### 数学代写|密码学作业代写Cryptography & Cryptanalysis代考|CS6260

statistics-lab™ 为您的留学生涯保驾护航 在代写密码学Cryptography & Cryptanalysis方面已经树立了自己的口碑, 保证靠谱, 高质且原创的统计Statistics代写服务。我们的专家在代写密码学Cryptography & Cryptanalysis代写方面经验极为丰富，各种代写密码学Cryptography & Cryptanalysis相关的作业也就用不着说。

• Statistical Inference 统计推断
• Statistical Computing 统计计算
• (Generalized) Linear Models 广义线性模型
• Statistical Machine Learning 统计机器学习
• Longitudinal Data Analysis 纵向数据分析
• Foundations of Data Science 数据科学基础

## 数学代写|密码学作业代写Cryptography & Cryptanalysis代考|LWE and NTRU

The LWE problem and the NTRU problem have proven to be versatile building blocks for cryptographic applications [104, 218, 274, 493]. For both of these problems, there exist ring and matrix variants. More precisely, the original definition of NTRU is the ring variant [274] and the matrix variant is rarely considered whereas for LWE the original definition is the matrix variant [494] with a ring variant being defined later $[401,561]$. In this chapter, we generally treat the matrix variants since our focus is on lattice reduction for general lattices.

Definition $2.1$ (LWE [494]). Let $n, q$ be positive integers, $\chi$ be a probability distribution on $\mathbb{Z}$ and $\mathbf{s}$ be a uniformly random vector in $\mathbb{Z}q^n$. We denote by $L{\mathrm{s}, \chi}$ the probability distribution on $\mathbb{Z}q^n \times \mathbb{Z}_q$ obtained by choosing $\mathbf{a} \in \mathbb{Z}_q^n$ uniformly at random, choosing $e \in \mathbb{Z}$ according to $\chi$ and considering it in $\mathbb{Z}_q$, and returning $(\mathbf{a}, c)=(\mathbf{a},\langle\mathbf{a}, \mathbf{s}\rangle+e) \in \mathbb{Z}_q^n \times \mathbb{Z}_q$ Decision-LWE is the problem of deciding whether pairs (a, $c$ ) $\in \mathbb{Z}_q^n \times \mathbb{Z}_q$ are sampled according to $L{\mathrm{s}, \chi}$ or the uniform distribution on $\mathbb{Z}q^n \times \mathbb{Z}_q$. Search-LWE is the problem of recovering s from pairs $(\mathbf{a}, c)=(\mathbf{a},\langle\mathbf{a}, \mathbf{s}\rangle+e) \in$ $\mathbb{Z}_q^n \times \mathbb{Z}_q$ sampled according to $L{\mathrm{s}, \chi}$.

We note that the above definition puts no restriction on the number of samples, i.e., LWE is assumed to be secure for any polynomial number of samples. Further, since for many choices of $n, q, \chi$ solving Decision-LWE allows solving Search-LWE [105, 494] and vice versa, it is meaningful just to speak of the LWE problem (for those choices of parameters). By rewriting the system in systematic form [23], it can be shown that the LWE problem, where each component of the secret $\mathbf{s}$ is sampled from the error distribution $\chi$, is as secure as the problem for uniformly random secrets. LWE with such a secret, following the error distribution, is known as normal form LWE. We will consider normal form LWE in this chapter. Furthermore, in this note, the exact specification of the distribution $\chi$ will not matter, and we may simply specify an LWE instance by giving the standard deviation $\sigma$ of $\chi$. We will, furthermore, implicitly assume that $\chi$ is centred, i.e., has expectation 0 . We may also write LWE in matrix form as $\mathbf{A} \cdot \mathbf{s}+\mathbf{e} \equiv \mathbf{c} \bmod q$. The NTRU problem [274] is defined as follows.

Definition $2.2$ (NTRU [274]). Let $n, q$ be positive integers, $f, g \in \mathbb{Z}_q[x]$ be polynomials of degree $n$ sampled from some distribution $\chi$, subject to $f$ being invertible modulo a polynomial $\phi$ of degree $n$, and let $h=g / f \bmod (\phi, q)$. The NTRU problem is the problem of finding $f, g$ given $h$ (or any equivalent solution $\left(x^i \cdot f, x^i \cdot g\right)$ for some $\left.i \in \mathbb{Z}\right)$.

Concretely, the reader may think of $\phi=x^n+1$ when $n$ is a power of two and $\chi$ to be some distribution producing polynomials with small coefficients. The matrix variant considers $\mathbf{F}, \mathbf{G} \in \mathbb{Z}_q^{n \times n}$ such that $\mathbf{H}=\mathbf{G} \cdot \mathbf{F}^{-1} \bmod q$.

## 数学代写|密码学作业代写Cryptography & Cryptanalysis代考|Notation and Preliminaries

All vectors are denoted by bold lower case letters and are to be read as column vectors. Matrices are denoted by bold capital letters. We write a matrix $\mathbf{B}$ as $\mathbf{B}=\left(\mathbf{b}0, \ldots, \mathbf{b}{d-1}\right)$ where $\mathbf{b}i$ is the ith column vector of $\mathbf{B}$. If $\mathbf{B} \in \mathbb{R}^{m \times d}$ has fullcolumn rank $d$, the lattice $\Lambda$ generated by the basis $\mathbf{B}$ is denoted by $\Lambda(\mathbf{B})=$ $\left{\mathbf{B} \cdot \mathbf{x} \mid \mathbf{x} \in \mathbb{Z}^d\right}$. A lattice is $q$-ary if it contains $q \mathbb{Z}^d$ as a sublattice, e.g., $\left{\mathbf{x} \in \mathbb{Z}_q^d \mid\right.$ $\mathbf{x} \cdot \mathbf{A}=\mathbf{0}}$ for some $\mathbf{A} \subset \mathbb{Z}^{d \times d^{\prime}}$. We denote by $\left(\mathbf{b}_0^{\star}, \ldots, \mathbf{b}{d-1}^{\star}\right)$ the Gram-Schmidt (GS) orthogonalisation of the matrix $\left(\mathbf{b}0, \ldots, \mathbf{b}{d-1}\right)$. For $i \in{0, \ldots, d-1}$, we denote the orthogonal projection to the span of $\left(\mathbf{b}0, \ldots, \mathbf{b}{i-1}\right)$ by $\pi_i ; \pi_0$ denotes ‘no projection’, i.e., the identity. We write $\pi_{\mathrm{v}}$ for the projection orthogonal to the space spanned by $\mathbf{v}$. For $0 \leq i<j \leq d$, we denote by $\mathbf{B}{[i: j]}$ the local projected block $\left(\pi_i\left(\mathbf{b}_i\right), \ldots, \pi_i\left(\mathbf{b}{j-1}\right)\right)$, and when the basis is clear from context, by $\Lambda_{[i: j]}$ the lattice generated by $\mathbf{B}_{[i: j]}$. We write $\lg (\cdot)$ for the logarithm to base two.

The Euclidean norm of a vector $\mathbf{v}$ is denoted by $|\mathbf{v}|$. The volume (or determinant) of a lattice $\Lambda(\mathbf{B})$ is $\operatorname{vol}(\Lambda(\mathbf{B}))=\prod_i\left|\mathbf{b}_i^{\star}\right|$. It is an invariant of the lattice. The first minimum of a lattice $\Lambda$ is the norm of a shortest non-zero vector, denoted by $\lambda_1(\Lambda)$. We use the abbreviations $\operatorname{vol}(\mathbf{B})=\operatorname{vol}(\Lambda(\mathbf{B})$ ) and $\lambda_1(\mathbf{B})=\lambda_1(\Lambda(\mathbf{B}))$

The Hermite constant $\gamma_\beta$ is the square of the maximum norm of any shortest vector in all lattices of unit volume in dimension $\beta$ :
$$\gamma_\beta=\sup \left{\lambda_1^2(\Lambda) \mid \Lambda \in \mathbb{R}^\beta, \operatorname{vol}(\Lambda)=1\right} .$$
Minkowski’s theorem allows us to derive an upper bound $\gamma_\beta=O(\beta)$, and this bound is reached up to a constant factor: $\gamma_\beta=\Theta(\beta)$.

## 数学代写|密码学作业代写Cryptography & Cryptanalysis代考|LWE and NTRU

LWE 问题和 NTRU 问题已被证明是密码应用程序的通用构建块 [104、218、274、493]。对于这两个问题，都 存在环和矩阵变体。更准确地说，NTRU 的原始定义是环变体 [274]，很少考虑矩阵变体，而对于 LWE，原始定 义是矩阵变体 [494]，后来定义了环变体 $[401,561]$. 在本章中，我们通常处理矩阵变体，因为我们的重点是一 般格的格约简。

## 有限元方法代写

tatistics-lab作为专业的留学生服务机构，多年来已为美国、英国、加拿大、澳洲等留学热门地的学生提供专业的学术服务，包括但不限于Essay代写，Assignment代写，Dissertation代写，Report代写，小组作业代写，Proposal代写，Paper代写，Presentation代写，计算机作业代写，论文修改和润色，网课代做，exam代考等等。写作范围涵盖高中，本科，研究生等海外留学全阶段，辐射金融，经济学，会计学，审计学，管理学等全球99%专业科目。写作团队既有专业英语母语作者，也有海外名校硕博留学生，每位写作老师都拥有过硬的语言能力，专业的学科背景和学术写作经验。我们承诺100%原创，100%专业，100%准时，100%满意。

## MATLAB代写

MATLAB 是一种用于技术计算的高性能语言。它将计算、可视化和编程集成在一个易于使用的环境中，其中问题和解决方案以熟悉的数学符号表示。典型用途包括：数学和计算算法开发建模、仿真和原型制作数据分析、探索和可视化科学和工程图形应用程序开发，包括图形用户界面构建MATLAB 是一个交互式系统，其基本数据元素是一个不需要维度的数组。这使您可以解决许多技术计算问题，尤其是那些具有矩阵和向量公式的问题，而只需用 C 或 Fortran 等标量非交互式语言编写程序所需的时间的一小部分。MATLAB 名称代表矩阵实验室。MATLAB 最初的编写目的是提供对由 LINPACK 和 EISPACK 项目开发的矩阵软件的轻松访问，这两个项目共同代表了矩阵计算软件的最新技术。MATLAB 经过多年的发展，得到了许多用户的投入。在大学环境中，它是数学、工程和科学入门和高级课程的标准教学工具。在工业领域，MATLAB 是高效研究、开发和分析的首选工具。MATLAB 具有一系列称为工具箱的特定于应用程序的解决方案。对于大多数 MATLAB 用户来说非常重要，工具箱允许您学习应用专业技术。工具箱是 MATLAB 函数（M 文件）的综合集合，可扩展 MATLAB 环境以解决特定类别的问题。可用工具箱的领域包括信号处理、控制系统、神经网络、模糊逻辑、小波、仿真等。