Could someone tell me how does the output of the KeyGen algorithm in CP-ABE look like? KeyGen(MK, S). The key generation algorithm will take as input a set of attributes S and output a key that identifies with that set. The algorithm first
chooses a random r ∈ Zp, and then random rj ∈ Zp for each attribute j ∈ S. Then it computes the key as
SK = (D = g(α+r)/β, ∀j ∈ S : Dj = gr · H(j)rj ,D′j = grj )
When Dj and D'j have to be calculated, do we need to take it for the entire set of attributes S OR for each individual attribute in S?
Related
I read the below where R is the relation schema, X is the set of attributes and A is an attribute in R. Let F be set of FDs. For R to be in BCNF, for every X-> A in F following must hold:
1) A is a subset of X
2) X is a superkey
In 2), why does X have to be a superkey? Shouldn't the condition be X is a candidate key because I understand that for BCNF, for every non trivial dependency, a key determines some attribute.
What will go wrong if I replace 2) with X is a candidate key?
Here is simple example: suppose relation R(X, A, B), X candidate key.
If you have FD X->A, you also trivially have FD (X, B) -> A, however (X, B) is not a candidate key (it is not minimal), but it is a superkey.
I want to model that departures from a node can only take place in a "every n hours" manner. I've started to model this using two variables - starttime[i,j,k] shows when vehicle k departured i with j as destination, x[i,j,k] is a binary variable having value 1 if vehicle k drove from i to j, and 0 otherwise. The model is:
maximize maxdrive: sum{i in V, j in V, k in K} traveltime[i,j]*x[i,j,k];
subject to TimeConstraint {k in K}:
sum{i in V, j in V} (traveltime[i,j]+servicetime[i])*x [i,j,k] <= 1440;
subject to StartTime{i in V,j in V, k in K}:
starttime[i,j,k] + traveltime[i,j] - 9000 * (1 - x[i,j,k]) <= starttime[j,i,k];
subject to yvar{i in V, j in V}:
sum{k in K} x[i,j,k] <= maxVisits[i,j];
subject to Constraint1{i in V, j in V, k in K, g in V, h in K}:
starttime[i,j,k] + TimeInterval[i]*x[i,j,k] <= starttime[i,g,h];
The constraint in question is "Constraint1" where i is the origin node, j the destination node, and k is the vehicle. The index g is used to show that the later departure can be to any destination node. TimeInterval corresponds to the interval intended, i.e. if TimeInterval at i is 2 hours, the starttime of the next vehicle to departure from i must not be less than 2 hours from previous departure. The origins corresponds to specific products (only available from said origin node) whereas I want the vehicles to not be bounded to a specific origin node - they should be able to jump between nodes to utilize backhauling etc. In other words, I want to conduct this constraint without having restraints on the vehicles themselves but rather the origin nodes.
The objective function to "maximize the traveltime" may seem strange, but the objective function is rather obsolete really. If the constraints are met, the solution is adequate. To maximize traveltime is merely an attempt to "force" the x variables to become 1.
The question is: how can I do this? With this formulation, all x[i,j,k] variables dissappears from the answer (without this constraint, some of the binary variables x becomes 1 and the other 0. The solution meets the maxVisits requirement. With the constraint all x variables becomes 0 and all starttimes becomes 0 as well. MINTO (The solver) doesn't state that the problem is infeasible either.
Also, how to separate the vehicles so the program recognizes that it is a comparison between all departures? I would rather to not include time dimensions, at it would give so much more variables.
EDIT: After trying a new model using a non-linear solver I've seen some strange results. Specifically, I'm using the limit 1440 (minutes) as an upper bound as to for how long a vehicle can operate each day. Using this model below the solution is 0 for every variable, but the starttime for all combinations of i,j,k is 720 (half of 1440). Does anyone have any clue in regards of what causing this solution? How did this constraint remove the link between starttime being higher than 0 requiring that x must be 1.
subject to StartTimeSelf{i in V, j in V, k in K, g in K, h in V}:
starttime[i,j,k]*x[i,j,k] + TimeInterval[i]*x[i,j,k] + y[i,k] <= starttime[i,h,g]*x[i,j,k];
I've encountered a problem which I have not found any solution to reading the AMPL documentation of sets.
What I want to model is that a city, say Kir, must have for instance 9 deliveries from another city, for instance Sto. However, these deliveries must arrive in Kir at some specific terminals, each terminal being open only for a small amount of time (approx 2 minutes) each day. The same must be true for the origin node. The route from Sto must be specified from a specific terminal (so the path can be "followed" in the results).
I've started to model using the "set V within K" operation for sets, but that requires that V must be the same set, or a subset of K where K is the set representing the "nodes" - Kir, Sto and so on and V is the set of names of the terminals "Terminal1", "Terminal2" etc.
I've started to check for instance "set K dimension 4" defined as for instance:
set K dimension 4;
data;
set K:=
Sto Kir Terminal1 Terminal2
Bod Kir Terminal3 Terminal2;
Where set K represents from which city (for example Sto) a delivery should be driven (to for example Kir), where the departing terminal in Sto is Terminal1 and the delivering terminal in Kir is Terminal2. This has the downside of having to specifiy a large number of combinations (there are approximately 22 terminals in Kir alone etc) manually. I don't know how to model the constraints then either. For instance the "one dimension" set I've previously had:
subject to yvar{i in V, j in V}:
sum{k in H} x[i,j,k] <= maxVisits[i,j];
where V is the set of cities alone, and H is the set of vehicles, maxVisits represents the maximum amount of deliviries from city i to city j and x is 1 if a delivery is made from i to j using vehicle k. I don't understand how this could be modeled, using the four dimensional set K.
Regards,
One way to model this is to index x over K and H and change the summation to include terminals:
var x{K, H} binary;
subject to yvar{i in V, j in V}:
sum{(i,j,t,u) in K, k in H} x[i,j,t,u,k] <= maxVisits[i,j];
The indexing (i,j,t,u) in K in the summation will iterate over pairs of terminals that are endpoints of routes from city i to city j. Note that i and j are fixed here because they are defined in the constraint indexing {i in V, j in V}.
I'm using the diffie-hellman key exchange method to securely generate a key for use with the AES cipher (the result will be hashed to make in the ideal length). Assuming the exponent is a prime of length 2^2048 bits, how can i calculate the size of the base and the modulus if i want the decimal result to be of a length in between (2^6)^32 and (2^6)^40 (i.e. a base64 string of length equal to or greater than 32 and less than or equal to 40 characters). The base i want to use is within the range 3
I'm new to Diffie-Hellman exchanges, are there any restrictions on the modulus, the base or the exponents that i should be aware of?
Is there an equation i can use to derive the ideal pair lengths, or do i have to pre calculate it and store it in an array.
Thanks,
I'm not sure what you are asking about.
For Diffie-Hellman you choose a safe or strong prime p between 2^2047 and 2^2048-1 in your case, then choose an element 0 < g < p-1 such that g^(p-1) mod *p*=1 but g^x mod p≠1 for all 0 < x < p-1 . p and g are constant parameters for your implementation. The size of g does not matter for the scheme. Now for a key exchange you sample 0 < a,b < p-1 uniformly and random, exchange g^a mod p and g^b mod p, and calculate g^ab mod p. Because of the random choice of a and b the result g^ab mod p is also random with 0 < (g^ab mod p) < p-1.
As you have already noticed you can then hash g^ab mod p to generate a short key (256 bit with sha256 for example).
I'm new to cryptography and modular arithmetic. So, I'm sure it's a silly question, but I can't help it.
How do I calculate a from
pow(a,q) = 1 (mod p),
where p and q are known? I don't get the "1 (mod p)" part, it equals to 1, doesn't it? If so, than what is "mod p" about?
Is this the same as
pow(a,-q) (mod p) = 1?
The (mod p) part refers not to the right hand side, but to the equality sign: it says that modulo p, pow(a,q) and 1 are equal. For instance, "modulo 10, 246126 and 7868726 are equal" (and they are also both equal to 6 modulo 10): two numbers x and y are equal modulo p if they have the same remainder on dividing by p, or equivalently, if p divides x-y.
Since you seem to be coming from a programming perspective, another way of saying it is that pow(a,q)%p=1, where "%" is the "remainder" operator as implemented in several languages (assuming that p>1).
You should read the Wikipedia article on Modular arithmetic, or any elementary number theory book (or even a cryptography book, since it is likely to introduce modular arithmetic).
To answer your other question: there is no general formula for finding such an a (to the best of my knowledge) in general. Assuming that p is prime, and using Fermat's little theorem to reduce q modulo p-1, and assuming that q divides p-1 (or else no such a exists), you can produce such an a by taking a primitive root of p and raising it to the power (p-1)/q. [And more generally, when p is not prime, you can reduce q modulo φ(p), then assuming it divides φ(p) and you know a primitive root (say r) mod p, you can take r to the power of φ(p)/q, where φ is the totient function -- this comes from Euler's theorem.]
Not silly at all, as this is the basis for public-key encryption. You can find an excellent discussion on this at http://home.scarlet.be/~ping1339/congr.htm#The-equation-a%3Csup%3Ex.
PKI works by choosing p and q that are large and relatively prime. One (say p) becomes your private key and the other (q) is your public key. The encryption is "broken" if an attacker guesses p, given aq (the encrypted message) and q (your public key).
So, to answer your question:
aq = 1 mod p
This means aq is a number that leaves a remainder of 1 when divided by p. We don't care about the integer portion of the quotient, so we can write:
aq / p = n + 1/p
for any integer value of n. If we multiply both sides of the equation by p, we have:
aq = np + 1
Solving for a we have:
a = (np+1)1/q
The final step is to find a value of n that generates the original value of a. I don't know of any way to do this other than trial and error -- which equates to a "brute force" attempt to break the encryption.