jvanname
commented
1 year ago I have posted the code for calculating $\rho{2,d}(F)$ at https://github.com/jvanname/spectralradiinai/blob/main/denseLSRDR. My recent research indicates that the $L{2,d}$-spectral radius (or something similar) can be applied to a few potentially very useful machine learning algorithms including word embeddings, graph embeddings, and dimensionality reductions. These machine learning algorithms are predictable in the sense that the gradient ascent process typically converges to the same local maximum. If the machine learning community would pick up the work on these algorithms, the research into Hashspin using the spectral radii will be done soon. I have already posted much of this research on circcashcore.com, and you can find the code and more explanation for the application of spectral radii to machine learning at https://github.com/jvanname/spectralradiinai
A higher value of $\rho{2,d}(F)$ indicates a greater amount of cryptographic security of a round function $F$. The value $\rho{2,d}(F)$ is a measure of security for all block cipher round functions, and the value $\rho{2,d}(F)$ has some sophisticated mathematics (such as quantum information theory) behind it, and there is computational evidence that there will be a sophisticated mathematical theory behind $\rho{2,d}(A_1,\dots,Ar)$. We therefore need to calculate $\rho{2,d}(F)$ for $F$ related to Hashspin to estimate the amount of cryptographic security that Hashspin really has.
We will need to use more memory and a little more computational power than we currently have to calculate $\rho{2,d}(F)$ for round functions $F$ related to the Hashspin block cipher. We have had some success in trying to approximate $\rho{2,d}(F)$ by training combinatorial circuits followed by neural networks, but it would be better if we had the full calculation of $\rho_{2,d}(F)$. The neural network approach tries to produce what it thinks is a good approximation for the dominant eigenvector while the full calculation reliably produces a good approximation for the dominant eigenvector, but the neural network approach may be all that we will be able to do if the block cipher $F$ is too large. Keep in mind that the neural network approach may still take a lot of computational resources to train, and the neural network approach does not seem to be effective when the round function is too complicated. For example, if we reduce the AES round function to a 16 bit, 2 S-box round function, then the neural network was unable to learn.
I will post the code for calculating $\rho_{2,d}(F)$ using neural networks soon, and I will make a corresponding post at circcashcore.org explaining the algorithms that I use (I will also clean up some of the code).
Mathematical background
If $A$ is a complex matrix (or more generally, a linear operator), then let $\rho(A)$ denote the spectral radius of $A$. If $(A_1,\dots,Ar)$ are complex matrices, then define the $L{2,d}$-spectral radius by letting $$\rho_{2,d}(A_1,\dots,A_r)=\max\{\frac{\rho(A_1\otimes X_1+\dots+A_r\otimes X_r)}{\rho(X_1\otimes\overline{X_1}+\dots+X_r\otimes\overline{X_r})}\mid X_1,\dots,X_r\in M_d(\mathbb{C}), \rho(X_1\otimes\overline{X_1}+\dots+X_r\otimes\overline{X_r})\neq 0\}.$$
If $F:K\times X\rightarrow X$ is a block cipher round function, then let $F_k:X\rightarrow X$ be the function defined by $F_k(x)=F(k,x)$ for $x\in X$ whenever $k\in K$. Let $\phi:SX\rightarrow V$ be the standard irreducible representation of the symmetric group. Then we define $\rho_{2,d}(F)=\rho\{2,d}((\phi(Fk))_{k\in K})$. A higher value of $\rho{2,d}(F)$ indicates a greater level of cryptographic security.