With the rapid development of intelligence, the password becomes the guarantee of normal operation of intelligent mechanism such as networks. The multivariate, multi-formalized and widely applied cryptographs have become an urgent need, and the production of various passwords also face to hard attackers. Classical studies of the password problem going back over 35 years (Morris and Thompson, 1979; Feldmeier and Karn, 1990; Klein, 1990) have shown that, as a result, human users tend to choose and handle alphanumeric passwords very insecurely . The following password problem is well known in the security community:
The password problem : (1) Passwords should be easy to remember, and the user authentication protocol should be executable quickly and easily by humans.
(2) Passwords should be secure, i.e. they should look random and should be hard to guess; they should be changed frequently, and should be different on different accounts of the same user; they should not be written down or stored in plain text.
The first idea for GPWs was described by Blonder (1996) . His approach was to let the user click, with a mouse or stylus, on a few chosen regions in an image that appeared on the screen. If the correct regions were clicked in, the user was authenticated, otherwise the user was rejected.
We think of giving users greater freedom, and greatly reflect personalized; exploring the relationship between facts and assumptions, there should be no gap between users and passwords.
“Graphical password” will be abbreviated as GPW, and “Topsnut-GPW” is the abbreviation of “Graphical passwords based on the idea of topological structure plus number theory”. We will use the knowledge of graph theory to design the so-called Topsnut-GPWs in .
GPW schemes have been proposed as a possible alternative to text-based schemes. Two principal research questions proposed by Wiedenbeck et al.  are stated below:
RQ 1: Are GPWs a viable alternative to alphanumeric passwords in terms of security, as well as password creation, learning, performance, and retention?
RQ 2: Are users’ perceptions of GPWs different from those of alphanumeric passwords?
How to answer the above problems? And furthermore can we meet more problems in researching GPWs?
Although people have designed many GPWs, no report tells us much of them were applied to business and practice (Ref. , , ). However, QR codes (they are referred as a printable computer language) can be considered as a type of GPWs that are used widely in the world, since it has the characteristics of large amount of information, strong error correcting ability, quick and comprehensive reading and so on. Clearly, QR code is a successful example of GPW’ applications in mobile devices by fast, relatively reliable and other functions. Unfortunately, some of people can use QR codes to design traps for good people, since many people can not know their own QR codes and can not input their own QR codes by hand. The generation, recognition, scanning, making, decoding and designing of QR codes have become popular, in other words, QR codes can not be used to those places requiring high-level security.
By our observation, the existing GPWs wants people to learn more and remember more, and are lack of individualization, transformation, and persistent knowledge, etc. Many GPWs are not equal to users such that users have no right to choose their own formats or to make some of their favorite passwords. Needless to say, improving GPWs must be required.
Ii The existing GPWs
Ii-a Basic constitutions of the existing GPWs
Login Screen in public or private places: one picture/image or a group of pictures/images, or an grid.
GPW’s Length: number of pictures/images, number of click-points (stylus-points); number of drawing traces in grid.
Order: order of pictures/images selected by users, order of positions in a series of click-points (resp. touch-points).
Personal replaceability: most of GPWs do not support personal replaceability frequently.
Geometric metric: geometric positions of click-points, touch-points, lines, curves in 2D-plane.
Transformation: alphanumeric passwords can be transformed into pictures/images, and vice versa.
Round number of authentication: most of GPWs have only one round authentication.
Compounding: Few number of GPWs consist of images and with alphanumeric passwords.
GPWs’ spaces: many GPWs have small spaces.
Pictures changed frequently: many of the existing GPWs’ have no such function.
We point out that for being suitable to large number of people, most of the existing GPWs contain no mathematical computation. Also, it seems difficult to let most of people like a fixed picture/image when they input their graphical passwords.
Ii-B Possible attacks to the existing GPWs
The existing attack types can be categorized as software attacks and non-software attacks including dictionary attack, shoulder surfing attack, hidden-camera spyware attack, social engineering attack, brute-force attack, intersection analysis attack, graphical dictionary attacks, guess attacks, smudge attacks, intersection analysis attack, and so on.
The most common of these attacks based on password space are common with the brute-force search and dictionary attack. Gao et al.  have summarized the main attacks to the existing GPWs as follows:
Shoulder surfing refers to someone using direct observation techniques to capture passwords.
Brute force attack is also known as exhaustive-search attack, since it involves systematically searching all possible elements in the theoretical password space until the correct one is found.
involves guessing passwords from an exhaustive list called a dictionary (from a pre-arranged list of values) which typically consisting of all passwords with higher possibility of being remembered easily, ordering from most to least probable.
Intersection attack is where all the password images are part of the challenge sets, and decoy icons are changed in each round. Intruders can use the intersection of two challenge sets to reveal the password images.
Social Engineering is a technique used by hackers or other attackers to gain access to seemingly secure systems through obtaining the needed information (for example, a username and password) from a person rather than breaking into the system through electronic or algorithmic hacking techniques. Social Engineering has: (i) tricking; (ii) phishing and pharming.
Spyware is a type of malware (malicious software) installed on computers that collects information about users without their knowledge. The presence spyware, which includes adware, Trojan horse, keystroke-loggers, mouse-loggers and screen-scrapers, is usually installed on a user’s personal computer without permission, is typically invisible to the user and difficult to detect. Spyware contains: (i) keystroke-loggers; (ii) mouse-loggers; (iii) screen-scrapers; (iv) other spyware.
In the end of the article , the authors point out: “(1) From a password scheme designer’s perspective, he must make his password scheme more secure and reliable, using methods where: Focus on increasing password entropy without sacrificing usability and memorability; minimize the pattern in the scheme; keyboard input or mouse click information not fixed for each login; add real-time SMS (Short Messaging Service) verification if necessary. (2) From a user’s perspective, he should make his password more secure by: Avoid pattern and easy password when set a password; use security antivirus software; not open unidentified web pages; not install suspicious plug-ins; not use websites requiring sensitive personal information in an insecure environment. However, for some systems which require high security levels, it is appropriate to sacrifice some usability to ensure the absolute security.”
Ii-C There are several rounds in the authentication of the existing GPWs
The authors in  introduce a so-called S3PAS for producing GPWs. This scheme seamlessly integrates both textual and GPWs and is resistant to shoulder-surfing, hidden-camera and spyware attacks. During the registration phase, users select a string as the original password. The length of depends on different environments and different security requirements. During password creation, at the th round, a user selects a letter/number in the th triangle with by and . After rounds, the user gets the desired password .
Topsnut-GPWs can be designed in many rounds in the process of authentication for meeting high security requirements.
Ii-D GPWs for mobile devices
Approaches to overcome limitations of a touch screen computer for graphical password designs.
The relationship between user password choices and the complexity of the background image.
The relationship between background image choice and successful authentication rate.
The relationship between tolerance rate and successful rate.
Security concerns of using GPW for touch screen devices.
Assess the future of GPW for touch screen devices.
Suo shows her GPW for mobile devices (see Fig. 1).
Iii Topsnut-GPWs for mobile devices
We use standard notation and terminology of graph theory that can be found in , in which there are many graph colorings were introduced and investigated by algorithmic methods. Gallian  presents a large survey on graph labellings, over 2000 papers collected. We present our investigation of GPWs on mobile devices by using Topsnut-GPWs based on the idea appeared in  and . In Fig.2, we show a screen for Topsnut-GPWs, in which there are three regions, we drag small circles from the left menu to the working region, and then drag a line or a curve to join some pairs of small circles in the working region. In the above procedure, small circles and lines (or curves) can automatically past to each other like that in Microsoft office Visio (see Fig. 3). The following process is to label the circles and lines with numbers or letters (see Fig. 4-Fig. 6).
In two articles  and , Wang et al. show an idea of “topological structures plus number theory” for designing new-type GPWs (abbreviated as Topsnut-GPWs), and have designed some Topsnut-GPWs in the techniques of graph theory. Wang et al.  are interesting on devising Topsnut-GPWs for mobile devices with touch screen, such as smart phones, iPad and those are popular hand-held touch devices. By their principle of “needing conditions as little as possible, maximizing users’ needs as large as possible” they develop Topsnut-GPWs for different accounts, easily remembering, frequently changing, embodying, individual favorite, withstanding popular attacks. Clearly, the key on generating Topsnut-GPWs is to increase usability and security simultaneously (Ref. ).
Let be a graph of graph theory, and be a coloring/labelling defined as , where is a subset of , and is an integer set. We call this labeled graph a Topsnut-GPW.
Fig.7 shows an edge that joins two vertices and , also, we call two vertices and as the ends of the edge . In graph theory, two vertices and can be joined by a line or a curve to form an edge , and they are drawn in 2D-plane by no requirements of geometric metrics. There are four Topsnut-GPWs shown in Fig.8, in fact, they are one Topsnut-GPW by the definition of Topsnut-GPWs. The development goals of Topsnut-GPWs are stated in the following:
1. Both users and authentication need little storage space.
2. User needs little scientific knowledge of mathematics, and authentication can identify more complex scientific knowledge of mathematics, chemistry, physics and biology.
3. Operate by human fingers on mobile devices with touch screen, which can be used at home or private places for resisting shoulder surfing attack or other physical attacks.
4. Only need small circles, line/curve segments (colored, colorless, continuous and dotted lines/curves); small circles and line segments can be dynamically connected up together, and latters/numerals can be marked on small circles and line/curve segments.
5. Part of Topsnut-GPWs can be privately customization, that is, let users construct and select their favorite and non-forgetting topological structures, as well as choose their own mathematical or non-mathematical techniques.
6. To achieve successfully transformation between low-level passwords and advanced passwords.
7. Pursuit of simple yet quick principles.
8. Inherit the advantages of traditional graphical cryptography and two-dimensional codes (QR code) as much as possible.
9. Take into account the emergence of intelligent graphical passwords (smart GPWs) for achieving sustainable development.
Iii-B Examples of Topsnut-GPWs
First example is shown in Fig.10, we can see how to generate a simple Topsnut-GPW.
A user is logging for his business, he got the first screen shown in Fig.10(A) after inputting his account. He dragged several small circles into the working region, see Fig.10(B), and labeled the small circles with numbers shown in Fig.10(C). The authentication shown in Fig.10(F) is a combined Topsnut-GPW made by a key Fig.10(D) and a lock Fig.10(E). This Topsnut-GPW was designed first in , called a twin odd-graceful labelling, and it has its own vertex labels
and its own edge labels form two odd-integer setsand . It is easy to see that the number labeled to an edge just equals the absolute value of difference of two numbers labeled to two small circles that are the ends of this edge.
In Fig.10, three steps (B), (C) and (D) can be arranged into other orders. For example, we can join some pairs of unlabeled small circles for making a topological structure selected by users, and then label the small circles (or lines or curves) with numbers. Different orders are very important, since they will meet the records in authentication.
Second example is shown in Fig.11. At the first step of log in, the user get three screens (a), (b) and (c), which will appear circularly before the user select one topological structure. The selected topological structure shown in Fig.11(d) is as the same as one shown in Fig.10(D). Next the user will label the small circles and lines of the topological structure with numbers such that three numbers labeled to an edge and two ends of the edge meet a predetermined requirement.
Iii-C Properties of Topsnut-GPWs
All of human activities can be expressed in “language” we have thought, where “language” is a combination of pictures, sounds, videos, scientific languages, scientific symbols, scientific knowledge, biological techniques, etc. So, Topsnut-GPW is a particular “language”, and can be considered as a platform for designing various Topsnut-GPWs.
The study of the “language” has the significance of graph theory and practical application. We have the following advantages of “language”:
There is a vast number of graphs with smaller orders (see ).
There exist enormous numbers of graph colorings and labellings in graph theory (see ). And new graph colorings/labellings come into being everyday.
For easy memory, some simpler operations like addition, subtraction, absolution and finite modular operations are applied.
There are many non-polynomial algorithms. For example, drawing non-isomorphic graphs is very difficult and non-polynomial; for a given graph, finding out all possible colorings/labellings are impossible, since these colorings/labellings are massive data. Many graph problems are NP-complete.
As known, tree structures can adapt to a large number of labellings, in addition to graceful labeling, no other labellings reported that were established in those tree structures having smaller vertex numbers by computer, almost no computer proof. Because construction methods are complex, this means that using computers to break down GPWs will be difficult greatly.
The number of one style of different labellings/colorings is large, and no method is reported to find out all of such labellings/colorings.
There are many mathematical conjectures (open problems) in graph labellings, such as the famous graceful tree conjecture, odd-graceful tree conjecture, etc.
Many labellings of trees are convertible to each other (see ).
Topsnut-GPWs are suitable to a wide range of people, since they have much interesting, strongly mathematical logic and many mathematical conjectures.
One key corresponds to more locks, or more keys corresponds to one lock only.
Topsnut-GPWs realize the coexistence of two or more labellings on a graph, which leads to the problem of multi-labelling decomposition of graphs, and brings new research objects and new problems to graph theory.
There are connections between Topsnut-GPWs and other type of passwords. For example, small circles in the Topsnut-GPWs can be equipped with fingerprints and other biological information requirements, and users’ pictures can be embedded in small circles, greatly reflects personalization.
Number theory, algebra and graph theory are the strong support to Topsnut-GPWs.
Topsnut-GPWs are easy to avoid non-software attacks, since people can use their mobile devices in private or semi-private places. However, Topsnut-GPWs should resist various spyware like Trojan horse viruses.
Iii-C2 Connections of Topsnut-GPWs
By means of graph labellings, Wang et al.  show some new graph labellings in the procedure of building Topsnut-GPWs such that a graph can admits two different labellings. Based on trees, Yao et al.  show the equivalent connections among eight different labellings under the set-ordered graceful condition.
Iii-D Construction of Topsnut-GPWs
We can apply many constructive techniques and graph colorings/labellings of graph theory on the Topsnut platform when we design a myriad of Topsnut-GPWs. An example shown in Fig. 12 introduce the connection between colorings of planar graphs. In Fig. 12, is a maximal planar graph having a 4-coloring and a 3-face-coloring; is a 3-regular planar graph obtained from ; the Klein four-group enables us to obtain having a proper 3-edge-coloring. The deletion of numbers of vertices and faces yields , and add one to the edge labels of under modular , where and , to get . By the same way in producing we can obtain . It is not hard to see that with , where is the label of edge of with . So, three Topsnut-GPWs , and form an Abelian additive graphical group of modular 3, and each can be considered as the unit element of this graphical group.
Iii-D1 Recursive graphs
We define a class of recursive graphs in the way:
Let be an operation defined on graphs. If each can be produced from by the operation , and is not generated by doing the operation to some graph, then we call a recursive -graph and a -root, as well as a recursive operation.
The recursive operations contain the triangularly edge-identifying operation, the triangularly embedded edge-overlapping operation and the triangularly single-edge-paste operation, and so on.
A triangularly embedded edge-overlapping operation (TEEoO) on maximal planar graphs is defined as: Let , be two maximal planar graphs, where has its own inner face bound and has its own outer face bound . We embed into such that the edge of the outer face bound of is overlapped with the edge of the inner face bound of into one, and do the same operation on the edges and , on the edges and . The resulting graph is called a TEEoO-graph, denoted as , and call a TEEoO-factor and a TEEoO-object. Clearly, any recursive maximal planar graph is a TEEoO-graph obtained by do a TEEoO to a inner face of a recursive maximal planar graph with the TEEoO-factor , namely, . In fact, any recursive maximal planar graph has the -root , where TEEoO (see an example shown in Fig. 13). Other two examples are Apollonian network model and recursive maximal planar graphs.
If a triangularly embedded edge-overlapping operation (TEEoO) based on maximal planar graphs, that is, the TEEoO-factor and the TEEoO-object are maximal planar graphs, then we say TEEoO will close many properties of the TEEoO-factor and the TEEoO-object, such as various 4-colorings. The same situations appear in the graphs made by the triangularly single-edge-paste operation. Sierpínski network model is constructed by another type of triangularly recursive operation.
Problem: (i) List recursive operations often used, and recursive -graphs appeared in networks.
(ii) For a recursive operation , we show the characters of the recursive -graphs and determine the -root .
Iii-D2 Xu’s methods based on maximal planar graphs
First of all, in designing Topsnut-GPWs, we introduce useful and powerful Xu’s methods in his articles [19, 20, 21, 22] on his mathematical proof of Four Color Conjecture. The reasons of establishing Topsnut-GPWs by using Xu’s methods are:
Easy to remember: use only 4 numbers (alternatively, 4 colors, or 4 letters, or 4 pictures, or 4 types of circles, etc.)
Maximal planar graphs have: (1) Normative standard, each face of any maximal planar graph is a triangle; (2) configuration complexity. Using computer to construct maximal planar graphs is generally irregular, and determining the number of non-isomorphic maximal planar graphs is NP-hard.
It is difficult to find all 4-colorings of a maximal planar graph. General attackers are not able to find 4-colorings of maximal planar graphs by computer. Nearly 50 years, only two reports by American scientists overcome the planar graph 4-coloring problem by computer and long working time.
Interchangeability. Topsnut-GPWs can be contractible and extensible; the operations of graph theory can implement conversions between low-level cryptography and high-level cryptography.
We show methods on maximal planar graphs for designing Topsnut-GPWs’ structures as follows.
Method 1. The dumbbell transformation ([20, 21]). Fig.15 (a) is called a dumbbell graph in Xu’s operation. We cut the vertex shown in Fig.15(a) into two subvertices for getting Fig.15 (b), and Fig.15 (c) is obtained by doing a dumbbell transformation to Fig.15 (b).
In Fig.15 (c), from a large cycle 3’4323’ to a small cycle 1’2141’ , and from the small cycle 1’2141’ to the center vertex 3, we can get an alphanumeric password 3’4323’1’2141’3’3’, it has 18 units. Moreover, based on a path in Fig.15 (c), we can get another alphanumeric password having 35 units.
Moreover, in Fig.17 (f), the path can yields an alphanumeric password with 35 units. Clearly, , although Fig.15 (a) coincides with Fig.17 (d). Moreover, in Fig.15 (c), we can use a path to get an alphanumeric password with 41 units, and another path in Fig.17 (f) to get another alphanumeric password such that . Or, we can use a cycle to make a long-unit alphanumeric password such that .
(3) Since there are many Xu’s dumbbell graphs in Fig.15 (c) and Fig.17 (f), we can implement the dumbbell transformation on these two Topsnut-GPWs for generating more complex Topsnut-GPWs and producing alphanumeric passwords having enough long units (they can be used to encrypt electronic documents, or to produce encryption keys) from these more complex Topsnut-GPWs.
Method 2. How many Topsnut-GPWs are there based on a maximal planar graph? In the view of authentication, this problem is very important such that two users have different Topsnut-GPWs if they have selected just the same maximal planar graph. A Kempe change is to exchange two colors of a connected component of a 2-coloring induced subgraph, and remain the colors of the other vertices unchanged in a colored graph. Two -colorings and of a -chromatic graph are called Kempe equivalent if can be obtained from by a sequence of Kempe changes. Xu, in his article , discover the Kempe’s equivalent class: Let be a -chromatic graph. is called a Kempe graph if all -colorings of are Kempe equivalent. And he studies the characteristics of Kempe maximal planar graphs, introduce the recursive domino method to construct Kempe maximal planar graphs, and propose two interesting conjectures. Xu partitions the Kempe equivalent classes of non-Kempe graphs into three classes: tree-type, cycle-type, and circular-cycle-type, and point out that all these three classes can exist simultaneously in the set of 4-colorings of one maximal planar graph .
Method 3. In Fig.18 and Fig.19, we show Xu’s Domino Extending-contracting Operational System . Xu’s methods can maintain the number of colors to be at most four in constructing planar graphs, and there are only two extending and contracting operations on 2-wheel, 3-wheel, 4-wheel and 5-wheel. Thereby, we say that Xu’s methods are simple and easy for users to make their Topsnut-GPWs, and can make more complex Topsnut-GPWs with hundred and thousand of vertices by the Domino Extending-contracting Operational System (DE-COS). Xu’s methods guarantee at most four colors are used in DE-COS.
Method 4. We define two particular operations: the offspring operation and the splitting operation on vertices of planar graphs as follows (ref. ):
(i) In Fig.20 (a), we split the vertex with its neighbor set (where is adjacent to by the clockwise direction in the plane for keeping the planarity) into two subvertices and delete the edges with and ; next we join with by an edge, and join with each of , and join with each vertex of , respectively. Here, shown in Fig.20 (b). The resulting graph is still a planar graph (see Fig.20 (b)). The above procedure is called “doing a split operation to the vertex ” and call Fig.20 (b) to be a splitting graph of Fig.20 (a).
Similarly, Fig.20 (d) is a splitting graph after doing a split operation to the vertex of Fig.20 (a), and we join with each of ; and join with each vertex of with , respectively. Here, and shown in Fig.20 (d).
(ii) In an offspring operation, suppose that has its neighbor set , where is adjacent to by the clockwise direction in the plane for keeping the planarity. The vertex gives birth to two vertices and , and joins with to form two edges, respectively. Next, we delete the the edges with and , and join with each vertex of , and join with each vertex of respectively. Here, shown in Fig.20 (c). The resulting graph shown in Fig.20 (c), call it an offspring graph of Fig.20 (a), and the process from Fig.20 (a) to Fig.20 (c) is called an offspring operation on the vertex .
Furthermore, for obtaining Fig.20 (e), we do an offspring operation on the vertex shown in Fig.20 (a), where has its neighbor set , where is adjacent to by the clockwise direction in the plane for keeping the planarity. Let join with its two birthes to yield two edges, and we delete the the edges with and and, we join with each vertex of ; and join with each vertex of with , respectively. Here, and shown in Fig.20 (e).
Method 5. The concept of the flip operation was introduced by Wagner . In 2001, Gao et al.  proved that every maximal planar graph with vertices contains at least flippable edges; and there exist some maximal planar graphs containing at most flappable edges. Moreover, Gao et al. showed that there were at least flippable edges in a maximal planar graph if .
In Fig.22, (b) is obtained from (a) by doing two split operations on two vertices ; and (c) is obtained from (b) by doing a split operation on vertex ; (d) is obtained from (c) by doing an offspring operation on vertex ; and (e) is obtained from (d) by doing two flip operations on two edges and , where two flip operations are to delete the edges and , and then join vertex with by an edge, next, join vertex with by an edge.
Iii-D3 Triangularly edge-identifying and edge-subdivision operations
Let be the set of planar graphs such that each one of has its outer face to be triangle and a proper 4-coloring.
In Fig. 24, indicates the left planar graph having a 4-coloring , indicates the right planar graph having a 4-coloring and is the bottom planar graph having a 4-coloring . We identify the edge of with the edge of into one edge denoted as , so we get a planar graph having it outer face , and then we identify the edge of with the edge of into one edge and identify the edge of with the edge of into one edge. Finally, we get a planar graph having a 4-coloring obtained by three 4-colorings , and . Clearly, the planar graph belongs to . We call the above procedure of building up a triangularly edge-identifying operation. Conversely, we can subdivide into and , call such operation a triangular edge-subdivision operation, also, is triangularly edge-subdivisible.
If the topological structures of and are isomorphic to each other, then is triangularly regular subdivisible.
We can use these tow operations to study some properties of maximal planar graphs.
(1) The triangularly edge-identifying operation and triangular edge-subdivision operation will close many properties of the TEEoO-factor and the TEEoO-object, such as various 4-colorings.
(2) The triangularly edge-identifying operation and triangular edge-subdivision operation can be generalized to planar graphs having non-triangular outer faces.
Iii-E Analysis of Topsnut-GPWs
Iii-E1 A general definition for Topsnut-GPWs
We use the function concept to present a general definition of Topsnut-GPWs as follows:
Let stand up a lock (authentication), be a key (password), and be the password rule (a procedure of authentication). The function represents the state of “a key open a lock through the password rule , and call directly a Topsnut-GPW.
A Topsnut-GPW contains three major aspects: pattern, order and structure, also, the mathematical principles. Let and be the domain and the range of the function , respectively. The complex of the Topsnut-GPW is determined by the password rule , the domain and the range . If one of cardinalities of and is the exponential form, then the complex of the Topsnut-GPW is not polynomial; if the password rule is NP-hard, thereby, so is the Topsnut-GPW too.
In visualization, a Topsnut-GPW is a labeled graph by a coloring/labelling belonging to a particular class . So, is defined as the basic difficulty of the Topsnut-GPW , where parameters , , graph properties and coloring/labellings belonging to .
Iii-E2 Methods to judge different Topsnut-GPWs
All topological structures used in Topsnut-GPWs are storage in computer by graph matrices. Four Topsnut-GPWs shown in Fig.8 correspond a graph matrix shown in Fig.25, and the graph matrix is not equal to the graph matrix shown in Fig.26. Thereby, graph matrices enable us to judge different Topsnut-GPWs.
Topsnut-GPWs can solve the problem of “one key open two or more locks, and one lock can be opened by two or more keys” (onekey-to-morelocks, onelock-to-morekeys). In general, the onelock-to-morekeys is a function
where is a lock, and each is a key for . Conversely, the onekey-to-morelocks is the inverse of the onelock-to-morekeys as follows
where is a key, and each is a lock with .
Iii-E4 Topsnut-GPW chains
We are given a sequence of Topsnut-GPWs such that with , where each key is obtained by the key , then the Topsnut-GPW is called an -rank Topsnut-GPW, the sequence is called a recursive Topsnut-GPW chain. Obviously, the greater value of and the more difficult to be break down, but the difficulty of users’ memory then increases. Also, we can define another Topsnut-GPW chain by with , or a Fibonacci Topsnut-GPW chain defined by with .
(1) It may be interesting to add the thought of Markov chain in Topsnut-GPW chains.
(2) Recursive planar -graphs , form a Topsnut-GPW chains under a recursive operation . Here, may be one of the triangularly edge-identifying operation, the triangularly embedded edge-overlapping operation and the triangularly single-edge-paste operation, and so on.
Iii-E5 Perfect -labeling graphs
We consider an interesting class of graphs as studying Topsnut-GPWs, we call such particular graphs as perfect -labeling graphs defined by: “Let -labeling be a given graph labelling, and let a connected graph have a -labeling. If every connected proper subgraph of also admits this -labeling, then we call a perfect -labeling graph.” As known, all caterpillars are (odd-)graceful, so each caterpillar is a perfect (odd-)graceful labeling graph. In fact, caterpillars admit many graph labellings. By the technique used in , we can show that all lobsters are perfect (odd-)graceful labeling graphs. We ask for: If every connected proper subgraph of a connected graph has a -labelling, then does admits this -labelling too? Clearly, a perfect -labeling graph (like a mother) can be used to produce a crowd of Topsnut-GPWs (like sons and girls). So, perfect -labeling graphs can be used to solve problems of one-key vs more-locks, or one-lock vs more-keys.
Iii-E6 Connection between the Topsnut-GPWs based on a graph
Suppose that a graph admits two different labellings with , where , and each holds a given restriction with (such as, is graceful, or odd-graceful, or edge-magic total and so on). So, we have two labeled graphs having labelling with , and we can have a correspondence between and such that for .
A similar investigation has appeared in .
Iii-E7 Dual labellings of Topsnut-GPWs
Many of Topsnut-GPWs made by graph labellings have their own dual labellings. Such dual labellings can be found in literature on graph labellings. We show an example in Fig.29 here, but presenting introduction in detail.
Iii-E8 Difficult rank/grades of Topsnut-GPWs
How to determine the difficult rank/grade of a Topsnut-GPW? We have no any existing method now. Clearly, we will probe deeply Topsnut-GPWs for getting more their properties and characteristics, for example, the length of a Topsnut-GPW, the round number of authentication, non-symmetrization, Topsnut-GPW chain, etc. And we should measure these properties by mathematical techniques in order to show scientific ranks for Topsnut-GPWs.
Iii-F Topsnut-GPWs’ spaces
Iii-F1 Topsnut-GPW’ graph-spaces
Wang et al. have worked out constructions of large scale of Topsnut-GPWs by given smaller scale Topsnut-GPWs (Ref. [9, 10, 11, 28, 29, 30]). Wang et al. have built up a Topsnut-GPW -space by a given basis graph and a given group of smaller scale Topsnut-GPWs such that each element of is denoted as , which is just a high-level Topsnut-GPW having at least vertices. We use to indicate the number of graphs of order , then Harary and Palmer  have shown the numbers of graphs of order (see Table-1)
We, often, use trees to produce Topsnut-GPWs, because trees admit many graph labellings . Let and be the numbers of non-isomorphic trees and rooted trees, respectively. We have the numbers of trees of order in the Table-2. Some particular Topsnut-GPWs need the help of digraphs (see Table-3).
Iii-F2 Coloring/labelling spaces
Iii-F3 Measuring Topsnut-GPWs’ spaces
A -graph is a graph having vertices and edges. The saying “distinct labellings ” means the distinct labellings belong to the class that contains ; similarly, the sentence “distinct colorings ” means the distinct colorings belong to the class that contains . However, the saying “different type labellings (resp. colorings)” means that a -graph has all of different type labellings (resp. colorings). We define the following basic metric parameters for measuring Topsnut-GPWs’ spaces:
, the number of non-isomorphic -graphs.
, the number of non-isomorphic digraphs having vertices and arcs.
, the number of non-isomorphic graphs of order .
, the number of non-isomorphic digraphs of order .
, the number of distinct labellings of a -graph for a special labelling .
, the number of distinct colorings of a graph .
, the number of distinct set-colorings of a graph .
, the number of different type colorings of a graph . Notice that for two -graphs and , in general.
, the number of different type labellings of a graph . In general for two -graphs and .
, the number of different type of set-colorings of a graph . In general for two -graphs and .
We have four types of line/curve, dot-line/curve, line circles, dot-line circles in our design of Topsnut-GPWs. In a -graph , we have different line and dot-line circles, and different line/curves and dot-line/curves. Roughly speaking, we have different expressions of a -graph . Thereby, the -graph can yield the number of distinct Topsnut-GPWs is
with . All -graphs can produce Topsnut-GPWs as follows
for . If we use colors to color lines and circles, we have Topsnut-GPWs based on a graph , and Topsnut-GPWs based on all -graphs.
We take trees of order 10 for computing . In table-2, we can see and . So, by the result due to Sheppard , each tree of order 10 has graceful labellings, that is, . We have
For all rooted trees of order 10, we have
As comparing, roughly saying, the earth sand amount is about , or (), which is 8 trillion to 13 trillion billion billion; and the number of stars in the most sophisticated telescope can be observed is about (). Suppose that there are ten billion people in the world, then so each person has ten billion Topsnut-GPWs; or for one hundred billion people, thus, each person has one hundred billion Topsnut-GPWs.
Since in Table-1 consist of 60-figure numbers, we can label a graph of order 24 by two or more styles, that means we can get digital passwords having more than 120-figures. In other words, we will wait for Xu’s computer , Probe Machine computer, to break down our Topsnut-GPWs.
Iv Conclusion and further researches
We have shown the constitution of the existing GPWs, and list several possible attack methods on the existing GPWs. We enjoy the Topsnut-GPWs made by the idea proposed by Wang et al., and focus on the Topsnut-GPWs used by mobile devices with touch screen. We can see that Topsnut-GPWs having personal customization, high cultural degree and intelligence will also appear and gradually replace, update, and improve the existing passwords. And the password flows and password groups will run on information networks. We say our Topsnut as a platform, called Topsnut-platform, and we consider Topsnut-GPWs as mathematical fingerprints. We can put some things into circles or lines on Topsnut-platform, and then join some pairs of circles to form a story having scientific techniques or life knowledge, and so on.
Iv-a Commercial GPWs
In , the authors mentioned: To date, there are only two commercial products of Drawmetric graphical password scheme. (1) An unlock scheme resembling a mini Pass-Go has been used to unlock screens on Google Android cell phones. (2) In the Window 8 system, Microsoft introduces a new graphical password. Where, V-GO is a commercial graphical password scheme developed by Passlogix based on Blonder’s idea. A similar technique, visKey, was developed by Sfr, and is a commercial version of PassPoints for the PPC (Pocket Personal Computer). This scheme is used for screen-unlock by tapping on a correct sequence of click-points with a stylus or finger. VisKey PPC combines easy handling with high security for mobile devices. Just a few clicks in a picture may offer a large theoretical password space. GrIDsure, a commercial product, is a graphical one-time PIN scheme, which makes PINs more resistant to shoulder-surfing attacks by using graphical passwords on a grid.
Gao et al. summarized: The two products of the Drawmetric graphical password scheme demonstrate clearly that commercial product schemes must be easy to remember, simple to operate, and apply to systems which require low security level.
Iv-B More elements for innovating Topsnut-GPWs
For the reason of revealing individuality, we can consider the following elements when producing Topsnut-GPWs.
Use rectangle, triangle, star, polygon to enrich ends of vertices.
Make topological structures by words (), see two Chinese character graphs (Hanzi-graphs) shown in Fig.30, and label these topological structures with numbers to devote interesting Topsnut-GPWs (see two examples shown in Fig. 31). We can prove that each tree can be decompose into Hanzi-graphs. However, we use a symbol to denote the smallest number of Hanzi-graphs that can be assembled into any tree having at least one edge, and want to compute the exact value of .
Use more mathematical knowledge in designing Topsnut-GPWs. For example, we can label small circles and lines/curves with functions, such as , , , etc.
Topological structures can be used to describe chemical structures, in other words, Topsnut-GPWs may be related with materials (see the left picture in Fig.32).
Use non-mathematical methods to designing Topsnut-GPWs. For example, numbered musical notation can form a Topsnut-GPW. In the song of Butterfly Lovers (also, Liangzhu, a beautiful story of Chinese love), the first three sections contain numbers , so we have a Topsnut-GPW shown in the right picture in Fig.32, in which there is a directed chain .
Label small circles and lines/curves with letters such that the Topsnut-GPWs forms a poem, an interesting sentence, and so on.
Iv-C Complex Topsnut-GPWs
The problem of graph set-colorings/labellings yields the so-called set-matrices in these set-matrices each element is a set only (see Fig.34).
Iv-D Biometric authentication
The so-called ”biometric” refers to the combination of computer and high-tech, the use of human inherent physiological characteristics (such as fingerprint, face and iris image, etc.) and behavioral characteristics (such as handwriting, voice, gait) for personal identification. At present, the fingerprint identification is more common.
Iv-E Related with mathematical problems
Is there a password that cannot be deciphered (broken down)? In other words, are there mathematical conjectures or mathematical problems that can not be proved?
Applied software. We believe that one can design some GPW application software that has very smaller volume, and can be planted into encrypted electronic documents in order to decrypt the encrypted electronic documents by users’ GPWs such that there is not needing to instal such softwares in mobile phones, iPads, and computers for reading users’ GPWs.
Unknown labellings determined to graphs. Most labellings are not determined to graphs, even trees and simpler graphs.
Unknown connections between labellings of a graph. It is not easy to find some connections between labellings of a graph, except special trees . In fact, we do not know how many graph labellings dose a given graph have, and furthermore we do not know all graph labellings at all.
Onekey-to-morelocks, onelock-to-morekeys. For a given key Topsnut-GPW, determine all of lock Topsnut-GPWs opened by this key; conversely, find all possible key Topsnut-GPWs to open a given lock Topsnut-GPW.
Set-matrices. Define operations to set-matrices, and find applications for them (see Fig.34).
Conjectures: We list several long-time conjectures of graph colorings/labellings in the following:
1. (Behzad, 1965) Total coloring conjecture: .
2. (Alexander Rosa, 1966)  Each tree is graceful.
3. (Bermond, 1979)  Every lobster is graceful.
4. (Truszczyński, 1984) All connected unicyclic graphs, except for or , are graceful.
5. (R.B. Gnanajothi, 1991)  Every tree is odd-graceful.
6. (Burris and Schelp, 1993, 1997) Vertex distinguishing edge coloring conjecture.
7. (Zhang Zhongfu, Liu Linzhong Wang Jianfang, 2002) Adjacent vertex distinguishing edge coloring conjecture.
8. (Zhang et al., 2008) Adjacent vertex distinguishing total coloring conjecture.
9. Unique 4-color maximal plane graph conjecture, 9-color conjecture .
10. (Bing Yao, 2005)  The odd-gracefulness of trees is equivalent to the gracefulness of trees.
11. (Yang et al., 2016)  A graph having a proper total colorings with four distinguishing constraints holds .
The conjecture “Each tree is graceful” is a famous graceful tree conjecture (GTC). However, GTC is open now, only few classes of graphs were verified to support GTC. It seems to be very difficult to show a graph having no graceful labelling. Zhou et al.  have proven: Every lobster is odd-graceful.
A maximal planar graph is 4-colorable if and only if four labelled triangles shown in Figure 35 can tile fully .
Iv-F The power law in passwords
Let be the number of the passwords, and let be the number of people who can remember their passwords. We guess that and obey the scale-free distribution, that is, we have the power law
Furthermore, we can get with , which is a balanced equation. However, no proof is reported for the equation (5) in our memory.
It has been mentioned in  that the power law of forgetting describes rapid forgetting soon after learning, followed by very slow drop-off thereafter (Bahrick, 1984; Wixted and Ebbesen, 1991). And most GPW schemes fall along the descending line in Eq. (5), where increased security implies decreased usability
. System-assigned passwords are generated randomly to preclude attacks exploiting skewed distributions and use larger portions of the theoretical password space, but have high usability costs: longer training times or increased likelihood that users forget passwords.
We, finally, claim that every thing can become a password, and it is just beginning for Topsnut-GPWs, except quantum networks in future.
We are grateful to the anonymous referees for their valuable and helpful comments which lead to the improvement of the paper. The author, Bing Yao, gratefully thank the National Natural Science Foundation of China under grants No. 61163054, No. 61363060 and No. 61662066 for supporting our research on new type of graphical passwords. The author, Jin Xu, is supported by National Key R&D Program of China (No. 2016YFB0800700), National 973 Program of China (2013CB329600)
-  Xiaoyuan Suo, Ying Zhu, G. Scott. Owen. Graphical Password: A Survey. In: Proceedings of Annual Computer Security Applications Conference (ACSAC), Tucson, Arizona. IEEE (2005) 463-472. (10 pages, 38 reference papers)
-  R. Biddle, S. Chiasson, and P.C. van Oorschot. Graphical passwords: Learning from the First Twelve Years. ACM Computing Surveys, 44(4), Article 19:1-41. Technical Report TR-09-09, School of Computer Science, Carleton University, Ottawa, Canada. 2009. (25 pages, 145 reference papers)
-  Haichang Gao, Wei Jia, Fei Ye and Licheng Ma. A Survey on the Use of Graphical Passwords in Security. Journal Of Software, Vol. 8, No. 7, July 2013, 1678-1698. (21 pages, 88 reference papers)
-  Joseph A. Gallian. A Dynamic Survey of Graph Labeling. The electronic journal of combinatorics, 17 (2016), # DS6. (440 pages, 2265 reference papers)
-  Susan Wiedenbeck, Jim Waters, Jean-Camille Birget, Alex Brodskiy, Nasir Memon. PassPoints: Design and longitudinal evaluation of a graphical password system. Int. J. Human-Computer Studies 63 (2005) 102-127.
-  Huanyu Zhao and Xiaolin Li. S3PAS: A Scalable Shoulder-Surfing Resistant Textual-Graphical Password Authentication Scheme. in 21st International Conference on Advanced Information Networking and Applications Workshops (AINAW’07). IEEE 2007, vol. 2. Canada, 2007, pp. 467-472.
-  G.E. Blonder. Graphical passwords. United States Patent 5559961, 1996.
-  J. A. Bondy, U. S. R. Murty. Graph Theory. Springer London, 2008.
Hongyu Wang, Jin Xu, Bing Yao. Exploring New Cryptographical Construction Of Complex Network Data. IEEE First International Conference on Data Science in Cyberspace. IEEE Computer Society, (2016):155-160.
-  Hongyu Wang, Jin Xu, Bing Yao. The Key-models And Their Lock-models For Designing New Labellings Of Networks.Proceedings of 2016 IEEE Advanced Information Management, Communicates, Electronic and Automation Control Conference (IMCEC 2016) 565-5568.
-  Hongyu Wang, Jin Xu, Bing Yao. Twin Odd-Graceful Trees Towards Information Security. Procedia Computer Science 107 (2017) 15-20, DOI: 10.1016/j.procs.2017.03.050
-  W. Jansen, S. Gavrila, V. Korolev, R. Ayers, and R. Swanstrom. Picture Password: A Visual Login Technique for Mobile Devices, NIST Report-NISTIR7030, 2003.
-  T. Takada, and H. Koike. Awase-E: Image-based authentication for mobile phones using user’s favorite images. Human-Computer Interaction with Mobile Devices and Services, vol. 2795, pp. 347-351, Springer-Verlag, GmbH, 2003.
-  P. Dunphy, A. P. Heiner, and N. Asokan. A closer look at recognition-based graphical passwords on mobile devices. In ACM Symposium on Usable Privacy and Security (SOUPS), July 2010.
-  Xiaoyuan Suo. A Study of Graphical Password for Mobile Devices. G. Memmi and U. Blanke (Eds.): MobiCASE 2013, LNICST 130, pp. 202-214, 2014. Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2014.
Jin Xu, Probe Machine. IEEE Transactions on Neural Networks and Learning Systems, 2016, 27(7): 1405-1416.
-  Sheppard, D.A. The factorial representation of balanced labeled graphs. Discrete Math. 15 (1976), 379-388.
-  Harary F. and Palmer E. M. Graphical enumeration. Academic Press, 1973.
-  Jin Xu. Theory on Structure and Coloring of Maximal Planar Graphs: (1) Recursion Formulae of Chromatic Polynomial and Four-Color Conjecture. Journal of Electronics and Information Technology. Vol.38 No.4, Jul. 2016, 763-770.
-  Jin Xu. Theory on Structure and Coloring of Maximal Planar Graphs: (2) Domino Configurations and Extending-Contracting Operations. Journal of Electronics and Information Technology. Vol.38 No.6, Jul. 2016, 1271-1327.
-  Jin Xu. Theory on Structure and Coloring of Maximal Planar Graphs: (3) Purely Tree-colorable and Uniquely 4-colorable Maximal Planar Graph Conjectures. Journal of Electronics and Information Technology. Vol.38 No.6, Jul. 2016, 1329-1353.
-  Jin Xu. Theory on Structure and Coloring of Maximal Planar Graphs: (4) -Operations and Kempe Equivalent Classes. Journal of Electronics and Information Technology. Vol.38 No.7, Jul. 2016, 1558-1585.
-  Alexander Rosa. On certain valuations of the vertices of a graph. Theory of Graphs (International Symposium in Rome in July 1966) pp. 349-355. Eds. Gordon and Breach, New York; Dunod, Paris, 1967.
-  J. C. Bermond. Graceful Graphs. Radio Antennae and French Windmills. Graph Theory and Combinatorics, pp. 13-37, Pitman, London, 1979.
-  M. Truszczyński. Graceful unicyclic graphs. Demonstatio Mathematica, 17 (1984), 377-387.
-  R.B. Gnanajothi. Topics in Graph Theory. Ph. D. Thesis, Madurai Kamaraj University, 1991.
-  Chao Yang, Bing Yao, Han Ren. A Note on Graph Proper Total Colorings with Many Distinguishing Constraints. Information processing letters V 16, 6 396-400. (2016)
-  Hongyu Wang, Bing Yao, Chao Yang, Sihua Yang, Xiang’en Chen, Ming Yao, Zhenxue Zhao. Edge-Magic Total Labellings Of Some Network Models. Applied Mechanics and Materials Vols. 347-350 (2013) 2752-2757. DOI:10.4028/www.scientific.net/AMM.347-350.2752.
-  Hongyu Wang, Bing Yao, Chao Yang, Sihua Yang, Xiang’en Chen. Labelling Properties Of Models Related with Complex Networks Based On Constructible Structures. Advanced Materials Research Vols. 765-767 (2013) 1118-1123. DOI:10.4028/www.scientific.net/AMR.765-767.1118.
-  Hongyu Wang, Jin Xu, Bing Yao. On Generalized Total Graceful labellings of Graphs. Ars Combinatoria, volume 139 July (2018). accepted
-  Wagner K. Bemerkungen zum vierfarbenproblem. Jahresbericht der Deutschen Mathematiker-Vereinigung, 1936, 46: 26-32.
-  Gao Z C, Urrutia J, and Wang J Y. Diagonal flips in labeled planar triangulations. Graphs and Combinatorics, 2004, 17(4): 647-656. doi: 10.1007/s003730170006.)
-  Bing Yao, Hui Sun, Xiaohui Zhang, Jingwen Li, Mingjun Zhang, Jianmin Xie, Ming Yao. Applying graph theory to graphical passwords. 2017 Academic Annual Conference, Specialized Committee Of Graph Theory And System Optimization, Chinese Society Of Electronics, Circuits And Systems, Tianjin University, August 12-13, 2017.
-  Bing Yao, Xia Liu and Ming Yao. Connections between labellings of trees. Bulletin of the Iranian Mathematical Society, ISSN: 1017-060X (Print) ISSN: 1735-8515 (Online), Vol. 43 (2017), 2, pp. 275-283.
-  Bing Yao, Hui Sun, Xiaohui Zhang, Jingwen Li, Meimei Zhao. Applying Graph Set-Labellings Having Constraint Sets Towards New Graphical Passwords. (2017) submitted
-  Bing Yao, Hui Sun, Xiaohui Zhang, Jingwen Li, Guanghui Yan. Graph Theory Towards Designing Graphical Passwords For Mobile Devices. submitted to 2017 IEEE 2nd Information Technology, Networking, Electronic and Automation Control Conference, (2017)
-  Xiangqian Zhou, Bing Yao, Xiang-en Chen and Haixia Tao. A proof to the odd-gracefulness of all lobsters. Ars Combinatoria 103 (2012), 13-18.
-  Bing Yao, Hui Sun, Meimei Zhao, Jingwen Li, Guanghui Yan. On Coloring/Labelling Graphical Groups For Creating New Graphical Passwords. submitted (2017)
-  Hui Sun, Xiaohui Zhang, Meimei ZHAO, Bing Yao. New Algebraic Groups Produced By Graphical Passwords Based On Colorings And Labellings. submitted (2017)
-  Bing Yao, Hui Sun, Xiaohui Zhang, Yarong Mu, Hongyu Wang, Jin Xu. New-type Graphical Passwords Made By Chinese Characters With Their Topological Structures. submitted (2017)