ek Ek Ek

❯♣❞❛t❡ ♦❢ ♠❛s❦✿

❙❤✐❢t ❛♥❞ ❝♦♥❞✐t✐♦♥❛❧ ❳❖❘

❱❛r✐❛❜❧❡ t✐♠❡ ❝♦♠♣✉t❛t✐♦♥ ❊①♣❡♥s✐✈❡ ♦♥ ❝❡rt❛✐♥ ♣❧❛t❢♦r♠s

✸✵ ✴ ✺✸

L = EK(N)

P♦✇❡r✐♥❣✲❯♣ ▼❛s❦✐♥❣ ✐♥ ❖❈❇✷

A1 A2 Aa M1 M2 Md ⊕Mi C1 C2 Cd T

2·32L 2232L 2a32L 2d3L 2L 22L 2dL 2L 22L 2dL

Ek Ek Ek Ek Ek Ek Ek

❯♣❞❛t❡ ♦❢ ♠❛s❦✿

❙❤✐❢t ❛♥❞ ❝♦♥❞✐t✐♦♥❛❧ ❳❖❘

❱❛r✐❛❜❧❡ t✐♠❡ ❝♦♠♣✉t❛t✐♦♥ ❊①♣❡♥s✐✈❡ ♦♥ ❝❡rt❛✐♥ ♣❧❛t❢♦r♠s

✸✵ ✴ ✺✸

L = EK(N)

P♦✇❡r✐♥❣✲❯♣ ▼❛s❦✐♥❣ ✐♥ ❖❈❇✷

A1 A2 Aa M1 M2 Md ⊕Mi C1 C2 Cd T

2·32L 2232L 2a32L 2d3L 2L 22L 2dL 2L 22L 2dL

Ek Ek Ek Ek Ek Ek Ek

• ❯♣❞❛t❡ ♦❢ ♠❛s❦✿
• ❙❤✐❢t ❛♥❞ ❝♦♥❞✐t✐♦♥❛❧ ❳❖❘
• ❱❛r✐❛❜❧❡ t✐♠❡ ❝♦♠♣✉t❛t✐♦♥
• ❊①♣❡♥s✐✈❡ ♦♥ ❝❡rt❛✐♥ ♣❧❛t❢♦r♠s

✸✵ ✴ ✺✸

L = EK(N)

• r❛② ❈♦❞❡ ▼❛s❦✐♥❣
• ❖❈❇✶ ❛♥❞ ❖❈❇✸ ✉s❡ ●r❛② ❈♦❞❡s✿

m c

• α ⊕ (α ≫ 1)
• · Ek(N)

Ek

• (α, N) ✐s t✇❡❛❦
• ❯♣❞❛t✐♥❣✿ G(α) = G(α − 1) ⊕ 2ntz(α)

❙✐♥❣❧❡ ❳❖❘ ▲♦❣❛r✐t❤♠✐❝ ❛♠♦✉♥t ♦❢ ✜❡❧❞ ❞♦✉❜❧✐♥❣s ✭♣r❡❝♦♠♣✉t❡❞✮

▼♦r❡ ❡✣❝✐❡♥t t❤❛♥ ♣♦✇❡r✐♥❣✲✉♣ ❬❑❘✶✶❪

✸✶ ✴ ✺✸

• r❛② ❈♦❞❡ ▼❛s❦✐♥❣
• ❖❈❇✶ ❛♥❞ ❖❈❇✸ ✉s❡ ●r❛② ❈♦❞❡s✿

m c

• α ⊕ (α ≫ 1)
• · Ek(N)

Ek

• (α, N) ✐s t✇❡❛❦
• ❯♣❞❛t✐♥❣✿ G(α) = G(α − 1) ⊕ 2ntz(α)
• ❙✐♥❣❧❡ ❳❖❘
• ▲♦❣❛r✐t❤♠✐❝ ❛♠♦✉♥t ♦❢ ✜❡❧❞ ❞♦✉❜❧✐♥❣s ✭♣r❡❝♦♠♣✉t❡❞✮
• ▼♦r❡ ❡✣❝✐❡♥t t❤❛♥ ♣♦✇❡r✐♥❣✲✉♣ ❬❑❘✶✶❪

✸✶ ✴ ✺✸

❖✉t❧✐♥❡ ❉❡❞✐❝❛t❡❞ ❉❡s✐❣♥ ❇❛s✐❝ ●❡♥❡r✐❝ ❘❡❝✐♣❡ ❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs ❇❛s❡❞ ♦♥ ▼❛s❦✐♥❣

• ❙t❛t❡ ♦❢ t❤❡ ❆rt
• ■♠♣r♦✈❡❞ ❊✣❝✐❡♥❝②
• ■♠♣r♦✈❡❞ ❙❡❝✉r✐t②

❇❡②♦♥❞ ▼❛s❦✐♥❣✲❇❛s❡❞ ❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs ❈♦♥❝❧✉s✐♦♥

✸✷ ✴ ✺✸

▼❛s❦❡❞ ❊✈❡♥✲▼❛♥s♦✉r ✭MEM✮

• MEM ❜② ●r❛♥❣❡r ❡t ❛❧✳ ❬●❏▼◆✶✻❪✿

m c ϕγ

2 ◦ ϕβ 1 ◦ ϕα 0 ◦ P(Nk)

P

• ϕi ❛r❡ ✜①❡❞ ▲❋❙❘s✱ (α, β, γ, N) ✐s t✇❡❛❦ ✭s✐♠♣❧✐✜❡❞✮

❈♦♠❜✐♥❡s ❛❞✈❛♥t❛❣❡s ♦❢✿

P♦✇❡r✐♥❣✲✉♣ ♠❛s❦✐♥❣ ❲♦r❞✲❜❛s❡❞ ▲❋❙❘s

❙✐♠♣❧❡r✱ ❝♦♥st❛♥t✲t✐♠❡ ✭❜② ❞❡❢❛✉❧t✮✱ ♠♦r❡ ❡✣❝✐❡♥t

✸✸ ✴ ✺✸

▼❛s❦❡❞ ❊✈❡♥✲▼❛♥s♦✉r ✭MEM✮

• MEM ❜② ●r❛♥❣❡r ❡t ❛❧✳ ❬●❏▼◆✶✻❪✿

m c ϕγ

2 ◦ ϕβ 1 ◦ ϕα 0 ◦ P(Nk)

P

• ϕi ❛r❡ ✜①❡❞ ▲❋❙❘s✱ (α, β, γ, N) ✐s t✇❡❛❦ ✭s✐♠♣❧✐✜❡❞✮
• ❈♦♠❜✐♥❡s ❛❞✈❛♥t❛❣❡s ♦❢✿
• P♦✇❡r✐♥❣✲✉♣ ♠❛s❦✐♥❣
• ❲♦r❞✲❜❛s❡❞ ▲❋❙❘s

❙✐♠♣❧❡r✱ ❝♦♥st❛♥t✲t✐♠❡ ✭❜② ❞❡❢❛✉❧t✮✱ ♠♦r❡ ❡✣❝✐❡♥t

✸✸ ✴ ✺✸

▼❛s❦❡❞ ❊✈❡♥✲▼❛♥s♦✉r ✭MEM✮

• MEM ❜② ●r❛♥❣❡r ❡t ❛❧✳ ❬●❏▼◆✶✻❪✿

m c ϕγ

2 ◦ ϕβ 1 ◦ ϕα 0 ◦ P(Nk)

P

• ϕi ❛r❡ ✜①❡❞ ▲❋❙❘s✱ (α, β, γ, N) ✐s t✇❡❛❦ ✭s✐♠♣❧✐✜❡❞✮
• ❈♦♠❜✐♥❡s ❛❞✈❛♥t❛❣❡s ♦❢✿
• P♦✇❡r✐♥❣✲✉♣ ♠❛s❦✐♥❣
• ❲♦r❞✲❜❛s❡❞ ▲❋❙❘s
• ❙✐♠♣❧❡r✱ ❝♦♥st❛♥t✲t✐♠❡ ✭❜② ❞❡❢❛✉❧t✮✱ ♠♦r❡ ❡✣❝✐❡♥t

✸✸ ✴ ✺✸

MEM✿ ❉❡s✐❣♥ ❈♦♥s✐❞❡r❛t✐♦♥s

• P❛rt✐❝✉❧❛r❧② s✉✐t❡❞ ❢♦r ❧❛r❣❡ st❛t❡s ✭♣❡r♠✉t❛t✐♦♥s✮
• ▲♦✇ ♦♣❡r❛t✐♦♥ ❝♦✉♥ts ❜② ❝❧❡✈❡r ❝❤♦✐❝❡ ♦❢ ▲❋❙❘

❙❛♠♣❧❡ ▲❋❙❘s ✭st❛t❡ s✐③❡ ❛s ✇♦r❞s ♦❢ ❜✐ts✮✿

✳ ✳ ✳ ✳ ✳ ✳ ✳ ✳ ✳ ✳ ✳ ✳

❲♦r❦ ❡①❝❡♣t✐♦♥❛❧❧② ✇❡❧❧ ❢♦r ❆❘❳ ♣r✐♠✐t✐✈❡s

✸✹ ✴ ✺✸

MEM✿ ❉❡s✐❣♥ ❈♦♥s✐❞❡r❛t✐♦♥s

• P❛rt✐❝✉❧❛r❧② s✉✐t❡❞ ❢♦r ❧❛r❣❡ st❛t❡s ✭♣❡r♠✉t❛t✐♦♥s✮
• ▲♦✇ ♦♣❡r❛t✐♦♥ ❝♦✉♥ts ❜② ❝❧❡✈❡r ❝❤♦✐❝❡ ♦❢ ▲❋❙❘
• ❙❛♠♣❧❡ ▲❋❙❘s ✭st❛t❡ s✐③❡ b ❛s n ✇♦r❞s ♦❢ w ❜✐ts✮✿

b w n ϕ 128 8 16 (x1, . . . , x15, (x0 ≪ 1) ⊕ (x9 ≫ 1) ⊕ (x10 ≪ 1)) 128 32 4 (x1, . . . , x3, (x0 ≪ 5) ⊕ x1 ⊕ (x1 ≪ 13)) 128 64 2 (x1, (x0 ≪ 11) ⊕ x1 ⊕ (x1 ≪ 13)) 256 64 4 (x1, . . . , x3, (x0 ≪ 3) ⊕ (x3 ≫ 5)) 512 32 16 (x1, . . . , x15, (x0 ≪ 5) ⊕ (x3 ≫ 7)) 512 64 8 (x1, . . . , x7, (x0 ≪ 29) ⊕ (x1 ≪ 9)) 1024 64 16 (x1, . . . , x15, (x0 ≪ 53) ⊕ (x5 ≪ 13)) 1600 32 50 (x1, . . . , x49, (x0 ≪ 3) ⊕ (x23 ≫ 3)) ✳ ✳ ✳ ✳ ✳ ✳ ✳ ✳ ✳ ✳ ✳ ✳

❲♦r❦ ❡①❝❡♣t✐♦♥❛❧❧② ✇❡❧❧ ❢♦r ❆❘❳ ♣r✐♠✐t✐✈❡s

✸✹ ✴ ✺✸

MEM✿ ❉❡s✐❣♥ ❈♦♥s✐❞❡r❛t✐♦♥s

• P❛rt✐❝✉❧❛r❧② s✉✐t❡❞ ❢♦r ❧❛r❣❡ st❛t❡s ✭♣❡r♠✉t❛t✐♦♥s✮
• ▲♦✇ ♦♣❡r❛t✐♦♥ ❝♦✉♥ts ❜② ❝❧❡✈❡r ❝❤♦✐❝❡ ♦❢ ▲❋❙❘
• ❙❛♠♣❧❡ ▲❋❙❘s ✭st❛t❡ s✐③❡ b ❛s n ✇♦r❞s ♦❢ w ❜✐ts✮✿

b w n ϕ 128 8 16 (x1, . . . , x15, (x0 ≪ 1) ⊕ (x9 ≫ 1) ⊕ (x10 ≪ 1)) 128 32 4 (x1, . . . , x3, (x0 ≪ 5) ⊕ x1 ⊕ (x1 ≪ 13)) 128 64 2 (x1, (x0 ≪ 11) ⊕ x1 ⊕ (x1 ≪ 13)) 256 64 4 (x1, . . . , x3, (x0 ≪ 3) ⊕ (x3 ≫ 5)) 512 32 16 (x1, . . . , x15, (x0 ≪ 5) ⊕ (x3 ≫ 7)) 512 64 8 (x1, . . . , x7, (x0 ≪ 29) ⊕ (x1 ≪ 9)) 1024 64 16 (x1, . . . , x15, (x0 ≪ 53) ⊕ (x5 ≪ 13)) 1600 32 50 (x1, . . . , x49, (x0 ≪ 3) ⊕ (x23 ≫ 3)) ✳ ✳ ✳ ✳ ✳ ✳ ✳ ✳ ✳ ✳ ✳ ✳

• ❲♦r❦ ❡①❝❡♣t✐♦♥❛❧❧② ✇❡❧❧ ❢♦r ❆❘❳ ♣r✐♠✐t✐✈❡s

✸✹ ✴ ✺✸

MEM✿ ❯♥✐q✉❡♥❡ss ♦❢ ▼❛s❦✐♥❣

• ■♥t✉✐t✐✈❡❧②✱ ♠❛s❦✐♥❣ ❣♦❡s ✇❡❧❧ ❛s ❧♦♥❣ ❛s

ϕγ

2 ◦ ϕβ 1 ◦ ϕα 0 = ϕγ′ 2 ◦ ϕβ′ 1 ◦ ϕα′

❢♦r ❛♥② (α, β, γ) = (α′, β′, γ′)

• ❈❤❛❧❧❡♥❣❡✿ s❡t ♣r♦♣❡r ❞♦♠❛✐♥ ❢♦r (α, β, γ)
• ❘❡q✉✐r❡s ❝♦♠♣✉t❛t✐♦♥ ♦❢ ❞✐s❝r❡t❡ ❧♦❣❛r✐t❤♠s

✻✹ ✶✷✽ ✷✺✻ ✺✶✷ ✶✵✷✹

s♦❧✈❡❞ ❜② ❘♦❣❛✇❛② ❬❘♦❣✵✹❪ r❡s✉❧ts ✐♠♣❧✐❝✐t❧② ✉s❡❞✱ ❡✳❣✳✱ ❜② Prøst ✭✷✵✶✹✮ s♦❧✈❡❞ ❜② ●r❛♥❣❡r ❡t ❛❧✳ ❬●❏▼◆✶✻❪

✸✺ ✴ ✺✸

MEM✿ ❯♥✐q✉❡♥❡ss ♦❢ ▼❛s❦✐♥❣

• ■♥t✉✐t✐✈❡❧②✱ ♠❛s❦✐♥❣ ❣♦❡s ✇❡❧❧ ❛s ❧♦♥❣ ❛s

ϕγ

2 ◦ ϕβ 1 ◦ ϕα 0 = ϕγ′ 2 ◦ ϕβ′ 1 ◦ ϕα′

❢♦r ❛♥② (α, β, γ) = (α′, β′, γ′)

• ❈❤❛❧❧❡♥❣❡✿ s❡t ♣r♦♣❡r ❞♦♠❛✐♥ ❢♦r (α, β, γ)
• ❘❡q✉✐r❡s ❝♦♠♣✉t❛t✐♦♥ ♦❢ ❞✐s❝r❡t❡ ❧♦❣❛r✐t❤♠s

✻✹ ✶✷✽ ✷✺✻ ✺✶✷ ✶✵✷✹

s♦❧✈❡❞ ❜② ❘♦❣❛✇❛② ❬❘♦❣✵✹❪ r❡s✉❧ts ✐♠♣❧✐❝✐t❧② ✉s❡❞✱ ❡✳❣✳✱ ❜② Prøst ✭✷✵✶✹✮ s♦❧✈❡❞ ❜② ●r❛♥❣❡r ❡t ❛❧✳ ❬●❏▼◆✶✻❪

✸✺ ✴ ✺✸

MEM✿ ❯♥✐q✉❡♥❡ss ♦❢ ▼❛s❦✐♥❣

• ■♥t✉✐t✐✈❡❧②✱ ♠❛s❦✐♥❣ ❣♦❡s ✇❡❧❧ ❛s ❧♦♥❣ ❛s

ϕγ

2 ◦ ϕβ 1 ◦ ϕα 0 = ϕγ′ 2 ◦ ϕβ′ 1 ◦ ϕα′

❢♦r ❛♥② (α, β, γ) = (α′, β′, γ′)

• ❈❤❛❧❧❡♥❣❡✿ s❡t ♣r♦♣❡r ❞♦♠❛✐♥ ❢♦r (α, β, γ)
• ❘❡q✉✐r❡s ❝♦♠♣✉t❛t✐♦♥ ♦❢ ❞✐s❝r❡t❡ ❧♦❣❛r✐t❤♠s

✻✹ ✶✷✽ ✷✺✻ ✺✶✷ ✶✵✷✹

s♦❧✈❡❞ ❜② ❘♦❣❛✇❛② ❬❘♦❣✵✹❪ r❡s✉❧ts ✐♠♣❧✐❝✐t❧② ✉s❡❞✱ ❡✳❣✳✱ ❜② Prøst ✭✷✵✶✹✮ s♦❧✈❡❞ ❜② ●r❛♥❣❡r ❡t ❛❧✳ ❬●❏▼◆✶✻❪

✸✺ ✴ ✺✸

MEM✿ ❯♥✐q✉❡♥❡ss ♦❢ ▼❛s❦✐♥❣

• ■♥t✉✐t✐✈❡❧②✱ ♠❛s❦✐♥❣ ❣♦❡s ✇❡❧❧ ❛s ❧♦♥❣ ❛s

ϕγ

2 ◦ ϕβ 1 ◦ ϕα 0 = ϕγ′ 2 ◦ ϕβ′ 1 ◦ ϕα′

❢♦r ❛♥② (α, β, γ) = (α′, β′, γ′)

• ❈❤❛❧❧❡♥❣❡✿ s❡t ♣r♦♣❡r ❞♦♠❛✐♥ ❢♦r (α, β, γ)
• ❘❡q✉✐r❡s ❝♦♠♣✉t❛t✐♦♥ ♦❢ ❞✐s❝r❡t❡ ❧♦❣❛r✐t❤♠s

✻✹ ✶✷✽ ✷✺✻ ✺✶✷ ✶✵✷✹

s♦❧✈❡❞ ❜② ❘♦❣❛✇❛② ❬❘♦❣✵✹❪

• r❡s✉❧ts ✐♠♣❧✐❝✐t❧② ✉s❡❞✱

❡✳❣✳✱ ❜② Prøst ✭✷✵✶✹✮ s♦❧✈❡❞ ❜② ●r❛♥❣❡r ❡t ❛❧✳ ❬●❏▼◆✶✻❪

✸✺ ✴ ✺✸

MEM✿ ❯♥✐q✉❡♥❡ss ♦❢ ▼❛s❦✐♥❣

• ■♥t✉✐t✐✈❡❧②✱ ♠❛s❦✐♥❣ ❣♦❡s ✇❡❧❧ ❛s ❧♦♥❣ ❛s

ϕγ

2 ◦ ϕβ 1 ◦ ϕα 0 = ϕγ′ 2 ◦ ϕβ′ 1 ◦ ϕα′

❢♦r ❛♥② (α, β, γ) = (α′, β′, γ′)

• ❈❤❛❧❧❡♥❣❡✿ s❡t ♣r♦♣❡r ❞♦♠❛✐♥ ❢♦r (α, β, γ)
• ❘❡q✉✐r❡s ❝♦♠♣✉t❛t✐♦♥ ♦❢ ❞✐s❝r❡t❡ ❧♦❣❛r✐t❤♠s

✻✹ ✶✷✽ ✷✺✻ ✺✶✷ ✶✵✷✹

s♦❧✈❡❞ ❜② ❘♦❣❛✇❛② ❬❘♦❣✵✹❪

• r❡s✉❧ts ✐♠♣❧✐❝✐t❧② ✉s❡❞✱

❡✳❣✳✱ ❜② Prøst ✭✷✵✶✹✮

• s♦❧✈❡❞ ❜② ●r❛♥❣❡r ❡t ❛❧✳ ❬●❏▼◆✶✻❪

✸✺ ✴ ✺✸

❆♣♣❧✐❝❛t✐♦♥ t♦ ❆❊✿ ❖PP

A0 A1 Aa–1 M0 M1 Md–1 ⊕Mi C1 C2 Cd T

ϕ0(L) ϕ0(L) ϕ1(L) ϕ1(L) ϕa–1(L) ϕa–1(L) ϕ2◦ϕ2

1◦ϕd–1(L)

ϕ2◦ϕ2

1◦ϕd–1(L)

ϕ2◦ϕ0(L) ϕ2◦ϕ1(L) ϕ2◦ϕd–1(L) ϕ2◦ϕ0(L) ϕ2◦ϕ1(L) ϕ2◦ϕd–1(L)

P P P P P P P

• ❖✛s❡t P✉❜❧✐❝ P❡r♠✉t❛t✐♦♥ ✭❖PP✮
• ●❡♥❡r❛❧✐③❛t✐♦♥ ♦❢ ❖❈❇✸✿
• P❡r♠✉t❛t✐♦♥✲❜❛s❡❞
• ▼♦r❡ ❡✣❝✐❡♥t ▼❊▼ ♠❛s❦✐♥❣
• ❙❡❝✉r✐t② ❛❣❛✐♥st ♥♦♥❝❡✲r❡s♣❡❝t✐♥❣ ❛❞✈❡rs❛r✐❡s
• ✵✳✺✺ ❝♣❜ ✇✐t❤ r❡❞✉❝❡❞✲r♦✉♥❞ ❇▲❆❑❊✷❜

✸✻ ✴ ✺✸

L = P(Nk) ϕ1 = ϕ ⊕ id, ϕ2 = ϕ2 ⊕ ϕ ⊕ id

❆♣♣❧✐❝❛t✐♦♥ t♦ ❆❊✿ ▼❘❖

A0 Aa–1 T0 Td–1 M0 Md–1

|A||M|

C1 Cd T

ϕ0(L) ϕ0(L) ϕa–1(L) ϕa–1(L) ϕ1◦ϕ0(L) ϕ1◦ϕ0(L) ϕ1◦ϕd–1(L) ϕ1◦ϕd–1(L) ϕ2

1(L)

ϕ2

1(L)

ϕ2(L) ϕ2(L) ϕ2(L)⊕M0 ϕ2(L)⊕Md–1

P P P P P P P

• ▼✐s✉s❡✲❘❡s✐st❛♥t ❖PP ✭▼❘❖✮
• ❋✉❧❧② ♥♦♥❝❡✲♠✐s✉s❡ r❡s✐st❛♥t ✈❡rs✐♦♥ ♦❢ ❖PP
• ✶✳✵✻ ❝♣❜ ✇✐t❤ r❡❞✉❝❡❞✲r♦✉♥❞ ❇▲❆❑❊✷❜

✸✼ ✴ ✺✸

L = P(Nk) ϕ1 = ϕ ⊕ id, ϕ2 = ϕ2 ⊕ ϕ ⊕ id

❖✉t❧✐♥❡ ❉❡❞✐❝❛t❡❞ ❉❡s✐❣♥ ❇❛s✐❝ ●❡♥❡r✐❝ ❘❡❝✐♣❡ ❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs ❇❛s❡❞ ♦♥ ▼❛s❦✐♥❣

• ❙t❛t❡ ♦❢ t❤❡ ❆rt
• ■♠♣r♦✈❡❞ ❊✣❝✐❡♥❝②
• ■♠♣r♦✈❡❞ ❙❡❝✉r✐t②

❇❡②♦♥❞ ▼❛s❦✐♥❣✲❇❛s❡❞ ❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs ❈♦♥❝❧✉s✐♦♥

✸✽ ✴ ✺✸

❳P❳

• XPX ❜② ▼❡♥♥✐♥❦ ❬▼❡♥✶✻❪✿

m c t11k ⊕ t12P(k) t21k ⊕ t22P(k)

P

• (t11, t12, t21, t22) ❢r♦♠ s♦♠❡ t✇❡❛❦ s❡t T ⊆ ({0, 1}n)4
• T ❝❛♥ ✭st✐❧❧✮ ❜❡ ❛♥② s❡t

❙❡❝✉r✐t② ♦❢ str♦♥❣❧② ❞❡♣❡♥❞s ♦♥ ❝❤♦✐❝❡ ♦❢

✶ ✏❲❡❛❦✑

✐♥s❡❝✉r❡

✷ ✏◆♦r♠❛❧✑

s✐♥❣❧❡✲❦❡② s❡❝✉r❡

✸ ✏❙tr♦♥❣✑

r❡❧❛t❡❞✲❦❡② s❡❝✉r❡

✸✾ ✴ ✺✸

❳P❳

• XPX ❜② ▼❡♥♥✐♥❦ ❬▼❡♥✶✻❪✿

m c t11k ⊕ t12P(k) t21k ⊕ t22P(k)

P

• (t11, t12, t21, t22) ❢r♦♠ s♦♠❡ t✇❡❛❦ s❡t T ⊆ ({0, 1}n)4
• T ❝❛♥ ✭st✐❧❧✮ ❜❡ ❛♥② s❡t
• ❙❡❝✉r✐t② ♦❢ XPX str♦♥❣❧② ❞❡♣❡♥❞s ♦♥ ❝❤♦✐❝❡ ♦❢ T

✶ ✏❲❡❛❦✑

✐♥s❡❝✉r❡

✷ ✏◆♦r♠❛❧✑

s✐♥❣❧❡✲❦❡② s❡❝✉r❡

✸ ✏❙tr♦♥❣✑

r❡❧❛t❡❞✲❦❡② s❡❝✉r❡

✸✾ ✴ ✺✸

❳P❳

• XPX ❜② ▼❡♥♥✐♥❦ ❬▼❡♥✶✻❪✿

m c t11k ⊕ t12P(k) t21k ⊕ t22P(k)

P

• (t11, t12, t21, t22) ❢r♦♠ s♦♠❡ t✇❡❛❦ s❡t T ⊆ ({0, 1}n)4
• T ❝❛♥ ✭st✐❧❧✮ ❜❡ ❛♥② s❡t
• ❙❡❝✉r✐t② ♦❢ XPX str♦♥❣❧② ❞❡♣❡♥❞s ♦♥ ❝❤♦✐❝❡ ♦❢ T

✶ ✏❲❡❛❦✑ T

− → ✐♥s❡❝✉r❡

✷ ✏◆♦r♠❛❧✑

s✐♥❣❧❡✲❦❡② s❡❝✉r❡

✸ ✏❙tr♦♥❣✑

r❡❧❛t❡❞✲❦❡② s❡❝✉r❡

✸✾ ✴ ✺✸

❳P❳

• XPX ❜② ▼❡♥♥✐♥❦ ❬▼❡♥✶✻❪✿

m c t11k ⊕ t12P(k) t21k ⊕ t22P(k)

P

• (t11, t12, t21, t22) ❢r♦♠ s♦♠❡ t✇❡❛❦ s❡t T ⊆ ({0, 1}n)4
• T ❝❛♥ ✭st✐❧❧✮ ❜❡ ❛♥② s❡t
• ❙❡❝✉r✐t② ♦❢ XPX str♦♥❣❧② ❞❡♣❡♥❞s ♦♥ ❝❤♦✐❝❡ ♦❢ T

✶ ✏❲❡❛❦✑ T

− → ✐♥s❡❝✉r❡

✷ ✏◆♦r♠❛❧✑ T

− → s✐♥❣❧❡✲❦❡② s❡❝✉r❡

✸ ✏❙tr♦♥❣✑

r❡❧❛t❡❞✲❦❡② s❡❝✉r❡

✸✾ ✴ ✺✸

❳P❳

• XPX ❜② ▼❡♥♥✐♥❦ ❬▼❡♥✶✻❪✿

m c t11k ⊕ t12P(k) t21k ⊕ t22P(k)

P

• (t11, t12, t21, t22) ❢r♦♠ s♦♠❡ t✇❡❛❦ s❡t T ⊆ ({0, 1}n)4
• T ❝❛♥ ✭st✐❧❧✮ ❜❡ ❛♥② s❡t
• ❙❡❝✉r✐t② ♦❢ XPX str♦♥❣❧② ❞❡♣❡♥❞s ♦♥ ❝❤♦✐❝❡ ♦❢ T

✶ ✏❲❡❛❦✑ T

− → ✐♥s❡❝✉r❡

✷ ✏◆♦r♠❛❧✑ T

− → s✐♥❣❧❡✲❦❡② s❡❝✉r❡

✸ ✏❙tr♦♥❣✑ T

− → r❡❧❛t❡❞✲❦❡② s❡❝✉r❡

✸✾ ✴ ✺✸

❳P❳✿ ❲❡❛❦ ❚✇❡❛❦s

m c t11k ⊕ t12P(k) t21k ⊕ t22P(k)

P

✏❱❛❧✐❞✑ ❚✇❡❛❦ ❙❡ts ❚❡❝❤♥✐❝❛❧ ❞❡✜♥✐t✐♦♥ t♦ ❡❧✐♠✐♥❛t❡ ✇❡❛❦ ❝❛s❡s ✐♥✈❛❧✐❞ ✐♥s❡❝✉r❡ ✈❛❧✐❞ s✐♥❣❧❡✲ ♦r r❡❧❛t❡❞✲❦❡② s❡❝✉r❡

✹✵ ✴ ✺✸

❳P❳✿ ❲❡❛❦ ❚✇❡❛❦s

m 0k ⊕ 0P(k) 0k ⊕ 0P(k)

P

(0, 0, 0, 0) ∈ T

✏❱❛❧✐❞✑ ❚✇❡❛❦ ❙❡ts ❚❡❝❤♥✐❝❛❧ ❞❡✜♥✐t✐♦♥ t♦ ❡❧✐♠✐♥❛t❡ ✇❡❛❦ ❝❛s❡s ✐♥✈❛❧✐❞ ✐♥s❡❝✉r❡ ✈❛❧✐❞ s✐♥❣❧❡✲ ♦r r❡❧❛t❡❞✲❦❡② s❡❝✉r❡

✹✵ ✴ ✺✸

❳P❳✿ ❲❡❛❦ ❚✇❡❛❦s

m P(m) 0k ⊕ 0P(k) 0k ⊕ 0P(k)

P

(0, 0, 0, 0) ∈ T = ⇒ XPXk((0, 0, 0, 0), m) = P(m)

✏❱❛❧✐❞✑ ❚✇❡❛❦ ❙❡ts ❚❡❝❤♥✐❝❛❧ ❞❡✜♥✐t✐♦♥ t♦ ❡❧✐♠✐♥❛t❡ ✇❡❛❦ ❝❛s❡s ✐♥✈❛❧✐❞ ✐♥s❡❝✉r❡ ✈❛❧✐❞ s✐♥❣❧❡✲ ♦r r❡❧❛t❡❞✲❦❡② s❡❝✉r❡

✹✵ ✴ ✺✸

❳P❳✿ ❲❡❛❦ ❚✇❡❛❦s

k 1k ⊕ 0P(k) 1k ⊕ 1P(k)

P

(0, 0, 0, 0) ∈ T = ⇒ XPXk((0, 0, 0, 0), m) = P(m) (1, 0, 1, 1) ∈ T = ⇒ XPXk((1, 0, 1, 1), 0) = k

✏❱❛❧✐❞✑ ❚✇❡❛❦ ❙❡ts ❚❡❝❤♥✐❝❛❧ ❞❡✜♥✐t✐♦♥ t♦ ❡❧✐♠✐♥❛t❡ ✇❡❛❦ ❝❛s❡s ✐♥✈❛❧✐❞ ✐♥s❡❝✉r❡ ✈❛❧✐❞ s✐♥❣❧❡✲ ♦r r❡❧❛t❡❞✲❦❡② s❡❝✉r❡

✹✵ ✴ ✺✸

❳P❳✿ ❲❡❛❦ ❚✇❡❛❦s

3P(k) 1k ⊕ 0P(k) 0k ⊕ 2P(k)

P

(0, 0, 0, 0) ∈ T = ⇒ XPXk((0, 0, 0, 0), m) = P(m) (1, 0, 1, 1) ∈ T = ⇒ XPXk((1, 0, 1, 1), 0) = k (1, 0, 0, 2) ∈ T = ⇒ XPXk((1, 0, 0, 2), 0) = 3P(k)

✏❱❛❧✐❞✑ ❚✇❡❛❦ ❙❡ts ❚❡❝❤♥✐❝❛❧ ❞❡✜♥✐t✐♦♥ t♦ ❡❧✐♠✐♥❛t❡ ✇❡❛❦ ❝❛s❡s ✐♥✈❛❧✐❞ ✐♥s❡❝✉r❡ ✈❛❧✐❞ s✐♥❣❧❡✲ ♦r r❡❧❛t❡❞✲❦❡② s❡❝✉r❡

✹✵ ✴ ✺✸

❳P❳✿ ❲❡❛❦ ❚✇❡❛❦s

3P(k) 1k ⊕ 0P(k) 0k ⊕ 2P(k)

P

(0, 0, 0, 0) ∈ T = ⇒ XPXk((0, 0, 0, 0), m) = P(m) (1, 0, 1, 1) ∈ T = ⇒ XPXk((1, 0, 1, 1), 0) = k (1, 0, 0, 2) ∈ T = ⇒ XPXk((1, 0, 0, 2), 0) = 3P(k) · · · · · · · · ·

✏❱❛❧✐❞✑ ❚✇❡❛❦ ❙❡ts ❚❡❝❤♥✐❝❛❧ ❞❡✜♥✐t✐♦♥ t♦ ❡❧✐♠✐♥❛t❡ ✇❡❛❦ ❝❛s❡s ✐♥✈❛❧✐❞ ✐♥s❡❝✉r❡ ✈❛❧✐❞ s✐♥❣❧❡✲ ♦r r❡❧❛t❡❞✲❦❡② s❡❝✉r❡

✹✵ ✴ ✺✸

❳P❳✿ ❲❡❛❦ ❚✇❡❛❦s

3P(k) 1k ⊕ 0P(k) 0k ⊕ 2P(k)

P

(0, 0, 0, 0) ∈ T = ⇒ XPXk((0, 0, 0, 0), m) = P(m) (1, 0, 1, 1) ∈ T = ⇒ XPXk((1, 0, 1, 1), 0) = k (1, 0, 0, 2) ∈ T = ⇒ XPXk((1, 0, 0, 2), 0) = 3P(k) · · · · · · · · ·

✏❱❛❧✐❞✑ ❚✇❡❛❦ ❙❡ts

• ❚❡❝❤♥✐❝❛❧ ❞❡✜♥✐t✐♦♥ t♦ ❡❧✐♠✐♥❛t❡ ✇❡❛❦ ❝❛s❡s

✐♥✈❛❧✐❞ ✐♥s❡❝✉r❡ ✈❛❧✐❞ s✐♥❣❧❡✲ ♦r r❡❧❛t❡❞✲❦❡② s❡❝✉r❡

✹✵ ✴ ✺✸

❳P❳✿ ❲❡❛❦ ❚✇❡❛❦s

3P(k) 1k ⊕ 0P(k) 0k ⊕ 2P(k)

P

(0, 0, 0, 0) ∈ T = ⇒ XPXk((0, 0, 0, 0), m) = P(m) (1, 0, 1, 1) ∈ T = ⇒ XPXk((1, 0, 1, 1), 0) = k (1, 0, 0, 2) ∈ T = ⇒ XPXk((1, 0, 0, 2), 0) = 3P(k) · · · · · · · · ·

✏❱❛❧✐❞✑ ❚✇❡❛❦ ❙❡ts

• ❚❡❝❤♥✐❝❛❧ ❞❡✜♥✐t✐♦♥ t♦ ❡❧✐♠✐♥❛t❡ ✇❡❛❦ ❝❛s❡s
• T ✐♥✈❛❧✐❞ ⇐

⇒ XPX ✐♥s❡❝✉r❡

• T ✈❛❧✐❞ ⇐

⇒ XPX s✐♥❣❧❡✲ ♦r r❡❧❛t❡❞✲❦❡② s❡❝✉r❡

✹✵ ✴ ✺✸

❳P❳ ❈♦✈❡rs ❊✈❡♥✲▼❛♥s♦✉r

m c t11k ⊕ t12P(k) t21k ⊕ t22P(k)

P

− − →

m c k k

P

❢♦r T = {(1, 0, 1, 0)} ❙✐♥❣❧❡✲❦❡② ❙❚P❘P s❡❝✉r❡ ✭s✉r♣r✐s❡❄✮

• ❡♥❡r❛❧❧②✱ ✐❢

✱ ✐s ❛ ♥♦r♠❛❧ ❜❧♦❝❦❝✐♣❤❡r

✹✶ ✴ ✺✸

❳P❳ ❈♦✈❡rs ❊✈❡♥✲▼❛♥s♦✉r

m c t11k ⊕ t12P(k) t21k ⊕ t22P(k)

P

− − →

m c k k

P

❢♦r T = {(1, 0, 1, 0)}

• ❙✐♥❣❧❡✲❦❡② ❙❚P❘P s❡❝✉r❡ ✭s✉r♣r✐s❡❄✮
• ❡♥❡r❛❧❧②✱ ✐❢

✱ ✐s ❛ ♥♦r♠❛❧ ❜❧♦❝❦❝✐♣❤❡r

✹✶ ✴ ✺✸

❳P❳ ❈♦✈❡rs ❊✈❡♥✲▼❛♥s♦✉r

m c t11k ⊕ t12P(k) t21k ⊕ t22P(k)

P

− − →

m c k k

P

❢♦r T = {(1, 0, 1, 0)}

• ❙✐♥❣❧❡✲❦❡② ❙❚P❘P s❡❝✉r❡ ✭s✉r♣r✐s❡❄✮
• ●❡♥❡r❛❧❧②✱ ✐❢ |T | = 1✱ XPX ✐s ❛ ♥♦r♠❛❧ ❜❧♦❝❦❝✐♣❤❡r

✹✶ ✴ ✺✸

❳P❳ ❈♦✈❡rs ❳❊❳ ❲✐t❤ ❊✈❡♥✲▼❛♥s♦✉r

m c t11k ⊕ t12P(k) t21k ⊕ t22P(k)

P

− − →

m c (2α3β7γ ⊕ 1)k ⊕ 2α3β7γP(k)

P

❢♦r T = ( 2α3β7γ ⊕ 1 , 2α3β7γ , ( 2α3β7γ ⊕ 1 , 2α3β7γ )

• (α, β, γ) ∈ {XEX✲t✇❡❛❦s}
• (α, β, γ) ✐s ✐♥ ❢❛❝t t❤❡ ✏r❡❛❧✑ t✇❡❛❦

❘❡❧❛t❡❞✲❦❡② ❙❚P❘P s❡❝✉r❡ ✭✐❢ ✮

✹✷ ✴ ✺✸

❳P❳ ❈♦✈❡rs ❳❊❳ ❲✐t❤ ❊✈❡♥✲▼❛♥s♦✉r

m c t11k ⊕ t12P(k) t21k ⊕ t22P(k)

P

− − →

m c (2α3β7γ ⊕ 1)k ⊕ 2α3β7γP(k)

P

❢♦r T = ( 2α3β7γ ⊕ 1 , 2α3β7γ , ( 2α3β7γ ⊕ 1 , 2α3β7γ )

• (α, β, γ) ∈ {XEX✲t✇❡❛❦s}
• (α, β, γ) ✐s ✐♥ ❢❛❝t t❤❡ ✏r❡❛❧✑ t✇❡❛❦
• ❘❡❧❛t❡❞✲❦❡② ❙❚P❘P s❡❝✉r❡ ✭✐❢ 2α3β7γ = 1✮

✹✷ ✴ ✺✸

❆♣♣❧✐❝❛t✐♦♥ t♦ ❆❊✿ ❈❖P❆ ❛♥❞ Prøst✲❈❖P❆

A1 A2 Aa−1 Aa M1 M2 Md M1⊕···⊕Md C1 C2 Cd T

33L 2·33L 2a-233L 2a-134L L 3L 2·3L 2d-13L 2d-132L 2L 22L 2dL 2d-17L

Ek Ek Ek Ek Ek Ek Ek Ek Ek Ek Ek Ek

• ❇② ❆♥❞r❡❡✈❛ ❡t ❛❧✳ ✭✷✵✶✹✮
• ■♠♣❧✐❝✐t❧② ❜❛s❡❞ ♦♥ XEX ❜❛s❡❞ ♦♥ ❆❊❙

Prøst✲❈❖P❆ ❜② ❑❛✈✉♥ ❡t ❛❧✳ ✭✷✵✶✹✮✿ ❈❖P❆ ❜❛s❡❞ ♦♥ ❳❊❳ ❜❛s❡❞ ♦♥ ❊✈❡♥✲▼❛♥s♦✉r

✹✸ ✴ ✺✸

L = EK(0)

❆♣♣❧✐❝❛t✐♦♥ t♦ ❆❊✿ ❈❖P❆ ❛♥❞ Prøst✲❈❖P❆

A1 A2 Aa−1 Aa M1 M2 Md M1⊕···⊕Md C1 C2 Cd T

33L 2·33L 2a-233L 2a-134L L 3L 2·3L 2d-13L 2d-132L 2L 22L 2dL 2d-17L

Ek Ek Ek Ek Ek Ek Ek Ek Ek Ek Ek Ek

• ❇② ❆♥❞r❡❡✈❛ ❡t ❛❧✳ ✭✷✵✶✹✮
• ■♠♣❧✐❝✐t❧② ❜❛s❡❞ ♦♥ XEX ❜❛s❡❞ ♦♥ ❆❊❙
• Prøst✲❈❖P❆ ❜② ❑❛✈✉♥ ❡t ❛❧✳ ✭✷✵✶✹✮✿

❈❖P❆ ❜❛s❡❞ ♦♥ ❳❊❳ ❜❛s❡❞ ♦♥ ❊✈❡♥✲▼❛♥s♦✉r

✹✸ ✴ ✺✸

L = EK(0)

❆♣♣❧✐❝❛t✐♦♥ t♦ ❆❊✿ ❈❖P❆ ❛♥❞ Prøst✲❈❖P❆

❙✐♥❣❧❡✲❑❡② ❙❡❝✉r✐t② ♦❢ ❈❖P❆ ✳ ✳ ❈❖P❆

O

• σ2

2n

• −

− − − →

s❦

✳ ✳ XEX

O

• σ2

2n

• −

− − − →

s❦

✳ ✳ E

s❦

✳ ✳ ❘❡❧❛t❡❞✲❑❡② ❙❡❝✉r✐t② ♦❢ ❊①✐st✐♥❣ ♣r♦♦❢ ❣❡♥❡r❛❧✐③❡s ✳ ✳ ❈❖P❆

r❦

✳ ✳

r❦

✳ ✳

r❦

✳ ✳

✹✹ ✴ ✺✸

r❦

❆♣♣❧✐❝❛t✐♦♥ t♦ ❆❊✿ ❈❖P❆ ❛♥❞ Prøst✲❈❖P❆

❙✐♥❣❧❡✲❑❡② ❙❡❝✉r✐t② ♦❢ Prøst✲❈❖P❆ ✳ ✳ ❈❖P❆

O

• σ2

2n

• −

− − − →

s❦

✳ ✳ XEX

O

• σ2

2n

• −

− − − →

s❦

✳ ✳ E

s❦

✳ ✳ P ❘❡❧❛t❡❞✲❑❡② ❙❡❝✉r✐t② ♦❢ ❊①✐st✐♥❣ ♣r♦♦❢ ❣❡♥❡r❛❧✐③❡s ✳ ✳ ❈❖P❆

r❦

✳ ✳

r❦

✳ ✳

r❦

✳ ✳

✹✹ ✴ ✺✸

r❦

❆♣♣❧✐❝❛t✐♦♥ t♦ ❆❊✿ ❈❖P❆ ❛♥❞ Prøst✲❈❖P❆

❙✐♥❣❧❡✲❑❡② ❙❡❝✉r✐t② ♦❢ Prøst✲❈❖P❆ ✳ ✳ ❈❖P❆

O

• σ2

2n

• −

− − − →

s❦

✳ ✳ XEX

O

• σ2

2n

• −

− − − →

s❦

✳ ✳ E

O

• σ2

2n

• −

− − − →

s❦

✳ ✳ P ❘❡❧❛t❡❞✲❑❡② ❙❡❝✉r✐t② ♦❢ ❊①✐st✐♥❣ ♣r♦♦❢ ❣❡♥❡r❛❧✐③❡s ✳ ✳ ❈❖P❆

r❦

✳ ✳

r❦

✳ ✳

r❦

✳ ✳

✹✹ ✴ ✺✸

r❦

❆♣♣❧✐❝❛t✐♦♥ t♦ ❆❊✿ ❈❖P❆ ❛♥❞ Prøst✲❈❖P❆

❙✐♥❣❧❡✲❑❡② ❙❡❝✉r✐t② ♦❢ Prøst✲❈❖P❆ ✳ ✳ ❈❖P❆

O

• σ2

2n

• −

− − − →

s❦

✳ ✳ XEX

O

• σ2

2n

• −

− − − →

s❦

✳ ✳ E

O

• σ2

2n

• −

− − − →

s❦

✳ ✳ P ❘❡❧❛t❡❞✲❑❡② ❙❡❝✉r✐t② ♦❢ ❈❖P❆

• ❊①✐st✐♥❣ ♣r♦♦❢ ❣❡♥❡r❛❧✐③❡s

✳ ✳ ❈❖P❆

O

• σ2

2n

• −

− − − →

r❦

✳ ✳ XEX

O

• σ2

2n

• −

− − − →

r❦

✳ ✳ E

r❦

✳ ✳

✹✹ ✴ ✺✸

r❦

❆♣♣❧✐❝❛t✐♦♥ t♦ ❆❊✿ ❈❖P❆ ❛♥❞ Prøst✲❈❖P❆

❙✐♥❣❧❡✲❑❡② ❙❡❝✉r✐t② ♦❢ Prøst✲❈❖P❆ ✳ ✳ ❈❖P❆

O

• σ2

2n

• −

− − − →

s❦

✳ ✳ XEX

O

• σ2

2n

• −

− − − →

s❦

✳ ✳ E

O

• σ2

2n

• −

− − − →

s❦

✳ ✳ P ❘❡❧❛t❡❞✲❑❡② ❙❡❝✉r✐t② ♦❢ Prøst✲❈❖P❆

• ❊①✐st✐♥❣ ♣r♦♦❢ ❣❡♥❡r❛❧✐③❡s

✳ ✳ ❈❖P❆

O

• σ2

2n

• −

− − − →

r❦

✳ ✳ XEX

O

• σ2

2n

• −

− − − →

r❦

✳ ✳ E

r❦

✳ ✳ P

✹✹ ✴ ✺✸

r❦

❆♣♣❧✐❝❛t✐♦♥ t♦ ❆❊✿ ❈❖P❆ ❛♥❞ Prøst✲❈❖P❆

❙✐♥❣❧❡✲❑❡② ❙❡❝✉r✐t② ♦❢ Prøst✲❈❖P❆ ✳ ✳ ❈❖P❆

O

• σ2

2n

• −

− − − →

s❦

✳ ✳ XEX

O

• σ2

2n

• −

− − − →

s❦

✳ ✳ E

O

• σ2

2n

• −

− − − →

s❦

✳ ✳ P ❘❡❧❛t❡❞✲❑❡② ❙❡❝✉r✐t② ♦❢ Prøst✲❈❖P❆

• ❊①✐st✐♥❣ ♣r♦♦❢ ❣❡♥❡r❛❧✐③❡s

✳ ✳ ❈❖P❆

O

• σ2

2n

• −

− − − →

r❦

✳ ✳ XEX

O

• σ2

2n

• −

− − − →

r❦

✳ ✳ E

Ω

• 1
• −

− − − →

r❦

✳ ✳ P

✹✹ ✴ ✺✸

r❦

❆♣♣❧✐❝❛t✐♦♥ t♦ ❆❊✿ ❈❖P❆ ❛♥❞ Prøst✲❈❖P❆

❙✐♥❣❧❡✲❑❡② ❙❡❝✉r✐t② ♦❢ Prøst✲❈❖P❆ ✳ ✳ ❈❖P❆

O

• σ2

2n

• −

− − − →

s❦

✳ ✳ XEX

O

• σ2

2n

• −

− − − →

s❦

✳ ✳ E

O

• σ2

2n

• −

− − − →

s❦

✳ ✳ P ❘❡❧❛t❡❞✲❑❡② ❙❡❝✉r✐t② ♦❢ Prøst✲❈❖P❆

• ❊①✐st✐♥❣ ♣r♦♦❢ ❣❡♥❡r❛❧✐③❡s

✳ ✳ ❈❖P❆

O

• σ2

2n

• −

− − − →

r❦

✳ ✳ XEX

O

• σ2

2n

• −

− − − →

r❦

✳ ✳ E

Ω

• 1
• −

− − − →

r❦

✳ ✳ P

✹✹ ✴ ✺✸

O

• σ2

2n

• r❦

❆♣♣❧✐❝❛t✐♦♥ t♦ ▼❆❈✿ ❈❤❛s❦❡②

k 2k 2k M1 M2 Md T P P P k M1 M2 T P P P Md10∗ 4k 4k

• ❇② ▼♦✉❤❛ ❡t ❛❧✳ ✭✷✵✶✹✮
• ❖r✐❣✐♥❛❧ ♣r♦♦❢ ❜❛s❡❞ ♦♥ ✸ ❊▼✬s✿

  

Ek(m) = P(m ⊕ k) ⊕ k Ek(m) = P(m ⊕ 3k) ⊕ 2k Ek(m) = P(m ⊕ 5k) ⊕ 4k

❊q✉✐✈❛❧❡♥t t♦ ✇✐t❤ ✳ ✳ ❈❤❛s❦❡②

s❦

✳ ✳

s❦

✳ ✳

✹✺ ✴ ✺✸

❆♣♣❧✐❝❛t✐♦♥ t♦ ▼❆❈✿ ❈❤❛s❦❡②

k 2k 2k M1 M2 Md T P P P k M1 M2 T P P P Md10∗ 4k 4k

• ❇② ▼♦✉❤❛ ❡t ❛❧✳ ✭✷✵✶✹✮
• ❖r✐❣✐♥❛❧ ♣r♦♦❢ ❜❛s❡❞ ♦♥ ✸ ❊▼✬s✿

  

Ek(m) = P(m ⊕ k) ⊕ k Ek(m) = P(m ⊕ 3k) ⊕ 2k Ek(m) = P(m ⊕ 5k) ⊕ 4k

• ❊q✉✐✈❛❧❡♥t t♦ XPX ✇✐t❤ T = {(1, 0, 1, 0), (3, 0, 2, 0), (5, 0, 4, 0)}

✳ ✳ ❈❤❛s❦❡②

s❦

✳ ✳

s❦

✳ ✳

✹✺ ✴ ✺✸

❆♣♣❧✐❝❛t✐♦♥ t♦ ▼❆❈✿ ❈❤❛s❦❡②

k 2k 2k M1 M2 Md T P P P k M1 M2 T P P P Md10∗ 4k 4k

• ❇② ▼♦✉❤❛ ❡t ❛❧✳ ✭✷✵✶✹✮
• ❖r✐❣✐♥❛❧ ♣r♦♦❢ ❜❛s❡❞ ♦♥ ✸ ❊▼✬s✿

  

Ek(m) = P(m ⊕ k) ⊕ k Ek(m) = P(m ⊕ 3k) ⊕ 2k Ek(m) = P(m ⊕ 5k) ⊕ 4k

• ❊q✉✐✈❛❧❡♥t t♦ XPX ✇✐t❤ T = {(1, 0, 1, 0), (3, 0, 2, 0), (5, 0, 4, 0)}

✳ ✳ ❈❤❛s❦❡②

O

• σ2

2n

• −

− − − →

s❦

✳ ✳ XPX

O

• σ2

2n

• −

− − − →

s❦

✳ ✳ P

✹✺ ✴ ✺✸

❆♣♣❧✐❝❛t✐♦♥ t♦ ▼❆❈✿ ❆❞❥✉st❡❞ ❈❤❛s❦❡②

k 2k 2k M1 M2 Md T P P P P k M1 M2 T P P P P Md10∗ 4k 4k

• ❊①tr❛ P✲❝❛❧❧

❇❛s❡❞ ♦♥ ✇✐t❤ ✳ ✳ ❈❤❛s❦❡②

r❦

✳ ✳

r❦

✳ ✳ ❆♣♣r♦❛❝❤ ❝❛♥ ❛❧s♦ ❜❡ ❛♣♣❧✐❡❞ t♦✿

❑❡②❡❞ ❙♣♦♥❣❡ ❛♥❞ ❉✉♣❧❡① ✶✵ ❙♣♦♥❣❡✲✐♥s♣✐r❡❞ ❈❆❊❙❆❘ ❝❛♥❞✐❞❛t❡s

✹✻ ✴ ✺✸

❆♣♣❧✐❝❛t✐♦♥ t♦ ▼❆❈✿ ❆❞❥✉st❡❞ ❈❤❛s❦❡②

k 2k 2k M1 M2 Md T P P P P k M1 M2 T P P P P Md10∗ 4k 4k

• ❊①tr❛ P✲❝❛❧❧
• ❇❛s❡❞ ♦♥ XPX ✇✐t❤ T ′ = {(0, 1, 0, 1), (2, 1, 2, 0), (4, 1, 4, 0)}

✳ ✳ ❈❤❛s❦❡②

r❦

✳ ✳

r❦

✳ ✳ ❆♣♣r♦❛❝❤ ❝❛♥ ❛❧s♦ ❜❡ ❛♣♣❧✐❡❞ t♦✿

❑❡②❡❞ ❙♣♦♥❣❡ ❛♥❞ ❉✉♣❧❡① ✶✵ ❙♣♦♥❣❡✲✐♥s♣✐r❡❞ ❈❆❊❙❆❘ ❝❛♥❞✐❞❛t❡s

✹✻ ✴ ✺✸

❆♣♣❧✐❝❛t✐♦♥ t♦ ▼❆❈✿ ❆❞❥✉st❡❞ ❈❤❛s❦❡②

k 2k 2k M1 M2 Md T P P P P k M1 M2 T P P P P Md10∗ 4k 4k

• ❊①tr❛ P✲❝❛❧❧
• ❇❛s❡❞ ♦♥ XPX ✇✐t❤ T ′ = {(0, 1, 0, 1), (2, 1, 2, 0), (4, 1, 4, 0)}

✳ ✳ ❈❤❛s❦❡②

O

• σ2

2n

• −

− − − →

r❦

✳ ✳ XPX

O

• σ2

2n

• −

− − − →

r❦

✳ ✳ P ❆♣♣r♦❛❝❤ ❝❛♥ ❛❧s♦ ❜❡ ❛♣♣❧✐❡❞ t♦✿

❑❡②❡❞ ❙♣♦♥❣❡ ❛♥❞ ❉✉♣❧❡① ✶✵ ❙♣♦♥❣❡✲✐♥s♣✐r❡❞ ❈❆❊❙❆❘ ❝❛♥❞✐❞❛t❡s

✹✻ ✴ ✺✸

❆♣♣❧✐❝❛t✐♦♥ t♦ ▼❆❈✿ ❆❞❥✉st❡❞ ❈❤❛s❦❡②

k 2k 2k M1 M2 Md T P P P P k M1 M2 T P P P P Md10∗ 4k 4k

• ❊①tr❛ P✲❝❛❧❧
• ❇❛s❡❞ ♦♥ XPX ✇✐t❤ T ′ = {(0, 1, 0, 1), (2, 1, 2, 0), (4, 1, 4, 0)}

✳ ✳ ❈❤❛s❦❡②

O

• σ2

2n

• −

− − − →

r❦

✳ ✳ XPX

O

• σ2

2n

• −

− − − →

r❦

✳ ✳ P

• ❆♣♣r♦❛❝❤ ❝❛♥ ❛❧s♦ ❜❡ ❛♣♣❧✐❡❞ t♦✿
• ❑❡②❡❞ ❙♣♦♥❣❡ ❛♥❞ ❉✉♣❧❡①
• ✶✵ ❙♣♦♥❣❡✲✐♥s♣✐r❡❞ ❈❆❊❙❆❘ ❝❛♥❞✐❞❛t❡s

✹✻ ✴ ✺✸

❖✉t❧✐♥❡ ❉❡❞✐❝❛t❡❞ ❉❡s✐❣♥ ❇❛s✐❝ ●❡♥❡r✐❝ ❘❡❝✐♣❡ ❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs ❇❛s❡❞ ♦♥ ▼❛s❦✐♥❣ ❇❡②♦♥❞ ▼❛s❦✐♥❣✲❇❛s❡❞ ❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs ❈♦♥❝❧✉s✐♦♥

✹✼ ✴ ✺✸

❇❡②♦♥❞ ▼❛s❦✐♥❣✲❇❛s❡❞ ❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs

m c

Ek/P

f1(t) f2(t)

• ✏❇✐rt❤❞❛②✲❜♦✉♥❞✑ 2n/2 s❡❝✉r✐t② ❛t ❜❡st
• ❖✈❡r❧②✐♥❣ ♠♦❞❡s ✐♥❤❡r✐t s❡❝✉r✐t② ❜♦✉♥❞

■❢ ✐s ❧❛r❣❡ ❡♥♦✉❣❤ ♥♦ ♣r♦❜❧❡♠ ■❢ ✐s s♠❛❧❧ ✏❜❡②♦♥❞ ❜✐rt❤❞❛②✲❜♦✉♥❞✑ s♦❧✉t✐♦♥s

❈❛s❝❛❞✐♥❣ ❚✇❡❛❦✲r❡❦❡②✐♥❣

✹✽ ✴ ✺✸

❇❡②♦♥❞ ▼❛s❦✐♥❣✲❇❛s❡❞ ❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs

m c

Ek/P

f1(t) f2(t)

• ✏❇✐rt❤❞❛②✲❜♦✉♥❞✑ 2n/2 s❡❝✉r✐t② ❛t ❜❡st
• ❖✈❡r❧②✐♥❣ ♠♦❞❡s ✐♥❤❡r✐t s❡❝✉r✐t② ❜♦✉♥❞
• ■❢ n ✐s ❧❛r❣❡ ❡♥♦✉❣❤ −

→ ♥♦ ♣r♦❜❧❡♠

• ■❢ n ✐s s♠❛❧❧ −

→ ✏❜❡②♦♥❞ ❜✐rt❤❞❛②✲❜♦✉♥❞✑ s♦❧✉t✐♦♥s

• ❈❛s❝❛❞✐♥❣
• ❚✇❡❛❦✲r❡❦❡②✐♥❣

✹✽ ✴ ✺✸

❈❛s❝❛❞✐♥❣ ▲❘❲✬s

m c

· · · · · ·

h1(t) h1(t)⊕h2(t) hρ−1(t)⊕hρ(t) hρ(t)

Ek1 Ek2 Ekρ

• LRW2[ρ]✿ ❝♦♥❝❛t❡♥❛t✐♦♥ ♦❢ ρ LRW2✬s
• k1, . . . , kρ ❛♥❞ h1, . . . , hρ ✐♥❞❡♣❡♥❞❡♥t

✿ s❡❝✉r❡ ✉♣ t♦ q✉❡r✐❡s ❬▲❙❚✶✷✱Pr♦✶✹❪ ❡✈❡♥✿ s❡❝✉r❡ ✉♣ t♦ q✉❡r✐❡s ❬▲❙✶✸❪ ❈♦♥❥❡❝t✉r❡✿ ♦♣t✐♠❛❧ s❡❝✉r✐t②

✹✾ ✴ ✺✸

❈❛s❝❛❞✐♥❣ ▲❘❲✬s

m c

· · · · · ·

h1(t) h1(t)⊕h2(t) hρ−1(t)⊕hρ(t) hρ(t)

Ek1 Ek2 Ekρ

• LRW2[ρ]✿ ❝♦♥❝❛t❡♥❛t✐♦♥ ♦❢ ρ LRW2✬s
• k1, . . . , kρ ❛♥❞ h1, . . . , hρ ✐♥❞❡♣❡♥❞❡♥t
• ρ = 2✿ s❡❝✉r❡ ✉♣ t♦ 22n/3 q✉❡r✐❡s ❬▲❙❚✶✷✱Pr♦✶✹❪
• ρ ≥ 2 ❡✈❡♥✿ s❡❝✉r❡ ✉♣ t♦ 2ρn/(ρ+2) q✉❡r✐❡s ❬▲❙✶✸❪
• ❈♦♥❥❡❝t✉r❡✿ ♦♣t✐♠❛❧ 2ρn/(ρ+1) s❡❝✉r✐t②

✹✾ ✴ ✺✸

❈❛s❝❛❞✐♥❣ ❚❊▼✬s

m c

· · · · · ·

h1(t) h1(t)⊕h2(t) hρ−1(t)⊕hρ(t) hρ(t)

P1 P2 Pρ

• TEM[ρ]✿ ❝♦♥❝❛t❡♥❛t✐♦♥ ♦❢ ρ TEM✬s
• P1, . . . , Pρ ❛♥❞ h1, . . . , hρ ✐♥❞❡♣❡♥❞❡♥t

✿ s❡❝✉r❡ ✉♣ t♦ q✉❡r✐❡s ❬❈▲❙✶✺❪ ❡✈❡♥✿ s❡❝✉r❡ ✉♣ t♦ q✉❡r✐❡s ❬❈▲❙✶✺❪ ❈♦♥❥❡❝t✉r❡✿ ♦♣t✐♠❛❧ s❡❝✉r✐t②

✺✵ ✴ ✺✸

❈❛s❝❛❞✐♥❣ ❚❊▼✬s

m c

· · · · · ·

h1(t) h1(t)⊕h2(t) hρ−1(t)⊕hρ(t) hρ(t)

P1 P2 Pρ

• TEM[ρ]✿ ❝♦♥❝❛t❡♥❛t✐♦♥ ♦❢ ρ TEM✬s
• P1, . . . , Pρ ❛♥❞ h1, . . . , hρ ✐♥❞❡♣❡♥❞❡♥t
• ρ = 2✿ s❡❝✉r❡ ✉♣ t♦ 22n/3 q✉❡r✐❡s ❬❈▲❙✶✺❪
• ρ ≥ 2 ❡✈❡♥✿ s❡❝✉r❡ ✉♣ t♦ 2ρn/(ρ+2) q✉❡r✐❡s ❬❈▲❙✶✺❪
• ❈♦♥❥❡❝t✉r❡✿ ♦♣t✐♠❛❧ 2ρn/(ρ+1) s❡❝✉r✐t②

✺✵ ✴ ✺✸

❚✇❡❛❦✲❘❡❦❡②✐♥❣

m c

E

k h ⊗ t h ⊗ t t

• ▼✐♥❣❧✐♥❣ t✇❡❛❦ ✐♥t♦ ❜♦t❤ ❦❡② ❛♥❞ st❛t❡ ✇♦r❦s
• ❙❡❝✉r❡ ✉♣ t♦ 2n q✉❡r✐❡s ✭✐♥ ■❈▼✦✮
• ❆❧t❡r♥❛t✐✈❡ ❝♦♥str✉❝t✐♦♥s ❡①✐st ❬▼✐♥✵✾✱▼❡♥✶✺✱❲●❩✰✶✻❪

▼♦r❡ ♦♥ ✏❜❡②♦♥❞ ❜✐rt❤❞❛②✲❜♦✉♥❞ s❡❝✉r✐t②✑ ♦♥ ❚❤✉rs❞❛②

✺✶ ✴ ✺✸

❖✉t❧✐♥❡ ❉❡❞✐❝❛t❡❞ ❉❡s✐❣♥ ❇❛s✐❝ ●❡♥❡r✐❝ ❘❡❝✐♣❡ ❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs ❇❛s❡❞ ♦♥ ▼❛s❦✐♥❣ ❇❡②♦♥❞ ▼❛s❦✐♥❣✲❇❛s❡❞ ❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs ❈♦♥❝❧✉s✐♦♥

✺✷ ✴ ✺✸

❈♦♥❝❧✉s✐♦♥

❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs✿ ❙✐♠♣❧❡ ❛♥❞ P♦✇❡r❢✉❧

• ▼②r✐❛❞ ❛♣♣❧✐❝❛t✐♦♥s t♦ ❆❊✱ ▼❆❈✱ ❡♥❝r②♣t✐♦♥✱ ✳ ✳ ✳
• ❈❤♦✐❝❡ ♦❢ ♠❛s❦✐♥❣ ✐♥✢✉❡♥❝❡s ❡✣❝✐❡♥❝② ❛♥❞ s❡❝✉r✐t②

❙❡❝✉r✐t② ▲❡✈❡❧ ❇✐rt❤❞❛②✲❜♦✉♥❞ s❡❝✉r✐t②✿ ♦❦❛② ✐❢ ✐s ❧❛r❣❡ ❡♥♦✉❣❤

P❡r♠✉t❛t✐♦♥✲❜❛s❡❞ t✇❡❛❦❛❜❧❡ ❜❧♦❝❦❝✐♣❤❡rs

❇❡②♦♥❞ ❜✐rt❤❞❛②✲❜♦✉♥❞ s❡❝✉r✐t② ♣♦ss✐❜❧❡

▼♦r❡ ♦♥ ❚❤✉rs❞❛②

❚❤❛♥❦ ②♦✉ ❢♦r ②♦✉r ❛tt❡♥t✐♦♥✦

✺✸ ✴ ✺✸

❈♦♥❝❧✉s✐♦♥

❚✇❡❛❦❛❜❧❡ ❇❧♦❝❦❝✐♣❤❡rs✿ ❙✐♠♣❧❡ ❛♥❞ P♦✇❡r❢✉❧

• ▼②r✐❛❞ ❛♣♣❧✐❝❛t✐♦♥s t♦ ❆❊✱ ▼❆❈✱ ❡♥❝r②♣t✐♦♥✱ ✳ ✳ ✳
• ❈❤♦✐❝❡ ♦❢ ♠❛s❦✐♥❣ ✐♥✢✉❡♥❝❡s ❡✣❝✐❡♥❝② ❛♥❞ s❡❝✉r✐t②

❙❡❝✉r✐t② ▲❡✈❡❧

• ❇✐rt❤❞❛②✲❜♦✉♥❞ s❡❝✉r✐t②✿ ♦❦❛② ✐❢ n ✐s ❧❛r❣❡ ❡♥♦✉❣❤

− → P❡r♠✉t❛t✐♦♥✲❜❛s❡❞ t✇❡❛❦❛❜❧❡ ❜❧♦❝❦❝✐♣❤❡rs

• ❇❡②♦♥❞ ❜✐rt❤❞❛②✲❜♦✉♥❞ s❡❝✉r✐t② ♣♦ss✐❜❧❡

− → ▼♦r❡ ♦♥ ❚❤✉rs❞❛②

❚❤❛♥❦ ②♦✉ ❢♦r ②♦✉r ❛tt❡♥t✐♦♥✦

✺✸ ✴ ✺✸

❙❯PP❖❘❚■◆● ❙▲■❉❊❙

✺✹ ✴ ✺✸

▼❊▼✿ ■♠♣❧❡♠❡♥t❛t✐♦♥

• ❙t❛t❡ s✐③❡ b = 1024
• ▲❋❙❘ ♦♥ 16 ✇♦r❞s ♦❢ 64 ❜✐ts✿

ϕ(x0, . . . , x15) = (x1, . . . , x15, (x0 ≪ 53) ⊕ (x5 ≪ 13))

• P✿ ❇▲❆❑❊✷❜ ♣❡r♠✉t❛t✐♦♥ ✇✐t❤ 4 ♦r 6 r♦✉♥❞s

▼❛✐♥ ✐♠♣❧❡♠❡♥t❛t✐♦♥ r❡s✉❧ts✿

♥♦♥❝❡✲r❡s♣❡❝t✐♥❣ ♠✐s✉s❡✲r❡s✐st❛♥t P❧❛t❢♦r♠ ❆❊❙✲●❈▼ ❖❈❇✸ ❉❡♦①②s ❖PP ❖PP

• ❈▼✲❙■❱

❉❡♦①②s ▼❘❖ ▼❘❖ ❈♦rt❡①✲❆✽ ✸✽✳✻ ✷✽✳✾ ✲ ✹✳✷✻ ✺✳✾✶ ✲ ✲ ✽✳✵✼ ✶✶✳✸✷ ❙❛♥❞② ❇r✐❞❣❡ ✷✳✺✺ ✵✳✾✽ ✶✳✷✾ ✶✳✷✹ ✶✳✾✶ ✲ ✷✳✺✽ ✷✳✹✶ ✸✳✺✽ ❍❛s✇❡❧❧ ✶✳✵✸ ✵✳✻✾ ✵✳✾✻ ✵✳✺✺ ✵✳✼✺ ✶✳✶✼ ✶✳✾✷ ✶✳✵✻ ✶✳✸✾

✺✺ ✴ ✺✸

▼❊▼✿ ■♠♣❧❡♠❡♥t❛t✐♦♥

• ❙t❛t❡ s✐③❡ b = 1024
• ▲❋❙❘ ♦♥ 16 ✇♦r❞s ♦❢ 64 ❜✐ts✿

ϕ(x0, . . . , x15) = (x1, . . . , x15, (x0 ≪ 53) ⊕ (x5 ≪ 13))

• P✿ ❇▲❆❑❊✷❜ ♣❡r♠✉t❛t✐♦♥ ✇✐t❤ 4 ♦r 6 r♦✉♥❞s
• ▼❛✐♥ ✐♠♣❧❡♠❡♥t❛t✐♦♥ r❡s✉❧ts✿

♥♦♥❝❡✲r❡s♣❡❝t✐♥❣ ♠✐s✉s❡✲r❡s✐st❛♥t P❧❛t❢♦r♠ ❆❊❙✲●❈▼ ❖❈❇✸ ❉❡♦①②s= ❖PP4 ❖PP6

• ❈▼✲❙■❱

❉❡♦①②s ▼❘❖ ▼❘❖ ❈♦rt❡①✲❆✽ ✸✽✳✻ ✷✽✳✾ ✲ ✹✳✷✻ ✺✳✾✶ ✲ ✲ ✽✳✵✼ ✶✶✳✸✷ ❙❛♥❞② ❇r✐❞❣❡ ✷✳✺✺ ✵✳✾✽ ✶✳✷✾ ✶✳✷✹ ✶✳✾✶ ✲ ✷✳✺✽ ✷✳✹✶ ✸✳✺✽ ❍❛s✇❡❧❧ ✶✳✵✸ ✵✳✻✾ ✵✳✾✻ ✵✳✺✺ ✵✳✼✺ ✶✳✶✼ ✶✳✾✷ ✶✳✵✻ ✶✳✸✾

✺✺ ✴ ✺✸

▼❊▼✿ ■♠♣❧❡♠❡♥t❛t✐♦♥

• ❙t❛t❡ s✐③❡ b = 1024
• ▲❋❙❘ ♦♥ 16 ✇♦r❞s ♦❢ 64 ❜✐ts✿

ϕ(x0, . . . , x15) = (x1, . . . , x15, (x0 ≪ 53) ⊕ (x5 ≪ 13))

• P✿ ❇▲❆❑❊✷❜ ♣❡r♠✉t❛t✐♦♥ ✇✐t❤ 4 ♦r 6 r♦✉♥❞s
• ▼❛✐♥ ✐♠♣❧❡♠❡♥t❛t✐♦♥ r❡s✉❧ts✿

♥♦♥❝❡✲r❡s♣❡❝t✐♥❣ ♠✐s✉s❡✲r❡s✐st❛♥t P❧❛t❢♦r♠ ❆❊❙✲●❈▼ ❖❈❇✸ ❉❡♦①②s= ❖PP4 ❖PP6

• ❈▼✲❙■❱

❉❡♦①②s= ▼❘❖4 ▼❘❖6 ❈♦rt❡①✲❆✽ ✸✽✳✻ ✷✽✳✾ ✲ ✹✳✷✻ ✺✳✾✶ ✲ ✲ ✽✳✵✼ ✶✶✳✸✷ ❙❛♥❞② ❇r✐❞❣❡ ✷✳✺✺ ✵✳✾✽ ✶✳✷✾ ✶✳✷✹ ✶✳✾✶ ✲ ≈ ✷✳✺✽ ✷✳✹✶ ✸✳✺✽ ❍❛s✇❡❧❧ ✶✳✵✸ ✵✳✻✾ ✵✳✾✻ ✵✳✺✺ ✵✳✼✺ ✶✳✶✼ ≈ ✶✳✾✷ ✶✳✵✻ ✶✳✸✾

✺✺ ✴ ✺✸

▼❊▼✿ P❛r❛❧❧❡❧✐③❛❜✐❧✐t②

• ▲❋❙❘ ♦♥ 16 ✇♦r❞s ♦❢ 64 ❜✐ts✿

ϕ(x0, . . . , x15) = (x1, . . . , x15, (x0 ≪ 53) ⊕ (x5 ≪ 13)) ❇❡❣✐♥ ✇✐t❤ st❛t❡ ♦❢ ✲❜✐t ✇♦r❞s P❛r❛❧❧❡❧✐③❛❜❧❡ ✭❆❱❳✷✮ ❛♥❞ ✇♦r❞✲s❧✐❝❡❛❜❧❡

✺✻ ✴ ✺✸

▼❊▼✿ P❛r❛❧❧❡❧✐③❛❜✐❧✐t②

• ▲❋❙❘ ♦♥ 16 ✇♦r❞s ♦❢ 64 ❜✐ts✿

ϕ(x0, . . . , x15) = (x1, . . . , x15, (x0 ≪ 53) ⊕ (x5 ≪ 13))

• ❇❡❣✐♥ ✇✐t❤ st❛t❡ Li = [x0, . . . , x15] ♦❢ 64✲❜✐t ✇♦r❞s

x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13 x14 x15 P❛r❛❧❧❡❧✐③❛❜❧❡ ✭❆❱❳✷✮ ❛♥❞ ✇♦r❞✲s❧✐❝❡❛❜❧❡

✺✻ ✴ ✺✸

▼❊▼✿ P❛r❛❧❧❡❧✐③❛❜✐❧✐t②

• ▲❋❙❘ ♦♥ 16 ✇♦r❞s ♦❢ 64 ❜✐ts✿

ϕ(x0, . . . , x15) = (x1, . . . , x15, (x0 ≪ 53) ⊕ (x5 ≪ 13))

• ❇❡❣✐♥ ✇✐t❤ st❛t❡ Li = [x0, . . . , x15] ♦❢ 64✲❜✐t ✇♦r❞s

x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13 x14 x15 x16

• x16 = (x0 ≪ 53) ⊕ (x5 ≪ 13)

P❛r❛❧❧❡❧✐③❛❜❧❡ ✭❆❱❳✷✮ ❛♥❞ ✇♦r❞✲s❧✐❝❡❛❜❧❡

✺✻ ✴ ✺✸

▼❊▼✿ P❛r❛❧❧❡❧✐③❛❜✐❧✐t②

• ▲❋❙❘ ♦♥ 16 ✇♦r❞s ♦❢ 64 ❜✐ts✿

ϕ(x0, . . . , x15) = (x1, . . . , x15, (x0 ≪ 53) ⊕ (x5 ≪ 13))

• ❇❡❣✐♥ ✇✐t❤ st❛t❡ Li = [x0, . . . , x15] ♦❢ 64✲❜✐t ✇♦r❞s

x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13 x14 x15 x16 x17

• x16 = (x0 ≪ 53) ⊕ (x5 ≪ 13)
• x17 = (x1 ≪ 53) ⊕ (x6 ≪ 13)

P❛r❛❧❧❡❧✐③❛❜❧❡ ✭❆❱❳✷✮ ❛♥❞ ✇♦r❞✲s❧✐❝❡❛❜❧❡

✺✻ ✴ ✺✸

▼❊▼✿ P❛r❛❧❧❡❧✐③❛❜✐❧✐t②

• ▲❋❙❘ ♦♥ 16 ✇♦r❞s ♦❢ 64 ❜✐ts✿

ϕ(x0, . . . , x15) = (x1, . . . , x15, (x0 ≪ 53) ⊕ (x5 ≪ 13))

• ❇❡❣✐♥ ✇✐t❤ st❛t❡ Li = [x0, . . . , x15] ♦❢ 64✲❜✐t ✇♦r❞s

x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13 x14 x15 x16 x17 x18

• x16 = (x0 ≪ 53) ⊕ (x5 ≪ 13)
• x17 = (x1 ≪ 53) ⊕ (x6 ≪ 13)
• x18 = (x2 ≪ 53) ⊕ (x7 ≪ 13)

P❛r❛❧❧❡❧✐③❛❜❧❡ ✭❆❱❳✷✮ ❛♥❞ ✇♦r❞✲s❧✐❝❡❛❜❧❡

✺✻ ✴ ✺✸

▼❊▼✿ P❛r❛❧❧❡❧✐③❛❜✐❧✐t②

• ▲❋❙❘ ♦♥ 16 ✇♦r❞s ♦❢ 64 ❜✐ts✿

ϕ(x0, . . . , x15) = (x1, . . . , x15, (x0 ≪ 53) ⊕ (x5 ≪ 13))

• ❇❡❣✐♥ ✇✐t❤ st❛t❡ Li = [x0, . . . , x15] ♦❢ 64✲❜✐t ✇♦r❞s

x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13 x14 x15 x16 x17 x18 x19

• x16 = (x0 ≪ 53) ⊕ (x5 ≪ 13)
• x17 = (x1 ≪ 53) ⊕ (x6 ≪ 13)
• x18 = (x2 ≪ 53) ⊕ (x7 ≪ 13)
• x19 = (x3 ≪ 53) ⊕ (x8 ≪ 13)

P❛r❛❧❧❡❧✐③❛❜❧❡ ✭❆❱❳✷✮ ❛♥❞ ✇♦r❞✲s❧✐❝❡❛❜❧❡

✺✻ ✴ ✺✸

▼❊▼✿ P❛r❛❧❧❡❧✐③❛❜✐❧✐t②

• ▲❋❙❘ ♦♥ 16 ✇♦r❞s ♦❢ 64 ❜✐ts✿

ϕ(x0, . . . , x15) = (x1, . . . , x15, (x0 ≪ 53) ⊕ (x5 ≪ 13))

• ❇❡❣✐♥ ✇✐t❤ st❛t❡ Li = [x0, . . . , x15] ♦❢ 64✲❜✐t ✇♦r❞s

x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13 x14 x15 x16 x17 x18 x19

• x16 = (x0 ≪ 53) ⊕ (x5 ≪ 13)
• x17 = (x1 ≪ 53) ⊕ (x6 ≪ 13)
• x18 = (x2 ≪ 53) ⊕ (x7 ≪ 13)
• x19 = (x3 ≪ 53) ⊕ (x8 ≪ 13)
• P❛r❛❧❧❡❧✐③❛❜❧❡ ✭❆❱❳✷✮ ❛♥❞ ✇♦r❞✲s❧✐❝❡❛❜❧❡

✺✻ ✴ ✺✸

❳P❳✿ ❙✐♥❣❧❡✲❑❡② ❙❡❝✉r✐t②

✭❙tr♦♥❣✮ ❚✇❡❛❦❛❜❧❡ P❘P

IC

XPX(±)

k

P ±

• π(±)

P ±

distinguisher D

• ■♥❢♦r♠❛t✐♦♥✲t❤❡♦r❡t✐❝ ✐♥❞✐st✐♥❣✉✐s❤❛❜✐❧✐t②

π ✐❞❡❛❧ t✇❡❛❦❛❜❧❡ ♣❡r♠✉t❛t✐♦♥

• P ✐❞❡❛❧ ♣❡r♠✉t❛t✐♦♥
• k s❡❝r❡t ❦❡②

T ✐s ✈❛❧✐❞ = ⇒ XPX ✐s ✭❙✮❚P❘P ✉♣ t♦ O q2 + qr 2n

• ✺✼ ✴ ✺✸

❳P❳✿ ❘❡❧❛t❡❞✲❑❡② ❙❡❝✉r✐t②

❘❡❧❛t❡❞✲❑❡② ✭❙tr♦♥❣✮ ❚✇❡❛❦❛❜❧❡ P❘P

IC

XPX(±)

ϕ(k)

P ±

• rkπ(±)

P ±

distinguisher D

• ■♥❢♦r♠❛t✐♦♥✲t❤❡♦r❡t✐❝ ✐♥❞✐st✐♥❣✉✐s❤❛❜✐❧✐t②

rkπ ✐❞❡❛❧ t✇❡❛❦❛❜❧❡ r❡❧❛t❡❞✲❦❡② ♣❡r♠✉t❛t✐♦♥

• P ✐❞❡❛❧ ♣❡r♠✉t❛t✐♦♥
• k s❡❝r❡t ❦❡②
• D r❡str✐❝t❡❞ t♦ s♦♠❡ s❡t ♦❢ ❦❡②✲❞❡r✐✈✐♥❣ ❢✉♥❝t✐♦♥s Φ

✺✽ ✴ ✺✸

❳P❳✿ ❘❡❧❛t❡❞✲❑❡② ❙❡❝✉r✐t②

❑❡②✲❉❡r✐✈✐♥❣ ❋✉♥❝t✐♦♥s

• Φ⊕✿ ❛❧❧ ❢✉♥❝t✐♦♥s k → k ⊕ δ

✿ ❛❧❧ ❢✉♥❝t✐♦♥s ♦r ◆♦t❡✿ ♠❛s❦✐♥❣s ✐♥ ❛r❡ ❘❡s✉❧ts

✐❢ ✐s ✈❛❧✐❞✱ ❛♥❞ ❢♦r ❛❧❧ t✇❡❛❦s✿ s❡❝✉r✐t② ❚P❘P ❛♥❞ ❙❚P❘P ❚P❘P ❙❚P❘P

✺✾ ✴ ✺✸

❳P❳✿ ❘❡❧❛t❡❞✲❑❡② ❙❡❝✉r✐t②

❑❡②✲❉❡r✐✈✐♥❣ ❋✉♥❝t✐♦♥s

• Φ⊕✿ ❛❧❧ ❢✉♥❝t✐♦♥s k → k ⊕ δ
• ΦP⊕✿ ❛❧❧ ❢✉♥❝t✐♦♥s k → k ⊕ δ ♦r P(k) → P(k) ⊕ ǫ

◆♦t❡✿ ♠❛s❦✐♥❣s ✐♥ ❛r❡ ❘❡s✉❧ts

✐❢ ✐s ✈❛❧✐❞✱ ❛♥❞ ❢♦r ❛❧❧ t✇❡❛❦s✿ s❡❝✉r✐t② ❚P❘P ❛♥❞ ❙❚P❘P ❚P❘P ❙❚P❘P

✺✾ ✴ ✺✸

❳P❳✿ ❘❡❧❛t❡❞✲❑❡② ❙❡❝✉r✐t②

❑❡②✲❉❡r✐✈✐♥❣ ❋✉♥❝t✐♦♥s

• Φ⊕✿ ❛❧❧ ❢✉♥❝t✐♦♥s k → k ⊕ δ
• ΦP⊕✿ ❛❧❧ ❢✉♥❝t✐♦♥s k → k ⊕ δ ♦r P(k) → P(k) ⊕ ǫ
• ◆♦t❡✿ ♠❛s❦✐♥❣s ✐♥ XPX ❛r❡ ti1k ⊕ ti2P(k)

❘❡s✉❧ts

✐❢ ✐s ✈❛❧✐❞✱ ❛♥❞ ❢♦r ❛❧❧ t✇❡❛❦s✿ s❡❝✉r✐t② ❚P❘P ❛♥❞ ❙❚P❘P ❚P❘P ❙❚P❘P

✺✾ ✴ ✺✸

❳P❳✿ ❘❡❧❛t❡❞✲❑❡② ❙❡❝✉r✐t②

❑❡②✲❉❡r✐✈✐♥❣ ❋✉♥❝t✐♦♥s

• Φ⊕✿ ❛❧❧ ❢✉♥❝t✐♦♥s k → k ⊕ δ
• ΦP⊕✿ ❛❧❧ ❢✉♥❝t✐♦♥s k → k ⊕ δ ♦r P(k) → P(k) ⊕ ǫ
• ◆♦t❡✿ ♠❛s❦✐♥❣s ✐♥ XPX ❛r❡ ti1k ⊕ ti2P(k)

❘❡s✉❧ts

✐❢ T ✐s ✈❛❧✐❞✱ ❛♥❞ ❢♦r ❛❧❧ t✇❡❛❦s✿ s❡❝✉r✐t② Φ t12 = 0 ❚P❘P Φ⊕ t12, t22 = 0 ❛♥❞ (t21, t22) = (0, 1) ❙❚P❘P Φ⊕ ❚P❘P ❙❚P❘P

✺✾ ✴ ✺✸

❳P❳✿ ❘❡❧❛t❡❞✲❑❡② ❙❡❝✉r✐t②

❑❡②✲❉❡r✐✈✐♥❣ ❋✉♥❝t✐♦♥s

• Φ⊕✿ ❛❧❧ ❢✉♥❝t✐♦♥s k → k ⊕ δ
• ΦP⊕✿ ❛❧❧ ❢✉♥❝t✐♦♥s k → k ⊕ δ ♦r P(k) → P(k) ⊕ ǫ
• ◆♦t❡✿ ♠❛s❦✐♥❣s ✐♥ XPX ❛r❡ ti1k ⊕ ti2P(k)

❘❡s✉❧ts

✐❢ T ✐s ✈❛❧✐❞✱ ❛♥❞ ❢♦r ❛❧❧ t✇❡❛❦s✿ s❡❝✉r✐t② Φ t12 = 0 ❚P❘P Φ⊕ t12, t22 = 0 ❛♥❞ (t21, t22) = (0, 1) ❙❚P❘P Φ⊕ t11, t12 = 0 ❚P❘P ΦP ⊕ t11, t12, t21, t22 = 0 ❙❚P❘P ΦP ⊕

✺✾ ✴ ✺✸

❳P❳✿ ❙❡❝✉r✐t② Pr♦♦❢ ❚❡❝❤♥✐q✉❡s

P❛t❛r✐♥✬s ❍✲❝♦❡✣❝✐❡♥t ❚❡❝❤♥✐q✉❡

• ❊❛❝❤ ❝♦♥✈❡rs❛t✐♦♥ ❞❡✜♥❡s ❛ tr❛♥s❝r✐♣t
• ❉❡✜♥❡ ❣♦♦❞ ❛♥❞ ❜❛❞ tr❛♥s❝r✐♣ts

✲

❜❛❞ tr❛♥s❝r✐♣t ❢♦r ♣r♦❜✳ r❛t✐♦ ❢♦r ❣♦♦❞ tr❛♥s❝r✐♣ts ❚r❛❞❡✲♦✛✿ ❞❡✜♥❡ ❜❛❞ tr❛♥s❝r✐♣ts s♠❛rt❧②✦

✻✵ ✴ ✺✸

❳P❳✿ ❙❡❝✉r✐t② Pr♦♦❢ ❚❡❝❤♥✐q✉❡s

P❛t❛r✐♥✬s ❍✲❝♦❡✣❝✐❡♥t ❚❡❝❤♥✐q✉❡

• ❊❛❝❤ ❝♦♥✈❡rs❛t✐♦♥ ❞❡✜♥❡s ❛ tr❛♥s❝r✐♣t
• ❉❡✜♥❡ ❣♦♦❞ ❛♥❞ ❜❛❞ tr❛♥s❝r✐♣ts

Advrk✲(s)prp

XPX

(D) ≤ ε + Pr

• ❜❛❞ tr❛♥s❝r✐♣t ❢♦r (

rkπ, P)

• ♣r♦❜✳ r❛t✐♦ ❢♦r ❣♦♦❞ tr❛♥s❝r✐♣ts

❚r❛❞❡✲♦✛✿ ❞❡✜♥❡ ❜❛❞ tr❛♥s❝r✐♣ts s♠❛rt❧②✦

✻✵ ✴ ✺✸

❳P❳✿ ❙❡❝✉r✐t② Pr♦♦❢ ❚❡❝❤♥✐q✉❡s

P❛t❛r✐♥✬s ❍✲❝♦❡✣❝✐❡♥t ❚❡❝❤♥✐q✉❡

• ❊❛❝❤ ❝♦♥✈❡rs❛t✐♦♥ ❞❡✜♥❡s ❛ tr❛♥s❝r✐♣t
• ❉❡✜♥❡ ❣♦♦❞ ❛♥❞ ❜❛❞ tr❛♥s❝r✐♣ts

Advrk✲(s)prp

XPX

(D) ≤ ε + Pr

• ❜❛❞ tr❛♥s❝r✐♣t ❢♦r (

rkπ, P)

• ♣r♦❜✳ r❛t✐♦ ❢♦r ❣♦♦❞ tr❛♥s❝r✐♣ts
• ❚r❛❞❡✲♦✛✿ ❞❡✜♥❡ ❜❛❞ tr❛♥s❝r✐♣ts s♠❛rt❧②✦

✻✵ ✴ ✺✸

❳P❳✿ ❙❡❝✉r✐t② Pr♦♦❢ ❚❡❝❤♥✐q✉❡s

❇❡❢♦r❡ t❤❡ ■♥t❡r❛❝t✐♦♥

• ❘❡✈❡❛❧ ✏❞❡❞✐❝❛t❡❞✑ ♦r❛❝❧❡ q✉❡r✐❡s

❆❢t❡r t❤❡ ■♥t❡r❛❝t✐♦♥

• ❘❡✈❡❛❧ ❦❡② ✐♥❢♦r♠❛t✐♦♥
• ❙✐♥❣❧❡✲❦❡②✿ k ❛♥❞ P(k)
• Φ⊕✲r❡❧❛t❡❞✲❦❡②✿ k ❛♥❞ P(k ⊕ δ)
• ΦP ⊕✲r❡❧❛t❡❞✲❦❡②✿ k ❛♥❞ P(k ⊕ δ) ❛♥❞ P −1(P(k) ⊕ ε)

❇♦✉♥❞✐♥❣ t❤❡ ❆❞✈❛♥t❛❣❡

• ❙♠❛rt ❞❡✜♥✐t✐♦♥ ♦❢ ❜❛❞ tr❛♥s❝r✐♣ts

✻✶ ✴ ✺✸

❳P❳✿ ❆♣♣❧✐❝❛t✐♦♥ t♦ ❆❊✿ ▼✐♥❛❧♣❤❡r

A1 A2 Aa−1 Aa M1 M2 Md−1 Md C1 C2 Cd−1 Cd T

2L′ 2L′ 22L′ 22L′ 2a-1L′ 2a-1L′ 2a-13L′ 2a-13L′ 2L 2L 23L 23L 22d-3L 22d-3L 22d-1L 22d-1L 22L 22L 24L 24L 22d-2L 22d-2L 22d-13L 22d-13L

P P P P P P P P P P P P

• ❇② ❙❛s❛❦✐ ❡t ❛❧✳ ✭✷✵✶✹✮
• ❊①tr❛ ♥♦♥❝❡ N ❝♦♥❝❛t❡♥❛t❡❞ t♦ k

❇❛s❡❞ ♦♥ ✇✐t❤ ✳ ✳ ▼✐♥❛❧♣❤✳

r❦

✳ ✳

r❦

✳ ✳

✻✷ ✴ ✺✸

L′ = kflag0 ⊕ P(kflag0) L = kflagN ⊕ P(kflagN)

❳P❳✿ ❆♣♣❧✐❝❛t✐♦♥ t♦ ❆❊✿ ▼✐♥❛❧♣❤❡r

A1 A2 Aa−1 Aa M1 M2 Md−1 Md C1 C2 Cd−1 Cd T

2L′ 2L′ 22L′ 22L′ 2a-1L′ 2a-1L′ 2a-13L′ 2a-13L′ 2L 2L 23L 23L 22d-3L 22d-3L 22d-1L 22d-1L 22L 22L 24L 24L 22d-2L 22d-2L 22d-13L 22d-13L

P P P P P P P P P P P P

• ❇② ❙❛s❛❦✐ ❡t ❛❧✳ ✭✷✵✶✹✮
• ❊①tr❛ ♥♦♥❝❡ N ❝♦♥❝❛t❡♥❛t❡❞ t♦ k
• ❇❛s❡❞ ♦♥ XPX ✇✐t❤ T = {(2α3β, 2α3β, 2α3β, 2α3β)}

✳ ✳ ▼✐♥❛❧♣❤✳

r❦

✳ ✳

r❦

✳ ✳

✻✷ ✴ ✺✸

L′ = kflag0 ⊕ P(kflag0) L = kflagN ⊕ P(kflagN)

❳P❳✿ ❆♣♣❧✐❝❛t✐♦♥ t♦ ❆❊✿ ▼✐♥❛❧♣❤❡r

A1 A2 Aa−1 Aa M1 M2 Md−1 Md C1 C2 Cd−1 Cd T

2L′ 2L′ 22L′ 22L′ 2a-1L′ 2a-1L′ 2a-13L′ 2a-13L′ 2L 2L 23L 23L 22d-3L 22d-3L 22d-1L 22d-1L 22L 22L 24L 24L 22d-2L 22d-2L 22d-13L 22d-13L

P P P P P P P P P P P P

• ❇② ❙❛s❛❦✐ ❡t ❛❧✳ ✭✷✵✶✹✮
• ❊①tr❛ ♥♦♥❝❡ N ❝♦♥❝❛t❡♥❛t❡❞ t♦ k
• ❇❛s❡❞ ♦♥ XPX ✇✐t❤ T = {(2α3β, 2α3β, 2α3β, 2α3β)}

✳ ✳ ▼✐♥❛❧♣❤✳

O

• σ2

2n

• −

− − − →

r❦

✳ ✳ XPX

O

• σ2

2n

• −

− − − →

r❦

✳ ✳ P

✻✷ ✴ ✺✸

L′ = kflag0 ⊕ P(kflag0) L = kflagN ⊕ P(kflagN)