Compact and Unforgeable Key Establishment over an ATM Network
|
|
- Noel Evans
- 6 years ago
- Views:
Transcription
1 Compct nd Unforgeble Key Estblishment over n ATM Networ Yuling Zheng (Monsh University, Austrli) Hidei Imi (University of Toyo, Jpn) 1 Outline of the tl Motivtion of this reserch Introduction to signcryption Key mterils trnsport using signcryption 1
2 Session Key Estblishment A process for two prticipnts to gree upon freshly shred ey Dimensions security ginst vrious ttcs uthenticity v.s. identifiction unforgebility & non-repudition trnsport v.s. echnge secret v.s. public ey crypto ey distrib. center v.s. cert. uthority efficiency (msg length, # of moves, comp cost) 3 Asynchronous Trnsfer Mode (ATM) --- Motivtion of this Wor --- Cell switching Dt re plced into cells of fied-size (53 bytes), nd then trnsported over virtul circuits ATM cell structure 5 bytes 48 bytes (384 bits) heder pylod (dt) 4
3 Problem to be solved To trnsport encrypted ey mterils using single ATM cell with low computtionl cost in secure nd unforgeble wy without using KDC crypto-envelope ey mterils ey, ts or nonce 384-bit ATM cell pylod 5 Why using single ATM cell? If the encrypted version of ey mterils eceeds 384 bits, problems would occur : splitting dt buffering re-ssembling dt 6 3
4 Why focusing on public ey cryptosystems The problem CAN be solved using using secret ey or types of cryptosystems However, with such solution unforgebility cnnot be chieved without TTP/tmper-proof devices Key mngement is n issue Distribution Derivtion, nd/or Secure Storge 7 Why RSA encryption wouldn t wor 64 bits Using RSA encryption e mod n t lest 51 bits 8 4
5 Why ElGml encryption wouldn t wor 64 bits Using ElGml encryption ---DL over GF(p)--- g mod p t lest 64+51=576 bits 9 Why public ey signture + encryption wouldn t wor 64 bits Using signture + encryption ---RSA or ElGml --- sig e mod n/ g mod p > 51 bits 10 5
6 Why EC-signture+encryption wouldn t wor 64 bits Using Schnorr sig + ElGml enc ---DL over Elliptic Curve on GF( 160 )--- compressed representtion! r, s * g t lest 64+(80+160) + (160+1)=465 bits 11 Signcryption -- new prdigm Achieves the functions of digitl signture unforgebility & non-repudition encryption confidentility hs significntly smller comp. & comm. cost Cost (signcryption) << Cost (signture) + Cost (encryption) 1 6
7 In the pper & in world: Signture-then-Sel To chieve: uthenticity (unforgebility & non-repudition) To chieve: confidentility 13 Mgic Signcryption Envelope 14 7
8 In the digitl world (Alice to Bob): Signture-then-Encryption 1. Signture genertion Alice signs messge m using her secret ey, i.e. creting sig on m. m mod ep. Encryption Alice encrypts (m,sig) using DES with. Alice cretes nother dt so tht Bob cn recover. (Typiclly, Alice encrypts using Bob s public ey). mod ep m sig m sig 15 Why signture-then-encryption cn be problem Consider trnsction/messge of 5,10 bits (=640 chrs, 8 lines) tht requires high level security, or to be trnsmitted in 010 Very lrge moduli, sy of 510 bits, hve to be used 16 8
9 Why signture-then-encryption cn be problem (cnt d) If RSA with 510-bit composite is used Comp. cost: +=4 eponentitions mod (very lrge!) 510-bit integer Comm. overhed: 10,40 bits (twice s lrge s the originl messge!) 10,40 bits 5,10 bits 5,10 bits 5,10 bits messge sig e b 17 Why signture-then-encryption cn be problem (cnt d) If Schnorr sig & ElGml enc with 510-bit prime re used Comp. cost: 3+.17=5.17 (3+3=6) eponentitions mod (very lrge!) 510-bit integer Comm. overhed: >= 5560 bits 5,10 bits >=440 bits >=5,560 bits 5,10 bits messge sig g 18 9
10 Signcryption -- public & secret prmeters Public to ll p : lrge prime q : lrge prime fctor of p-1 g : 0<g<p & with order q mod p hsh: 1-wy hsh KH: eyed 1-wy hsh (E,D) : privte-ey encryption & decryption lgorithms Alice s eys : secret ey y : public ey (note : y = g mod p Bob s eys b : secret ey y b : public ey (note : y = g b mod p b ) ) 19 Signcryption -- n emple (SCS1) m (c,r,s) (c,r,s) m Signcrypt by Alice = hsh ( y b mod p ) where R {, 1K, q 1} 1 = ( ) r KH m s = mod q r + c = E ( m ) 1 output (c,r,s) Unsigncrypt by Bob r s b = hsh (( y g ) mod p) 1 m = D ( c ) 1 output m if r = KH ( m) "invlid" if r KH ( m) 0 10
11 Signcryption -- nother emple m (c,r,s) (c,r,s) m Signcrypt by Alice = hsh ( y b mod p ) where R {, 1K, q 1} 1 = ( ) r KH m s= ( r )mod q c = E ( m ) 1 output (c,r,s) Unsigncrypt by Bob r b = hsh(( g s y ) mod p) 1 m = D ( c ) 1 output m if r = KH ( m) "invlid" if r KH ( m) 1 Signcryption v.s. Signture-then- Encryption EXP= EXP=+ EXP=3+.17 m m m sig sig e b sig g () Signcryption bsed on DL (b) Signture-then-Encryption bsed on RSA (c) Signture-then-Encryption bsed on DL 11
12 Cost of Signture-then-Encryption v.s. Cost of Signcryption A simplistic comprison: Cost Comp Cost Schemes (No. of ep) Comm Overhed (bits) RSA bsed sig-then-enc + n + n b DL bsed Schnorr sig + ElGml enc DL bsed Signcryption (3 + 3) (1 + ) hsh + q + p KH + q 3 Signcryption v.s. Schnorr Sig + ElGml Enc (cnt d) p q KH sving in comp cost sving in comm overhed % 70.3 % % 76.8 % % 81.0 % % 85.3 % % 87.7 % % 90.1 % % 91.0 % % 9.0 % % 94.0 % % 96.0 % 4 1
13 Signcryption v.s. RSA p = n = n b q KH sving in comp cost sving in comm overhed % 78.9 % % 84.9 % % 88.3 % % 91.4 % % 93.0 % % 94.0 % % 95.0 % % 96.0 % % 97.0 % % 98.0 % 5 Applictions of Signcryption Bring to society huge svings in comp. & comm. if used widely in secure & uthenticted messge delivery / storge electronic commerce secure & uthenticted trnsctions secure & uthenticted multicst (incl. video conference, CSCW etc) fst, compct, secure, unforgeble & non-repudited ey trnsport 6 13
14 Direct trnsport of ey mterils in Short Pcet p 51, q 160, KH () 80 c r s TQ ey TQ + ey bits 80 bits 160 bits (, ) = hsh( y mod p) 1 with [, 1K, q 1] 64, 64 c = E ( ey, TQ) 1 R 1 r = KH ( ey, TQ, other) s = r + mod q b 7 Direct trnsport of ey mterils in single ATM cell ATM Cell 5 bytes 48 bytes (384 bits) heder pylod (dt) c r s 144 bits 80 bits 160 bits p 51, q 160, KH () 80 (, ) = hsh( y mod p) 1 with [, 1K, q 1] 64, 64 c = E ( ey, TQ) 1 R 1 r = KH ( ey, TQ, other) s = r + mod q b 8 14
15 Indirect trnsport of ey mterils in Short Pcet p 51, q 160, KH () 80 c r s TQ TQ bits 80 bits 160 bits (, ) = hsh( y mod p) 1 with R [, 1K, q 1] 64, 64 1 c = E ( TQ) 1 r = KH ( TQ, other) s = r + mod q b 9 Indirect trnsport of ey mterils in single ATM cell ATM Cell 5 bytes 48 bytes (384 bits) heder pylod (dt) p 51, q 160, KH () 80 (, ) = hsh( y mod p) 1 with R [, 1K, q 1] 64, 64 1 b occupied c r s 80 bits 160 bits c = E ( TQ) 1 r = KH ( TQ, other) s = r + mod q 30 15
16 Dimensions to be considered Direct v.s. Indirect ey trnsport Direct ey mteril trnsport rndom session ey is eplicitly included in ey mterils Indirect ey mteril trnsport rndom session ey is to be derived from ey mterils Ensuring Freshness using time-stmp, or nonce 31 4 Types of Key Trnsport Protocols Time-vrying Quntity Nonce nonce bsed direct (3 moves) nonce bsed indirect (3 moves) Time stmp (+nonce) time-stmp bsed direct ( moves) direct time-stmp bsed indirect ( moves) indirect Trnsport Mode 3 16
17 Direct ey trnsport using nonce (for unicst) Alice c = E ( ey) 1 r = KH ( ey, NC, etc) b s= /( r+ )modq Bob <= NC b <= Pic nonce NC b => c, r, s => unsigncrypt verify tg <= tg <= (optionl) tg = MAC ey (NC b ) 33 Direct ey trnsport using time-stmp (for unicst) Alice Bob c= E ( ey, TS) 1 r = KH ( ey, TS, etc) s= /( r+ )modq => c, r, s => unsigncrypt, nd chec the freshness of TS verify tg <= tg <= (optionl) tg = MAC ey (TS) 34 17
18 Indirect ey trnsport using time-stmp ( moves) Alice Bob c = E ( TS) 1 r = KH ( TS, etc) s= /( r+ )modq => c, r, s => unsigncrypt, nd chec the freshness of TS ey = KH TS 1, ( ) <= tg <= ey = KH TS 1, ( ) verify tg (optionl) tg = MAC ey (TS,1) 35 How to obtin ey echnge protocols Let Bob s dt or ID be involved in the derivtion of session ey E.g. ey* = KH ey (NC b ) ey* = KH ey (ID b ) ey* = KH ey (NC b,id b ) Let both Alice & Bob generte ey & echnge ey mterils (which chieves mutul identifiction)
19 Direct ey echnge using nonce (for unicst) Alice <= NC b <= Bob Pic nonce NC b c = E ( ey) 1 r = KH ( ey, NC, etc) b s= /( r+ )modq => c, r, s => unsigncrypt unsigncrypt <= c*, r*, s* <= c* = E ey * ( *) 1 r* = KH ey ey etc * ( *,, ) s* = */( r* + )modq b 37 ATM Forum Proposls Two protocols, both bsed on X.509 -wy protocol 3-wy protocol Correspondence ATM -wy <=> direct ey echnge using time-stmp ATM 3-wy <=> direct ey echnge using nonce 38 19
20 ATM Forum -Wy Protocol (bsed on sign-then-enc) Alice ID, ID, SecOpt,{ T, R,{ Enc ( ConfPr )}, b Kb Sig ( hsh( ID, ID, T, R, SecOpt,{ ConfPr }))} K b Bob ID, ID, R,{ Enc ( ConfPr )}, b K b Sig ( hsh( ID, ID, R,{ ConfPr }))} Kb b b 39 ATM Forum 3-Wy Protocol (bsed on sign-then-enc) Alice Bob ID,{ IDb}, R, SecNeg,{ Cert} ID, ID, SecNeg,{ Cert },{ R, R,{ Enc ( ConfPr )}, b b b b K b Sig ( hsh( ID, ID, R, R, SecNeg, SecNeg,{ ConfPr }))} Kb b b b b ID, ID, R,{ Enc ( ConfPr )}, b b Kb Sig ( hsh( ID, ID, R,{ ConfPr }))} K b b 40 0
21 Advntges of Our Signcryption bsed Protocols over ATM Forum s Significnt svings in computtionl time nd communiction overhed 41 Comprison with Beller-Ycobi protocol Attributes protocols Beller- Ycobi Comp. Cost (# of ep) (1 + 4) Longest Msg >= 51 bits Pre comp. Yes Our protocols (1 + ) < = 384 bits Yes* * Only when Alice nows whom to communicte with 4 1
22 About Forwrd Secrecy Forwrd secrecy w.r.t. prticipnt compromise of the prticipnt s long term secret ey does NOT result in the eposure of pst session eys Beller-Ycobi protocol YES w.r.t. Alice, NO w.r.t. Bob Our protocols NO w.r.t. either Alice or Bob 43 About Forwrd Secrecy (cnt d) Forwrd secrecy w.r.t. Alice CAN be obtined in our proposls by ming Alice s long term secret ey hrd to compromise E.g. secret shring, mthemticlly nd/or physiclly 44
23 Etensions the proposed protocols cn be etended to multi-cst conference ey estblishment Bob Alice Cthy Dvid 45 Direct multicst ey trnsport using nonce Alice & ech R i, I=1,,t NC = NC NC t Alice: l1 l ey R { 01, }, R { 01, } h = KH ( ey, NC, etc) c = E ( ey, h) for ech i = 1,.., t vi R [ 1,..., q 1] vi ( i, 1, i, ) = hsh( yi mod p) ci = E ( ) i, 1 ri = KH ( h, etc i i), v i si = mod q r + i Alice & ech R i, I=1,,t verify tg 1,.., tg t NC 1 <=.. <= NC t c c 1, r 1, s 1 =>... => c t,r t,s t tg 1 <=. <= tg t (optionl) Ech R i, I=1,,t Pic nonce NC b Ech R i, I=1,,t finds out (c, c i,r i,s i ) & unsigncrypt it Ech R i, I=1,,t tg i =MAC ey (NC i ) 46 3
24 Direct multicst ey trnsport using time-stmp Alice: for ech i = 1,.., t vi R [,..., 1 q 1] vi ( i, 1, i, ) = hsh( yi mod p) l1 l ey R { 01, }, R { 01, } get time stmp TS h = KH ( ey, TS, etc) c = E ( ey, TS, h) for ech i = 1,.., t ci = E ( ) i, 1 ri = KH ( h, etc i i), v i si = mod q r + i c c 1, r 1, s 1 => => c t,r t,s t Ech R i, I=1,,t finds out (c, c i,r i,s i ) & unsigncrypt it Alice & ech R i, I=1,,t verify tg 1,.., tg t tg 1 <=. <= tg t (optionl) Ech R i, I=1,,t tg i =MAC ey (TS,ID i ) 47 Speeding-up through Rndomiztion R i my decide, in probbilistic fshion whether or not generting NC i whether or not multicsting tg i Similrly, Alice nd ech R i my rndomly choose subset of tgs received for verifiction 48 4
25 Summry ddressed the problem of unforgeble ey estblishment in smll pcets s.. ATM cells solved the problem using signcryption Potentil pplictions: high speed networs smrt crd bsed security solutions mobile communictions, 49 5
Anonymous signature scheme
Anonymous signture scheme Chunbo M nd Jun Ao School of Informtion nd Communiction, Guilin University of Electronic Technology, Guilin, Gungxi, 54004, P R Chin mchunbo@gueteducn Abstrct In order to hide
More informationWeakness of Shim s New ID-based Tripartite. Multiple-key Agreement Protocol
Wekness of Shim s New ID-bsed Triprtite Multiple-key greement Protocol Jue-Sm hou* hu-hsing Lin** nd hi-hung hiu** jschou@mil.nhu.edu.tw chlin@thu.edu.tw hdilwy@islb.csie.thu.edu.tw *Deprtment of Informtion
More informationGeneralized Fano and non-fano networks
Generlized Fno nd non-fno networks Nildri Ds nd Brijesh Kumr Ri Deprtment of Electronics nd Electricl Engineering Indin Institute of Technology Guwhti, Guwhti, Assm, Indi Emil: {d.nildri, bkri}@iitg.ernet.in
More informationLecture 8. Public Key Cryptography (Diffie-Hellman and RSA)
Lecture 8 Pulic Key Crytogrhy (Diffie-Hellmn nd RSA) 1 Pulic Key Crytogrhy Asymmetric crytogrhy Inented in 1974-1978 (Diffie-Hellmn nd Riest-Shmir- Adlemn) To keys: rite (SK), ulic (PK) Encrytion: ith
More informationNow we use what we learn to enter a world of secrecy.
Now we use wht we lern to enter world of secrecy. Trnsmitting messges secretly nd conveniently is business s old s our lnguges. Julius Cesr (~400BC), for instnce, encoded messges by shifting ech letter
More information5.7 Improper Integrals
458 pplictions of definite integrls 5.7 Improper Integrls In Section 5.4, we computed the work required to lift pylod of mss m from the surfce of moon of mss nd rdius R to height H bove the surfce of the
More informationCS 267: Automated Verification. Lecture 8: Automata Theoretic Model Checking. Instructor: Tevfik Bultan
CS 267: Automted Verifiction Lecture 8: Automt Theoretic Model Checking Instructor: Tevfik Bultn LTL Properties Büchi utomt [Vrdi nd Wolper LICS 86] Büchi utomt: Finite stte utomt tht ccept infinite strings
More informationDesign and Implementation of Fast Multiplication Algorithms in Public Key Cryptosystems for Smart Cards
Design nd Implementtion of Fst Multipliction lgorithms in Public Key Cryptosystems for Smrt Crds G. Joseph nd W.T. Penzhorn bstrct Most prcticl public-ey cryptosystems re bsed on modulr exponentition.
More informationFinite Field Arithmetic and Implementations. Xinmiao Zhang Case Western Reserve University
Finite Field Arithmetic nd Implementtions Xinmio Zhng Cse Western Reserve University Applictions of Finite Field Arithmetic Error-correcting codes Hmming codes BCH codes Reed-Solomon codes Low-density
More informationDecision Networks. CS 188: Artificial Intelligence. Decision Networks. Decision Networks. Decision Networks and Value of Information
CS 188: Artificil Intelligence nd Vlue of Informtion Instructors: Dn Klein nd Pieter Abbeel niversity of Cliforni, Berkeley [These slides were creted by Dn Klein nd Pieter Abbeel for CS188 Intro to AI
More informationExtended nonlocal games from quantum-classical games
Extended nonlocl gmes from quntum-clssicl gmes Theory Seminr incent Russo niversity of Wterloo October 17, 2016 Outline Extended nonlocl gmes nd quntum-clssicl gmes Entngled vlues nd the dimension of entnglement
More informationStudent Activity 3: Single Factor ANOVA
MATH 40 Student Activity 3: Single Fctor ANOVA Some Bsic Concepts In designed experiment, two or more tretments, or combintions of tretments, is pplied to experimentl units The number of tretments, whether
More informationElliptic Curves. Giulia Mauri. Politecnico di Milano website:
Elliptic Curves Giulia Mauri Politecnico di Milano email: giulia.mauri@polimi.it website: http://home.deib.polimi.it/gmauri May 13, 2015 Giulia Mauri (DEIB) Exercises May 13, 2015 1 / 34 Overview 1 Elliptic
More informationIs there an easy way to find examples of such triples? Why yes! Just look at an ordinary multiplication table to find them!
PUSHING PYTHAGORAS 009 Jmes Tnton A triple of integers ( bc,, ) is clled Pythgoren triple if exmple, some clssic triples re ( 3,4,5 ), ( 5,1,13 ), ( ) fond of ( 0,1,9 ) nd ( 119,10,169 ). + b = c. For
More information1 Structural induction
Discrete Structures Prelim 2 smple questions Solutions CS2800 Questions selected for Spring 2018 1 Structurl induction 1. We define set S of functions from Z to Z inductively s follows: Rule 1. For ny
More informationCryptography and Security Final Exam
Cryptography and Security Final Exam Serge Vaudenay 17.1.2017 duration: 3h no documents allowed, except one 2-sided sheet of handwritten notes a pocket calculator is allowed communication devices are not
More informationA recursive construction of efficiently decodable list-disjunct matrices
CSE 709: Compressed Sensing nd Group Testing. Prt I Lecturers: Hung Q. Ngo nd Atri Rudr SUNY t Bufflo, Fll 2011 Lst updte: October 13, 2011 A recursive construction of efficiently decodble list-disjunct
More information1 Online Learning and Regret Minimization
2.997 Decision-Mking in Lrge-Scle Systems My 10 MIT, Spring 2004 Hndout #29 Lecture Note 24 1 Online Lerning nd Regret Minimiztion In this lecture, we consider the problem of sequentil decision mking in
More informationLecture 22: RSA Encryption. RSA Encryption
Lecture 22: Recall: RSA Assumption We pick two primes uniformly and independently at random p, q $ P n We define N = p q We shall work over the group (Z N, ), where Z N is the set of all natural numbers
More informationCryptanalysis of Substitution-Permutation Networks Using Key-Dependent Degeneracy *
Cryptnlysis of Substitution-Permuttion Networks Using Key-Dependent Degenercy * Howrd M. Heys Electricl Engineering, Fculty of Engineering nd Applied Science Memoril University of Newfoundlnd St. John
More informationA027 Uncertainties in Local Anisotropy Estimation from Multi-offset VSP Data
A07 Uncertinties in Locl Anisotropy Estimtion from Multi-offset VSP Dt M. Asghrzdeh* (Curtin University), A. Bon (Curtin University), R. Pevzner (Curtin University), M. Urosevic (Curtin University) & B.
More informationResources. Introduction: Binding. Resource Types. Resource Sharing. The type of a resource denotes its ability to perform different operations
Introduction: Binding Prt of 4-lecture introduction Scheduling Resource inding Are nd performnce estimtion Control unit synthesis This lecture covers Resources nd resource types Resource shring nd inding
More informationCOMPUTER SCIENCE TRIPOS
CST.2011.2.1 COMPUTER SCIENCE TRIPOS Prt IA Tuesdy 7 June 2011 1.30 to 4.30 COMPUTER SCIENCE Pper 2 Answer one question from ech of Sections A, B nd C, nd two questions from Section D. Submit the nswers
More informationPublic Key Cryptography
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Public Key Cryptography EECE 412 1 What is it? Two keys Sender uses recipient s public key to encrypt Receiver uses his private key to decrypt
More informationMarch 19: Zero-Knowledge (cont.) and Signatures
March 19: Zero-Knowledge (cont.) and Signatures March 26, 2013 1 Zero-Knowledge (review) 1.1 Review Alice has y, g, p and claims to know x such that y = g x mod p. Alice proves knowledge of x to Bob w/o
More information13: Diffusion in 2 Energy Groups
3: Diffusion in Energy Groups B. Rouben McMster University Course EP 4D3/6D3 Nucler Rector Anlysis (Rector Physics) 5 Sept.-Dec. 5 September Contents We study the diffusion eqution in two energy groups
More informationCS 188: Artificial Intelligence Fall 2010
CS 188: Artificil Intelligence Fll 2010 Lecture 18: Decision Digrms 10/28/2010 Dn Klein C Berkeley Vlue of Informtion 1 Decision Networks ME: choose the ction which mximizes the expected utility given
More informationFundamental Theorem of Calculus
Fundmentl Theorem of Clculus Recll tht if f is nonnegtive nd continuous on [, ], then the re under its grph etween nd is the definite integrl A= f() d Now, for in the intervl [, ], let A() e the re under
More informationJin-Fu Li. Department of Electrical Engineering National Central University Jhongli, Taiwan
Trnsprent BIST for RAMs Jin-Fu Li Advnced d Relible Systems (ARES) Lb. Deprtment of Electricl Engineering Ntionl Centrl University Jhongli, Tiwn Outline Introduction Concept of Trnsprent Test Trnsprent
More informationBasics in Cryptology. Outline. II Distributed Cryptography. Key Management. Outline. David Pointcheval. ENS Paris 2018
Basics in Cryptology II Distributed Cryptography David Pointcheval Ecole normale supérieure, CNRS & INRIA ENS Paris 2018 NS/CNRS/INRIA Cascade David Pointcheval 1/26ENS/CNRS/INRIA Cascade David Pointcheval
More informationRSA and Rabin Signatures Signcryption
T-79.5502 Advanced Course in Cryptology RSA and Rabin Signatures Signcryption Alessandro Tortelli 26-04-06 Overview Introduction Probabilistic Signature Scheme PSS PSS with message recovery Signcryption
More informationLecture 20: Numerical Integration III
cs4: introduction to numericl nlysis /8/0 Lecture 0: Numericl Integrtion III Instructor: Professor Amos Ron Scribes: Mrk Cowlishw, Yunpeng Li, Nthnel Fillmore For the lst few lectures we hve discussed
More informationGlobal Types for Dynamic Checking of Protocol Conformance of Multi-Agent Systems
Globl Types for Dynmic Checking of Protocol Conformnce of Multi-Agent Systems (Extended Abstrct) Dvide Ancon, Mtteo Brbieri, nd Vivin Mscrdi DIBRIS, University of Genov, Itly emil: dvide@disi.unige.it,
More informationSection 4: Integration ECO4112F 2011
Reding: Ching Chpter Section : Integrtion ECOF Note: These notes do not fully cover the mteril in Ching, ut re ment to supplement your reding in Ching. Thus fr the optimistion you hve covered hs een sttic
More informationp-adic Egyptian Fractions
p-adic Egyptin Frctions Contents 1 Introduction 1 2 Trditionl Egyptin Frctions nd Greedy Algorithm 2 3 Set-up 3 4 p-greedy Algorithm 5 5 p-egyptin Trditionl 10 6 Conclusion 1 Introduction An Egyptin frction
More informationFUNCTIONS OF α-slow INCREASE
Bulletin of Mthemticl Anlysis nd Applictions ISSN: 1821-1291, URL: http://www.bmth.org Volume 4 Issue 1 (2012), Pges 226-230. FUNCTIONS OF α-slow INCREASE (COMMUNICATED BY HÜSEYIN BOR) YILUN SHANG Abstrct.
More informationApplication of Belief Propagation to Trust and Reputation Management
Appliction of Belief Propgtion to Trust nd Reputtion Mngement Ermn Aydy School of Electricl nd Comp. Eng. Georgi Institute of Technology Atlnt, GA 333, USA Emil: eydy@gtech.edu Frmrz Feri School of Electricl
More informationCS 188: Artificial Intelligence
CS 188: Artificil Intelligence Lecture 19: Decision Digrms Pieter Abbeel --- C Berkeley Mny slides over this course dpted from Dn Klein, Sturt Russell, Andrew Moore Decision Networks ME: choose the ction
More informationLecture 15 November 19, 2001
Lecure 5 November 9, 00 HW Auhenicion & Idenificion Secre Shring Blind signures e-cshe /0/0 Gene Tsudi, ICS 68 Fll 00 Fi-Shmir ID Scheme, q lrge rimes n q securiy rmeer Publics : n,, ID x mod n Secres
More informationGlobal Session Types for Dynamic Checking of Protocol Conformance of Multi-Agent Systems
Globl Session Types for Dynmic Checking of Protocol Conformnce of Multi-Agent Systems (Extended Abstrct) Dvide Ancon, Mtteo Brbieri, nd Vivin Mscrdi DIBRIS, University of Genov, Itly emil: dvide@disi.unige.it,
More informationPerfectly-Secret Encryption
Perfectly-Secret Encryption CSE 5351: Introduction to Cryptography Reading assignment: Read Chapter 2 You may sip proofs, but are encouraged to read some of them. 1 Outline Definition of encryption schemes
More informationFactoring RSA moduli with weak prime factors
Fctoring RSA moduli with we prime fctors Abderrhmne Nitj 1 nd Tjjeeddine Rchidi 2 1 Lbortoire de Mthémtiques Nicols Oresme Université de Cen Bsse Normndie, Frnce bderrhmne.nitj@unicen.fr 2 School of Science
More informationNew data structures to reduce data size and search time
New dt structures to reduce dt size nd serch time Tsuneo Kuwbr Deprtment of Informtion Sciences, Fculty of Science, Kngw University, Hirtsuk-shi, Jpn FIT2018 1D-1, No2, pp1-4 Copyright (c)2018 by The Institute
More informationInterpreting Integrals and the Fundamental Theorem
Interpreting Integrls nd the Fundmentl Theorem Tody, we go further in interpreting the mening of the definite integrl. Using Units to Aid Interprettion We lredy know tht if f(t) is the rte of chnge of
More informationSummary of equations chapters 7. To make current flow you have to push on the charges. For most materials:
Summry of equtions chpters 7. To mke current flow you hve to push on the chrges. For most mterils: J E E [] The resistivity is prmeter tht vries more thn 4 orders of mgnitude between silver (.6E-8 Ohm.m)
More informationFrobenius numbers of generalized Fibonacci semigroups
Frobenius numbers of generlized Fiboncci semigroups Gretchen L. Mtthews 1 Deprtment of Mthemticl Sciences, Clemson University, Clemson, SC 29634-0975, USA gmtthe@clemson.edu Received:, Accepted:, Published:
More informationActor-Critic. Hung-yi Lee
Actor-Critic Hung-yi Lee Asynchronous Advntge Actor-Critic (A3C) Volodymyr Mnih, Adrià Puigdomènech Bdi, Mehdi Mirz, Alex Grves, Timothy P. Lillicrp, Tim Hrley, Dvid Silver, Kory Kvukcuoglu, Asynchronous
More informationCS-E4320 Cryptography and Data Security Lecture 11: Key Management, Secret Sharing
Lecture 11: Key Management, Secret Sharing Céline Blondeau Email: celine.blondeau@aalto.fi Department of Computer Science Aalto University, School of Science Key Management Secret Sharing Shamir s Threshold
More information1. Extend QR downwards to meet the x-axis at U(6, 0). y
In the digrm, two stright lines re to be drwn through so tht the lines divide the figure OPQRST into pieces of equl re Find the sum of the slopes of the lines R(6, ) S(, ) T(, 0) Determine ll liner functions
More information1.2. Linear Variable Coefficient Equations. y + b "! = a y + b " Remark: The case b = 0 and a non-constant can be solved with the same idea as above.
1 12 Liner Vrible Coefficient Equtions Section Objective(s): Review: Constnt Coefficient Equtions Solving Vrible Coefficient Equtions The Integrting Fctor Method The Bernoulli Eqution 121 Review: Constnt
More informationKurosawa-Desmedt Meets Tight Security
Kurosw-Desmedt Meets Tight Security Romin Gy (École normle supérieure) Dennis Hofheinz (Krlsruhe Institute of Technology) Lis Kohl (Krlsruhe Institute of Technology) 1 Scenrio All illustrtions by John
More informationMVP: An Efficient Anonymous E-voting Protocol
MVP: An Efficient Anonymous E-voting Protocol You Zhou Yin Zhou Shigng Chen Smuel S. Wu Deprtment of Computer & Informtion Science & Engineering Deprtment of Biosttistics University of Florid, Ginesville,
More informationCIS 6930/4930 Computer and Network Security. Topic 5.2 Public Key Cryptography
CIS 6930/4930 Computer and Network Security Topic 5.2 Public Key Cryptography 1 Diffie-Hellman Key Exchange 2 Diffie-Hellman Protocol For negotiating a shared secret key using only public communication
More informationMATH FIELD DAY Contestants Insructions Team Essay. 1. Your team has forty minutes to answer this set of questions.
MATH FIELD DAY 2012 Contestnts Insructions Tem Essy 1. Your tem hs forty minutes to nswer this set of questions. 2. All nswers must be justified with complete explntions. Your nswers should be cler, grmmticlly
More information5.2 Volumes: Disks and Washers
4 pplictions of definite integrls 5. Volumes: Disks nd Wshers In the previous section, we computed volumes of solids for which we could determine the re of cross-section or slice. In this section, we restrict
More informationHow to Use Short Basis : Trapdoors for Hard Lattices and new Cryptographic Constructions
Presentation Article presentation, for the ENS Lattice Based Crypto Workgroup http://www.di.ens.fr/~pnguyen/lbc.html, 30 September 2009 How to Use Short Basis : Trapdoors for http://www.cc.gatech.edu/~cpeikert/pubs/trap_lattice.pdf
More informationCzechoslovak Mathematical Journal, 55 (130) (2005), , Abbotsford. 1. Introduction
Czechoslovk Mthemticl Journl, 55 (130) (2005), 933 940 ESTIMATES OF THE REMAINDER IN TAYLOR S THEOREM USING THE HENSTOCK-KURZWEIL INTEGRAL, Abbotsford (Received Jnury 22, 2003) Abstrct. When rel-vlued
More informationLecture 19: Public-key Cryptography (Diffie-Hellman Key Exchange & ElGamal Encryption) Public-key Cryptography
Lecture 19: (Diffie-Hellman Key Exchange & ElGamal Encryption) Recall In private-key cryptography the secret-key sk is always established ahead of time The secrecy of the private-key cryptography relies
More informationSCHOOL OF ENGINEERING & BUILT ENVIRONMENT. Mathematics
SCHOOL OF ENGINEERING & BUIL ENVIRONMEN Mthemtics An Introduction to Mtrices Definition of Mtri Size of Mtri Rows nd Columns of Mtri Mtri Addition Sclr Multipliction of Mtri Mtri Multipliction 7 rnspose
More informationAsymmetric Encryption
-3 s s Encryption Comp Sci 3600 Outline -3 s s 1-3 2 3 4 5 s s Outline -3 s s 1-3 2 3 4 5 s s Function Using Bitwise XOR -3 s s Key Properties for -3 s s The most important property of a hash function
More information2. Cryptography 2.5. ElGamal cryptosystems and Discrete logarithms
CRYPTOGRAPHY 19 Cryptography 5 ElGamal cryptosystems and Discrete logarithms Definition Let G be a cyclic group of order n and let α be a generator of G For each A G there exists an uniue 0 a n 1 such
More informationThe Regulated and Riemann Integrals
Chpter 1 The Regulted nd Riemnn Integrls 1.1 Introduction We will consider severl different pproches to defining the definite integrl f(x) dx of function f(x). These definitions will ll ssign the sme vlue
More informationMath 131. Numerical Integration Larson Section 4.6
Mth. Numericl Integrtion Lrson Section. This section looks t couple of methods for pproimting definite integrls numericlly. The gol is to get good pproimtion of the definite integrl in problems where n
More informationExam Security January 19, :30 11:30
Exam Security January 19, 2016. 8:30 11:30 You can score a maximum of 100. Each question indicates how many it is worth. You are NOT allowed to use books or notes, or a (smart) phone. You may answer in
More informationDefinition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University
Number Theory, Public Key Cryptography, RSA Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr The Euler Phi Function For a positive integer n, if 0
More informationNetwork Security Technology Spring, 2018 Tutorial 3, Week 4 (March 23) Due Date: March 30
Network Security Technology Spring, 2018 Tutorial 3, Week 4 (March 23) LIU Zhen Due Date: March 30 Questions: 1. RSA (20 Points) Assume that we use RSA with the prime numbers p = 17 and q = 23. (a) Calculate
More informationTHE EXISTENCE-UNIQUENESS THEOREM FOR FIRST-ORDER DIFFERENTIAL EQUATIONS.
THE EXISTENCE-UNIQUENESS THEOREM FOR FIRST-ORDER DIFFERENTIAL EQUATIONS RADON ROSBOROUGH https://intuitiveexplntionscom/picrd-lindelof-theorem/ This document is proof of the existence-uniqueness theorem
More informationMonte Carlo method in solving numerical integration and differential equation
Monte Crlo method in solving numericl integrtion nd differentil eqution Ye Jin Chemistry Deprtment Duke University yj66@duke.edu Abstrct: Monte Crlo method is commonly used in rel physics problem. The
More informationELE B7 Power System Engineering. Unbalanced Fault Analysis
Power System Engineering Unblnced Fult Anlysis Anlysis of Unblnced Systems Except for the blnced three-phse fult, fults result in n unblnced system. The most common types of fults re single lineground
More informationCosc 412: Cryptography and complexity Lecture 7 (22/8/2018) Knapsacks and attacks
1 Cosc 412: Cryptography and complexity Lecture 7 (22/8/2018) Knapsacks and attacks Michael Albert michael.albert@cs.otago.ac.nz 2 This week Arithmetic Knapsack cryptosystems Attacks on knapsacks Some
More information4.4 Areas, Integrals and Antiderivatives
. res, integrls nd ntiderivtives 333. Ares, Integrls nd Antiderivtives This section explores properties of functions defined s res nd exmines some connections mong res, integrls nd ntiderivtives. In order
More informationState space systems analysis (continued) Stability. A. Definitions A system is said to be Asymptotically Stable (AS) when it satisfies
Stte spce systems nlysis (continued) Stbility A. Definitions A system is sid to be Asymptoticlly Stble (AS) when it stisfies ut () = 0, t > 0 lim xt () 0. t A system is AS if nd only if the impulse response
More informationMinimum Energy State of Plasmas with an Internal Transport Barrier
Minimum Energy Stte of Plsms with n Internl Trnsport Brrier T. Tmno ), I. Ktnum ), Y. Skmoto ) ) Formerly, Plsm Reserch Center, University of Tsukub, Tsukub, Ibrki, Jpn ) Plsm Reserch Center, University
More informationNow, given the derivative, can we find the function back? Can we antidifferenitate it?
Fundmentl Theorem of Clculus. Prt I Connection between integrtion nd differentition. Tody we will discuss reltionship between two mjor concepts of Clculus: integrtion nd differentition. We will show tht
More informationDefinite integral. Mathematics FRDIS MENDELU
Definite integrl Mthemtics FRDIS MENDELU Simon Fišnrová Brno 1 Motivtion - re under curve Suppose, for simplicity, tht y = f(x) is nonnegtive nd continuous function defined on [, b]. Wht is the re of the
More informationHidden Markov Models
Hidden Mrkov Models Huptseminr Mchine Lerning 18.11.2003 Referent: Nikols Dörfler 1 Overview Mrkov Models Hidden Mrkov Models Types of Hidden Mrkov Models Applictions using HMMs Three centrl problems:
More informationMathematics of Cryptography
UNIT - III Mathematics of Cryptography Part III: Primes and Related Congruence Equations 1 Objectives To introduce prime numbers and their applications in cryptography. To discuss some primality test algorithms
More informationOther Public-Key Cryptosystems
Other Public-Key Cryptosystems Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/
More informationUSA Mathematical Talent Search Round 1 Solutions Year 21 Academic Year
1/1/21. Fill in the circles in the picture t right with the digits 1-8, one digit in ech circle with no digit repeted, so tht no two circles tht re connected by line segment contin consecutive digits.
More informationCryptography and Security Midterm Exam
Cryptography and Security Midterm Exam Serge Vaudenay 23.11.2017 duration: 1h45 no documents allowed, except one 2-sided sheet of handwritten notes a pocket calculator is allowed communication devices
More informationfractions Let s Learn to
5 simple lgebric frctions corne lens pupil retin Norml vision light focused on the retin concve lens Shortsightedness (myopi) light focused in front of the retin Corrected myopi light focused on the retin
More informationSession Trimester 2. Module Code: MATH08001 MATHEMATICS FOR DESIGN
School of Science & Sport Pisley Cmpus Session 05-6 Trimester Module Code: MATH0800 MATHEMATICS FOR DESIGN Dte: 0 th My 06 Time: 0.00.00 Instructions to Cndidtes:. Answer ALL questions in Section A. Section
More informationON THE WEIGHTED OSTROWSKI INEQUALITY
ON THE WEIGHTED OSTROWSKI INEQUALITY N.S. BARNETT AND S.S. DRAGOMIR School of Computer Science nd Mthemtics Victori University, PO Bo 14428 Melbourne City, VIC 8001, Austrli. EMil: {neil.brnett, sever.drgomir}@vu.edu.u
More informationDiscrete Logarithm Problem
Discrete Logarithm Problem Finite Fields The finite field GF(q) exists iff q = p e for some prime p. Example: GF(9) GF(9) = {a + bi a, b Z 3, i 2 = i + 1} = {0, 1, 2, i, 1+i, 2+i, 2i, 1+2i, 2+2i} Addition:
More informationMidterm 2. Your Exam Room: Name of Person Sitting on Your Left: Name of Person Sitting on Your Right: Name of Person Sitting in Front of You:
CS70 Discrete Mathematics and Probability Theory, Fall 2018 Midterm 2 8:00-10:00pm, 31 October Your First Name: SIGN Your Name: Your Last Name: Your SID Number: Your Exam Room: Name of Person Sitting on
More informationDefinite integral. Mathematics FRDIS MENDELU. Simona Fišnarová (Mendel University) Definite integral MENDELU 1 / 30
Definite integrl Mthemtics FRDIS MENDELU Simon Fišnrová (Mendel University) Definite integrl MENDELU / Motivtion - re under curve Suppose, for simplicity, tht y = f(x) is nonnegtive nd continuous function
More informationPhysics Lecture 14: MON 29 SEP
Physics 2113 Physics 2113 Lecture 14: MON 29 SEP CH25: Cpcitnce Von Kleist ws le to store electricity in the jr. Unknowingly, he h ctully invente novel evice to store potentil ifference. The wter in the
More informationINVESTIGATION OF MATHEMATICAL MODEL OF COMMUNICATION NETWORK WITH UNSTEADY FLOW OF REQUESTS
Trnsport nd Telecommuniction Vol No 4 9 Trnsport nd Telecommuniction 9 Volume No 4 8 34 Trnsport nd Telecommuniction Institute Lomonosov Rig LV-9 Ltvi INVESTIGATION OF MATHEMATICAL MODEL OF COMMUNICATION
More informationModule 9: Tries and String Matching
Module 9: Tries nd String Mtching CS 240 - Dt Structures nd Dt Mngement Sjed Hque Veronik Irvine Tylor Smith Bsed on lecture notes by mny previous cs240 instructors Dvid R. Cheriton School of Computer
More informationModule 9: Tries and String Matching
Module 9: Tries nd String Mtching CS 240 - Dt Structures nd Dt Mngement Sjed Hque Veronik Irvine Tylor Smith Bsed on lecture notes by mny previous cs240 instructors Dvid R. Cheriton School of Computer
More informationLecture 14. Protocols. Key Distribution Center (KDC) or Trusted Third Party (TTP) KDC generates R1
Lectue 14 Potocols 1 Key Distiution Cente (KDC) o Tusted Thid Pty (TTP) KDC genetes R1 lice otins R1 Msg1: K () Msg2: K (R1 K (R1) ) Msg3: K (R1) o otins R1 nd knows to use s key fo communicting with lice
More informationElliptic Curve Cryptography
Elliptic Curve Cryptography Elliptic Curves An elliptic curve is a cubic equation of the form: y + axy + by = x 3 + cx + dx + e where a, b, c, d and e are real numbers. A special addition operation is
More informationNUMERICAL EVALUATION OF H-FUNCTION BY CONTINUED FRACTIONS ABSTRACT INTRODUCTION
NMERICAL EVALATION OF H-FNCTION BY CONTINED FRACTIONS B.S. Rn & H.S. Dhmi Deptt. Of Mthemtics niversity of Kumun S.S.J. Cmpus, Almor (ttrnchl INDIA- 6360 ABSTRACT In the present pper n ttempt hs been mde
More informationDuality # Second iteration for HW problem. Recall our LP example problem we have been working on, in equality form, is given below.
Dulity #. Second itertion for HW problem Recll our LP emple problem we hve been working on, in equlity form, is given below.,,,, 8 m F which, when written in slightly different form, is 8 F Recll tht we
More informationOrdinary Math in Everyday Life. Jesse Walker, Ph.D. Intel Corporation Intel Labs Security and Privacy Research
Ordinary Math in Everyday Life Jesse Walker, Ph.D. Intel Corporation Intel Labs Security and Privacy Research jesse.walker@intel.com 1 Academia v. Industry Academic math is like fine dining Industrial
More informationTHE DISCRIMINANT & ITS APPLICATIONS
THE DISCRIMINANT & ITS APPLICATIONS The discriminnt ( Δ ) is the epression tht is locted under the squre root sign in the qudrtic formul i.e. Δ b c. For emple: Given +, Δ () ( )() The discriminnt is used
More informationEfficient Planning. R. S. Sutton and A. G. Barto: Reinforcement Learning: An Introduction
Efficient Plnning 1 Tuesdy clss summry: Plnning: ny computtionl process tht uses model to crete or improve policy Dyn frmework: 2 Questions during clss Why use simulted experience? Cn t you directly compute
More informationCryptographic Voting Systems (Ben Adida)
Cryptographic Voting Systems (Ben Adida) Click to edit Master subtitle style Jimin Park Carleton University COMP 4109 Seminar 15 February 2011 If you think cryptography is the solution to your problem.
More informationFast Frequent Free Tree Mining in Graph Databases
The Chinese University of Hong Kong Fst Frequent Free Tree Mining in Grph Dtses Peixing Zho Jeffrey Xu Yu The Chinese University of Hong Kong Decemer 18 th, 2006 ICDM Workshop MCD06 Synopsis Introduction
More informationPublic Key 9/17/2018. Symmetric Cryptography Review. Symmetric Cryptography: Shortcomings (1) Symmetric Cryptography: Analogy
Symmetric Cryptography Review Alice Bob Public Key x e K (x) y d K (y) x K K Instructor: Dr. Wei (Lisa) Li Department of Computer Science, GSU Two properties of symmetric (secret-key) crypto-systems: The
More information