WO2016145315A1 - Security of multidimensional arrays - Google Patents

Security of multidimensional arrays Download PDF

Info

Publication number
WO2016145315A1
WO2016145315A1 PCT/US2016/022014 US2016022014W WO2016145315A1 WO 2016145315 A1 WO2016145315 A1 WO 2016145315A1 US 2016022014 W US2016022014 W US 2016022014W WO 2016145315 A1 WO2016145315 A1 WO 2016145315A1
Authority
WO
WIPO (PCT)
Prior art keywords
array
dimensional
linear complexity
measure
arrays
Prior art date
Application number
PCT/US2016/022014
Other languages
French (fr)
Inventor
Tom HOHOLDT
Ivelisse RUBIO
Oscar Moreno De Ayala
Original Assignee
Optimark, Llc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Optimark, Llc filed Critical Optimark, Llc
Publication of WO2016145315A1 publication Critical patent/WO2016145315A1/en

Links

Classifications

    • HELECTRICITY
    • H03ELECTRONIC CIRCUITRY
    • H03MCODING; DECODING; CODE CONVERSION IN GENERAL
    • H03M13/00Coding, decoding or code conversion, for error detection or error correction; Coding theory basic assumptions; Coding bounds; Error probability evaluation methods; Channel models; Simulation or testing of codes
    • H03M13/29Coding, decoding or code conversion, for error detection or error correction; Coding theory basic assumptions; Coding bounds; Error probability evaluation methods; Channel models; Simulation or testing of codes combining two or more codes or code structures, e.g. product codes, generalised product codes, concatenated codes, inner and outer codes
    • H03M13/2906Coding, decoding or code conversion, for error detection or error correction; Coding theory basic assumptions; Coding bounds; Error probability evaluation methods; Channel models; Simulation or testing of codes combining two or more codes or code structures, e.g. product codes, generalised product codes, concatenated codes, inner and outer codes using block codes
    • H03M13/2918Coding, decoding or code conversion, for error detection or error correction; Coding theory basic assumptions; Coding bounds; Error probability evaluation methods; Channel models; Simulation or testing of codes combining two or more codes or code structures, e.g. product codes, generalised product codes, concatenated codes, inner and outer codes using block codes with error correction codes in three or more dimensions, e.g. 3-dimensional product code where the bits are arranged in a cube
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N19/00Methods or arrangements for coding, decoding, compressing or decompressing digital video signals
    • H04N19/46Embedding additional information in the video signal during the compression process
    • H04N19/467Embedding additional information in the video signal during the compression process characterised by the embedded information being invisible, e.g. watermarking

Definitions

  • the present invention relates to the security of multidimensional, multi- periodical arrays.
  • embodiments of the present invention relate to methods and apparatus for determining the security of two, three and higher dimensional encoding arrays, which can be used for applications including, but not limited to watermarking, digital communications and encryption.
  • Patent application PCT/AU2010/000990 entitled “Digital Watermarking” discloses the Applicant's processes that produce new multi-dimensional and multi-periodical arrays which have numerous areas of application including watermarking for use in multimedia applications, where the multi-dimensional nature of watermarking has been desirable, but not generally available.
  • the media and entertainment industry for example, is asking for digital watermarks for images, audio, video, and synchronized video-audio applications.
  • Authorised copies of digital media are imprinted with a watermark, which identifies the owner of a specific copy. Good watermarks imply that even if users collude in trying to erase the watermark, the copy would retain enough information to track down the original owner, in case the file is copied and distributed. Additionally, watermarks are applied to measure audiences and penetration.
  • PCT/AU2010/000990 presents methods of array construction which can be generalized to any number of dimensions. They are based on composing a shift sequence with a column sequence/array and suitable choices of shift sequences and column sequences/arrays for digital watermarking applications are disclosed in PCT/AU2010/000990.
  • High linear complexity is desirable for video watermarks because usually there are parts of a video which have low contrast within a frame or have regions which change slowly with time. This exposes sections of a watermark to an attacker, who may try to reverse engineer the whole watermark from such sections. Similar comments apply to audio and still images.
  • High linear complexity may also be desirable in many other applications, including, but not limited to, optical orthogonal codes, acoustics, such as acoustic diffusers, correlated magnetics, x-ray image reconstruction and structured light, and crypto systems.
  • optical orthogonal codes such as acoustic diffusers, correlated magnetics, x-ray image reconstruction and structured light, and crypto systems.
  • the present invention relates to methods and apparatus for determining the security of multi-dimensional encoding arrays used for applications such as, but not limited to multimedia watermarking, mobile communications, radar, sonar, ultrasound and cryptography.
  • Embodiments of the methods include the generation of two, three and higher-dimensional constructions based on logarithmic and exponential quadratic maps, rational function maps and Legendre arrays.
  • the present invention resides in a method of measuring a level of security of an n- dimensional encoding array u, irrespective of the value of n, the method comprising:
  • Groebner basis to generate a measure of the linear complexity of the encoding array u, wherein the measure of the linear complexity is a measure of the level of security and the count of the delta set is an invariant.
  • the measure of the level of security is invariant irrespective of one or more of the following: the choice of Groebner basis; the number of valid polynomials; the dimensionality of the array; the size of the array.
  • the method further comprises determining the set of valid polynomials for the encoding array u one of the following: the Berlekamp- Massey-Sakata algorithm; Rubio's analog to the Sweedler-Taylor algorithm; any other accelerated algorithm.
  • an array which can be folded or unfolded to change its dimensionality using the Chinese Remainder Theorem retains the same linear complexity when its dimensionality is altered.
  • the n-dimensional encoding array u is generated by:
  • the step of replacing the columns of the impulse column array comprises cyclically shifting a ternary Sidelnikov sequence of length p 2 - 1 using a shift sequence s; belonging to each co-ordinate on the grid table.
  • the n-dimensional encoding array u is generated by:
  • the n-dimensional encoding array u is constructed over a binary alphabet, an alphabet over higher roots of unity possibly including 0 and commensurate with the structure of the Finite Field of characteristic p.
  • the n-dimensional encoding array u is generated by mapping all the elements of the finite field GF(p m ) onto an m-dimensional grid, particularly for cases where m is even, where this results in the construction of families of arrays with optimum cross-correlation and auto-correlation and linear complexity higher than has been achieved until now.
  • the linear complexity is greater than or equal to Ti T2... Tn/2 for large enough Ti,.. T n .
  • the relative linear complexity is greater than or equal to 1/2.
  • the constructed arrays are therefore immune or at least robust to linear attack and therefore offer superior security when used in applications such as, but not limited to watermarking, cryptography or communications.
  • the present invention resides in an apparatus for measuring a level of security of an n-dimensional encoding array u, irrespective of the value of n, the apparatus comprising a processor in communication with a memory, the memory comprising computer readable program code components, the execution of which causes:
  • the measure of the linear complexity is a measure of the level of security and the count of the delta set is an invariant.
  • the apparatus further comprises an output means in communication with the processor for outputting the measure of the linear complexity of the encoding array u.
  • the minimal connection polynomial is implemented in a Field Programmable Gate Array (FPGA) to generate array u using minimum gate count possible and executing the array generation in the shortest time possible.
  • FPGA Field Programmable Gate Array
  • FIG 1 illustrates methods of construction of 3D arrays using 2D logarithmic shift sequences and mapping according to embodiments of the present invention
  • FIG 2 illustrates methods of construction of 3D arrays using exponential shift sequences to shift 2D Legendre arrays according to other embodiments of the present invention
  • FIGS 3A, 3B & 3C show examples of known Moreno-Tirkel arrays
  • FIGS 4A, 4B & AC show an example of generating a known Moreno- Tirkel array of Family C by rotating the original shift array by 90° before substitution;
  • FIG 5 illustrates an apparatus for implementing the methods for computing the linear complexity of multidimensional arrays of the present invention
  • FIG 6 is a general flow diagram illustrating the methods of computing the linear complexity of multidimensional arrays according to embodiments of the present invention.
  • Embodiments of the present invention relate to methods and apparatus for measuring the security of multidimensional arrays having a range of applications. Embodiments of the present invention also relate to methods and apparatus for constructing families/cliques of multidimensional, multi- periodical arrays having maximal auto-correlation and minimal cross- correlation.
  • the multidimensional arrays associated with the present invention are constructed using a method of composition.
  • the methods include constructing a family of doubly or multi-periodic shift sequences with constrained auto-correlation and cross-correlation.
  • the doubly or multi- periodic shift sequences can be used in their own right, for example as 2D or 3D frequency hopping or time hopping codes for ultra-wideband (UWB) communications, radar or sensing, or they can shift a commensurate pseudo- noise sequence or array to produce dense binary or almost binary 2D, 3D or higher dimensional arrays suitable for, for example, watermarking.
  • the multidimensional, multi-periodical arrays associated with the present invention have good auto and cross-correlation.
  • the family size and correlation bound are dictated by the degree of a polynomial employed in the construction of the shift sequence or array.
  • the multidimensional arrays have high linear complexity, rendering them suitable for a range of secure applications.
  • Table 100 shows the powers of a primitive element in Finite Field GF(3 2 ) raised to all its powers in a square grid format.
  • Vertical arrow 102 represents a logarithmic mapping of the grid table 100, which results in shift array 104.
  • Shift array 104 is used to shift a column sequence 106, such as a Sidelnikov sequence of length 8.
  • the methods of construction thus comprise generating a three dimensional array 108 using the shift array 104 and the column sequence 106.
  • the methods of construction include placing the column sequence 106, such as a column of length 8, below every entry in the shift array 104.
  • the column contains all zeroes if the entry in the shift array 104 is * . Otherwise, the column contains a solitary entry of one (i.e. an impulse column) in the position determined by the entry in the corresponding location of the shift array 104. This results in the impulse column array 108.
  • the methods of construction include replacing the impulse columns of the impulse column array 108 with a commensurate Sidelnikov sequence to produce 3D watermarking array 1 10 over +1 ,-1 , and 0.
  • the 3D array shown in FIG. 1 is solitary, so by itself it does not address the requirement of delivering large families of arrays with low off-peak autocorrelation and low cross-correlation.
  • the resulting three dimensional arrays differ in their size and shape, the family size and the correlation values.
  • the quadratic shift in Eqn (2) guarantees that no more than 2 such Sidelnikov columns can match and therefore the worst case autocorrelation and cross- correlation for this construction is of the order of 2p 2 .
  • the peak autocorrelation is of order p 4 .
  • the off-peak autocorrelation and cross-correlation are bounded by mp 2 .
  • the method of connecting elements of Finite Field GF(p m ) - ⁇ 0 ⁇ with Z p m _ 1 using a logarithmic function where m is any positive integer has an inverse.
  • GF(p m ) - ⁇ 0 ⁇ and Z p m_ 1 have the same cardinality and consequently there exists an inverse function since we are using a 1-1 onto function, so every element in GF(p m )— ⁇ 0 ⁇ is mapped onto every element of Z p m_ .
  • the inverse (exponential) function g.- Z p m_ 1 ⁇ z - ⁇ 0 ⁇ Take a, the corresponding primitive element of the finite field GF.
  • FIG. 2 illustrates an example of such a construction over GF (3 2 ) in which the grid coordinates are used to shift a 3x3 Legendre Array described in PCT/AU2010/000990.
  • the methods of construction include representing the primitive elements of GF(3 2 ) in a two dimensional grid table 200.
  • the methods of construction include applying an exponential mapping to the grid table 200 to generate a shift array or sequence.
  • the grid co-ordinates for ascending powers of a are shown in shift array 202.
  • a shift of (2, 1 ) corresponds to a shift of two squares down and one square to the right.
  • a 3x3 Legendre array 204 is commensurate with the two dimensional shift sequence in shift map 202.
  • the methods of construction include applying the exponential shift array 202 to the 3x3 Legendre array 204 to generate the 3D array 206, which is depicted in FIG 2 constructed plane by plane.
  • the methods of construction can include constructing a family of arrays by applying a quadratic map to the shift sequence/array, instead of the (linear) exponential construction discussed in Fig. 2, as below:
  • A, B, C are elements of the finite field GF(p m ). Any two arrays which are multi-dimensional cyclic shifts of one another are called equivalent.
  • the autocorrelation of such arrays and the cross-correlation between any non-equivalent arrays constructed using the quadratic in Eqn (6) is bounded by two.
  • the off-peak autocorrelation and the cross-correlation are bounded by m.
  • Other shift sequences are possible, making use of rational function maps and related functions as explained in patent application PCT/AU2010/000990.
  • the arrays need to be robust to attack. For example, an attacker can have access to parts of the array and attempt to reconstruct the rest of the array by applying linear algorithms such as the Berlekamp-Massey-Sakata algorithm.
  • the present application introduces a general and invariant measure of the linear complexity of arrays in any number of dimensions.
  • ⁇ T be the total degree ordering on Z 0 .
  • the set of all valid polynomials for an array u is denoted VALPOL(u).
  • VALPOL (u) is an ideal in K[z].
  • a finite subset 5 of ⁇ 0 is called non-degenerate iff for any s E S, there exists no other point t e S such that s ⁇ t.
  • a finite subset F of K[z] and a finite subset S of ⁇ 0 are called "a minimal polynomial set” and the "minimal degree set” of an array u, respectively, iff the following conditions are satisfied:
  • [1 ] contains an algorithm for the calculation of a Groebner basis for VALPOL(u), and hence ⁇ (U) .
  • the algorithm is an extension of an earlier 2D version [2] which has been used for decoding algebraic geometry codes. See e.g. [3] and [4].
  • the thesis of Rubio [12] also contains an algorithm that computes a Groebner basis for VALPOL(u) by reducing a matrix whose rows consist of mappings of the array u.
  • Rubio's algorithm is an analog of an algorithm, due to Moss Sweedler and Lee Taylor (referred to herein as the Sweedler-Taylor algorithm), for computing Groebner bases for 0-dimensional ideals without necessarily knowing a basis for the ideal. In other embodiments, any other accelerated algorithm could be used.
  • the Moreno- Tirkel arrays are two dimensional versions of the three-dimensional examples, the subject of the present invention, except that their dimensions are relatively prime. Their construction is explained below. Their linear complexity is obtained by using the CRT to convert them from two dimensions to one dimension and then applying the Berlekamp-Massey algorithm.
  • the linear complexity is the degree of the polynomial obtained by the Berlekamp-Massey algorithm, which is also the number of elements in ⁇ (U). Hence, the same complexity will be obtained if one computes the size of ⁇ ( ) by computing a Groebner basis for VALPOL(u) with respect to another total ordering. For the Groebner basis method one does not need to assume that the dimensions of the array are relatively prime.
  • Family A is obtained by applying an exponential quadratic shift sequence to commensurate columns as described before [5] and [6].
  • Family B is obtained by applying a rational function map to GF(p m ) ] ⁇ to map p m + 1 entries onto p m .
  • the entry which cannot be mapped can have the column below it be substituted by a constant which can be used to balance the array and the correlation.
  • Family C is obtained by applying a similar process to a rational function cycle through a finite field by mapping p m + 1 onto entries onto p m - 1.
  • p m + 1 can be prime (Mersenne prime) and then the column can be substituted by a Legendre sequence or any suitable prime length pseudonoise sequence.
  • 2 m + 1 is prime, in which case the array can be rotated and the rows substituted by Legendre or other suitable prime length pseudonoise sequence.
  • 2 m + 1 and 2 m - 1 are relatively prime, so the array can be unfolded along a diagonal, using the Chinese Remainder Theorem (CRT).
  • FIG 3A shows the array form (19x 18) of a sequence obtained from Family A.
  • FIG 3B shows the array form (1 9x20) of a sequence obtained from Family B.
  • FIG 3C shows the array form (15x 17) of a sequence obtained from Family C, where the rows have been substituted by binary Legendre sequences of length 17. These are the closest values to compare with the array format (1 5x 17) of the previous known constructions. Note that there are no apparent symmetries.
  • the array of Family C is obtained by rotating the original shift array before substitution. This can be done because the original array has at most one dot per column and exactly one dot per row. The process is shown in FIGS 4A, 4B and 4C. Using the aforementioned methods, the linear complexity for the known
  • CDMA sequences and the three families of Moreno-Tirkel constructions with Legendre sequence columns were analyzed and the results are presented in Table 1.
  • the comparison has been restricted to sizes for which all constructions exist, so that a quantitative comparison between the constructions can be made.
  • the Moreno-Tirkel arrays are available in many more sizes than the classical counterparts.
  • some of the sequences/arrays can be folded into higher dimensions e.g. 255 can be folded into 15x17 or 3*5* 17, 1023 can be folded into 31 *33 or 31 *1 1 *3, and 4095 can be folded into 63*65 or 7*9*65 or 7*9*5* 13 or various other two, three, or four dimensional arrays.
  • Moreno-Tirkel families are the only ones to have high linear complexity, and that this complexity remains high as the sequence length/array size asymptotes to infinity. Therefore, the Moreno-Tirkel sequences/arrays are inherently more secure when used as arrays for watermarking or as sequences for wireless communications or in other applications requiring such security.
  • the number of columns in the array is 15.
  • an apparatus 500 for measuring a level of security of an n- dimensional encoding array u can be implemented in a combination of hardware and software.
  • Apparatus 500 comprises a processor 505 in communication with a memory 510 and an output means 507, such as display.
  • the memory 510 comprises a computer readable medium 515 having stored thereon computer readable program code components 520. Selective execution of the computer readable program code components 520 by the processor 505 causes the apparatus 500 to perform the steps of the methods according to embodiments of the present invention as described herein.
  • apparatus 500 performs the step of computing, via the processor 505, a Groebner basis for the set of valid polynomials for the encoding array u using n-variate recurrence or connection polynomials.
  • Apparatus 500 performs the step of determining, via the processor 505, a delta set (footprint) of the Groebner basis.
  • Apparatus 500 then performs the step of counting, via the processor 505, a number of points of the delta set (footprint) of the Groebner basis to generate a measure of the linear complexity of the encoding array u, and outputting, via the output means, the measure of the linear complexity of the encoding array u, wherein the measure of the linear complexity is a measure of the level of security and the count of the delta set is an invariant.
  • the method 600 includes taking an n dimensional array, such as a 2D array u and at step 610 associating the array u to a power series u(x,y) with terms uijxy.
  • the method includes determining a list of monomials M ordered w.r.t. a total order ⁇ r and ordering the terms in the power series u(x,y) w.r.t. the total order ⁇ T .
  • the first row of the array equals the coefficients of the ordered power series u(x,y).
  • the method 600 includes removing monomial 1 from the list of monomials M.
  • F equals the first monomial in M and the new row of the array equals the coefficients of terms with positive exponents in the ordered power series u(x,y).F '1 .
  • the method 600 includes partially reducing the new rows of the array with the previous rows.
  • the method 600 includes determining whether the new row of the array is partially dependent on one or more previous rows. If not, at step 645 the method includes removing the first monomial F from the list of monomials M. If so, at step 655 the method includes removing all multiples of the first monomial F from the list of monomials M and adding the first monomial to LM.
  • the method includes determining whether the list of monomials M is empty. If not, the method returns to step 630. If so, at step 665 delta is defined as the set of all monomials that are not divisible by any element in LM, represented by ⁇ and at step 670 ⁇ is the measure of linear complexity of the n-dimensional encoding array u.
  • the linear complexity of arrays produced by these constructions is determined by the linear complexity of the sequences used in the composition, i.e. the Legendre or Sidelnikov sequences. This has been proved theoretically for some cases and verified experimentally for 2-dimensional arrays for primes up to 30,000. This has also been verified extensively for arrays of dimension 3. This implies that the constructed arrays are immune or at least robust to linear attack and therefore offer superior security when used in applications such as, but not limited to watermarking, cryptography or communications.
  • FIG 1 shows an example of a three dimensional array.
  • the general construction takes the one dimensional Sidelnikov array S,
  • the first period is q - 1 , and the other ones are p.
  • the normalized linear complexity of this construction for all primes between 2 and 17 has been compared with the normalized linear complexity of Sidelnikov sequence using a computer.
  • the normalized linear complexity of the multidimensional construction is always less than the normalized linear complexity of the Sidelnikov sequence, but the difference is always less than 1/(p 2 -1 ).
  • the normalized linear complexity of Moreno-Tirkel construction tends to the normalized linear complexity of S as p tends to infinity, for any one-dimensional array S.
  • p tends to infinity
  • the constructions for two dimensional arrays, double periodic with periods p, T 2 The construction for two dimensional arrays follows the following steps:
  • Lemma 1 For an array constructed as defined above, the maximal linear complexity is:
  • the one dimensional shift register implementation works only if the array length and width are relatively prime.
  • the minimum unit cell (memory) and the linear complexity of both designs should be the same, whenever both designs are applicable.
  • an array which can be folded or unfolded to change its dimensionality using the Chinese Remainder Theorem retains the same linear complexity when its dimensionality is altered.
  • the Groebner bases method allows arrays to be used where the dimensions of the arrays are not relatively prime.
  • Sequences with high-peak auto-correlation, low off-peak and cross- correlation between family members play an important role in applications such as spread-spectrum wireless communications, radar and acoustic diffusers.
  • Periodic correlation is used in wireless communications, whilst aperiodic correlation is used in radar and signal synchronisation.
  • Sequence values are usually binary, i.e. a (0, 1) alphabet for optical orthogonal codes, and bi-phase, i.e. (+1, -1) in CDMA communications or radar. Alphabets over higher roots of unity (polyphase, often including some nulls) have also been used.
  • the small Kasami set is optimal for the periodic bi-phase case for one dimensional sequences.
  • Bomer L. and Antweiler M. "Construction of a new class of higher- dimensional Legendre and pseudonoise arrays", IEEE Symposium on Information Technology. San Diego, 1990, p. 76.

Landscapes

  • Physics & Mathematics (AREA)
  • Probability & Statistics with Applications (AREA)
  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Editing Of Facsimile Originals (AREA)

Abstract

An apparatus for measuring a level of security of an n-dimensional encoding array u, irrespective of the value of n, comprises a processor in communication with a memory and an output means. The memory comprises computer readable program code components, the execution of which causes computation of a Groebner basis for a set of valid polynomials for the encoding array u using n-variate recurrence or connection polynomials and determination of the delta set (footprint) of the Groebner basis. Execution of the computer readable program code components also causes counting of the number of points of the delta set (footprint) of the Groebner basis to generate a measure of the linear complexity of the encoding array u and output the measure of the linear complexity via the output means. The measure of the linear complexity is a measure of the level of security and the count of the delta set is an invariant.

Description

TITLE
SECURITY OF MULTIDIMENSIONAL ARRAYS
FIELD OF THE INVENTION
The present invention relates to the security of multidimensional, multi- periodical arrays. In particular, embodiments of the present invention relate to methods and apparatus for determining the security of two, three and higher dimensional encoding arrays, which can be used for applications including, but not limited to watermarking, digital communications and encryption.
BACKGROUND
Patent application PCT/AU2010/000990 entitled "Digital Watermarking" discloses the Applicant's processes that produce new multi-dimensional and multi-periodical arrays which have numerous areas of application including watermarking for use in multimedia applications, where the multi-dimensional nature of watermarking has been desirable, but not generally available. The media and entertainment industry, for example, is asking for digital watermarks for images, audio, video, and synchronized video-audio applications. Authorised copies of digital media are imprinted with a watermark, which identifies the owner of a specific copy. Good watermarks imply that even if users collude in trying to erase the watermark, the copy would retain enough information to track down the original owner, in case the file is copied and distributed. Additionally, watermarks are applied to measure audiences and penetration. PCT/AU2010/000990 presents methods of array construction which can be generalized to any number of dimensions. They are based on composing a shift sequence with a column sequence/array and suitable choices of shift sequences and column sequences/arrays for digital watermarking applications are disclosed in PCT/AU2010/000990.
The Applicant's patent application PCT/AU2012/001473 entitled "Algebraic Generator of Sequences for Communication Signals" discloses families of sequences derived from the work disclosed in PCT/AU2010/000990, which can be unfolded into one dimension using the Chinese remainder Theorem (CRT) and have the best normalized linear complexity in one dimension. Linear complexity is the most respected measure of how complex a one dimensional sequence can be. For one dimensional sequences, a measure of linear complexity is simply the degree of the minimum recursion polynomial which can be used to construct the sequence.
High linear complexity is desirable for video watermarks because usually there are parts of a video which have low contrast within a frame or have regions which change slowly with time. This exposes sections of a watermark to an attacker, who may try to reverse engineer the whole watermark from such sections. Similar comments apply to audio and still images.
High linear complexity may also be desirable in many other applications, including, but not limited to, optical orthogonal codes, acoustics, such as acoustic diffusers, correlated magnetics, x-ray image reconstruction and structured light, and crypto systems.
However, there is no universal measure of the security of arrays for such applications, and in particular no standard measure for multidimensional arrays. Another problem is that known linear complexity measures vary upon the application of upwards dimensional transformations, such as folding and upon the application of downwards dimensional transformations, such as unfolding using the Chinese Remainder Theorem. Therefore, the various industries are unable to assess the levels of security provided by the different watermarking, encoding etc. methods.
OBJECT OF THE INVENTION
It is a preferred object of the present invention to provide a method and/or an apparatus and/or a system for determining the security of multi- dimensional encoding arrays, and in particular two, three and higher- dimensional encoding arrays having high linear complexity that at least provide a useful commercial alternative to existing methods and/or apparatus and/or systems for determining the security of multi-dimensional encoding arrays.
SUMMARY OF THE INVENTION
Generally, the present invention relates to methods and apparatus for determining the security of multi-dimensional encoding arrays used for applications such as, but not limited to multimedia watermarking, mobile communications, radar, sonar, ultrasound and cryptography. Embodiments of the methods include the generation of two, three and higher-dimensional constructions based on logarithmic and exponential quadratic maps, rational function maps and Legendre arrays. Several methods of constructing arrays and families of arrays are provided with unprecedented security according to the measurement protocols described in this application.
According to one aspect, but not necessarily the broadest aspect, the present invention resides in a method of measuring a level of security of an n- dimensional encoding array u, irrespective of the value of n, the method comprising:
computing a Groebner basis for a set of valid polynomials for the encoding array u using n-variate recurrence or connection polynomials;
determining the delta set (footprint) of the Groebner basis; and counting the number of points of the delta set (footprint) of the
Groebner basis to generate a measure of the linear complexity of the encoding array u, wherein the measure of the linear complexity is a measure of the level of security and the count of the delta set is an invariant.
The measure of the level of security is invariant irrespective of one or more of the following: the choice of Groebner basis; the number of valid polynomials; the dimensionality of the array; the size of the array.
Preferably, the method further comprises determining the set of valid polynomials for the encoding array u one of the following: the Berlekamp- Massey-Sakata algorithm; Rubio's analog to the Sweedler-Taylor algorithm; any other accelerated algorithm.
Preferably, an array which can be folded or unfolded to change its dimensionality using the Chinese Remainder Theorem (CRT) retains the same linear complexity when its dimensionality is altered.
Suitably, the n-dimensional encoding array u is generated by:
raising the powers of a primitive element in Finite Field GF(p2n) to all its powers in a grid table;
applying a logarithmic mapping to the grid table to generate a shift array;
applying a column sequence below every entry in the shift array to generate an impulse column array; and
replacing the columns of the impulse column array with a commensurate Sidelnikov sequence to produce the three-dimensional encoding array over +1 ,-1 , and 0.
Suitably, the step of replacing the columns of the impulse column array comprises cyclically shifting a ternary Sidelnikov sequence of length p2 - 1 using a shift sequence s; belonging to each co-ordinate on the grid table.
Suitably, the n-dimensional encoding array u is generated by:
raising the powers of a primitive element in Finite Field GF(pn) to all its powers in a grid table;
applying an exponential, logarithmic, or rational mapping to the grid table to generate a shift array; and
applying the shift array to a commensurate Legendre array to produce the three-dimensional encoding array.
Suitably, the n-dimensional encoding array u is constructed over a binary alphabet, an alphabet over higher roots of unity possibly including 0 and commensurate with the structure of the Finite Field of characteristic p.
Suitably, the n-dimensional encoding array u is generated by mapping all the elements of the finite field GF(pm) onto an m-dimensional grid, particularly for cases where m is even, where this results in the construction of families of arrays with optimum cross-correlation and auto-correlation and linear complexity higher than has been achieved until now.
Suitably, for an n-dimensional array with periods Ti,...Tn constructed in accordance with the claimed methods described in PCT/AU2010/000990 and/or PCT/AU2012/001473, the linear complexity is greater than or equal to Ti T2... Tn/2 for large enough Ti,.. Tn. Suitably, for an n-dimensional array with periods Ti,...Tn constructed in accordance with the claimed methods described in PCT/AU2010/000990 and/or PCT/AU2012/001473, the relative linear complexity is greater than or equal to 1/2.
The constructed arrays are therefore immune or at least robust to linear attack and therefore offer superior security when used in applications such as, but not limited to watermarking, cryptography or communications.
According to another aspect, the present invention resides in an apparatus for measuring a level of security of an n-dimensional encoding array u, irrespective of the value of n, the apparatus comprising a processor in communication with a memory, the memory comprising computer readable program code components, the execution of which causes:
computing a Groebner basis for a set of valid polynomials for the encoding array u using n-variate recurrence or connection polynomials;
determining the delta set (footprint) of the Groebner basis; and counting the number of points of the delta set (footprint) of the Groebner basis to generate a measure of the linear complexity of the encoding array u, wherein the measure of the linear complexity is a measure of the level of security and the count of the delta set is an invariant.
Preferably, the apparatus further comprises an output means in communication with the processor for outputting the measure of the linear complexity of the encoding array u.
Suitably, the minimal connection polynomial is implemented in a Field Programmable Gate Array (FPGA) to generate array u using minimum gate count possible and executing the array generation in the shortest time possible.
Further aspects and/or features of the present invention will become apparent from the following detailed description. BRIEF DESCRIPTION OF THE DRAWINGS
In order that the invention may be readily understood and put into practical effect, reference will now be made to preferred embodiments of the present invention with reference to the accompanying drawings, wherein like reference numbers refer to identical elements. The drawings are provided by way of example only, wherein:
FIG 1 illustrates methods of construction of 3D arrays using 2D logarithmic shift sequences and mapping according to embodiments of the present invention; FIG 2 illustrates methods of construction of 3D arrays using exponential shift sequences to shift 2D Legendre arrays according to other embodiments of the present invention;
FIGS 3A, 3B & 3C show examples of known Moreno-Tirkel arrays;
FIGS 4A, 4B & AC show an example of generating a known Moreno- Tirkel array of Family C by rotating the original shift array by 90° before substitution;
FIG 5 illustrates an apparatus for implementing the methods for computing the linear complexity of multidimensional arrays of the present invention; and FIG 6 is a general flow diagram illustrating the methods of computing the linear complexity of multidimensional arrays according to embodiments of the present invention.
Skilled addressees will appreciate that elements in the drawings are illustrated for simplicity and clarity and have not necessarily been drawn to scale. For example, drawings may be schematic and the relative dimensions of some of the elements in the drawings may be distorted or restricted to help improve understanding of embodiments of the present invention. DETAILED DESCRIPTION
Embodiments of the present invention relate to methods and apparatus for measuring the security of multidimensional arrays having a range of applications. Embodiments of the present invention also relate to methods and apparatus for constructing families/cliques of multidimensional, multi- periodical arrays having maximal auto-correlation and minimal cross- correlation.
Generally, the multidimensional arrays associated with the present invention are constructed using a method of composition. The methods include constructing a family of doubly or multi-periodic shift sequences with constrained auto-correlation and cross-correlation. The doubly or multi- periodic shift sequences can be used in their own right, for example as 2D or 3D frequency hopping or time hopping codes for ultra-wideband (UWB) communications, radar or sensing, or they can shift a commensurate pseudo- noise sequence or array to produce dense binary or almost binary 2D, 3D or higher dimensional arrays suitable for, for example, watermarking. The multidimensional, multi-periodical arrays associated with the present invention have good auto and cross-correlation. The family size and correlation bound are dictated by the degree of a polynomial employed in the construction of the shift sequence or array. The multidimensional arrays have high linear complexity, rendering them suitable for a range of secure applications.
Similar arrays in 2D have been constructed, where the array length and width are relatively prime, so they can be converted into equivalent one dimensional sequences using the Chinese remainder Theorem (CRT) [6, 7]. Such sequences have linear complexities between 0.5/ and 1.0/ where / is the sequence length. This is very high for sequences, where traditionally the linear complexity is of the order of where L is the sequence length.
To illustrate the methods of construction, first, methods of construction of two dimensional logarithmic shift sequences are described and how they are used to shift a column sequence to produce a 3D watermark array. Secondly, methods of construction of an exponential shift sequence are described and how they can be employed to shift a 2D Legendre array to produce a 3D array.
Logarithmic Shift Sequences
Methods of construction of two dimensional logarithmic shift sequences and using them to shift a column sequence to produce a 3D watermark array are described with reference to FIG 1. Table 100 shows the powers of a primitive element in Finite Field GF(32) raised to all its powers in a square grid format. Vertical arrow 102 represents a logarithmic mapping of the grid table 100, which results in shift array 104. Shift array 104 is used to shift a column sequence 106, such as a Sidelnikov sequence of length 8. The methods of construction thus comprise generating a three dimensional array 108 using the shift array 104 and the column sequence 106.
The methods of construction include placing the column sequence 106, such as a column of length 8, below every entry in the shift array 104. The column contains all zeroes if the entry in the shift array 104 is *. Otherwise, the column contains a solitary entry of one (i.e. an impulse column) in the position determined by the entry in the corresponding location of the shift array 104. This results in the impulse column array 108. The methods of construction include replacing the impulse columns of the impulse column array 108 with a commensurate Sidelnikov sequence to produce 3D watermarking array 1 10 over +1 ,-1 , and 0.
The 3D array shown in FIG. 1 is solitary, so by itself it does not address the requirement of delivering large families of arrays with low off-peak autocorrelation and low cross-correlation. There are several ways of modifying and extending the method used to construct two dimensional arrays to produce families of three dimensional arrays. The resulting three dimensional arrays differ in their size and shape, the family size and the correlation values. For Finite Field GF, prime p,
Take A, B, C e GF(p2), A≠ 0 Eqn (1)
Let s = loga(AX2 + BX + C) Eqn (2) where A, B, C are elements of the base field Zp. In this family, two different shift sequences si and Sj are equivalent if the arrays they generate are multi-periodical shifts of each other. The number of non-equivalent classes is approximately p2. The methods of constructions include using sf belonging to each co-ordinate on the grid table 100 to cyclically shift a ternary Sidelnikov sequence of length p2 - 1 to construct a 3D watermarking array. The quadratic shift in Eqn (2) guarantees that no more than 2 such Sidelnikov columns can match and therefore the worst case autocorrelation and cross- correlation for this construction is of the order of 2p2. The peak autocorrelation is of order p4. For polynomials of degree m, the off-peak autocorrelation and cross-correlation are bounded by mp2.
In accordance with other embodiments, the method of connecting elements of Finite Field GF(pm) - {0} with Zpm _ 1 using a logarithmic function where m is any positive integer has an inverse. GF(pm) - {0}and Zpm_ 1 have the same cardinality and consequently there exists an inverse function since we are using a 1-1 onto function, so every element in GF(pm)— {0} is mapped onto every element of Zpm_ . Consider now the inverse (exponential) function g.- Zpm_ 1 → z - {0}. Take a, the corresponding primitive element of the finite field GF. As in coding theory, the elements of GF(pm) are written as m-tuples based on a, the primitive element: a1 = (0,0,0 1,0), a2 = ( ) , a^1 = (0,0,0 0,1) Eqn (3) where each m-tuple has entries from the base field Zp. έ can be written as an m-tuple on the grid table 100. Consequently, g is taken to be g{K) = a1 for any i e Zpm. Note that g is multi-periodic, and therefore g has the distinct difference property:
V h≠ 0, ai+h - a1 = j+h - aj i≡ j Eqn (4) This is true since: ai+h _ ai _ ai^ah _ i) = aj(an - l) = aj+h - aj Eqn (5) Therefore, divide by (ah - 1) since h≠ 0 and we obtain 1 = aj which implies t = j.
Exponential Shift Sequences
Methods of construction of 3D arrays using exponential shift sequences to shift 2D Legendre arrays are described with reference to FIG. 2. Consider a shift sequence ; = ' which generates a solitary array. FIG. 2 illustrates an example of such a construction over GF (32) in which the grid coordinates are used to shift a 3x3 Legendre Array described in PCT/AU2010/000990. The methods of construction include representing the primitive elements of GF(32) in a two dimensional grid table 200. The methods of construction include applying an exponential mapping to the grid table 200 to generate a shift array or sequence. The grid co-ordinates for ascending powers of a are shown in shift array 202. A shift of (2, 1 ) corresponds to a shift of two squares down and one square to the right. A 3x3 Legendre array 204 is commensurate with the two dimensional shift sequence in shift map 202. The methods of construction include applying the exponential shift array 202 to the 3x3 Legendre array 204 to generate the 3D array 206, which is depicted in FIG 2 constructed plane by plane.
The methods of construction can include constructing a family of arrays by applying a quadratic map to the shift sequence/array, instead of the (linear) exponential construction discussed in Fig. 2, as below:
fA,B,c( = Λ(α1) 2 + Bal + C , f: Zpm→ → Z™ - {0} Eqn (6)
where A, B, C are elements of the finite field GF(pm). Any two arrays which are multi-dimensional cyclic shifts of one another are called equivalent. The autocorrelation of such arrays and the cross-correlation between any non-equivalent arrays constructed using the quadratic in Eqn (6) is bounded by two. For shift polynomials of degree m, the off-peak autocorrelation and the cross-correlation are bounded by m. Other shift sequences are possible, making use of rational function maps and related functions as explained in patent application PCT/AU2010/000990.
Complexity and Security In order to be useful in secure applications, such as digital watermarking, wireless communications and cryptography, the arrays need to be robust to attack. For example, an attacker can have access to parts of the array and attempt to reconstruct the rest of the array by applying linear algorithms such as the Berlekamp-Massey-Sakata algorithm. According to one aspect, the present application introduces a general and invariant measure of the linear complexity of arrays in any number of dimensions.
The following definitions can be recalled from [1]:
Let Z0 denote the set of non-negative integers and let∑0 = 1%
An n-dimensional array over a field K is a mapping u: Γ→ K, and it is written as u = (i½) , where the image ux : = u(x) , x ε F, is the "value" of u at x. Let < T be the total degree ordering on Z0. Linear recurrence relations which are satisfied by a given array can be represented by a n-variate polynomial/ e K[z], where K[z] = Ar[z1, z2.■■■- ½] is the n-variate polynomial ring over K. Any such polynomial can be written as
Figure imgf000013_0001
where / is a finite subset of c s.t. fx≠ 0 for x e / . The maximum element (w. r. t. <T is called the "degree" of / and is written Deg(J) . Corresponding to a polynomial / with Deg f) = s we consider a linear recurrence relation at a point x ε∑0 for an array u:
Figure imgf000013_0002
Let for s, p e∑o s.t. S<T p
Σξ: = {x E∑o\s < x <T p} Eqn (9) and ∑Ρ , = ∑ν = [χ e ∑q < t V } Eq n ( 0)
An array u with support∑p is written as uv and if q≤T p then uq is the restriction of uv within ∑q. An array with the support „ = Γ0 is called a perfect array.
For an array u = up, a polynomial f with Deg(f) = s is said to be valid (up to p) iff either p <r s or /[u]¾ = 0, x E∑ξ. The set of all valid polynomials for an array u is denoted VALPOL(u).
We have from [1], Theorem 1 :
If u is a perfect array, then VALPOL (u) is an ideal in K[z].
A finite subset 5 of ∑0 is called non-degenerate iff for any s E S, there exists no other point t e S such that s≤t.
Let
∑s = Uses{ x £∑o \s≤x] Eqn (11 ) We can now formulate a first definition, also from [1], Definition 1 :
A finite subset F of K[z] and a finite subset S of∑0 are called "a minimal polynomial set" and the "minimal degree set" of an array u, respectively, iff the following conditions are satisfied:
F c VALPOL(u)
S: = {s = Deg(f~) \f E F} is a non-degenerate set
there exists no polynomial g s. t. g E VALPOL(U) and Deg(g) e∑0 \∑s
For a given array u, and a given ordering on Z0, there can be more than one minimal polynomial set, however the sets S and ∑0 \∑S : = A (U) are unique. For different orderings of 10 the Δ (U) might be different, but their sizes are the same. The set Δ (U) is called many things in the literature e.g. the delta set, the excluded point set, the footprint and appears naturally in Groebner basis theory. With this we can now provide Definition 2: The linear complexity of an n-dimensional array u is the number of elements in Δ (U) .
[1 ] contains an algorithm for the calculation of a Groebner basis for VALPOL(u), and hence Δ (U) . The algorithm is an extension of an earlier 2D version [2] which has been used for decoding algebraic geometry codes. See e.g. [3] and [4]. The thesis of Rubio [12] also contains an algorithm that computes a Groebner basis for VALPOL(u) by reducing a matrix whose rows consist of mappings of the array u. Rubio's algorithm is an analog of an algorithm, due to Moss Sweedler and Lee Taylor (referred to herein as the Sweedler-Taylor algorithm), for computing Groebner bases for 0-dimensional ideals without necessarily knowing a basis for the ideal. In other embodiments, any other accelerated algorithm could be used.
It is possible to use the one dimensional Berlekamp-Massey algorithm to analyse the linear complexity of arrays in cases where the array dimensions are relatively prime. This is achieved using the Chinese Remainder Theorem (CRT) as described in PCT/AU2012/001473. CRT converts two dimensional arrays into one dimensional sequences. Then, the one dimensional sequences can be analyzed with regard to their linear complexity, using the standard Berlekamp-Massey algorithm. A reverse process to CRT, called folding, can be applied to convert one dimensional sequences into two dimensional arrays. Sequence families constructed using Bent, Small Kasami, No-Kumar, Generalized No-Kumar, Gold, and Kerdock can be folded into two dimensional arrays [8]. These have known linear complexities. The Moreno- Tirkel arrays are two dimensional versions of the three-dimensional examples, the subject of the present invention, except that their dimensions are relatively prime. Their construction is explained below. Their linear complexity is obtained by using the CRT to convert them from two dimensions to one dimension and then applying the Berlekamp-Massey algorithm.
The linear complexity is the degree of the polynomial obtained by the Berlekamp-Massey algorithm, which is also the number of elements in Δ (U). Hence, the same complexity will be obtained if one computes the size of Δ ( ) by computing a Groebner basis for VALPOL(u) with respect to another total ordering. For the Groebner basis method one does not need to assume that the dimensions of the array are relatively prime.
Regarding the Moreno-Tirkel arrays, with reference to FIGS 3A and 3B and the first two families, Family A is obtained by applying an exponential quadratic shift sequence to commensurate columns as described before [5] and [6]. Family B is obtained by applying a rational function map to GF(pm) ]{∞} to map pm + 1 entries onto pm. When m=1 the columm of length p can be substituted by a Legendre sequence or any other pseudonoise sequence of prime length. The entry which cannot be mapped can have the column below it be substituted by a constant which can be used to balance the array and the correlation. Family C is obtained by applying a similar process to a rational function cycle through a finite field by mapping pm + 1 onto entries onto pm - 1. For p=2 pm - 1 can be prime (Mersenne prime) and then the column can be substituted by a Legendre sequence or any suitable prime length pseudonoise sequence. Sometimes 2m + 1 is prime, in which case the array can be rotated and the rows substituted by Legendre or other suitable prime length pseudonoise sequence. Also, for p=2, 2m + 1 and 2m - 1 are relatively prime, so the array can be unfolded along a diagonal, using the Chinese Remainder Theorem (CRT). FIG 3A shows the array form (19x 18) of a sequence obtained from Family A. FIG 3B shows the array form (1 9x20) of a sequence obtained from Family B. FIG 3C shows the array form (15x 17) of a sequence obtained from Family C, where the rows have been substituted by binary Legendre sequences of length 17. These are the closest values to compare with the array format (1 5x 17) of the previous known constructions. Note that there are no apparent symmetries.
The array of Family C is obtained by rotating the original shift array before substitution. This can be done because the original array has at most one dot per column and exactly one dot per row. The process is shown in FIGS 4A, 4B and 4C. Using the aforementioned methods, the linear complexity for the known
CDMA sequences and the three families of Moreno-Tirkel constructions with Legendre sequence columns were analyzed and the results are presented in Table 1. The comparison has been restricted to sizes for which all constructions exist, so that a quantitative comparison between the constructions can be made. Note, that the Moreno-Tirkel arrays are available in many more sizes than the classical counterparts. Also, note that some of the sequences/arrays can be folded into higher dimensions e.g. 255 can be folded into 15x17 or 3*5* 17, 1023 can be folded into 31 *33 or 31 *1 1 *3, and 4095 can be folded into 63*65 or 7*9*65 or 7*9*5* 13 or various other two, three, or four dimensional arrays.
It is evident that the Moreno-Tirkel families are the only ones to have high linear complexity, and that this complexity remains high as the sequence length/array size asymptotes to infinity. Therefore, the Moreno-Tirkel sequences/arrays are inherently more secure when used as arrays for watermarking or as sequences for wireless communications or in other applications requiring such security.
Family/Length 255 1023 4095 Asym tote
Bent 0.125 - 0.018 2-1.7(n-8)
Small Kasami 0.047 0.015 0.004396 1.5nx2r°
No-Kumar 0.235 0.152 0.031 0
Generalized N-K - 0.132 - 0
Gold 0.063 0.02 0.005861 n2rn+1
Kerdock 0.142 0.054 0.019 2-1.4(n-8)
Moreno-Tirkel 0.947 0.485 0.985 0.5 for p=8k+3 or 8k+5 Family A (length=342) (length=930) (length=
1 .0 for
4422) p=8k±1
Moreno-Tirkel 0.985 0.46875 0.970588 * 0.5 for p=8k+3 or 8k+5 Family B (length=380) (length=992) (length=
1.0 for
4556) p=8k±1
Moreno-Tirkel 0.4706 0.5 for p=8k+3 or 8k+5 Family C (length=255)
1.0 for p=8k±1
Table 1. Linear Complexity Comparison
Result: For Family A and C of the Moreno-Tirkel constructions, the recursion polynomial of the long sequence is obtained from that of the column sequence by raising each term to the power equal to the number of columns in the array. So far, no counter examples have been found.
For Example, consider the array of FIG. 4C. The column is a binary Legendre sequence of length 17: 0, 1 , 1 ,0, 1 ,0,0,0, 1 , 1 ,0,0,0, 1 ,0, 1 , 1. Column recursion polynomial: x8 + x7 + x6 + x4 + x2 + x1 + 1. Recursion polynomial for long sequence: x120 + x105 + x90 + x60 + x30 + x15 + 1.
The number of columns in the array is 15.
With reference to FIG 5, according to some embodiments of the present invention, an apparatus 500 for measuring a level of security of an n- dimensional encoding array u, irrespective of the value of n, can be implemented in a combination of hardware and software. Apparatus 500 comprises a processor 505 in communication with a memory 510 and an output means 507, such as display. The memory 510 comprises a computer readable medium 515 having stored thereon computer readable program code components 520. Selective execution of the computer readable program code components 520 by the processor 505 causes the apparatus 500 to perform the steps of the methods according to embodiments of the present invention as described herein. Hence, apparatus 500 performs the step of computing, via the processor 505, a Groebner basis for the set of valid polynomials for the encoding array u using n-variate recurrence or connection polynomials. Apparatus 500 performs the step of determining, via the processor 505, a delta set (footprint) of the Groebner basis. Apparatus 500 then performs the step of counting, via the processor 505, a number of points of the delta set (footprint) of the Groebner basis to generate a measure of the linear complexity of the encoding array u, and outputting, via the output means, the measure of the linear complexity of the encoding array u, wherein the measure of the linear complexity is a measure of the level of security and the count of the delta set is an invariant.
Further details of the methods for measuring a level of security of an n- dimensional encoding array u according to embodiments of the present invention will now be described with reference to the general flow diagram in FIG 6. At step 605, the method 600 includes taking an n dimensional array, such as a 2D array u
Figure imgf000020_0001
and at step 610 associating the array u to a power series u(x,y) with terms uijxy.
At step 615, the method includes determining a list of monomials M ordered w.r.t. a total order <r and ordering the terms in the power series u(x,y) w.r.t. the total order <T .
With reference to step 620, the first row of the array equals the coefficients of the ordered power series u(x,y). The method 600 includes removing monomial 1 from the list of monomials M. With reference to step 630, F equals the first monomial in M and the new row of the array equals the coefficients of terms with positive exponents in the ordered power series u(x,y).F'1.
At step 635, the method 600 includes partially reducing the new rows of the array with the previous rows. At step 640, the method 600 includes determining whether the new row of the array is partially dependent on one or more previous rows. If not, at step 645 the method includes removing the first monomial F from the list of monomials M. If so, at step 655 the method includes removing all multiples of the first monomial F from the list of monomials M and adding the first monomial to LM.
At steps 650 and 660, the method includes determining whether the list of monomials M is empty. If not, the method returns to step 630. If so, at step 665 delta is defined as the set of all monomials that are not divisible by any element in LM, represented by Δ and at step 670 ΙΔΙ is the measure of linear complexity of the n-dimensional encoding array u.
Hence, the methods of generating three-dimensional encoding arrays introduced in PCT/AU20 0/000990 produce arrays with good asymptotic properties. The methods of determining the security of such multi-dimensional encoding arrays are also invariant under the Chinese remainder process. Further work demonstrates that for an m-dimensional array with periods Ti, ... Tn and constructed with the methods presented in the Applicant's patent application PCT/AU20 0/000990, the linear complexity is greater than or equal to Ti T2. .. Tn/2 for large enough Ti,..Jn. This is equivalent to the relative complexity of the arrays constructed with these methods being greater than or equal to 1/2. This complexity is much better than the linear complexity of sequences obtained by other known constructions, as illustrated by Table 1 herein.
The further work also demonstrates that the linear complexity of arrays produced by these constructions is determined by the linear complexity of the sequences used in the composition, i.e. the Legendre or Sidelnikov sequences. This has been proved theoretically for some cases and verified experimentally for 2-dimensional arrays for primes up to 30,000. This has also been verified extensively for arrays of dimension 3. This implies that the constructed arrays are immune or at least robust to linear attack and therefore offer superior security when used in applications such as, but not limited to watermarking, cryptography or communications.
In the further work, N refers to the set of positive integers including 0, p denotes a prime and q = pr for an integer r≥ 1 . Let Fq be the finite field of q elements, then if q = p, the elements of the finite field are identified with integer numbers in the range {0, . . . , p - 1 and vice versa.
For Fq, we consider the elements Fq = {ξ0, ξ^, . . . , ξη-ι} using an ordered basis {y-i , yr} of Fq over Fp for 0 < n < q, ξη = n^γ^ + n2y2 +■■■ + nryr, Eqn (12)
if n = ?i + n2p + · + nrpr 0≤ n, < p, i = 1, . . . , r.
Employing this order, it is easy to relate the elements of a finite field with an r-dimensional array. The multiplicative group of any finite filed is cyclic, so for any generator (also called a primitive element) a eFq and ο φ e
Fq, s = loga β is the unique integer 0 < s < q - 1 such that as = β. All arrays considered are cf-periodic, which means that there exist positive integers J^, . . . , re called periods such that: s(i + Tkek) = s{\), v\ e Hd, where ei, . . . , ed is the canonical basis of Hd.
As described in PCT/AU20 0/000990, the general idea for constructing multidimensional arrays is to start from lower dimensional constructions with good linear complexity and perform shifts depending on another array. FIG 1 shows an example of a three dimensional array.
The construction takes as a column a Sidelnikov sequence which is shifted using the two dimensional logarithm. In the next paragraph, we explain how to generate the array for any dimension.
The general construction takes the one dimensional Sidelnikov array S,
S(/'i ) = ((σ'1 +~ + 1) and the logarithmic map T,
Figure imgf000022_0001
where ξη = n<\ Y† + η2γ2 + + nryr, to produce an r+ 1 dimensional array,
S( , I'r, / 1 ) = S(/'i + T (/2, . . . , in ΓΗ )).
The first period is q - 1 , and the other ones are p. The normalized linear complexity of this construction for all primes between 2 and 17 has been compared with the normalized linear complexity of Sidelnikov sequence using a computer. The normalized linear complexity of the multidimensional construction is always less than the normalized linear complexity of the Sidelnikov sequence, but the difference is always less than 1/(p2-1 ).
A closed formula for normalized linear complexity of the general multidimensional construction is not known, but computer simulations suggest that the normalized linear complexity of multi-dimensional arrays s is greater 1/2 as p tends to infinity. It is clear that the normalized linear complexity of s is, at most the normalized linear complexity of S, and there are many values where the exact value is known.
With respect to the Moreno-Tirkel array constructions, the normalized linear complexity of Moreno-Tirkel construction tends to the normalized linear complexity of S as p tends to infinity, for any one-dimensional array S. For example, consider the constructions for two dimensional arrays, double periodic with periods p, T2, The construction for two dimensional arrays follows the following steps:
• Take a one dimensional array S : N i→F2 with high linear complexity and period p. For example, the Legendre sequence (see A. Topuzoglu and A. Winterhof, "Pseudorandom sequences," in Topics in geometry, coding theory and cryptography. Springer, 2007, pp. 135— 166 for the calculation of the linear complexity.
• Select another one dimensional array T : N *→FP with period T2 which will represent the shifts.
• Define the two dimensional array in the following way:
Figure imgf000023_0001
(ii, i2) >→ S(ii + T(i2)).
In the next lemma, the first result regarding the maximal linear complexity of these families of arrays is presented.
Lemma 1: For an array constructed as defined above, the maximal linear complexity is:
LC(s) = 8, Eqn (13)
Figure imgf000023_0002
Notice that for p≡3, 5 mod 8, the upper bound is twice the expected linear complexity of a random array. Using a shift sequence, the quadratic sequence defined by T(i)=i2 mod p with period p. Equation 14 gives the construction for p = 5:
Figure imgf000024_0001
This sequence has been studied and provides a construction which gives a maximal set of arrays. Following similar methods, the high linear complexity of the Moreno-Tirkel families A, B and C has been demonstrated.
In the present patent application it has been demonstrated that the linear complexity has been extended from one to higher dimensional arrays and it has been demonstrated that the arrays of PCT/AU2010/000990 and PCT/AU2012/001473 also have very good linear complexity for dimensions > 2. Furthermore, the new multidimensional concepts of linear complexity described herein can be used as a metric to measure whether an array has good cryptographic properties. The arrays constructed according to the claimed methods described in PCT/AU2010/000990 and PCT/AU2012/001473 are therefore immune or at least robust to linear attack and therefore offer superior security when used in applications such as, but not limited to watermarking, cryptography or communications.
Also, the one dimensional shift register implementation works only if the array length and width are relatively prime. The minimum unit cell (memory) and the linear complexity of both designs should be the same, whenever both designs are applicable. In other words, an array which can be folded or unfolded to change its dimensionality using the Chinese Remainder Theorem retains the same linear complexity when its dimensionality is altered. The Groebner bases method allows arrays to be used where the dimensions of the arrays are not relatively prime.
Sequences with high-peak auto-correlation, low off-peak and cross- correlation between family members play an important role in applications such as spread-spectrum wireless communications, radar and acoustic diffusers. Periodic correlation is used in wireless communications, whilst aperiodic correlation is used in radar and signal synchronisation. Sequence values are usually binary, i.e. a (0, 1) alphabet for optical orthogonal codes, and bi-phase, i.e. (+1, -1) in CDMA communications or radar. Alphabets over higher roots of unity (polyphase, often including some nulls) have also been used. The small Kasami set is optimal for the periodic bi-phase case for one dimensional sequences.
In this specification, the terms "comprise", "comprises", "comprising" or similar terms are intended to mean a non-exclusive inclusion, such that a system, method or apparatus that comprises a list of elements does not include those elements solely, but may well include other elements not listed.
Throughout the specification the aim has been to describe the preferred embodiments of the invention without limiting the invention to any one embodiment or specific collection of features. It is to be appreciated by those of skill in the art that various modifications and changes can be made in the particular embodiments exemplified without departing from the scope of the present invention.
References
1. Sakata S.: Extension of the Berlekamp - Massey Algorithm to N Dimensions. Information and Computation. 84, 207 - 239 (1990)
2. Sakata S. : Finding a minimal set of linear recurring relations capable of generating a given finite two - dimensional array, J. Symbolic Comput. 5,
321 - 337 (1988)
3. Sakata S., Jensen H. E., H0holdt T.: Generalized Berlekamp - Massey decoding of algebraic geometric codes up to the Feng - Rao bound. IEEE - Trans. Inform. Theory. 41 No. 6, 1762 - 1768 (1995)
4. H0holdt T , Pellikaan R.: On the decoding of algebraic - geometric codes. IEEE Trans. Inform. Theory. 41 No. 6, 1551 - 1556 (1995)
5. Moreno O., Tirkel A.: Digital Watermarking. PCT/AU2010/000990 (2010)
6. Moreno O., Tirkel A. : Algebraic generator of sequences for communication signals PCT/AU2012/001473 (2012)
7. Moreno O., Tirkel A.Z.: New Optimal Low Correlation Sequences for Wireless Communications. SETA, Waterloo, Canada. 212-223 (2012) 8. Leukhin A. , Moreno O., Tirkel A. : Secure CDMA and Frequency Hop Sequences, The Tenth International Symposium on Wireless Communication Systems, llmenau, Germany. 819-825 (2013)
9. Bomer L. and Antweiler M., "Construction of a new class of higher- dimensional Legendre and pseudonoise arrays", IEEE Symposium on Information Technology. San Diego, 1990, p. 76.
10. Moreno O. and Tirkel A. , "Digital Watermarking", US 2012213402, AU 2010312302.
H . Keiichi Iwamura, Polynominal-Set Deriving Apparatus And Method, US 5,535, 140 - Jul. 9, 1996
12. Rubio, I .: Groebner Bases for 0-Dimensional Ideals and Applications to Decoding. Ph. D. Thesis, Cornell University (1998)

Claims

A method of measuring a level of security of an n-dimensional encoding array u, irrespective of the value of n, the method comprising: computing a Groebner basis for a set of valid polynomials for the encoding array u using n-variate recurrence or connection polynomials;
determining the delta set (footprint) of the Groebner basis; and counting the number of points of the delta set (footprint) of the Groebner basis to generate a measure of the linear complexity of the encoding array u, wherein the measure of the linear complexity is a measure of the level of security and the count of the delta set is an invariant.
The method of claim 1 , wherein the measure of the level of security is invariant irrespective of one or more of the following: the choice of Groebner basis; the number of valid polynomials; the dimensionality of the array; the size of the array.
The method of claim 1 or 2, further comprising determining the set of valid polynomials for the encoding array u using one of the following: the Berlekamp-Massey-Sakata algorithm; Rubio's analog to the Sweedler-Taylor algorithm; any other accelerated algorithm.
The method of claim 1 , 2 or 3, wherein an array which can be folded or unfolded to change its dimensionality using the Chinese Remainder Theorem retains the same linear complexity when its dimensionality is altered.
The method of any one of claims 1 to 4, wherein the n-dimensional encoding array u is generated by: raising the powers of a primitive element in Finite Field GF(pn) to all its powers in a grid table;
applying an exponential, logarithmic, or rational function mapping to the grid table to generate a shift array; and
applying the shift array to a commensurate Legendre array to produce the three-dimensional encoding array.
The method of any one of claims 1 to 4, wherein the n-dimensional encoding array u is generated by: raising the powers of a primitive element in Finite Field GF(p2n) to all its powers in a grid table; applying a logarithmic mapping to the grid table to generate a shift array; applying a column sequence below every entry in the shift array to generate an impulse column array; and replacing the columns of the impulse column array with a commensurate Sidelnikov sequence to produce the three-dimensional encoding array over +1 ,-1 , and 0.
The method of claim 6, wherein the step of replacing the columns of the impulse column array comprises cyclically shifting a ternary Sidelnikov sequence of length p2 - 1 using a shift sequence st belonging to each co-ordinate on the grid table.
The method of any one of claims 1 to 4, wherein the n-dimensional encoding array u is generated by mapping all the elements of the finite field GF(pm) onto an m-dimensional grid, particularly for cases where m is even, where this results in the construction of families of arrays with optimum cross-correlation and auto-correlation and high linear complexity.
9. The method of any preceding claim, wherein the n-dimensional encoding array u is constructed over a binary alphabet, an alphabet over higher roots of unity possibly including 0 and commensurate with the structure of the Finite Field of characteristic p.
10. The method of any preceding claim, wherein for an n-dimensional array with periods Ti....Tn constructed in accordance with the claimed methods described in PCT/AU2010/000990 and/or PCT/AU2012/001473, the linear complexity is greater than or equal to
TiT2... Tn/2 for large enough Ti,...Tn.
1 1. The method of any one of claims 1-9, wherein for an n-dimensional array with periods Ti,...Tn constructed in accordance with the claimed methods described in PCT/AU 2010/000990 and/or
PCT/AU2012/001473, the relative linear complexity is greater than or equal to 1/2.
12. The method of any preceding claim, wherein the steps of the method are performed by a processor executing computer readable program code components stored in a memory in communication with a processor and an output means in communication with the processor.
13. An apparatus for measuring a level of security of an n-dimensional encoding array u, irrespective of the value of n, the apparatus comprising a processor in communication with a memory, the memory comprising computer readable program code components, the execution of which causes: computing a Groebner basis for a set of valid polynomials for the encoding array u using n-variate recurrence or connection polynomials; determining the delta set (footprint) of the Groebner basis; and counting the number of points of the delta set (footprint) of the Groebner basis to generate a measure of the linear complexity of the encoding array u, wherein the measure of the linear complexity is a measure of the level of security and the count of the delta set is an invariant.
14. The apparatus of claim 13, further comprising an output means in communication with the processor for outputting the measure of the linear complexity of the encoding array u.
15. The apparatus of claim 13, wherein the minimal connection polynomial is implemented in a Field Programmable Gate Array (FPGA) to generate array u using minimum gate count possible and executing the array generation in the shortest time possible.
PCT/US2016/022014 2015-03-11 2016-03-11 Security of multidimensional arrays WO2016145315A1 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US201562131616P 2015-03-11 2015-03-11
US62/131,616 2015-03-11
US201562174973P 2015-06-12 2015-06-12
US62/174,973 2015-06-12

Publications (1)

Publication Number Publication Date
WO2016145315A1 true WO2016145315A1 (en) 2016-09-15

Family

ID=56879697

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2016/022014 WO2016145315A1 (en) 2015-03-11 2016-03-11 Security of multidimensional arrays

Country Status (1)

Country Link
WO (1) WO2016145315A1 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120213402A1 (en) * 2009-10-29 2012-08-23 Gauss Research Laboratory, Inc. Digital Watermarking
WO2013078518A1 (en) * 2011-12-01 2013-06-06 Gauss Research Laboratory, Inc. Algebraic generators of sequences for communication signals

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120213402A1 (en) * 2009-10-29 2012-08-23 Gauss Research Laboratory, Inc. Digital Watermarking
WO2013078518A1 (en) * 2011-12-01 2013-06-06 Gauss Research Laboratory, Inc. Algebraic generators of sequences for communication signals

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
FAUGERE, J. ET AL.: "Fast Algorithm for Change of Ordering of Zero-dimensional Grobner Bases with Sparse Multiplication Matrices", PROCEEDING ISSAC'11 PROCEEDINGS OF THE 36TH INTERNATIONAL SYMPOSIUM ON SYMBOLIC AND ALGEBRAIC COMPUTATION, San Jose, California, USA , ACM New York, NY, USA, pages 115 - 122, XP058003325 *
SAKATA, S. ET AL.: "The BMS Algorithm", GROBNER BASES, CODING, AND CRYPTOGRAPHY, 2009, Berlin Heidelberg, pages 143 - 163 *

Similar Documents

Publication Publication Date Title
US9559839B2 (en) Message key generation
JP4559505B2 (en) Extending the repetition period of random sequences
JP4842993B2 (en) Mixed radix generator with selected statistical artifacts
Carlet et al. Hyper-bent functions and cyclic codes
JP2020537191A5 (en)
Moreno et al. Multi-dimensional arrays for watermarking
Gomez-Perez et al. Linear complexity for multidimensional arrays-a numerical invariant
WO2016145315A1 (en) Security of multidimensional arrays
JP2009526445A (en) Method and apparatus for generating permutations
Svalbe et al. Properties of minimal ghosts
Mitekin et al. A new watermarking sequence generation algorithm for collision-free digital watermarking
Tirkel et al. Matrix construction using cyclic shifts of a column
Gomez-Perez et al. Arrays composed from the extended rational cycle
Tirkel et al. New matrices with good auto and cross-correlation
Arce-Nazario et al. Multidimensional linear complexity analysis of periodic arrays
Xue Study on digital image scrambling algorithm
Kwasik et al. Topological Symmetries of ℝ 3
Mitrea et al. Spread spectrum robust watermarking for NURBS surfaces.
Moreno et al. New families of 2D & 3D arrays for sub-image watermarking
Bolaños et al. A new family of 3D watermarks
JP2007193280A (en) Information embedding device, control method of information embedding device, and program
CN107846272B (en) Device and method for rapidly generating Golden sequence
Jouhari et al. Improving Embedding Capacity by using the Z4-linearity of Preparata Codes
De Feo Fast algorithms for towers of finite fields and isogenies
Tirkel et al. Advanced spread spectrum watermarking

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16762600

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16762600

Country of ref document: EP

Kind code of ref document: A1