Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download 1 Introduction - Spletna učilnica FRI 16/17
Document related concepts
Vincent's theorem wikipedia , lookup
Mathematics of radio engineering wikipedia , lookup
Factorization wikipedia , lookup
Factorization of polynomials over finite fields wikipedia , lookup
Quadratic reciprocity wikipedia , lookup
Fundamental theorem of algebra wikipedia , lookup
Transcript
PINS
Aleksandar Jurišić
Faculty of Computer and Informatic
Sciences, University of Ljubljana
Robert Gallant
Department of Mathematics
University of
Ljubljana, Slovenia
Corner Brook, NF, Canada
February 8, 2010
1
Introduction
In order to provide higher security of credit cards we are suggested to regularly change our pins.
It is easy to say, but hard to remember new pins. Suppose that we use a 4-digit pin (most people
do not bother to use longer ones anyway). A security engeener got on his table the following
proposal that he needs to evaluate: an owner of a pin constructs a new pin from the old one
(e.g. 1979) in the folloing way:
1979
• adds the digits of his/her current pin,
(1+9+7+9=26)
• adds the last digit of the sum to the pin and
19796
• deletes the first digit of his pin.
9796
He wrote a program that generated all the pins. There is only 104 of them and he new that
0000 pin is a boring one, since it never changes with the above procedure. He found out that
in some cases the pin would start repeating already after 5 rounds, but this can be easily fixed
by staying away from the pins that have all the entries divisible by 5. If on the other hand one
started with a nonzero pin that has all even entries, then it would take 312. All other pins would
start repeating only after 1560 rounds.
Let us state our problem in a more general way. Let us replace 10 with an arbitrary modul
M ≥ 2 and the size of the pin that was 4 in our ilustrative example with n ≥ 2. Finally, suppose
that we calculate the new digit for a pin in the following way:
an =
n−1
X
pi ai mod M.
i=0
In the above case we had pi = 1 for i = 0, . . . , n.
Can we determine the length of cycles and the number of cycles of the same length
without checking all 104 of them? In a general problem M n can be out of our reach.
The security engeener has calculated
for n = 4, M = 10 :
1 × 1,
3 × 5,
2 × 312
1
and
6 × 1560
cycles
1.1
n=4
Actually the security engeener has also calculated
M
2
3
5
7
11
13
17
19
23
29
31
37
M
4
8
16
9
27
25
49
6
12
10
14
15
18
20
21
22
24
26
28
30
1×1 3×
5
3×1 3×
26
1×1 2×
312
1×1 1×
6
2 × 171
1×1 8×
15 121 × 120
1×1 4×
42 338 × 84
1×1 1×
16 17 × 4912
1×1 2×
9 19 × 6858
1×1 1×
22
2 × 6083
1×1 4×
7 29 × 28
1 × 1 15 × 761568
1×1 3×
12
2 × 18
6×
342
22 × 12166
2523 × 280
36 ×
36 1369 × 1368
1, 1
3, 5
24, 10
1, 1
3, 5
24, 10
192, 20
1, 1
3, 5
24, 10
192, 20 1536, 40
3, 1
2, 3
3, 26
83, 78
3, 1
2, 3
2, 9
3, 26
83, 78 2243, 234
1, 1 2, 312 250, 1560
1, 1
1, 6
1, 42
2, 171
6, 342 98, 1197 2358, 2394
3, 1
9, 5
3, 26
9, 130
3, 1
9, 5
72, 10
3, 26 153, 130
1, 1
3, 5
2, 312
6, 1560
1, 1
3, 5
1, 6
3, 30
2, 171
6, 342
6, 855 18, 1710
3, 1 3, 26 162, 312
3, 1
2, 3
9, 5
6, 15
3, 26
83, 78
9, 130 249, 390
1, 1
3, 5
24, 10
2, 312 102, 1560
3, 1
3, 6
3, 26
6, 78
6, 171
18, 342
42, 4446
1, 1
3, 5
128, 15 1936, 120
3, 1
9, 5
72, 10
576, 20
3, 26 153, 130 1152, 260
1, 1
3, 5
4, 42
338, 84
12, 210 1014, 420
1, 1
3, 5
1, 6
24, 10
51, 30
2, 171
6, 342
6, 855 354, 1710
3, 1
9, 5
3, 26
9, 130 162, 312, 486, 1560
2
1.2
n=2
M
2
4
8
16
32
3
9
27
5
25
7
49
11
13
1.3
1×1 1×3
1×1 1×3
2×6
1×1 1×3
2 × 6 4 × 12
1×1 1×3
2 × 6 4 × 12 8 × 24
1×1 1×3
2 × 6 4 × 12 8 × 24 16 × 48
1×1 1×8
1×1 1×8
1 × 4 3 × 24
1×1 1×8
1 × 4 3 × 24 9 × 72
1×1 1×4
1 × 20
1×1 1×4
6 × 20 5 × 100
1 × 1 3 × 16
1 × 1 3 × 16 21 × 112
1 × 1 2 × 5 11 × 10
1 × 1 6 × 28
n=3
M
2
4
8
16
1.4
2×1
2×1
2×1
2×1
1×2
1×2
1×2
1×2
1×4
3×4 6×8
3 × 4 14 × 8 24 × 16
3 × 4 14 × 8 56 × 16 96 × 32
n=5
M
2 2×1 2×3 3×6
4 4 × 1 4 × 3 8 × 6 80 × 12
3
2
CRT
n
j
i
Theorem 2.1 Let {sm
i | i = 1, . . . , r} and {tj | j = 1, . . . , q} be the sets of orders of the orbits
together with their number (in the exponent) under the action of the companion matrix A on the
n dimensional module V over ZM and ZN respectively, where M and N are relatively prime.
Then
{lcm(si , tj )mi nj gcd(si tj ) | i = 1, . . . , r and i = 1, . . . , q}
(1)
is the set of orbits under the action of the companion matrix A on the n dimensional module V
over ZM N .
Proof. Let us first verify we have the right number of the orbits and their sizes from (1) in
order to partition V over ZM N :
!
!
q
q
r X
r
X
X
X
n
n
M ·N =
tj · nj =
lcm(si , tj ) · gcd(si , tj ) · mi nj ) = (M N )n .
si · mi ·
i=1
i=1
i=1 j=1
Let us now consider the pins whose digits are all divisible by M or all divisible by N . Then also
the new pins obtained modulo M N will have this property. There is altogether M n distanct
pins in (ZM )n . Let i be an integer and let us denote the i-th pin by (ai+1 , ai+2 , . . . , ai+n ). Then
the next pin is (ai+2 , ai+3 , . . . , ai+n+1 ), where
ai+n+1 = ai+1 + ai+2 + · · · + ai+n mod (M N ).
Let us now intruduce two more sequences: {bi } and {ci }, defined by bi = ai mod M and ci = ai
mod N . Then we have
bi+n+1 = bi+1 + bi+2 + · · · + bi+n mod M
and ci+n+1 = ci+1 + ci+2 + · · · + ci+n mod N,
since it is irrelevant in which order we reduce the numbers (mod N or M ). This implies that
the cycle in the original sequence produces a cycle also in the two new sequences. Let us see if
we can make the same conclusion in the other direction.
Since the numbers M and N are relatively prime, we have that M | (ai − bi ) and N | (ai −
ci ) implies by the Chineese Remainder Theorem (CRT) that the sequence {ai } is completely
determined by the sequences {bi } and {ci }. Hence, the lenghts of cycles in the sequence {ai }
can be obtained as the product of the lenghts of the sequnces in {bi } and {ci }, namely, we take
their least common multiple.
SASA-finish this proof
This way we can choose for n also bigger number (like 10 or even 20).
4
3
Finite fields, the case M is prime
If we desire to have longer cycles (or even only one cycle), then it is the easiest to choose the
modul M to be prime. SASA
In linear algebra, the (transpose) companion matrix of the monic polynomial
p(t) = c0 + c1 t + · · · + cn−1 tn−1 + tn
is the square matrix defined as
0
0
..
.
1
0
..
.
0
1
..
.
···
···
..
.
C T (p) =
0
0
0 ···
−c0 −c1 −c2 · · ·
0
0
..
.
1
−cn−1
and it generates the sequence, in the sense that
ak
ak+1
ak+1 ak+2
CT . = . .
.
.
. .
ak+n−1
ak+n
The characteristic polynomial as well as the minimal polynomial of C(p) are equal to p; in this
sense, the matrix C(p) is the “companion” of the polynomial p.
If the polynomial p(t) has n different zeros λ1 , . . . , λn (the eigenvalues of C(p)), then C(p)
is diagonalizable as follows:
V C(p)V −1 = diag(λ1 , . . . , λn )
where V is the Vandermonde matrix corresponding to the λ’s. (For example, for n = 3 and
M = 2 we have for p(x) = (x + 1)3 = x3 + 3x2 + 3x + 1 = x3 + x2 + x + 1, so the eigenspace
corresponding to 1 has dimension only 1).
5
The case M = pm
4
Conjecture (SASA) A cycle of length ` for M = pm implies an existance of a cycle of length p · `
in the case when M = pm+1 . Special case m = 1.
Special case n = 2.
5
General solution
LCM,...
6
Cycles of lenght 1
Suppose an n-tuple (a0 , a1 , . . . , an−1 ) lies in a cycle of length 1. Then (a1 , a2 , . . . , an ) = (a0 , a1 , . . . , an−1 )
implies a0 = a1 , a1 = a2 , . . . , an−1 = an . Set a = a0 . Then
an ≡
n−1
X
ci ai
(mod M )
implies
na ≡ a (mod M )
i.e.,
M |(n − 1)a.
i=0
In the case when gcd(M, n − 1) = 1 we can have only a = 0. With other words this means that
there is only one cycle of lenght 1 (in the case when n = 4 this happens for all M 6= 3).
7
Applications
LFSR and think about the new ones...
8
Open problems
(i) Does BM-algoritem works when we do not work in a finite field but in a ring ZM instead?
(ii) Prove that in there is a cycle of length ` for M = pm , then there is a cycle of length p · `
in the case when M = pm+1 . Special case m = 1.
References
[1]
6
