Estimates of the mean size of the subset image under composition of random mappings

Let XN be a set of N elements and F1, F2,… be a sequence of random independent equiprobable mappings XN → N. For a subset S0 ⊂ XN, |S0|=m, we consider a sequence of its images St=Ft(…F2(F1(S0))…), t=1,2… An approach to the exact recurrent computation of distribution of |St| is described. Two-sided inequalities forM{|St|||S0|=m} such that the difference between the upper and lower bounds is o(m)for m, t, N → ∞, mt=o(N) are derived. The results are of interest for the analysis of time-memory tradeoff algorithms.

Limit theorem for the size of an image of subset under compositions of random mappings

Let 𝓧𝓝 be a set consisting of N elements and F1,F2, … be a sequence of random independent equiprobable mappings 𝓧𝓝 → 𝓧𝓝. For a subset S0 ⊂ 𝓧𝓝, |S0| = n, we consider a sequence of its images St = Ft(… F2(F1(S0))…), t = 1, 2 … The conditions on n, t, N → ∞ under which the distributions of image sizes |St| are asymptotically connected with the standard normal distribution are presented.

Functional Graphs and Their Applications in Generic Attacks on Iterated Hash Constructions

We provide a survey about generic attacks on cryptographic hash constructions including hash-based message authentication codes and hash combiners. We look into attacks involving iteratively evaluating identical mappings many times. The functional graph of a random mapping also involves iteratively evaluating the mapping. These attacks essentially exploit properties of the functional graph. We map the utilization space of those properties from numerous proposed known attacks, draw a comparison among classes of attacks about their advantages and limitations. We provide a systematic exposition of concepts of cycles, deep-iterate images, collisions and their roles in cryptanalysis of iterated hash constructions. We identify the inherent relationship between these concepts, such that case-by-case theories about them can be unified into one knowledge system, that is, theories on the functional graph of random mappings. We show that the properties of the cycle search algorithm, the chain evaluation algorithm and the collision search algorithm can be described based on statistic results on the functional graph. Thereby, we can provide different viewpoints to support previous beliefs on individual knowledge. In that, we invite more sophisticated analysis of the functional graph of random mappings and more future exploitations of its properties in cryptanalysis.

On the heuristic of approximating polynomials over finite fields by random mappings

The behavior of iterations of functions is frequently approximated by the Brent–Pollard heuristic, where one treats functions as random mappings. We aim at understanding this heuristic and focus on the expected rho length of a node of the functional graph of a polynomial over a finite field. Since the distribution of preimage sizes of a class of functions appears to play a central role in its average rho length, we survey the known results for polynomials over finite fields giving new proofs and improving one of the cases for quartic polynomials. We discuss the effectiveness of the heuristic for many classes of polynomials by comparing our experimental results with the known estimates for different random mapping models. We prove that the distribution of preimage sizes of general polynomials and mappings have similar asymptotic properties, including the same asymptotic average coalescence. The combination of these results and our experiments suggests that these polynomials behave like random mappings, extending a heuristic that was known only for degree [Formula: see text]. We show numerically that the behavior of Chebyshev polynomials of degree [Formula: see text] over finite fields present a sharp contrast when compared to other polynomials in their respective classes.