-
On the number of solutions to a random instance of the permuted kernel problem
Authors:
Carlo Sanna
Abstract:
The Permuted Kernel Problem (PKP) is a problem in linear algebra that was first introduced by Shamir in 1989. Roughly speaking, given an $\ell \times m$ matrix $\mathbf{A}$ and an $m \times 1$ vector $\mathbf{b}$ over a finite field of $q$ elements $\mathbb{F}_q$, the PKP asks to find an $m \times m$ permutation matrix $\mathbfπ$ such that $\mathbfπ \mathbf{b}$ belongs to the kernel of…
▽ More
The Permuted Kernel Problem (PKP) is a problem in linear algebra that was first introduced by Shamir in 1989. Roughly speaking, given an $\ell \times m$ matrix $\mathbf{A}$ and an $m \times 1$ vector $\mathbf{b}$ over a finite field of $q$ elements $\mathbb{F}_q$, the PKP asks to find an $m \times m$ permutation matrix $\mathbfπ$ such that $\mathbfπ \mathbf{b}$ belongs to the kernel of $\mathbf{A}$. In recent years, several post-quantum digital signature schemes whose security can be provably reduced to the hardness of solving random instances of the PKP have been proposed. In this regard, it is important to know the expected number of solutions to a random instance of the PKP in terms of the parameters $q,\ell,m$. Previous works have heuristically estimated the expected number of solutions to be $m! / q^\ell$.
We provide, and rigorously prove, exact formulas for the expected number of solutions to a random instance of the PKP and the related Inhomogeneous Permuted Kernel Problem (IPKP), considering two natural ways of generating random instances.
△ Less
Submitted 1 June, 2024;
originally announced June 2024.
-
A note on the power sums of the number of Fibonacci partitions
Authors:
Carlo Sanna
Abstract:
For every nonnegative integer $n$, let $r_F(n)$ be the number of ways to write $n$ as a sum of Fibonacci numbers, where the order of the summands does not matter. Moreover, for all positive integers $p$ and $N$, let \begin{equation*} S_{F}^{(p)}(N) := \sum_{n = 0}^{N - 1} \big(r_F(n)\big)^p . \end{equation*} Chow, Jones, and Slattery determined the order of growth of $S_{F}^{(p)}(N)$ for…
▽ More
For every nonnegative integer $n$, let $r_F(n)$ be the number of ways to write $n$ as a sum of Fibonacci numbers, where the order of the summands does not matter. Moreover, for all positive integers $p$ and $N$, let \begin{equation*} S_{F}^{(p)}(N) := \sum_{n = 0}^{N - 1} \big(r_F(n)\big)^p . \end{equation*} Chow, Jones, and Slattery determined the order of growth of $S_{F}^{(p)}(N)$ for $p \in \{1,2\}$. We prove that, for all positive integers $p$, there exists a real number $λ_p > 1$ such that \begin{equation*} S^{(p)}_F(N) \asymp_p N^{(\log λ_p) /\!\log \varphi} \end{equation*} as $N \to +\infty$. Furthermore, we show that egin{equation*} \lim_{p \to +\infty} λ_p^{1/p} = \varphi^{1/2} , \end{equation*} where $\varphi := (1 + \sqrt{5})/2$ is the golden ratio. Our proofs employ automata theory and a result on the generalized spectral radius due to Blondel and Nesterov.
△ Less
Submitted 22 September, 2023;
originally announced September 2023.
-
Smaller public keys for MinRank-based schemes
Authors:
Antonio J. Di Scala,
Carlo Sanna
Abstract:
MinRank is an NP-complete problem in linear algebra whose characteristics make it attractive to build post-quantum cryptographic primitives. Several MinRank-based digital signature schemes have been proposed. In particular, two of them, MIRA and MiRitH, have been submitted to the NIST Post-Quantum Cryptography Standardization Process. In this paper, we propose a key-generation algorithm for MinRan…
▽ More
MinRank is an NP-complete problem in linear algebra whose characteristics make it attractive to build post-quantum cryptographic primitives. Several MinRank-based digital signature schemes have been proposed. In particular, two of them, MIRA and MiRitH, have been submitted to the NIST Post-Quantum Cryptography Standardization Process. In this paper, we propose a key-generation algorithm for MinRank-based schemes that reduces the size of the public key to about 50% of the size of the public key generated by the previous best (in terms of public-key size) algorithm. Precisely, the size of the public key generated by our algorithm sits in the range of 328-676 bits for security levels of 128-256 bits. We also prove that our algorithm is as secure as the previous ones.
△ Less
Submitted 21 August, 2023; v1 submitted 23 February, 2023;
originally announced February 2023.
-
Waring's Theorem for Binary Powers
Authors:
Daniel M. Kane,
Carlo Sanna,
Jeffrey Shallit
Abstract:
A natural number is a binary $k$'th power if its binary representation consists of $k$ consecutive identical blocks. We prove an analogue of Waring's theorem for sums of binary $k$'th powers. More precisely, we show that for each integer $k \geq 2$, there exists a positive integer $W(k)$ such that every sufficiently large multiple of $E_k := \gcd(2^k - 1, k)$ is the sum of at most $W(k)$ binary…
▽ More
A natural number is a binary $k$'th power if its binary representation consists of $k$ consecutive identical blocks. We prove an analogue of Waring's theorem for sums of binary $k$'th powers. More precisely, we show that for each integer $k \geq 2$, there exists a positive integer $W(k)$ such that every sufficiently large multiple of $E_k := \gcd(2^k - 1, k)$ is the sum of at most $W(k)$ binary $k$'th powers. (The hypothesis of being a multiple of $E_k$ cannot be omitted, since we show that the $\gcd$ of the binary $k$'th powers is $E_k$.) Also, we explain how our results can be extended to arbitrary integer bases $b > 2$.
△ Less
Submitted 13 January, 2018;
originally announced January 2018.
-
Counting arithmetic formulas
Authors:
Edinah K. Gnang,
Maksym Radziwill,
Carlo Sanna
Abstract:
An arithmetic formula is an expression involving only the constant $1$, and the binary operations of addition and multiplication, with multiplication by $1$ not allowed. We obtain an asymptotic formula for the number of arithmetic formulas evaluating to $n$ as $n$ goes to infinity, solving a conjecture of E. K. Gnang and D. Zeilberger. We give also an asymptotic formula for the number of arithmeti…
▽ More
An arithmetic formula is an expression involving only the constant $1$, and the binary operations of addition and multiplication, with multiplication by $1$ not allowed. We obtain an asymptotic formula for the number of arithmetic formulas evaluating to $n$ as $n$ goes to infinity, solving a conjecture of E. K. Gnang and D. Zeilberger. We give also an asymptotic formula for the number of arithmetic formulas evaluating to $n$ and using exactly $k$ multiplications. Finally we analyze three specific encodings for producing arithmetic formulas. For almost all integers $n$, we compare the lengths of the arithmetic formulas for $n$ that each encoding produces with the length of the shortest formula for $n$ (which we estimate from below). We briefly discuss the time-space tradeoff offered by each.
△ Less
Submitted 6 June, 2014;
originally announced June 2014.