Notation and Definitions Sample Clauses

Notation and Definitions. We use the following notation: number of protocol parties (group members) set of current group members set of leaving members set of newly joining members -th group member; height of a tree -th node at level in a tree ’s view of the key tree ’s modified tree after membership operation A subtree rooted at node set of ’s blinded keys prime integers exponentiation base Key trees have been suggested in the past for centralized group key distribution systems. The seminal work of Xxxxxxx et al. [36] is the earliest such proposal. One of the main features of our work is the use of key trees in fully distributed contributory key agreement. Figure 1 shows an example of a key tree. The root is located at level and the lowest leaves are at level . Since we use binary trees,2 every node is either a leaf or a parent of two nodes. The nodes are denoted , where since each level hosts at most nodes.3 Each node is associated with the key and the blinded key (bkey) where the function is modular exponentiation in prime order groups, i.e., (analogous to the Xxxxxx-Xxxxxxx protocol). Assuming a leaf node hosts the member , the node has ’s session random key . Furthermore, the member at node knows every key along the path from to , referred to as the key-path and denoted . In Figure 1, if a member owns the tree , then knows every key in and every bkey on . Every key is computed recursively as follows: Computing a key at requires the knowledge of the key of one of the two child nodes and the bkey of the other child node. at the root node is the group secret shared by all members. We stress, once again, that this value is never used as a cryptographic key for the purpose of encryption, authentication or integrity. Instead, such special-purpose sub-keys are derived from the group secret, e.g., by setting where is a cryptographically strong hash function uniquely indexed with the purpose idenitifer , e.g., encryption. For example, in Figure 1, can compute and using , , and . The final group key is: To simplify subsequent protocol description, we introduce the term co-path, denoted as , which is the set of siblings of each node in the key-path of member . For example, the co-path of member in Figure 1 is the set of nodes . Consequently, every member at leaf node can derive the group secret from all bkeys on the co-path and its session random .
Sample 1Sample 2
AutoNDA by SimpleDocs
Notation and Definitions. A one-way secret-key agreement protocol has three important parameters, which are denoted by the same letters throughout the paper: the length m of the secret key produced, a security parameter k, and the number n of instances of the initial random variables used. It will be convenient in applications to assume that, for given m and k, n can be computed by a function n(k, m). ∈ { } X × Y × → ∈ { } ∈ { } Definition 1 (Protocol). A one-way secret-key agreement (OW-SKA) proto- col on consists of the function n(k, m) : N N N; a function fam- ily, called Xxxxx, with parameters k and m, mapping n instances of X to a bit string SA 0, 1 m (the secret key) and a bit string Γ 0, 1 ∗ (the communica- tion); and a function family, called Xxx, with parameters k and m, mapping Γ and n instances of Y to a bit string SB 0, 1 m. The protocol is efficient if n(k, m), Xxxxx, and Xxx can be computed by probabilistic Turing machines in m time poly(k, m). The rate of the protocol is limk→∞ limm→∞ n(k,m) . The goal of secret-key agreement is to get a secure key (SA, SB), i.e., two strings which are likely to be equal and look like a uniform random string to Eve. We can define this as follows: { } × { } Definition 2 (Secure Key). A pair (X, Y ) over 0, 1 m 0, 1 m of random variables is ε-secure with respect to Z if PXY Z − PUU × PZ ≤ ε, where PUU is the probability distribution over {0, 1}m × {0, 1}m given by PUU (x, y)= 2−m if x = y 0 otherwise. We say that a protocol is secure if it generates a 2−k-secure key with respect to the information Eve has after the protocol execution, that is, the initial ran- domness Z1,... , Zn and the communication Γ . In some cases it is desirable to have a protocol which works for a class of distributions rather than for a sin- gle distribution (since one may not know the exact distribution of the random variables). X × Y × Z ∈ X × Y
Sample 1
Notation and Definitions. ‌ We continue to use the notation and definitions from Sect. 3, along with the following. We use the prefix “multi” to refer to the multi-key setting of the algorithms in question. So, for example, the PRP-PRF switch becomes the multi-PRP-PRF switch, and GCM becomes multi-GCM. ∈ An adversary is non-adaptive if the oracle inputs it generates are independent of all oracle outputs. We identify such adversaries with sequences x X+ and write advG x to mean the advantage of the non-adaptive adversary which queries x to win game G. (X × Y)+, where A interacts with oracles from X to Y. The advantage of D in ∈ — ∈ distinguishing oracles O1 and O2 is given by Δ (O1 ; O2) := P AO1 W P AO2 W . (28) D Note that this definition is equivalent to the usual definition, where the dis- tinguisher’s output bit has been changed to the set W, which is some random variable that may depend on A but is independent of the oracle: Ay ∈ W if
Sample 1
Notation and Definitions d We begin with some notation and definitions that we will use in this work. Let d ∈ N, then we write Ad to be a d-character alphabet with a distinguished 0 element. Given a word q ∈ An, and a subset t ⊂ {1, · · · , n}, we write qt to mean the substring of q indexed by t; we use q—t to mean the substring of q indexed by the complement of t. We write w(q) to be the relative Hamming weight of q, namely w(q) = |{i : qi=0}| - that is the number of characters in q that are not zero, divided by the length of q. Given two words x, y in this alphabet, we write xy to mean the concatenation of x and y. Finally, given a, b, numbers between 0 and d − 1, we write a +d b to mean the addition of a and b modulo d. {| ⟩ | ⟩ · · · | − ⟩} H Σ We use d to mean a Xxxxxxx space of dimension d. The standard computational basis will be denoted Z = 0 , 1 , , d 1 . If we are referring to an alternative basis we will write the basis label as a superscript. One important basis we will use is the Fourier basis consisting of elements F = {|0⟩7 , · · · , |d − 1⟩7 }, where: 1 |j⟩7 = √ k exp(2πijk/d) |k⟩ . d | ⟩ | ⟩ ⟨ | | ⟩ ⊗ · · · ⊗ | ⟩ | ⟩ ∈ A | ⟩ | ⟩ ⊗ · · · ⊗ | ⟩ | ⟩ If given a word q n, we write q to mean q1 qn . Similarly, we write q 7 to mean q1 7 qn 7 . Note that if there is no superscript, then q is assumed to be the computational Z basis. Finally, given pure state ψ , we write [ψ] to mean ψ ψ . A density operator is a positive semi-definite Hermitian operator of unit trace acting on some Xxxxxxx space. If ρAE acts on Xxxxxxx space HA ⊗ HE, then we write ρA to mean the operator resulting from tracing out the E system, namely ρA = trEρAE. Similarly for other, or multiple, systems. The Xxxxxxx entropy of a random variable X is denoted H(X). The d-ary entropy function is denoted Hd(x), for x ∈ [0, 1], and is defined to be: Hd(x) = x logd(d − 1) − x logd x − (1 − x) logd(1 − x). Note that when d = 2 this is simply the binary Xxxxxxx entropy. Given density operator ρAE, the conditional quantum min entropy is defined to be [27]: H∞(A|E)ρ = sup max{λ ∈ R : 2—λIA ⊗ σE − ρAE ≥ 0}, (1) σE | | where the supremum is over all density operators acting on the E system. If ρ = [ψ] is a pure state, then we often write H∞(A E)ψ. Given ρAE, we write H∞(AZ E)ρ to mean the min entropy of the resulting state following a measurement of the A register in the Z basis. There are many important properties of quantum min entropy we will use. In particular, if the E system is trivial or independent of the A ...
Sample 1
Notation and Definitions. ‌ As seen in the previous chapter, we are interested in a systematic exploration of data transformations in order to solve a meta-learning problem. This strategy has many advantages: by considering learning algorithms as black-boxes, we can always choose the state-of-the-art ones. By focusing on the meta-problem rather than the problem itself, we can reach a certain degree of interpretability even when we decide to use non-interpretable classificators/regressors. Additionally, by suitably transforming the data, we can deal with temporal and spatial components even when the classifiers/regressors do not offer spatial-temporal capabilities natively without resorting to the most na¨ıve approaches such as flattening. The mathematical characterization of dynamic preprocessing allows us to decide on a clear and reasonably elegant syntax. A consequence will be that the expressive power may be slightly reduced but this, however, is not necessarily negative, considering that complex transformations may hamper the interpretability of the results. In the following, we assume that data sets are presented in their matricial form with m instances (rows), that A1, . . . , An are the independent attributes, that data are distributed under z names (that is, there are z sources), and associated to k classes. Whenever necessary, we assume that m = m∗z, that is, that each name has m∗ of the m instances associated with it. While it may be intuitive to suggest that the class should be a function of the name (that is, that different instances of the same source should be associated to the same class), in the most general setting we can give up such an assumption. There are, in fact, real-world cases in which it may not be true. Let M be the space of all data sets, and let V ⊂ M be the space of all real vectors (i.e., single-dimension matrices). Definition 3 A dynamic pre-processing operator P is a real vector. A dynamic pre-processing transformation is a function:
Sample 1

Related to Notation and Definitions

  • Introduction and definitions 1.1 This agreement (the “Grant Agreement”) consists of 23 Clauses, 2 Schedules and 2

  • Construction and Definitions Unless defined below or otherwise in this Annex A, all of the capitalized terms used in this Annex A shall have the meanings assigned to them in this Agreement:

  • Interpretation and Definitions 2.01 For the purpose of this Agreement:

  • RECOGNITION AND DEFINITIONS 2.01 The Employer recognizes the Ontario Nurses’ Association as the exclusive bargaining agent for all registered nurses, and nurses with Temporary Certificates of Registration, employed in a nursing capacity at the Queen’s Family Health Team at Queen’s University in Kingston, save and except nurse manager and persons above the rank of nurse manager.

  • ARTICLE I DEFINITIONS 1 SECTION 1.01.

  • Terms and Definitions The terms listed below shall have the respective meaning given them as set forth adjacent to each term.

  • Scope and Definitions 1. The provisions of this Chapter shall apply to technical regulations, standards and conformity assessment procedures as defined in the WTO TBT Agreement in so far as they affect trade between the Parties.

  • Preamble and Definitions 1.1 The preamble to this agreement constitutes an integral part hereof.

  • Special Rules and Definitions The following additional rules and definitions apply in implementing the due diligence procedures described above:

  • Purpose and Definitions 1. The purpose of this Chapter is to promote the objectives of this Agreement by simplifying customs procedures in relation to bilateral trade between the Parties.

Time is Money Join Law Insider Premium to draft better contracts faster.