Full Download Recent advances in information technology 1st edition waldemar wójcik PDF DOCX
Visit to download the full and correct content document: https://textbookfull.com/product/recent-advances-in-information-technology-1st-editio n-waldemar-wojcik/
More products digital (pdf, epub, mobi) instant download maybe you interests ...
Recent Advances in Information and Communication Technology 2019: Proceedings of the 15th International Conference on Computing and Information Technology (IC2IT 2019) Pongsarun Boonyopakorn
Typeset by V Publishing Solutions Pvt Ltd., Chennai, India
Printed and bound in Great Britain by CPI Group (UK) Ltd, Croydon, CR0 4YY
All rights reserved. No part of this publication or the information contained herein may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, by photocopying, recording or otherwise, without written prior permission from the publisher.
Although all care is taken to ensure integrity and the quality of this publication and the information herein, no responsibility is assumed by the publishers nor the author for any damage to the property or persons as a result of operation or use of this publication and/or the information contained herein.
Published by: CRC Press/Balkema Schipholweg 107C, 2316 XC Leiden, The Netherlands
CHAPTER 5: INDEPENDENT DEVICES AND WIRELESS SENSOR NETWORKS FOR AGRICULTURE AND ECOLOGICAL MONITORING
5.1. State of the art
5.2. Principles of device operation
5.3. Portable device “Floratest”
5.4. Creating main application software
5.5. Contract manufacture
5.6. Optical sensor testing
5.7. Application of the “Floratest” device in agriculture and ecological monitoring
5.8. Distributed data acquisition system
5.9. Wireless sensor network
5.10. Multilevel sensor network
CHAPTER 6: THE MATHEMATICAL PROBLEMS OF COMPLEX SYSTEMS INVESTIGATION UNDER UNCERTAINTIES
6.1. Global change as main generators of new risks
6.2. Complex environmental, economic and social systems
6.3. Complex biological systems
6.4. Conclusions
CHAPTER 7: STUDY OF THE IMPACT OF THE TECHNICAL STATE OF THE TRANSFORMERS WITH THE LTC ON THE PARAMETERS OF THE EES MODES
7.1. Materials and results of the research
7.2. Determination of current technical state of power transformers
7.3. Account of the forecast current value of residual resource of the transformers in the process of optimal control of micronetworks modes
7.4. Conclusions
Preface
The main them of Recent advances in Information Technology is modern information technology, without which it is difficult to imagine progress in modern technologies and manufacturing processes. A wide range of topics is addressed, from game theory to advanced control problems. The individual chapters are separate, closed issues, which are the fruit of the cooperation of Ukrainian, Kazakh and Polish scientists. The editors and the authors hope that the book will strengthen friendship between our communities and nations.
Wójcik Jan Sikora Lublin, March 2017
Waldemar
CHAPTER 1
Security estimates updating of asymmetric cryptosystems for modern computing
V.M. Glushkov Institute of Cybernetic of NAS of Ukraine, Kyiv, Ukraine
P. Komada
Lublin University of Technology, Lublin, Poland
A. Kalizhanova
al-Farabi Kazakh National University, Almaty, Kazakhstan
INTRODUCTION
Today RSA is still one of the most common and widespread asymmetric cryptosystems. A lot of cryptographic protocols that deal with encryption, digital signature, and distribution of key information are based on RSA scheme. The basis of scheme’s security is a complex theoretical and numerical factorization problem: to find the prime divisors of large n
The issue of cryptosystem’s security in practice is associated with the task of correct choice of cryptosystem parameters. A recent research by a group of scientists led by Arjen Lenstra (2012) confirms the problem of RSA implementation, namely generation of parameters that will ensure the system’s security in practice. From among 11.5 million of RSA key certificates under research there has been found more than 26000 vulnerable keys with size of 1024 bits and 10 keys with size of 2048 bits. In this case the vulnerability was to factorize the cryptosystem’s module.
This vulnerability was implemented through the use of common divisors for modules, what is more, only a small amount of such common divisors was found as a result of key reissuing for the same owner. At most this situation is caused by the presence of the global problem of generating “qualitative” modules that are built with large prime numbers (Bernstein et al. 2013, Heninger et al. 2012), besides, the authors conclude that crossing to larger modules does not lead to the expected decrease of vulnerable keys number. The mechanisms for generating prime numbers that are used for constructing modules should be additionally studied.
Given the above we formulate the problems of effectiveness analysis of applying different computational models (including probabilistic, parallel and hybrid) for factorization and discover the existence of polynomial complexity algorithm of numbers factorization of special form; and as a result to clarify practical security of RSA cryptosystem.
We will discover the amount of “secure” RSA modules. If we find out the limited amount of such modules of defined size and this limitation turns out to be the polynomial of the module’s size then there is a critical issue of RSA security in practice, namely if the cryptanalysis or RSA is P (by factoring the module).
Adi Shamir offered the research of RSA module break “cost” of certain length by constructing a specific factorization machine (Shamir 1999). This research was continued in Shamir, Tromer and Bernstein papers (Shamir et al. 2003, Bernstein 2001). This task is urgent now due to cloud computing and flexible computing architecture models (Programmable Logic Device (PLD)) rise. To research the impact of new computer (cloud computing, etc.) technology on complexity and RSA module break cost is the main idea of the article.
1.1 THE EFFECTIVENESS OF DIFFERENT COMPUTATIONAL MODELS FOR NUMBERS FACTORIZATION
Let us briefly look through the characteristics and applicability of sequential, parallel and probabilistic computational models. It should be noted that quantum calculations and their applicability to the cryptography problems, in particular factoring problem have gained a wide interest in recent years (Zadiraka et al. 2013). P.W. Shor (1999) has proved the polynomial complexity of factorization and discrete logarithm for this computational model. This gives an additional possibility to construct effective factor algorithm and to discover more precisely the connection between computational models and their practical implementation. This topic requires a separate discussion, so it is beyond the scope of this chapter.
The most studied sequential computational model uses determined operations performed one after another and the results of the previous calculations are used in the next step. Deterministic factoring algorithms are fully expressed through this model of computations. Today there are no practical ways to significantly improve the performance of such factoring algorithms for arbitrary input.
The extension for sequential model is probabilistic. It is a good framework for inherently probabilistic algorithms. There are two types of algorithms: Monte Carlo and Las Vegas. The algorithms of the first type give the answer that may be correct for some random sequences that are generated during the algorithm, but may be incorrect. The probability of false answers is reduced by repeated execution of the algorithm.
The Las Vegas algorithms respond correctly or finish with answer “don’t know”. The probability of getting an incorrect result is zero. Exactly the study of probabilistic factoring algorithms can lead to getting an effective performance of algorithms for numbers factoring of special form. This can happen due to the “nature” of Las Vegas algorithm to “split” input data by subsets with different estimates of algorithm’s complexity.
Consider the algorithm which can be divided into blocks of operations, the result of which indirectly affects the further work, so the branches for independent computing that can be executed simultaneously are allowed. This arrangement of computing defines the parallel computational model. The application of parallel model for k separated branches is expected to give at best the k time’s speedup of algorithm runtime (linear decrease computational complexity).
Unfortunately, in practice, to achieve such speedup for factoring algorithm is impossible because of the inability to efficiently use CPU time of each of k branches through the existing need for communication between processors.
The well-known Brent’s review (Brent 1990) states that certain factor algorithms ECM (Elliptic Curve Method (Lenstra 1987) for example) are good-suited for parallelization that yields almost linear effect of decreasing computational complexity, but some algorithms (including rho-Pollard method (Pollard 1975)) can achieve this effect only in theory (Crandall 1999).
Recent research of Pollard’s method (Crandall 1999, Koundinya 2013) shows that the linear effect can be achieved only for the small number of parallel branches. Note that there are two possible ways to parallelize the algorithm—to build various elements of one random sequence, or to look up different sequences. Namely, the application of the second approach and possibility of its effective improvement are discussed below.
Note that the mentioned above can be applied only for general factoring algorithms. It is clear that these estimates are the upper bounds for factorization the numbers of special form. Moreover, the study the effectiveness of factorization algorithms determines the so-called problem of “impact of algorithm optimization on the PC’s structure”. Or rather it can be defined as the problem of constructing an effective computational model (possibly hybrid) for number factoring and discovering its implementation on the base of programmable logic devices PLD, GPUs. This confirms the relevance of discovering the existence of timeefficient factoring algorithms of special numbers, some results are discussed below.
1.2 RHO-POLLARD ALGORITHM
Pollard’s rho-method is a probabilistic algorithm that once made a significant breakthrough and still is not completely researched. The complexity of the algorithm does not depend on the factor but on its divisors. Thus, like the ECM algorithm (Lenstra 1987), Pollard’s method is effective for factoring multi-prime RSA modules, such numbers of fixed length that are the product of more than two primes.
Pollard used two simple ideas: the birthday paradox (Sekey 1993) and the ability to check divisibility of number n by p computing C yn(, x y ), if xy p mod. We can choose the starting point x0, function f and construct recurrent sequence xfii f () xi 1 which plays the role of a “random” sequence. Considering it by the module p, where p is a divisor of n there must exist two comparable elements.
Pollard chose fx x ) x =+ 2 1 as a recurrence. The subtraction of two elements is always split into a product xx xx kj x kj x kj kj = =
2 1 j 1 j () xk x () xx x + x . These divisors are tested as possible for the number n.
This brings up the question—is it possible to obtain a significant improvement in the performance of the algorithm by choosing another recurrent function. The study of this issue (Hartman 1982) was carried out only with the use of numerous assumptions that narrow the set of numbers to factor. Despite the application of different functions the effectiveness turned out to be negative. So we considered the sets of numbers reduced by the module p and the capacity of such sets for the following cases: pp ′ 21 p + , where p ′ is prime; p = 34 (mod ) or p = 23 (mod ).
Hartman obtained the following results about the capacity of the sets that are generated by different functions.
1. {} () d,bp ) mod xp ,, , = , x , is complete set of residues. It is determined as a permutation.
2. If k is odd and , () kp p 1 ) = then {} xp xp k (mod ), p is a permutation.
3. If Px p ( )(mod ) is a permutation, then (( ) )(mod ) xb p is a permutation for ap ≠ 0mod .
4. If P () x () p generates the set of size n, then () () () mod p and P () axb () p mod are the different sets, but also of the size n
5. P x () x = () p 2 generates the set of size p + 1 2
This statement is correct for all polynomials of degree 2.
6. If P P 12 () x () x are permutations, then P P 12 () x () x does not generate the whole set of residue. Little is known about the size of the set.
7. Cubic polynomial P ax cx d () x =+ + 32 b + 33 bx + 2 separates the complete set of residues into two size-equivalent subsets corresponding to the following:
a. x3 of size p () b ac 2 = ;
b. xx x p 33 2 1 3 1 x x 3 + () bac 2 b ,. xx a ≠ of size
8. PP 12 () x ( ) generates the set of size less than or equal min, P P2 , 1 () () x ( )
But to discuss only the size of set does not make sense. It is important to consider how much calculations should be done to find an item that is congruent to module p with the previously calculated one. If the selected function, and therefore, the generated sequence has many “small” loops and does not have “long” loops and “tails” then the probability to find quickly the decomposition of number n is high (Fig. 1.1). But hypothetically this is possible only under the condition that n has only small prime divisors. If sequence has “long” loops then the probability that the selected starting element will lead us to the desired collision is high and the probability of choosing a starting element, which quickly leads to collision, is low.
To use high-degree functions is impractical because of the large time-costs of sequence calculations. Using the linear function f ax bN () x =+ the subtraction
xxkj x = () xkc () jc + x ) k ( does not seem to be random comparing with f x () x =+ 2 1 proposed by Pollard (1975).
Applying two different linear recurring sequences also does not give any improvements in performance; we can conclude nothing about the residue of elements of two such sequences xx kc jc kj x = 12 , where c1,c2 are the constants. As we can see, the matter of selecting the function that generates random sequence for Pollard’s rho-method is still open.
1.3 SELECTING CRYPTO PARAMETERS
Let us define n as a module and e as an exponent for RSA cryptosystem; these parameters are the public key. Cryptosystem’s module is a product of odd primes pi, iu 12,,.., where u ≥ 2, and public exponent e is an integer that takes the value between 3 and n – 1, GCD(, e () n ), λ( where λ() (, ) GCD p ,..., u = ( 1 1 – generalized Euler function and some additional conditions (Mukhachev et al. 2005). Private key d is a positive integer that satisfies ed n ≡ d 1(mod( )). λ(
Let consider RSA key size as a length of module n in bits. NIST limits the set of key size values as 1024, 2048 and 3072 bits. In addition, restrictions are imposed on the generation of module n only as a product of two primes np q p (FIPS PUB 186-4-1).
The Public-Key Cryptography Standards (PKCS) #1 of version 2.1 and more it is allowed to use modules that are the product of more than two numbers (multi-prime modules), but it does not determine any restrictions on the choice of divisors. For a fixed size of the module the usage of more than two divisors reduces the size of such divisors and thus increases the probability of these modules to be factored by the algorithm, the complexity of which depends not on the size of factored number but on the size of number’s divisor.
To deploy RSA cryptosystem first we need to select exponent e, fixed or random integer 22 16 256 e . It is not permitted to choose random primes p and q to generate module with size of 1024 bits, but only those that satisfy the following (FIPS PUB 186-4-1):
– p – 1 has prime divisor p1,
– p + 1 has prime divisor p2,
– q – 1 has prime divisor q1,
– q + 1 has prime divisor q2.
Here p1, p2, q1, q2 are so-called auxiliary primes, p i q are primes with conditions. For modules of size 2048 and 3072 bits we may use random primes p, q, that are built using probabilistic or constructive algorithms of generating prime numbers (Maurer 1990, Gordon 1984, Zadiraka et al. 2007, Shawe-Taylor 1986). Table 1.1 shows the limitation on the length of numbers when using different algorithms of generating primes. The function len(p) is the bit length of p
Figure 1.1. Loops and “tails” in rho-Pollard method.
Max. value of len len () p () p 12 ) ( + p, q probable primes p, q provable primes
1024>100 bits<496 bits<239 bits
2048>140 bits<1007 bits<494 bits
3072>170 bits<1518 bits<750 bits
Table 1.2. Minimum number of rounds of Miller-Rabin testing when generating primes for RSA scheme, the error level is 2–100
ParametersNumber of rounds
p1,p2,q1,q2 > 100 bits
p and q : 512 bits
p1,p2,q1,q2 > 140 bits p and q : 1024 bits
p1,p2,q1,q2 > 170 bits p and q : 1536 bits
For p1,p2,q1,q2 : 38
For p i q : 7
For p1,p2,q1,q2 : 32
For p i q : 4
For p1,p2,q1,q2 : 27
For p i q : 3
Probably the prime number p is a number generated by the following algorithm: to determine the length of the desired number p; to generate odd random number; to check if the number is prime using a probabilistic test. The most widespread is Miller-Rabin test. The algorithm tests if given N is prime following the next steps:
1. To calculate t and s so that Ns 12 , s has to be odd.
2. To randomly choose b, 22 bN
3. To calculate yb N s mod.
4. If y ≠ 1 and yN N 1, then while it and yN N 1 starting from i = 1 do: yy N 2 mod. If y = 1, then Exit with “N is composite”, otherwise ii + i 1.
5. If yN N 1, then Exit with “N is composite”.
6. Exit with “N is composite”.
While constructing the module the following requirements on the amount of rounds of Miller-Rabin testing of the generated number should be met. This is caused by the decreasing probability to choose composite number as a prime with each additional round. Below there is the table with the amount of required rounds of testing for error level less than 2–100 is given.
Note that the use of probably prime numbers while implementing the cryptosystem not only significantly increases the time of module constructing but in case of mistaken use of composite number can cause malfunctions, which reduces the resistance to cryptanalysis. So we refer to deterministic algorithms that construct prime numbers in polynomial time. With the help of these algorithms we can reduce the problem of selecting the module by testing number’s primality to the problem of generating provably prime number. Let’s take a look at Maurer’s (1990) and Shawe-Taylor’s algorithms (1986). They are the so-called “tornado” algorithms: small prime number is used at the first iteration. Each following iteration determines provably prime number in a certain range that guarantees an increase of the resulting number.
Maurer’s algorithm of generation of provably prime random number
The input of the algorithm is integer k – the number of bits of the desired prime. The algorithm uses the following parameters: L is the border for trial divisions; M is a parameter that ensures the existence of the desired prime. M = 20 is recommended.
1. If 2 k L < , then to generate random odd k-bit number N and to test its primality with trial division. Repeat until a prime number N is generated. Exit.
2. If kM2, M then let r = 1 2 , else repeat the following until krkM rk . 2.1.1. Choose random integer s, 01 2 1 = sr 1 s ,. r
3. k1 1 [] rk + . Repeat steps 1–2 to construct k1-bit random prime q
4. Let tq k 2 2 1 /( )
5. Let R is random integer, tR tN Rq ≤ R + 22 = 1. N q 2
6. Let a is integer and 11 aN . If aN N = 1 1 (mod ) and GCD N R (, a ), 2 ) then Exit with “N is prime”.
7. Else repeat steps 5–6.
The second algorithm of constructing provably prime random number is Shawe-Taylor’s algorithm. The input of the algorithm is an integer k – the number of bits of the desired prime. The algorithm uses parameter L as a border for trial divisions.
Shawe-Taylor’s algorithm
1. If k L < , then to generate random odd k-bit number N and to test its primality with trial division. Repeat until a prime number N is generated. Exit.
2. If k is odd, let kk 1k 2 () k 3 + / . If it is even, let kk 1k 21 + 2 k / . Recursive pass the algorithm with input parameter k1 to construct a k1-bit prime number.
3. Let x is random integer and 22 kk 2 1 x .
4. Let t is the smallest integer greater than xq /( ). 2
5. If 21 2 tq k +≥ 1 , then let t be the smallest integer greater than 22 1 k q /( ).
6. Let Ntq21 t +
7. Chose random integer a, 1 < a < N 1, let x = a2t mod N. If x N ≠− x = 1 1 11 ,( GC ( GCD ,) N , x d , then N is generated prime.
8. Else let tt + t 1 and repeat steps 5–7.
However, the above algorithms guarantee only the primality of generated numbers. Additional requirements for numbers that are divisors of RSA module are the property of their so-called “maximization of the complexity of specialized factoring algorithms” (Zadiraka et al. 2007). For example, for p ± 1 algorithms this property is revealed if n has prime factor p so that number p ± 1 has sufficiently large power-smooth boundary (Mukhachev and Khoroshko 2005), in other words, p ± 1 has large prime factors. This divisor p is called “strong” prime number. So we bring up an important question about the number and the distribution of such strong primes.
1.4 DISTRIBUTION AND AMOUNT OF STRONG PRIMES
Let p be a classic strong prime if the following requirements are met:
where r, s, t are large primes. This means that p, r, s, t can be shown as pj21 j + r , pksr k lt = 1 s 21 + , whereby the lower the numbers j, k, l the better.
Note that a generalization of the classical notion of prime number is a concept of strong primes that maximize the complexity of all known algorithms for factorization.
R.L. Rivest denied the idea of need to use strong primes as factors for RSA modules (Rivest and Silverman 1999). On the base of Lenstra’s algorithm he wanted to show that the choice of p did not take an effect on the efficiency of obtaining the factorization, and that, in general, it is enough to choose random primes to obtain RSA modules. Later his ideas were refuted, since some algorithms, including ECM, work better if the number p 1 is smooth.
Here follows the Gordon’s method of generating strong prime numbers.
1. Construct a random prime number s of pre-selected size. We can select a pseudorandom number x of the desired size and using trial divisions we may leave the numbers in the range [, log] x , + 2 that do not have small divisors. Among the remaining numbers choose prime number s with the help of primality test.
2. Generate random t in the same way.
3. Using trial division and primality test generate prime rlt 1 l + , sorting out l in [, log]. 1 2
4. Calculate uu s sr rs rs r u (, r )( = ) mod . 11 s
5. If u is odd, then let pu 0 , else pu rs 0 =+ u .
6. Test if pp krs =+ p0 2 is prime for k = 01 2 ,, 1 , ,
Assume the condition of applying strong primes while generating cryptosystem’s module. The following conditions for factors should be met:
Let pi(n) be i-th the greatest divisor of n. Let w x t t ii tn ( n )# t{ pi ( )} n x ≤ #{: ≤ n ) 1 is the amount of integers less or equal n for which pi(n) does not exceed nx. Applying the result of Knuth and Trabb Pardo (1976) we have the probability that random number has the greatest divisor bigger than some border:
Using Adamar and Vallee Poussin (Porter 1915) estimates we obtain the following estimate of the number of classic strong primes in [a,b]:
Considering the independence of the described divisors the estimate amount of RSA modules is defined as:
Let us compare the resulting estimate of the number of RSA modules generated with random primes (no requirements for “strong” primes). RSA module is a so-called semiprime number because it has exactly two prime factors. The number whose prime factors less particular bound will be called B-smooth. Works (Ishmukhametov and Sharifullina 2014) present the distribution of semiprime and smooth numbers, the estimates are based on Riemann hypothesis. Probabilistic function g(y) corresponds the probability that the number y will be “semiprime”. Function approximation using series summation by prime numbers p:
Using Mertens’s formula:
and Abel’s theorem results we have:
Let ψ(x,y) be the amount of all y-smooth numbers less than x, we have the recurrent formula for the calculation: ψψ ( ψ )( ψ ,) ln ln ,, x p t), x p k k
where pk – k-th prime x x 2 1 () p1 2 = ⎡ ⎣ ⎢ ⎤ ⎦ ⎥ + ( ,) 2 ln ln ψ
There are rough estimates for calculating the number of smooth numbers because with the growth of smoothness bounds the computational complexity increases exponentially. Hildebrand (1986) obtained the following estimation: ψρ ( ψ )( ρ ) ln() ln ,. u ( O y xy u +
Here ρ(u) is the Dickman-de Bruijn function, ux y ln /ln, ρ(u) is the solution of differential equation u ′ + ρρ () u () u 0 = ) for u > 1, this approximation is valid only with the simultaneous growth of x and y keeping ln /ln xy as a constant. Here is the approximate formula for yx < (lnl x nln) x : / 12
π (, ) () ! ln ln
But to estimate the capacity of the set of smooth numbers with practically used boundaries this approximation is inapplicable.
The considered estimations of semiprime number’s distribution give an opportunity to present the size of the whole set. To solve the problem of RSA crypto parameters choice we should restrict this set only by choosing such semiprimes that are not smooth for some smoothness border B in order to maximize the complexity of solving the factorization problem of semiprime numbers.
In the above-mentioned notations we are interested in the following estimation for the number of semiprimes in the range [2,T] that are not B-smooth (Ishmukhametov and Sharifullina 2014):
On the other hand it is possible to evaluate the amount of B-smooth numbers in [2,T] with the help of combinatorial methods and group theory. It makes sense to choose primes as smoothness boundary. So having fixed Bpk as k-th prime number, the problem to evaluate the number of combinations xpi ik i ∏ α , where x < T. Note that the estimates (1.4) and (1.12) are close in value, but (1.4) is obtained in much easier way and takes into account the condition of choosing “strong” primes.
In general, the following statements are applicable for implementing RSA cryptosystems:
1. it is necessary to impose the restrictions for primes that are used for generation RSA modules for system’s security in practice;
2. the output set algorithms that generate such primes have appreciably less cardinality of a set than cardinality of prime number set.
For these reasons, we formulate the hypothesis that there exists a polynomial complexity algorithm that enumerates the set of “secure” RSA modules. The above estimations support this hypothesis.
1.5 FEATURES OF FACTORIZATION ALGORITHM ELABORATION FOR CLOUD COMPUTING
The first problem of factorization price estimating for cloud computing is a form of ordering the services, which are typically given by providers. For example, Windows Azure provides services in a form of virtual machine with specific characteristics of the CPU, memory and disk space (Accessed June 3 2016. http://azure.microsoft.com/en-us/pricing/details/cloud-services). The most powerful architecture which is offered “for working applications with large databases, server applications and high-speed applications” (e.g., “D14” has the characteristics of 112 GB RAM, 800 GB of disk space, 16 core processor) costs $2.611 US per hour or about $1943 US per month.
The cost of computing module rent with random configuration for most cloud platforms may be estimated using the on-line calculators (Accessed June 3 2016. https://cloud.google.com/products/calculator, http://www.hpcloud.com/pricing). Thus, a computer module in the cloud Google Cloud Platform with the configuration similar to “D14” costs $5.36 US per hour, but the monthly rent will cost $689.08 (Accessed June 3 2016. http://azure.microsoft.com/en-us/pricing/details/cloud-services). In HP’s Public cloud the configuration, aimed at calculating the maximum power (30 HP Cloud Compute Units, 4 virtual cores, 60GB RAM, 540GB ephemeral disk) is $1.35/hr ($985.50/mo.) (Accessed June 3 2016. http://www.hpcloud.com/pricing). You can also choose virtually unlimited (theoretically—only for the price) number of such machines.
So, to order a specific computing architecture targeted at particular factorization algorithm is difficult, so you need to rely on many computing nodes of standard minimum configuration aimed at powerful calculations that operate in parallel. The price of this node (e.g., n1-highcpu-2 for the cloud Google Cloud Platform) is $38.84 per month.
The second problem is that for factorization price estimating it is also necessary to choose the fastest at present, universal (which can be used for any kind of numbers) algorithm, which allows the simple implementation of a parallel computing model. The choice of this algorithm for factorization price estimating has similar value to the choice of the universal models of computation (Turing-Post machine, normal Markovian algorithm, brute-force program, etc.) for algorithms complexity estimate.
The generally accepted solution to this problem is the choice of algorithm GNFS (Buhler et al. 1993, Lenstra and Lenstra 1993, Couveignes 1993, Ishmukhametov and Sharifullina 2014). This algorithm, like the most effective factorization algorithms at present time operates quite a simple idea, proposed by Fermat, such as: if you find a pair of numbers (A,B), that satisfy the equation AB n 22 B = 2 , then n () A B () A B + So, if n m , then x = 1,2,… calculate the value of polynomial q n () x = () mx + m 2 until q(x) is not a perfect square.
A simple generalization of Fermat’s idea is to search for pairs of numbers that satisfy more general equation AB22 B 0 ≡ 2 () n mod (Ishmukhametov and Sharifullina 2014). Along with this, it appears that the value of the polynomial q(x) is the so-called “smooth” numbers. A pair of integers (A,B), is called “smooth” (on base factor F, formed of primes) if:
1. The relation AB22 B 0 ≡ 2 () n mod is performed.
2. B is multiplied only by prime factors that belong to the set F.
Representation of polynomial values q(x) by the elements of a vector space over F to search the full squares has led to Dixon algorithm first, then to quadratic sieve (QS), but as a generalization of the latter—the general number field sieve (GNFS). We will briefly present the main stages of this algorithm to discuss major evaluations of its performance (Ishmukhametov and Sharifullina 2014):
1. Choose irreducible polynomial degree d ≥ 3.
2. We choose an integer m,, m [] n / 1 () d < [] n / () d and represent n on the basis of m:
am a d d d =+ m ++ 1 1 0
3. With this representation we bind irreducible in the ring Z[x] (the ring of polynomials of the variable x with integer coefficients) polynomial:
4. Define sieving polynomial F1(a,b) as a homogeneous polynomial of two variables a and b:
5. Also define another polynomial f xm 2 () x = x and the corresponding homogeneous polynomial F a bm 2 () a b , The main requirement for pair selection (f1, f2) is to fulfill the condition: f f2 1 () ) m = () m () n mod which is obviously performed in our case, because the first polynomial at the point m is n, and the second is zero.
6. Choose two positive numbers L1 and L2, which define the certain rectangular area SR = {} bL La L ≤ L ≤ a L , } called “sieve area”.
7. Let θ – root of polynomial f1(x). Consider the polynomial ring Z[θ] (practically root θ is not evaluated, and is only used for formal description of the algorithm). Define the algebraic factor base FB1, consisting of a first-order polynomial form abθ with the norm which is prime number. These polynomials are simple irreducibility elements in the ring of algebraic field KQ [] ]. The absolute value of the norms of polynomials from factor base FB1 are bound above by some constant B1.
8. At the same time let define rational factor base FB2, consisting of all prime numbers bound above by second constant B2.
9. To be able to check the final stage of the algorithm, whether the determined polynomial is perfect square, we define a relatively small set of polynomials cdθ of the 1 order, the norm of which is also a simple number. Let this set be marked as FB3. It must satisfy the condition FB FB 13B ∩= 3B ∅ is called Quadratic Character Factor Base.
10. Further simultaneous sieving of polynomials based on FB1 is performed and integers based on FB2 to obtain the set M, consisting of smooth pairs (a,b). The pair (a,b) is called smooth if GCD () ab , = 1 and the polynomial abθ and the number abm are multiplied entirely by the relevant factor bases FB1 and FB2. The number of smooth pairs in the set M must exceed the total power of three factor bases at least by two units.
11. The next step is to search the subset SM ⊆ so that the product of all pairs () ab ) is H2 and pairs () abm is B2 , HZ BZ ∈ Z B ,. Z ∈ To search the set S as in the quadratic sieve method, a system of linear algebraic equations is formulated with coefficients from of the set F2 = {} 01 , }1 the solution of which will be the numbers of the set S
12. Next we form the polynomial:
13. If the whole procedure is performed correctly, then the polynomial g(θ) is a perfect square in the ring of polynomials Z[θ]. We extract square roots of the polynomial g(θ) and an integer B2, finding some polynomial α(θ) and the number B
14. Replace the polynomial α(θ) with the number α(m).
15. So, a pair of integers (A, B), satisfying the condition AB22 B 0 ≡ 2 () n mod has been found.
As seen from the description of the main stages of the algorithm there are two key parameters that affect its complexity—the size of the sieve area and the size of factor base. The complexity estimate of the algorithm GNFS is easy to measure by using L e n () c α, =
function. The most famous current estimates for the classical method GNFS – Lo n L 1 3 192 o ;, () 1 ⎛
⎟ (Ishmukhametov and Sharifullina 2014), for the “group” GNFS (several numbers are factorized at a time for which common screening results, are used the average factorization time per each number is calculated) Lo n L 1 3 1 704 ;, () 1 ⎛ ⎝ ⎞ ⎠ ⎟ (Bernstein and Lange 2014).
For approximate real cost estimate of factorization for the clouds given above let’s give the estimate of the sieving area (the most complicated stage) of the classical method GNFS. It is Lo n L 1 3 8 9 13 ;. o
If we take this estimate for the number of computing nodes of “minimal” configuration then the factorization cost estimate of 1024-bit number is hundred trillion US dollars, if the number is factorized during a month, which of course is much worse than the factorization cost estimates specially designed by using the devices for factorization (TWIRL or SHARK) (Shamir and Tromer 2003, Franke 2005). So the cost of the system SHARK (Franke 2005) for factorization of 1024-bit number is evaluated 160 million US dollars, if the number is factorized during a year. Such estimate is explained first of all, by the lack of flexibility of cloud computing services order, and, secondly, by the direct use of existing implementations of the algorithm GNFS for cloud technologies. The doubtless advantage of cloud computing that determines the relevance of further research in this area, is their relatively greater availability compared to specialized calculators and opportunity to use the so-called “peak-mobilization” operation mode in “critical” cases—the use of cloud resources across the corporation, state and international association.
1.6 CONCLUSIONS
Existing standards of implementation and usage of asymmetric cryptosystems impose restrictions on the crypto parameters generation. This situation is conditioned by modern advances in solving the problem of factorization of large numbers. The interest of assessing RSA security in practice is the highlighted issue of size or rather the nature of size growth of the set of secure crypto parameters, namely semiprime numbers that have additional constraints about their divisors.
REFERENCES
Baydenko P.V., Kudin A.M., 2012: Efektyvnist’ zastosuvannya alhorytmiv faktoryzatsiyi do moduliv kryptosystemy RSA, X Vseukrayins’ka naukovo-praktychna konferentsiya studentiv, aspirantiv ta molodykh vchenykh “Teoretychni i prykladni problemy fizyky, matematyky ta informatyky”, Zbirka tez dopovidey uchasnykiv, Kyiv, Ukraine, pp. 253–254, (in Ukrainian). Bernstein D.J., 2001: Circuits for integer factorization: a proposal, http://cr.yp.to/papers.html#nfscircuit. Bernstein D.J., Chang Y.-A., Cheng C.-M., Chou L.-P., Heninger N., Lange T., van Someren N, 2013: Factoring RSA keys from certified smart cards: Coppersmith in the wild, Cryptology ePrint Archive, Report 2013/599, https://eprint.iacr.org/2013/598.pdf.
Bernstein D.J., Lange T., 2014: Batch NFS, Selected Areas in Cryptography, LNCS, Springer, vol. 8781, pp. 38–58, http://cr.yp.to/factorization/batchnfs-20141109.pdf.
Brent R.P., 1990: Parallel algorithms for integer factorization, Number Theory and Cryptography (edited by J.H. Loxton), London Mathematical Society Lecture Notes (Book 154), Cambridge University Press, pp. 26–37.
Buhler J.P., Hendrik W., Lenstra Jr., Pomerance C., 1993: Factoring integers with the number field sieve, The Development of the Number Field Sieve, Springer, vol. 1554, pp. 50–94.
Couveignes J., 1993: A general number sieve implementation, Lecture Notes in Math., vol. 1554, pp. 103–126.
Crandall R.E., 1999: Parallelization of Pollard-rho factorization, http://academic.reed.edu/physics/ faculty/crandall/papers/parrho.pdf.
Digital signature standard, National Institute of Standards and Technology, Federal Information Processing Standards Publication, FIPS PUB 186-4-1.
Franke J., Kleinjung T., Paar C., Pelzl J., Priplata C., Stahlke C., 2005: SHARK: a realizable special hardware sieving device for factoring 1024-bit integers, Cryptographic hardware and embedded systems, LNCS, Springer, vol. 3659, pp. 119–130.
Google Cloud Platform pricing calculator, https://cloud.google.com/products/calculator.
Gordon J., 1984: Strong RSA keys, Electronics letters, vol. 20(12), pp. 514–516.
Hartman W.J., 1982: An Experimental Study of Monte Carlo Factoring Techniques, National Telecommunications and Information Administration.
Heninger N., Durumeric Z., Wustrow E., Halderman J.A., 2012: Mining Your Ps and Qs: detection of widespread weak keys in network devices, In Proceedings of the 21th USENIX Security Symposium, Bellevue, WA, USA, August 8–10, pp. 205–220.
Hildebrand A., 1986: On the number of positive integers ≤ x and free of prime factors > y, Journal of Number Theory, vol. 22(3), pp. 289–307.
HP Cloud pricing, http://www.hpcloud.com/pricing.
Ishmukhametov Sh.T., Sharifullina F.F., 2014: On distribution of semiprime numbers, Russian Mathematics, vol. 58(8), pp. 43–48.
Knuth, Donald E., et al.: Selected Papers on Computer Languages, Stanford, CA, CSLI, 2003. ISBN 1-57586-382-0) (typewritten draft, August 1976).
Koundinya A.K., Harish G., Srinath N.K., Raghavendra G.E., Pramod Y.V., Sandeep R., Kumar P.G., 2013: Performance analysis of parallel Pollard’s RHO factoring algorithm, International Journal of Computer Science & Information Technology (IJCSIT), vol. 5(2), pp. 157–164.
Lenstra A.K., Lenstra H.W., 1993: The development of Number Field Sieve, LNM, Springer-Verlag, vol. 1554.
Lenstra A.K., Hughes J.P., Augier M., Bos J.W., Kleinjung T., Wachter C., 2012: Ron was wrong, Whit is right, Cryptology ePrint Archive, Report 2012/064, http://eprint.iacr.org/2012/064.pdf.
Lenstra Jr. H.W., 1987: Factoring integers with elliptic curves, Annals of Mathematics, Second Series, vol. 126(3), pp. 649–673.
Maurer U.M., 1990: Fast generation of secure RSA-moduli with almost maximal diversity, Advances in Cryptology—EUROCRYPT ’89, LNCS, Spinger-Verlag, vol. 434, pp. 636–647.
Microsoft Azure. Cloud services pricing, http://azure.microsoft.com/en-us/pricing/details/cloud-services.
Mukhachev V.A., Khoroshko V.A., 2005: Metody prakticheskoy kriptografii, Poligraf-Konsalting, Kyiv, Ukraine, (in Ukrainian).
Pollard J.M., 1975: A Monte Carlo method for factorization, BIT Numerical Mathematics, vol. 15(3), pp. 331–334.
Porter, M.B. 1915. Review: Cours d’Analyse Infinitésmale, by Ch.-J. de la Vallée Poussin. Bull. Amer. Math. Soc. 22. pp. 77–85.
Rivest R.L., Silverman R.D., 1999: Are “strong” primes needed for RSA? RSA Laboratories Seminar Series, Seminars Proceedings.
Sekey G., 1993: Paradoksy v teorii veroyatnostey i matematicheskoy statistike, Mir, Moscow, Russia (in Russian).
Shamir A., 1999: Factoring large numbers with the TWINKLE device, Cryptographic Hardware and Embedded Systems, LNCS, Springer-Verlag, vol. 1717, pp. 2–12.
Shamir A., Tromer E., 2003: Factoring large numbers with the TWIRL device, Advances in Cryptology— CRYPTO 2003, LNCS, Springer-Verlag, vol. 2729, pp. 1–26.
Shor P.W., 1999: Polynomial Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer, SIAM Review, vol. 41(2), pp. 303–332.
Zadiraka V.K., Kudin A.M., Oleksyuk A.S., 2007: Adaptivnye algoritmy polucheniya prostykh chisel i ikh primenenie v kriptografii, Komp’yuternaya matematika, no. 1, pp. 54–61, (in Ukrainian).
Zadiraka V.K., Kudin A.M., 2013: Cloud computing in cryptography and steganography, Cybernetics and Systems Analysis, vol. 49(4), pp. 584–588.
CHAPTER 2
Game problems of control for functional-differential systems
A.A. Chikrii, G.Ts. Chikrii & V.J. Zhukovskij
V.M. Glushkov Institute of Cybernetic of NAS of Ukraine, Kyiv, Ukraine
W. Wójcik
Lublin University of Technology, Lublin, Poland
M. Junisbekov
M.Kh. Dulaty Taraz State University, Taraz, Kazakhstan
INTRODUCTION
The strategy of creating solution (control choice) based on information about the current position of the dynamic process goes back to the classic works of N.N. Krasovskii. These are his monograph (Krasovskii 1970) and the subsequent book in coauthorship with A.I. Subbotin (Krasovskii and Subbotin 1974). Employment of the Extremal Targetting Rule, developed in (Krasovskii 1970), allows for the game termination in the “first absorption” time in the regular and regularized cases. Similar result was obtained by B.N. Pshenichnyi (1968) with the use of the convex analysis technique. On the one hand, this method is the result of extension of the Pontryagin Maximum Principle to the game problems. On the other hand, it justifies the Euler law of goal interception, known as the “Line of Sight Law”.
The Extremal Targetting Rule appeared to be very fruitful. Many scientists did research in this direction. B.N. Pshenichnyi Yu.N. Onopchuk adopted this method to the case of integral constraints on controls (Pshenichnyi and Onopchuk 1968). G.Ts. Chikrii extended the result of B.N. Pshenichnyi (1968) to the non-stationary case (Chikrii G.Ts. 1995). J.S. Rappoport studied the case of mixed controls (Krasovskii and Subbotin 1974). Positional conflict control by the systems of integral and integro-differential equations was studied in the papers of V.L. Pasikov (Krasovskii and Subbotin 1974), G.Ts. Chikrii and K. Volyanskij (2002). Complex positional problems of the group pursuit were first stated and solved in the works of S.I. Tarlinskij (1976), A.A. Chikrii (1979), A.A. Chikrii and J.S. Rappoport (1978). A.Ye. Perekatov and A.A. Chikrii (1993) examined the problem of positional pursuit of a group of evaders by controlled moving object (the problem of “commercial traveler” type).
Investigations of M.S. Gabrielyan and A.V. Kryazhimskii (1983) are devoted to the study of positional conflict counteraction of controlled objects groups. It should be noted that, from mathematical point of view, the Extremal Targetting Rule, as applied to linear systems, is based on using the apparatus of support functions, the notion of Aumann integral of setvalued mapping and the Lyapunov theorem on vector measures.
Due to the positional formalization, N.N. Krasovskij (1985) proved the theorems of alternative, dividing the game space into the players’ preference domains. In the case of failure of the “saddle point condition in small game” the alternative can be formulated in terms of strategy of one player and counterstrategy of another. Under the same condition, an assertion on alternative can be stated in mixed strategies.
Because of the problem on existence of solution of the differential equations, arising in such formalization, B.N. Pshenichnyi (1969) introduced the notion of ε-strategy being the development of ideas of Pontryagin’s (1988) Alternated Integral Method. Thus, there exist many methods of constructing positional controls in conflict condition.
In this chapter, we suggest a general scheme for investigation of conflict-controlled processes, illustrated on various types of functional-differential systems.
Note that application of the method of resolving functions (A.A. Chikrii 1997) to similar problems is based on another assumption on information availability, that leads to control choice in the class of counter- or quasi-strategies.
2.1 PROBLEM STATEMENT, TIME OF THE “FIRST ABSORPTION”
Let a state of the conflict-controlled process at arbitrary moment of time t, t ≥ t0 ≥ 0, be described by the vector:
is continuous vector-function,
UV R n → V , – function, jointly continuous in its variables. Here:
By admissible controls of the first and second players are meant measurable functions, taking its values in U, V, respectively. Let us introduce the notations:
where u(s) and v(s) are measurable functions. We denote by u( ) and v( ) elements of the sets ΩU, ΩV, respectively.
Also, a cylindrical terminal set M* , M* ⊂ Rn, is specified: M + M 0 , (2.2)
where M0 is a linear subspace in Rn and M is a convex compact from the orthogonal complement L to M0 in Rn, M ∈coK(L). We suppose that g(t0) ∉M* .
The goal of the pursuer (u) is to bring a trajectory of the object (2.1) to the terminal set in the shortest time, whereas the evader (v) tries to avoid the encounter of the trajectory with the set. The game is terminated at the moment T, T > t0, such that z(T) ∈M* or π z(T) ∈M
Let us take the side of the first pursuer side and find the guaranteed time of the game termination. We assume that on the half-interval [t0, t) and at t ≥ t0 the players employ admissible controls:
Then, for arbitrary finite moments t and T, t0 ≤ t ≤ T, and fixed controls u t( ) and v t( ) following representation is valid:
Note that zT tu vg t ,, t ,. v 0 00 t () () ( ) () T
Let us take into consideration a scalar product:
Now we proceed to analysis of the following expression:
The signs of extremum and integral in the expression above can be interchanged in view of the properties of function φ(T, s, u, v) and the Lyapunov theorem on vector measures (Ioffe and Tikhomirov 1979). Denote:
and consider the following function:
It is obvious that function W (T, t, ζ, p) is continuous in the domain of its definition. Its vector-gradient in t, ζ has the form:
Function W (T, t, ζ, p) is continuous in T, t, p by joint continuity of the function φ (t, s, u, v). Consider the support function of cylindrical set M* .
The subspace L is the barrier cone of the set M. Because M is a compact lying in L, the function C(M, p) is continuous on L. Now we introduce a function:
Using the notations:
let us introduce a set-valued mapping:
The above expression contains integral of a set-valued mapping, namely, the Aumann integral (Aumann 1965). By virtue of the properties of Aumann integral (Aubin and Frankowska 1990), the set-valued mapping W (T, t) is convex-valued and upper semi-continuous.
The so-called time of the “first absorption” is defined in the following way:
We assume that the minimum is attained.
Let us evaluate the support function of the set W (T
It is evident that g W () t ∈ () T t if and only if:
As the minimum of function coincides with the minimum of its convexification we have:
This means that:
Let us suppose that the minimum is attained. We assume that the time of “first absorption” is finite, that is T0 < +∞. That the time T0 is the minimal instant of time at which π g (T0) ∈W (T0,t0), means that T0 is the minimal time in which the first player, knowing beforehand the second player’s control for all the time ahead, can steer the system trajectory to the terminal set M*. Let us show that T0 > t0. Using formulas (2.5), (2.8), we obtain: λ tt z W tt g p pp L 00 t 1 00 t , 0 i , 0 , () t tu tt 00 t 00 t , 0 ,v () ⋅ () ( ) () t0 ( ) = ∈ p + () ⎡ ⎣ ⎤ ⎦ C (
As g(t0) ∉M, then λ(t0,t0,g(t0)) < 0, whence follows that T0 ≠ t0
Lemma 2.1. If T(t, u t(.),v t(.)) = t, then z(t) ∈M.
Proof. Let on the half-interval [t0,t) the players employed the controls u t(⋅), u t(⋅) ∈ ΩU and v t(⋅), v t( ) ∈ ΩV. If T (t, u t( ), v t( )) = t, then there follows from the definition (2.5) that λ(t, t, z (t, t, u t( ), v t( ))) ≥ 0. By the formula (2.4): z g t su v ds t t , ,, u , () t tu v t t ,, t , () ⋅ () () t () s () s ( ) ∫ φ 0 therefore, {πz(t)} ∩ M ≠ ∅ and z(t) ∈M.
2.2 SUFFICIENT CONDITIONS FOR THE GAME TERMINATION
Let us introduce the notation:
We call the pair:
a current position of the game. Then an initial position is the pair:
There follows from the time of “first absorption” that the first player is aware of the second player control for all the time ahead. Below conditions are established, insuring that the first player can terminate the game no later than now of “first absorption”, under the condition that the first player constructs its control based on information on current position of the game.
Theorem 2.1. Let for the game (2.1), (2.2) following conditions hold:
1. set-valued mapping W(T, t) is non-empty (W(T, t) ≠ ∅), the time of “first absorption” is finite (T0 < + ∞), t
2. for any position
≤ t ≤ T ≤ T0;
u t
() ()
,, 00 ≤ such that TT t∗ 0T , a neighborhood Ω () tz Tt uv tt t ∗∗ z t ∗ () () ⋅ ( ) T t∗ u t∗ of the point () tz Tt uv tt t ∗∗ z t ∗ () () ⋅ ( ) T t∗ u t∗ exists, such that for all () t,ζ ∈ Ω () tz Tt uv tt t ∗∗ z t ∗ () () ⋅ ( ) T t∗ u t∗ the set Γ (, ,)t, t ζ ) (2.7) consists of a unique element p t t (, T ,). ∗ ζ )
Then the first player can terminate the game from given initial position no later than at the time T0 under arbitrary admissible control of the second player.
Proof. First consider the case tt ∗ 0 For any fixed Tt0 the function zT tu v tt ,, t ,, t () () ( ) tt T 0 ≤≤ t , is continuous in t. In view of assumption 2) of the theorem there exists a moment of time tt t 11 0 , 1t > such that for all possible zT tu vt tt00T t tt 1t t vt ,, () ⋅
the set Γ () Tt zT tu v tt 00T T t ,, t , () () ( ) (2.7) consists of a unique element p0 () 0 T tz Tt uv tt 0 0T ,, t ,,
) Now we will analyze the set-valued mapping:
Above it was used the notation: ζ = () ⋅ () ⋅ ( ) zT tu v tt 0T ,,
The set-valued mapping (2.9) is compact-valued and upper semi-continuous by inclusion in variables (p,t,v) by assumptions concerning parameters of the conflict-controlled process (2.1) (Aubin and Frankowska 1990). That is why, by the theorem on measurable choice the set-valued mapping U () T pt v 00 p , contains at least one Borel selection u e . () p tv 0 ,, t Since zT tu v tt 0T ,, t , () ⋅ () ( ⋅ ( ) is continuous in t, vector-function p0 () T tz Tt uv tt v 0 0T ,, t ,, t () () ⋅ ( ) is continuous in tt tt , t t ∈[ ) 1t, as well. From the control v tt t () t [ ) , , 01 , measurability and the vector p0 () 01 T tz Tt uv tt v 0 0T ,, t ,, t () () ( ) continuity in t there follows that the Borel selection u e () p tv 0 ,, t is superpositionally measurable function. Consequently, function:
u u t tt e e () t = () p v () t zT Tt tu v T z () ⋅ () ( ) () t ∈[ ) (T 0t ) ) t t 1t t , is measurable. We choose the pursuer control on the half-interval tt01 t [ ) in the form of selection u tt t e () t [ ) , 01 , In the case there exist several selections, an arbitrary one can be used. According to the properties of minimum, for each TT t ,, T ≥ 0 the function λ , ()λζ tt TR n 0 ≤≤ t ,, R ζ is differentiable in t,ζ along any direction. By the second assumption the set Γ () Tt,, t ζ consists of a unique element p () T t ,,ζ for all () t,ζ from some neighborhood O () ( t ∗∗ ∗ of the point () t ∗∗ ∗ . From this it follows that the vector-function p () T t ,,ζ continuously depends on () ( t,ζ and: ∂ () = () () ( ) ()
) φ ) , )
⎝ ⎜ ∈ t V uU ∈ p ( ( p ( , minmax
⎟ ∀ () () . ) ( O∈
Now we show that, under the control u tt t e () t [ ) , , 01 , and arbitrary admissible control v tt t () t [ ) , , 01 , the system (2.1) at time t1 come to the position:
⋅ and TTt T 0T 1 To this end, we evaluate the derivative:
To simplify calculations, we denote:
By the formula (2.4) and the fact that for any fixed TT t ,, T ≥ 0 the function zT tu vt ,, t , t () () ( ) is differentiable in t on the half-interval tt01 t [ ) with:
we come to conclusion that:
In taking derivative of the function λ() ζ e 0 the assumption that:
at each moment contains a unique element plays a crucial role. Thus,
Therefore, function λ() Tt zT tu vt 00T T
t , t e () () ( ) does not decrease on the half-interval tt01 t1 [ ) Now we show that under the control u tt t
() ) t [ ) , , 01 , of the first player and arbitrary
for which
admissible control v tt t () t [ ) , , 01 , of the second player, the game arrives at the position ,()( tz 1t z
Since
The latter inequality indicates that according to (2.6):
It is not improbable that the equality Tt uv t tt v , ut () () ⋅ ( ) = is fulfilled on the half-interval tt01 t [ ) that would mean termination of the game (lemma 2.1). Otherwise, by assumptions of the theorem 2.1, there exists tt t 22 t 1 , 2 > such that on the half-interval tt12t[ ) a replica of finding a selection of the set-valued mapping:
(
can be made. The possibility exists that on the half-interval tt12t[ ) the equality Tt
()
occurs. In such case the game is terminated. Otherwise, an instant t3, t3 > t2, exists such that the procedure of constructing control u can be repeated. Keeping this process in progress, we obtain a consequence of the half-intervals, control of the pursuer on each of them is chosen in the form of selection u e () t of the setvalued mapping:
Since the set-valued mapping U () T pt v , p , 0 is compact-valued and is upper semi-continuous in () pt v 0 ,t for any T, it contains a Borelean selection u e , () p tv 0 ,, t which is a superpositionally measurable function. Taking into account the fact that pT t Ttk 0 ,,ζ ( ) is continuous in () t, ζ and ζζ () ζ is continuous in t, we conclude that pT t Ttk 0 ,,ζ () t ( ) is continuous in t and, therefore, u e () t appears as a measurable function on each of the half-intervals ttkk tk + [ ) 1
According to the results of (Natanson 1957) the function u e () t is measurable on each of the half-intervals ttkktk t [ ) = + , k ,, ,, 1 01 , 2 therefore, it is measurable on their countable union, namely, at tt ≥ 0 . Let us show that the following relationships are true:
To this end, we evaluate: d dt t ttkk t λ , . k () Tt zT tu v Tt Tt t kk kk t ,t ,, t , k e () ⋅ () ( ) ∈[ ) +1
Let us denote: zT tu v Ttt u t e kk t k ,t ,. e () () ( ) = ζ
The procedure analogous to that performed on the half-interval tt01 t , 1 [ ) yields:
d dt t e vV uU k ζ Tt T λ t minmax ( ) = () pT tT tu v k p k ζ ( ) ( ) + ) Tt , ,, u T t t φ ,, vV min
Thus,
function λ() Tt zT tu v Ttt T t tk ,t ,, t , t e () () ( ) do not decrease on the on the half-interval ttkk tk + [ ) 1 By definition, λ , () ) tk Tt zT tu v Ttk
Here from there follows inequality (2.11) that means:
On the other hand, according to (2.6), Tt uv
Thus, we have:
Therefore, the equality:
indicative of the game termination (lemma 2.1), is satisfied no later than at the time T0. Suppose that this procedure lasts infinitely long. Then we obtain a consequence of halfintervals tt tt tt 01 t 12t 23 t , 1 , 2t ,. 3 [ ) [ ) [ ) It is evident that tT k k = T0 01 2 ,, 0 ,, , otherwise the equality (2.13) would be satisfied on one of the half-intervals and the game would be terminated. The {} tk , k = 01 2 ,, 1 ,, is monotonically increasing and bounded above sequence that is why there exists a moment of time t such that lim k k tt →+∞ It is clear that Tt uv T t e t , , u () () ( ) ≤ 0 The procedure of constructing control u can be extended on some half-interval tt tt ,, t , ⎡ ( ⎣ ) ( beginning from the position . () tz Tt Tttuv t t , z t ,, ute () () ⋅ ( )
Note that various controls ut ttkk t t e () ∈[ ) + tk , t , 1 chosen, which are measurable selections of the set-valued mapping (2.10), generate different system trajectories. Evidently, the double inequality (2.12) holds for all motions, induced by the controls ut ttkk t t e () ∈[ ) + tk , t , 1 k = 01 2 ,, 1 ,.
In view of this inequality the condition (2.13), indicative to the game termination, will be fulfilled no later than at the time T0. The theorem is proved.
Remark 2.1. Let in the game under study an analog of the “small game” saddle point condition (Krasovskii and Subbotin 1974) be satisfied, namely: minmax i , vV uU uU vV p U u () T ( ) () , ,,Tt uv , ( ) ≤ 00 U V , 0
Then in the proof of the theorem 2.1 instead of the set-valued mapping (2.10) one can analyze the set-valued mapping of the form: U Up p e vV uU vV U i , i 0p u V U , u 0 () T pt , p0 t = () T ( ) { φ φ V m n Tt uv , ,, u = () T ,tu t v,, u ( )} (2.14)
In such case the control ut e () is independent on v(t).
Another random document with no related content on Scribd:
vez, primeira em volume. (Tipografia Castro & Irmão). A esta edição, chamada DEFINITIVA, escreveu Eça um prólogo justificativo:
«O Crime do Padre Amaro foi escrito há quatro ou cinco anos, e desde essa época esteve esquecido entre os meus papeis—como um esboço informe e pouco aproveitável.
«Por circunstâncias que não são bastante interessantes para serem impressas—êste esboço de romance, em que a acção, os caracteres, e o estilo eram uma improvisação desleixada, foi publicado em 1875, nos primeiros fascículos da Revista Ocidental, sem alterações, sem correcções, conservando tôda a sua feição de esboço, e dum improviso.
«Hoje O Crime do Padre Amaro aparece em volume,—refundido e transformado. Deitou-se parte da vélha casa abaixo para erguer a casa nova. Muitos capítulos foram reconstruidos linha por linha; capítulos novos acrescentados; a acção modificada, e desenvolvida; os caracteres mais estudados, e completados; tôda a obra, emfim, mais trabalhada.
«Assim O Crime do Padre Amaro da Revista Ocidental era um rascunho, a edição provisória: o que hoje se publica é a obra acabada, a edição definitiva».
¿Calcularão, depois do que fica dito, que as correcções ficaram por aqui e que esta é como se assevera a edição definitiva? Pois não é. A edição de 1889, terceira, que tenho presente, avisa no frontispício que é «inteiramente refundida, recomposta, e diferente na forma e na acção da edição primitiva».[6] E ficou sendo esta a definitiva, porque a outra não escapara à grande fúria de correcções e ao crescente desejo de Perfeição, que foi a obcecação perpétua da vida do escritor.
[6] Entre a edição de 1876 e a de 1889 a que me refiro, há outra de 1880, já da Casa Chardron, que não pude ver. O confronto entre as três edições que tenho presentes, a da
Revista Ocidental, a de 1876 e a de 1889 basta porêm, para demonstrar o que pretendo.
Ao anunciar a edição de 1880 a casa editora, (senão o próprio Eça) dizia na Bibliografia Portuguesa e Estrangeira (Pôrto 18802.º ano n.º 1, pag. 19), que o autor do Crime refundira inteiramente o romance que era antigamente de 300 páginas e lhe entresachára 400 páginas novas. E mais diz: «É curioso neste trabalho seguir as influências que levaram o autor a refazer o seu livro: nos dois ou três primeiros capítulos vê-se que a sua intenção é simplesmente corrigir e aperfeiçoar o estilo e estudar mais profundamente os caracteres: nos dois capítulos seguintes começam a aparecer as scenas, os incidentes novos, mas o fundo ainda permanece o mesmo; é no sexto capitulo que vemos entrar o primeiro personagem novo; e daí por diante, então, o autor pondo de parte inteiramente o romance antigo, arrastado pela lógica do seu assunto, attraido pelos horizontes novos que êle lhe oferece, decide-se a escrever tudo de novo, como se tratasse dum livro novo Êste novo livro parece todavia afastarse dos processos do realismo e o autor como que procura criar unia escola nova individual, e sem ligações com as que existem.»
Vou pois cotejar três edições diferentes e assim se poderá fazer uma ideia do trabalho insano que só êste volume custou a Eça de Queiroz.
Na edição de 1875 o romance começa por uma descrição de paisagem ao esmorecer da tarde, um colóquio entre uma rapariguita vaqueira que leva o gado à bebida e um garotete, O Moriço; e pela scena da morte do pároco José Miguéis. O Moriço atira uma pedra à rapariga, acerta na vaca que foge fazendo espantar a égua que o padre montava e que vinha pela alameda. Fala Eça:
«Mas então a égua branca que vinha, recuou, deu um salto de repelão e o homem destribou-se, oscilou pesadamente e foi cair com um som baço sôbre as mós de moinho, onde ficou espapado de bruços, com os braços abertos, e um fio de sangue escuro, delgado, que escorria pela pedra, e caía gota a gota no chão.»
O pequeno atirou-se à estrada, gritando. Dois trabalhadores que passavam correram.
—Que é lá? que é lá? E um, forte e espadaúdo, ergueu o homem por debaixo dos braços: o corpo ficou todo pendente, descaído, e os fios de sangue escuro corriam-lhe pela cara.
—Queres tu ver!? Ai que é o sr. pároco!
E então tinham vindo os britadores da estrada, as mulheres que levam o saibro. O apontador das obras, um louro de boné de oleado e óculos azúis, amarrou-lhe um lenço em tôrno da testa. Um vélho apareceu logo, em mangas de camisa, todo esbaforido, com uma escada curta: estenderam-lhe em cima uma manta vélha e a tampa duma canastra e estiraram o corpo do pároco, hirto, com o seu ventre proeminente, a camisa ensangùentada, o rosto amarelo com nódoas roxas, os lábios cheios duma espuma sangùínea; e emquanto os dois homens o levavam como numa maca, quási correndo, os seus dois braços pendiam, com as mãos lívidas, felpudas e cheias de cabelos».
Levam o corpo «à botica ao pé da Sé» onde «o Carlos o boticário» depois de lhe picar «a veia com a lanceta» diagnostica uma apoplexia.
«Assim ficou vaga a paróquia da Sé», e assim termina o 1 capítulo que nas edições subseqùentes foi totalmente eliminado. Nestas o padre morre duma apoplexia sim, mas de madrugada, em seguida a «uma ceia enorme» que na edição de 1889 se diz ser de «peixe».
Na edição de 1876 (a definitiva) o romance começa:
«Foi no domingo de Páscoa que se soube em Leiria, que o pároco da Sé, José Miguéis, tinha morrido de madrugada com uma apoplexia. O pároco era um homem sangùíneo e grosso, que passava por um grande comilão. Contavam-se histórias singulares da sua voracidade. O Carlos da Botica—que o detestava— costumava dizer, sempre que o via passear na Praça depois da sesta, com a cara afogueada de sangue, todo enfartado de indigestão:
—Lá anda a gibóia a esmoer. Um dia estoira!
Tinha com efeito estoirado depois duma ceia enorme. Ninguêm o lamentou—e foi pouca gente ao entêrro».
E na edição de 1889:
«Foi no domingo de Páscoa que se soube em Leiria que o pároco da Sé, José Miguéis, tinha morrido de madrugada com uma apoplexia. O pároco era um homem sangùíneo e nutrido, que passava entre o clero diocesano pelo comilão dos comilões. Contavam-se histórias singulares da sua voracidade. O Carlos da botica—que o detestava—costumava dizer, sempre que o via saír depois da sesta, com a face afogueada de sangue, muito enfartado:
—Lá vai a gibóia esmoer. Um dia estoira!
Com efeito estoirou, depois duma ceia de peixe—à hora em que, defronte, na casa do dr. Godinho, que fazia anos, se polcava com alarido. Ninguêm o lamentou, e foi pouca gente ao seu entêrro».
É nesta última edição que acontece, como reminiscência à morte trágica do pároco, descrita na Revista Ocidental, o padre Natário cair da égua e quebrar uma perna.
Outro exemplo curiosamente demonstrativo do processo de trabalho do escritor e das torturas que êle passava antes de dar às suas criações a beleza, a elegância e a sobriedade artística que êle imaginava, é a figura do cónego Dias.
1875
«O cónego Dias não era simpático aos liberais de Leiria. Era um homem redondo e baixo, com um ventre saliente que lhe enchia a batina, as pernas curtas e esguias, e fortemente pousado nuns pés chatos, onde reluziam as fivelas: a cara era mole e cheia dum pálido baço, as olheiras papudas, e o beiço descaído e espêsso—e todo o seu
«O cónego Dias era muito conhecido em Leiria. Era um homem redondo e baixo, com um ventre saliente que lhe enchia a batina, as pernas curtas e esguias, uma cabecinha grisalha, as olheiras papudas, o beiço descaído e espêsso; e todo o seu aspecto fazia lembrar as vélhas anedotas de frades lascivos, enfartados de pecado.»
1876 1889 aspecto, com um cabelinho curto grisalho, fazia pensar nas vélhas anedotas de frades lascivos, enfartados de pecado.»
«O cónego Dias era muito conhecido em Leiria. Ultimamente engordara, o ventre saliente enchialhe a batina, e a sua cabecinha grisalha, as olheiras papudas, o beiço espêsso faziam lembrar vélhas anedotas de frades lascivos e glotões.»
Todo o livro passou por estas sucessivas transformações. Êste contínuo e trabalhoso labor de aperfeiçoar, de burilar a prosa, sempre em ascendência e sempre insaciado deu como resultante essa prosa fina que nós conhecemos pela prosa do Eça.
Na 1.ª edição João Eduardo não ataca os padres. Fala-se, é certo, num comunicado acusando o cónego Campos, mas isso muito vagamente. João Eduardo não conhece ainda Agostinho Pinheiro, o redactor da Voz do Distrito, que só aparece em 1876, e sucumbe a maquinações urdidas por Natário, que vê nas insinuações dum jornal, que se refere a um padre e à flor de certo canteiro, obra sua.
Não há mesmo no rompimento entre João Eduardo e Amélia referência a artigos ou jornais. O dr. Godinho chama-se então dr. Silves. O Dr. Gouveia só aparece na 2.ª edição. Não consultado por João Eduardo sôbre moral, mas chamado à Cortegassa a ver D. Josefa, dando por essa ocasião conselhos a Amélia. Já tem aquela independência, e aquele modo de pensar, que depois lhe conhecemos.
Na 1.ª e 2.ª edição o tipógrafo com quem João Eduardo acamarada é um pulha. Homem que uma mulher sustenta, criatura reles, souteneur e madraço, bêbado e estúpido. Na edição de 1889 não. O tipógrafo é honesto, sério, chama-se Gustavo, escreve nos jornais uns artigos «de Política Estrangeira, onde introduzia frases poéticas e retumbantes, amaldiçoando Napoleão III, o czar e os opressores do povo, chorando a escravidão da Polónia e a miséria do proletário.» Sustenta mãe vélha e doente e é económico. O próprio tio Osório, taberneiro, o aprecia por êle ser «moço instruido e de pouca troça».
Gustavo tem mesmo as ideias de que «o trabalho é dever, o trabalho é virtude!» E despedindo-se vai para a tipografia. João Eduardo não se embriaga e não desafia já tôda a gente.
É tambêm só na edição de 1889 que entra no romance a figura decoral da Tótó. Vê-se que, se a acção do romance é na sua tessitura a mesma, muito ganhou o detalhe. Foi mesmo essa preocupação que tornou o volume encorpado, o estirou e lhe cerziu melhor as junturas da acção às vezes sem a coordenação que a técnica exige. O período ganhou em consistência. A frase é mais polida, mais vigorosa, visto que é mais breve, mais elegantemente concisa. E tambêm só aqui aparece a senhora Carlota, ama, e o marido, visto que na 1.ª e 2.ª edições é Amaro quem se desfaz do fardo, atirando-o ao rio. A figura episódica do abade Ferrão aparece tambêm nesta edição, que é onde Amaro nos sai poeta.
Como se vê, o romance foi todo feito de novo. Há capítulos alterados na ordem do seguimento antigo, outros cortados e outros desfigurados. Tudo foi mexido.
Todos os livros de Eça passaram por êste monotizante trabalho de correcção. Corrigir nestas condições é mais difícil do que criar, porque na criação há variedade. Para exemplificar o processo do escritor busquei O Crime do Padre Amaro, em que a sua maneira de trabalho mais se evidencía. O Crime do Padre Amaro mostra-o públicamente. Flaubert trabalhava os originais inúmeras vezes, Daudet recompôs a Sapho uma porção delas. Mas êsse trabalho ficava desconhecido do grande público e é hoje amorosamente estudado sôbre os originais. O volume, quando saía para a impressão, saía pronto. O Crime do Padre Amaro não. Saíu duas vezes para o público, provisóriamente. Calcule-se em dois borrões para cada uma das edições citadas e teremos que o livro foi escrito seis vezes. Se existissem os originais e as provas, que são de tanto ou mais interêsse que o manuscrito, seria isso um estudo curioso, estudo que outrem fará se quiser e de que isto são simples apontamentos. Todavia mostram bem o esfôrço que custou ao escritor a sua obra e parecem justificar a frase habitual de Chateaubriand «de que o talento não é senão uma grande paciência». E, como se vê, a paciência contribuiu muito para o talento de Eça.
É preciso trabalhar, trabalhar muito para deixar uma boa página. Um dos que o conseguiu foi Flaubert. Mas não devemos esquecer que Flaubert escreveu um dia a Maxime du Camp: «Morro de cansaço. Escrevi êste mês vinte páginas, o que é enorme para mim».
ALBINO FORJAZ DE SAMPAYO
Gente da Rua
Preço, 400 réis
E�������: SANTOS & VIEIRA
«Só agora, na publicação do 2.º milhar, me foi dado ensejo de ler a novela «Gente da rua», de Albino Forjaz de Sampayo. Sôbre três fulcros assenta êste trabalho:—talento, alma e observação; neles se firma para se impor e ser aureolado. Os capítulos não obedecem a uma disciplina marcada e sustentada; a sua acção torna-se por vezes independente e livre, mas convergem todos para o fim a que o autor quere chegar. Sente-se o cronista enfronhado no novelista a lutar por seus movimentos livres, e a querer desembaraçar-se das pióses do convencionalismo, para a irradiação dos seus vôos e pousar onde lhe aprouver. Desta independência de processo resulta, porêm, a beleza, que vem sempre da sinceridade, e que Forjaz de Sampayo enriquece com a sua prosa germinativa, cheia de frescura e desafogada.
A «Gente da rua» é tôda ela sentida. O autor ouviu e compreendeu as palpitações de tôdas aquelas almas, e tão bem as estremou, que nem por um momento se confundem. Cada uma tem o seu corpo, e quando postas em contacto, as chispas são diferentes. Cada figura surge nítida e perfeita; cada sentimento, exacto e lógico. Naquele sabbat de dôr, miséria e velhacaria, em que a flor-luz da ingenuidade brota do espírito simples de Silvino, com um tom branco de luar a adensar-se em mortalha, as
personagens agitam-se sem se taparem umas às outras, o meio desenha-se com todo o seu carácter, o ambiente está perfeitamente definido. Não se lobriga uma contrafacção, não se percebe um exagêro, não se dá conta de uma fraqueza. É aquilo mesmo.
Ha idéas firmes, expressas com um forte poder sintetico:—o charuto caro, homenagem da Ordem, que Claudio vai fumando à saída do Govêrno Civil, é já um ferrete a marcar o traidor; o raciocínio de Silvino—«Diógenes buscara um homem, não buscara uma alma. E uma alma era tudo. Êle encontrara a sua. E satisfeito achava Diógenes parvo»—é um encanto de rama filosófica polvilhada de humorismo. «Sabes? Tu és o 48.»—atirado ao romântico e tímido Silvino pela Corália, na situação e posição em que o autor a coloca, constitúi uma clara e concisa nota dum impudor inconsciente.
Os destinos são todos determinados logo aos primeiros passos com que as personagens se nos dirigem, desde o conselheirismo que espera Claudio até o suicídio para onde Silvino desliza sem o menor solavanco. O da dengosa e olheirenta Elisa adivinha-se-lhe nas primeiras linhas que a apresentam, como o da mãe fica marcado quando se instala à cabeceira do hóspede, e o da pobre corista, irmã da do Pôrto, se vislumbra em terras do Brasil. E nem um só deixa de seguir em linha recta, mais ou menos acompanhado pelas peripécias da vida, mas sempre lógico e certo. O novelista não amarfanhou de mais aquelas almas no sofrimento; deixou-as apenas correr o seu destino, que não podia ser outro, e foi-lhes recolhendo o perfume ou a pestilência, conforme eram flores ou estrume. Não suavizou, nem carregou, não fêz poesia, nem ouriçou a realidade. Foi apenas sincero, natural e artista, e com estas fôrças, construiu a sua bela obra, que merece ser lida, porque não abundam as do seu quilate no nosso mercado literário; pelo contrário são raras.
Forjaz de Sampayo chegou depressa ao lugar de honra e nele se mantêm firme e forte. A sua prosa, rica em variedade de expressão e côr, dá-lhe uma individualidade segura—dispensando-lhe o propósito—seja-me permitido o ligeiro reparo—de alguns heretismos de linguagem, por preocupação artística, de que Fialho e Eça, na
sua primitiva maneira, tambêm foram achacados, até que se meteram na boa ortodoxia, principalmente o autor das «Cidades e Serras». A Forjaz de Sampayo há-de suceder-lhe o mesmo, que não precisa de tais recursos quem tem o seu pujante talento, conhece tanto a sua língua, e dispõe dum vocabulario tão rico como preciso. Tendo-se afirmado já em outras obras, agora com a «Gente da rua» revelou-nos cento e cincoenta páginas duma verdade que a própria verdade beija, duma beleza literária que encanta o espírito, e duma filosofia em que a bondade e o castigo se irmanam, um trecho da vida humana, como se o vivera e o sentira em tôdas as suas figuras. É o seu maior elogio, creio.
E������ S���������.
Do Jornal de Noticias.
Obras de Albino Forjaz de Sampayo
Dores
Obras de Leão Tolstoi
A Odysséa d’um Viajante
500 »
A Palavra de Jesus 400 »
NOVIDADES LITERÁRIAS
O Livro das Melancolias, por P����
M���������, versão de Arlindo Varela, 1 vol.
Sonetos, de B�����, nova edição
escrupulosamente revista e com o retrato e a biografia do poeta, 1 vol.
O que morreu de amor, por J���� D�����, 3.ª edição, 1 vol.
Dicionário de Rimas, por C���� L���, com uma Poética histórica por Theophilo Braga, 2.ª edição considerávelmente aumentada, 1 vol.
Um Serão nas Laranjeiras, por J����
D�����, 2.ª edição ilustrada
300 réis
300 »
400 »
800 »
No prelo
*** END OF THE PROJECT GUTENBERG EBOOK CRÓNICAS IMORAIS ***
Updated editions will replace the previous one—the old editions will be renamed.
Creating the works from print editions not protected by U.S. copyright law means that no one owns a United States copyright in these works, so the Foundation (and you!) can copy and distribute it in the United States without permission and without paying copyright royalties. Special rules, set forth in the General Terms of Use part of this license, apply to copying and distributing Project Gutenberg™ electronic works to protect the PROJECT GUTENBERG™ concept and trademark. Project Gutenberg is a registered trademark, and may not be used if you charge for an eBook, except by following the terms of the trademark license, including paying royalties for use of the Project Gutenberg trademark. If you do not charge anything for copies of this eBook, complying with the trademark license is very easy. You may use this eBook for nearly any purpose such as creation of derivative works, reports, performances and research. Project Gutenberg eBooks may be modified and printed and given away—you may do practically ANYTHING in the United States with eBooks not protected by U.S. copyright law. Redistribution is subject to the trademark license, especially commercial redistribution.
START: FULL LICENSE
THE FULL PROJECT GUTENBERG LICENSE
PLEASE READ THIS BEFORE YOU DISTRIBUTE OR USE THIS WORK
To protect the Project Gutenberg™ mission of promoting the free distribution of electronic works, by using or distributing this work (or any other work associated in any way with the phrase “Project Gutenberg”), you agree to comply with all the terms of the Full Project Gutenberg™ License available with this file or online at www.gutenberg.org/license.
Section 1. General Terms of Use and Redistributing Project Gutenberg™ electronic works
1.A. By reading or using any part of this Project Gutenberg™ electronic work, you indicate that you have read, understand, agree to and accept all the terms of this license and intellectual property (trademark/copyright) agreement. If you do not agree to abide by all the terms of this agreement, you must cease using and return or destroy all copies of Project Gutenberg™ electronic works in your possession. If you paid a fee for obtaining a copy of or access to a Project Gutenberg™ electronic work and you do not agree to be bound by the terms of this agreement, you may obtain a refund from the person or entity to whom you paid the fee as set forth in paragraph 1.E.8.
1.B. “Project Gutenberg” is a registered trademark. It may only be used on or associated in any way with an electronic work by people who agree to be bound by the terms of this agreement. There are a few things that you can do with most Project Gutenberg™ electronic works even without complying with the full terms of this agreement. See paragraph 1.C below. There are a lot of things you can do with Project Gutenberg™ electronic works if you follow the terms of this agreement and help preserve free future access to Project Gutenberg™ electronic works. See paragraph 1.E below.
1.C. The Project Gutenberg Literary Archive Foundation (“the Foundation” or PGLAF), owns a compilation copyright in the collection of Project Gutenberg™ electronic works. Nearly all the individual works in the collection are in the public domain in the United States. If an individual work is unprotected by copyright law in the United States and you are located in the United States, we do not claim a right to prevent you from copying, distributing, performing, displaying or creating derivative works based on the work as long as all references to Project Gutenberg are removed. Of course, we hope that you will support the Project Gutenberg™ mission of promoting free access to electronic works by freely sharing Project Gutenberg™ works in compliance with the terms of this agreement for keeping the Project Gutenberg™ name associated with the work. You can easily comply with the terms of this agreement by keeping this work in the same format with its attached full Project Gutenberg™ License when you share it without charge with others.
1.D. The copyright laws of the place where you are located also govern what you can do with this work. Copyright laws in most countries are in a constant state of change. If you are outside the United States, check the laws of your country in addition to the terms of this agreement before downloading, copying, displaying, performing, distributing or creating derivative works based on this work or any other Project Gutenberg™ work. The Foundation makes no representations concerning the copyright status of any work in any country other than the United States.
1.E. Unless you have removed all references to Project Gutenberg:
1.E.1. The following sentence, with active links to, or other immediate access to, the full Project Gutenberg™ License must appear prominently whenever any copy of a Project Gutenberg™ work (any work on which the phrase “Project Gutenberg” appears, or with which the phrase “Project
Gutenberg” is associated) is accessed, displayed, performed, viewed, copied or distributed:
This eBook is for the use of anyone anywhere in the United States and most other parts of the world at no cost and with almost no restrictions whatsoever. You may copy it, give it away or re-use it under the terms of the Project Gutenberg License included with this eBook or online at www.gutenberg.org. If you are not located in the United States, you will have to check the laws of the country where you are located before using this eBook.
1.E.2. If an individual Project Gutenberg™ electronic work is derived from texts not protected by U.S. copyright law (does not contain a notice indicating that it is posted with permission of the copyright holder), the work can be copied and distributed to anyone in the United States without paying any fees or charges. If you are redistributing or providing access to a work with the phrase “Project Gutenberg” associated with or appearing on the work, you must comply either with the requirements of paragraphs 1.E.1 through 1.E.7 or obtain permission for the use of the work and the Project Gutenberg™ trademark as set forth in paragraphs 1.E.8 or 1.E.9.
1.E.3. If an individual Project Gutenberg™ electronic work is posted with the permission of the copyright holder, your use and distribution must comply with both paragraphs 1.E.1 through 1.E.7 and any additional terms imposed by the copyright holder. Additional terms will be linked to the Project Gutenberg™ License for all works posted with the permission of the copyright holder found at the beginning of this work.
1.E.4. Do not unlink or detach or remove the full Project Gutenberg™ License terms from this work, or any files containing a part of this work or any other work associated with Project Gutenberg™.
1.E.5. Do not copy, display, perform, distribute or redistribute this electronic work, or any part of this electronic work, without prominently displaying the sentence set forth in paragraph 1.E.1 with active links or immediate access to the full terms of the Project Gutenberg™ License.
1.E.6. You may convert to and distribute this work in any binary, compressed, marked up, nonproprietary or proprietary form, including any word processing or hypertext form. However, if you provide access to or distribute copies of a Project Gutenberg™ work in a format other than “Plain Vanilla ASCII” or other format used in the official version posted on the official Project Gutenberg™ website (www.gutenberg.org), you must, at no additional cost, fee or expense to the user, provide a copy, a means of exporting a copy, or a means of obtaining a copy upon request, of the work in its original “Plain Vanilla ASCII” or other form. Any alternate format must include the full Project Gutenberg™ License as specified in paragraph 1.E.1.
1.E.7. Do not charge a fee for access to, viewing, displaying, performing, copying or distributing any Project Gutenberg™ works unless you comply with paragraph 1.E.8 or 1.E.9.
1.E.8. You may charge a reasonable fee for copies of or providing access to or distributing Project Gutenberg™ electronic works provided that:
• You pay a royalty fee of 20% of the gross profits you derive from the use of Project Gutenberg™ works calculated using the method you already use to calculate your applicable taxes. The fee is owed to the owner of the Project Gutenberg™ trademark, but he has agreed to donate royalties under this paragraph to the Project Gutenberg Literary Archive Foundation. Royalty payments must be paid within 60 days following each date on which you prepare (or are legally required to prepare) your periodic tax returns. Royalty payments should be clearly marked as such and sent to the Project Gutenberg Literary Archive Foundation at the address specified in Section 4, “Information
