Tensority: an ASIC-friendly Proof of Work Algorithm Based on Tensor
|
|
- Darleen Morrison
- 6 years ago
- Views:
Transcription
1 Tensority: an ASIC-friendly Proof of Work Algorithm Based on Tensor Bytom Foundation April 17, 2018 Abstract Consensus mechanism is the core of blockchain system which ensures distributed consensus among all parties. Proof of Work (PoW) is a consensus algorithm that adopted by Bitcoin. According to PoW, more computing power means more security and robustness of the system. However, Bitcoin PoW just adopts direct hash method which is criticized for waste of resource. In this paper, we propose Tensority, a new PoW consensus algorithm, where matrix and tensor operations are introduced into the hashing process. So, miners can be used for AI hardware acceleration services, parallel computing and generating additional social benefits. In other words, Tensority acts as a bridge between Blockchain and AI. Further more, we adopt random analyse method to prove security and fairness of Tensority in theorem. Finally, we operate experiment and apply χ 2 test to show that Tensority have good random property indeed. In summary, Tensority is secure, robust and AI ASCI-chips friendly consensus algorithm which all smart devices can run. 1 Introduction Recently, blockchain has attracted extensive attentions and is considered as the future Internet prototype for its excellent features, such as decentrialization, persisitency, anonymity, auditability and smart contract. Consensus mechanism is the core of blockchain system which enable consensus among distructed network even including some evil nodes who try to destroy the system. Technically, consensus mechanism is solution that solves the Byzantine generals problem[1]. Obviously, consensus mechanism is the source of security, robustness and trust. Bitcoin[2] proposed by Nakamoto in 2008 is the first and most influential blockchain project. PoW, the consensus algorithm adopted in Bitcoin, is a new and incredible strategy to solve the Byzantine generals problem. In PoW, all competitive participants called miners try calculating block header hash to reach the target first by using different nonces continuously. Accordingly, PoW procedure is called mining. As shown in Figure 1, Bitcoin miners have gone through four stages of CPU, GPU, FPGA and ASIC. In the age of CPU and GPU, the mining entry barrier is so low that even a PC or laptop with an independent graphics card can be used for mining. With emergence of FPGA and ASIC, the Moore s Law have its way in the world of Bitcoin mining. At present, the mining chips are measured at GH/S and the manufacturing process of wafer has been raised from 130nm to 14nm, which is close to the current limit of semiconductor manufacturing technology. However, the PoW mechanism is criticized as the machines could be applied to mining only, resulting in a great waste of hardware and energy. 1
2 Figure 1: Four stages of mining On the other hand, Ethereum[3], the most famous blockchain platform supporting turingcomplete smart contract, adopts Ethash[4] as its consensus algorithm. For Ethhash is ASICresistance alogorithm, Ethereum network is maintained by relatively low computing power. So, it is considered less secure than Bitcoin. In addition, it is absent from rapid development of ASIC techniques which support higher computing power, specially AI ASIC chips. Through analysis, we can find that miners could be compared to AI as both rely on underlying large-scale parallel computing. Vast majority of the deep learning algorithms can be mapped into the underlying linear algebraic operations. Linear algebraic operation has two characteristics: first Tensor s flow is very regular and expectable; second is the high density of calculation. These two features make AI deep learning particularly suitable for hardware acceleration. In this paper, we propose Tensority, a secure, robust and AI ASCI-chips friendly PoW algorithm, that overcomes the respective shortcomings of both Bitcoin and Ethereum. In stead of direct hash in Bitcoin, Tensority introduces matrix and tensor operations in the hashing process of mining, making miners friendlier to AI ASICs than GPU and CPU. In addition, Tensority is more secure than Ethash for it attracts more computing power. Tensority make following situations possible: 1. Calculation required for blockchain consensus can also be applied to the AI hardware acceleration service, which will generate greater social benefits. 2. Mining market will stimulate the market for artificial intelligence, expanding needs for the deep learning ASIC chips, just like the boosting effect to GPU market lifted by current GPU-friendly PoW blockchain. 3. Outdated miners can be utilized for AI hardware acceleration services, saving mining costs and thus realize a win-win situation. 2 Tensority Alogrithm Tensority algorithm framework is shown as Figure 2. Tensority alogrithm utilizes seed and block header hash as input and generate work correspondingly. Seed is a byte array of 32 determined by a period of blockchain history. In other word, seed can be considered as a snapshot of historical network consensus. To get a validated block, miners should keep operating Tensority with different nonce until matching the requirement of difficulty. There are mainly five procedures of Tensority: cache calculation, matrix construction, matrix operation, work generation and work validation. It is worth noting that index of array and matrix mentioned in this paper begins with 1. 2
3 Figure 2: Framework of Tensority 2.1 Cache Calculation Cache is generated by seed in Algorithm 1. Compared with block rate, seed renewal is slower. So, cache generated from seed can be reused for a period of time. Furthermore, cache is the intermediary of constructing cache matrix. The main steps are listed as follow: 1. Seed Extention Set seed 0 as seed, calculate sha256 hash of seed 0 and then we get seed 1. Similarly, We can get seed i one after another by calculating sha256 hash of seed i 1. Finally, we string seed 0,..., seed extround together and get extseed. 2. Scrypt Extseed We recursively call Scrypt function to obtain the cache, an unint32 array of 32x1024x128. Scrypt[5] is a kind of KDF alogrithm mainly used as key generation method aimed at preventing low-cost password collision. It is worth to mentioned that Scrypt is used in Litecoin since 2011.[6] So, it has been proved as a reliable seed extension algorithm. 3
4 Algorithm 1: calcseedcache Input: seed - a byte array of 32; Output: cache - an uint32 array of 32x1024x128; 1 Initialize extround = 3; scryptround = 128; 2 extseed = seed; 3 tmphash = seed; 4 for i = 1; i extround; i + + do 5 tmphash = SHA256(tmphash); 6 extseed = Append(extseed, tmphash); 7 end 8 cache = ; 9 tmpv = ; 10 for j = 1; j scryptround; j + + do 11 tmpv = Scrypt(extseed, tmpv); 12 cache = Append(cache, tmpv); 13 end 14 return cache; 2.2 Matrix Construction Technical innovation of Tensority is based on tensor and matrix operations. In this procedure, we construct matrices which are ready for matrix operations in the next procedure. The main steps are listed as follow: 1. Cache Recomposition The design of recomposition method is aimed at improving efficiency of ASCI mining machines, such as faster memory accession. Considering data alignment and memory access of miners, we design following recomposition of cache. At the begining, we partition cache into 128 groups. Each group includes 32x1024 elements. In each group, we cluster 32 elements as a unit. So, we obtain an uint32 matrix tmpmatrix of 32x1024x128. The size of recomposedmatrix is also 32x1024x128. Tmpmatrix elements with odd dimension 2 index equal recomposedmatrix to elements with dimension2 index from 1 to 1024/2 correspondingly. Similarly, tmpmatrix elements with even index are corespondent to recomposedmatrix elements with index from 1024/2+1 to Cache Matrix Construction Spread matrix recomposedmatrix and set it as a int8 array of 256x256x256. Then we get a float64 array of 256x256x256 by type casting. Finally, we obtain a float64 matrix cachematrix of 256x256x256. Algorithm 2: constructcachematrix Input: cache - an uint32 array of 32x1024x128; Output: cachematrix - an float64 matrix of 256x256x256 1 Initialize dim1 = 32; dim2 = 1024; dim3 = 128; dim = 256; 2 tmpmatrix = Matrix(cache, dim1, dim2, dim3); 3 recomposedmatrix = NewMatrix(dim1, dim2, dim3); 4 cachematrix = NewMatrix(dim, dim, dim); 5 recomposedmatrix[:][1 : dim2/2][:] = tmpmatrix[:][all odd index][:] ; 6 recomposedmatrix[:][dim2/2+1 : dim2][:] = tmpmatrix[:][all even index][:]; 7 cachematrix = Float64(Matrix(Int8Array(recomposedmatrix), dim, dim, dim)); 8 return cachematrix; 2.3 Matrix Operation The rate of matrix operation mainly depends on the computing power of miner. In addition, float64 matrix multiplication instead of integer multiplication is adopted because we should enable miners supporting AI algorithms which mainly run under float type environment.the procedure of matrix 4
5 operation (Algrithm 3) utilizes block header hash headerhash as a index to slice cachematrix, an float64 matrix of 256x256x256. After calculating matrix multiplication with slices iteratively for several round, we finally obtain the work matrix workmatrix. Note that there are total 256 rounds of multiplication between matrices of 256x256. The main steps are listed as follow: 1. Generate Index of Matrix Slices We divide block header hash into 4 group first. Then we operate SHA256 to each group and obtain corresponding sequence of 32 bytes. Each byte in sequence is casted to integer as the index of the matrix slice. Obviously, 4x32 matrix slices are generated during this procedure. 2. Matrix Caculation We can obtain the corresponding 256x256 cachematrix matrix slice mb according to the slice index. Matrix mc is the result of multiplication of ma and mb T. Note that ma is initialized to identity matrix in the first round. Then we cast elements of mc to int32. Here we define a operation called Compress32to8. It converts the data type int32 of data b = (b_1, b_2, b_3, b_4) (big endian) into uint8 via the formula (b_3 + b_4)mod2 8. Compress32to8 is introduced to ensure better randomness of multiplication result. After that, we set mc elements as their corresponding Compress32to8 results. Then we cast mc elements to float64 and assign the result to ma until sequence run out eventually. Previous steps should be iterated for 2 times. Finally, we utilize ma to renew hashmatrix. We will get Integer32 sum of ma and hashmatrix. Renew hashmatrix element with low 8 bits value in that position and cast the element to float64. Algorithm 3: constructhashmatrix Input: cachematrix - a float64 array of 256x256x256; headerhash - a byte array of 32 Output: hashmatrix - an uint8 matrix of 256x256 1 Initialize drawround = 4; mulround = 2; dim = 256; 2 hashmatrix = Matrix(dim, dim); 3 drawmatrix = Matrix(headerhash, drawround, sizeof(headerhash)/drawround); 4 for i = 1; i drawround; i + + do 5 ma = I; 6 mc = Matrix(dim, dim); 7 sequence = SHA256(drawmatrix[i]); 8 for j = 1; j mulround; j + + do 9 for k = 1; k sizeof(sequence); k + + do 10 index = Uint8(sequence[k])+1; 11 mb = srcmatrix[index][:][:]; 12 mc = ma x mb T ; 13 for element mc do 14 element = Float64(Compress32to8(Int32(element))); 15 end 16 ma = mc 17 end 18 end 19 for row = 1; row dim; row + + do 20 for col = 1; col dim; col + + do 21 i32vhashmatrix = Int32(hashmatrix[row][col]); 22 i32vma := Int32(ma[row][col]); 23 i8v = Int8(i32vhashmatrix+i32vma); 24 hashmatrix[row][col] = Float64(i8v); 25 end 26 end 27 end 28 return hashmatrix; 5
6 2.4 Work Generation Work generation algorithm use hashmatrix as input and generation 32 bytes hash representing work. The key of that procedure is improving computational efficiency under the premise of randomness. So, we utilize FNV[7] enabling faster hash to hash matrix instead of SH2 or SH3 because it is a non-cryptographic hash algorithm. FNV has also been adopted in Ethereum Ethash for a while. So, its reliability has been proved. In addition, We choose 0x as parameter F NV _prime.[8] Finally, we apply SHA256 to the result of FNV to assure solid randomness. 1. Resize Matrix Hashmatrix Hashmatrix is an uint8 matrix of 256x256. For each row, extract elements with same remainder from dividing 64 by the position as a group. Combine elements in each group into an unint32 element. Then we get an unint32 matrix of 256x64 called mat Binary Forwarded FNV Binary Forwarded FNV (Algorithm 4) is essentially a method to hash matrix. First, we initiate n to dim1 of mat32. For row 1 to row n, operate FNV function to two element in same column with same remainder from dividing n/2 by the row position and set that element with lower row index as FNV result. Then we half n and execute that step unit n equals to 1. Finally, we take the first row of mat32 and convert it to byte array. After operate SHA256 to that byte array, we obtain work. Algorithm 4: hashmatrix Input: mat32 - an uint32 matrix of 256x64; Output: hash - an byte array of 32 1 Initialize dim1 = 256; dim2 = 64; 2 for k = dim1/2; k 1; k = k/2 do 3 for i = 1; i k; i + + do 4 for j = 1; j dim2; j + + do 5 mat32[i][j] = FNV(mat32[i][j], mat32[i+k][j]) 6 end 7 end 8 end 9 hash = SHA256(ToByteArray(mat32[0][:])); 10 return hash; 2.5 Work Validation In this procedure, we compare work value with block difficulty. If the work have lower value, it can be seen as a validated work and miners will broadcast that block before receiving a validated block from others. Otherwise, miners will keep changing nonce value to execute Tensority before receiving a validated block. 3 Random Analysis of Tensority To proof the security of Tensority, we adopt random analysis method. The idea is intuitive. Suppose that we have random matrixs M1 and M2. For the basic operation of Tensority is matrix mutliplication, we just need to prove that M3 which equals to M2 x M3 also keeps randomness. In other words, M3 also obeys uniform distribution respesenting M3 owns max uncertainty according information theory. nonuniform distribution is not secure that attacker can analyse the distribution and utilize points with higher probability. 6
7 3.1 Symbol Definition A 0, A 1,..., A 256 Fill random sequence into those matrixes, per one boasts size of 512*512 H Function of SHA256 algorithm BLOCK n Block without nonce B i ith Byte n Nonce Two adjoined data concatenated together MAC A message authentication code of SHA256 The operator defined in our Tensority algorithm + Addition Multiplication T The target specified to find a valid block ω Sample space of variable X ω Sample space of variable Z N Nonzero nature integer df Block without nonce 3.2 Mathematical Preliminaries Theorem 1 (Central Limit Theorem) Let X 1, X 2,, X n be n independent identically distributed random variables boating finite mean E(X k ) = u and finite variance D(X k ) = σ 2 > 0(k = 1, 2, 3, ), unit-variance random defined by: Y n = n k=1 X k E( n k=1 X k) n D( k=1 X = k) n k=1 X k nu nσ (3.1) then, for x in sample space the cumulative distribution function F n (x) satisfies n lim F n(x) = lim P { k=1 X k nu x 1 x} == e t2 2 dt = φ(x) (3.2) n n nσ 2π Definition 1 (compress32to8) Convert the data type int32 of data b = (B 0 B 1 B 2 B 3 ) ((big endian)) into int8 via the formula D = (B 2 + B 3 )mod2 8 (3.3) Definition 2 Given two matrixes A = (a ij ) mm and B = (b ij ) m with data of data type int8, the operator of matrix is defined as follows C = A B (3.4) where, per c ij in matrix C satisfies c ij = compress32to8( m k=1 a ikb kj ). Definition 3 The entropy H(x) of discrete random variable X with probability distribution p(x) is defined as H(X) = x X p(x) log 2 p(x) (3.5) Theorem 2 (binary entropy function) Given a random bit b with 0, 1, the entropy of it is defined as H(b) = p log 2 p (1 p) log 2 (1 p) (3.6) Note that the b has max-entropy as p = 1 2. Theorem 3 Given any bit sequence X with length of n, it satisfies,while the sample x X with p(x) = 1 2 n, thex has max-entropy. 0 H(X) log 2 n (3.7) 7
8 3.3 Algorithm Proposed 1. Fill random sequence into a series of matrixes A 0, A 1,, A 256 with size of 512x512, 2. For a new block BLOCK n without nonce, select a nonce n to calculate MAC = H(BLOCK n n, then slice the bit sequence MAC owing 256 bits into 32 bytes and convert per byte to data of data type Unint8, x 0, x 1,, x 31 ; finally, evaluate k i = x i mod256, (0 i 31). 3. Evaluate M = A k31 Ak1 Ak0 Ak31 Ak1 Ak0, aggregately operating 64 times left multiplication. 4. Convert M from Matrix to sequence m,and then check H(m) T, if H(m) T is true, the algorithm ends; otherwise, returns to step Random Proof In cryptography and information theory, the random of bit sequence relies on values of entropy. According to Theorem 2 and 3, when a random bit sequence X satisfies a discrete uniform distribution, it has the best indeterministic property - a best random. In our algorithm, given a random variable X of data type int8 is constructed by 8 random bits as where,the probability distribution of bit b i (0 i 7) satisfies X = b 0 b 1 b 2 b 3 b 4 b 5 b 6 b 7 (3.8) b i = k 0 1 P {b i = k} Note that the per bit variable is mutual independence, so that the value x of data type int8 has the probability P (X = x) = (3.9) Based on structure of data type int8, the random variablex has sample space Ω = { 128, 127,, 126, 127}. Each outcome x in the sample space posses P {X = x} = , according to evaluate formula 3.9. To prove random of the Tensority algorithm, We need to prove that each random variable m in matrix M has same probability distribution with variable X, obeying discrete uniform distribution. Proof. Given two discrete independent random variables X and Y with sample space Ω in which sample data has data type int8. To evaluate a new random variable Z = XY,the formula of probability is designated as P {Z = z} = x Ω p(x)p( z x ) = x Ω = (3.10) x Ω Via evaluating formula 3.10 by computer program,the probability distribution of samples of Z is showed in Figure 3,and the data of probability detailed in Appendix 1. 8
9 Figure 3: Distribution of Samples of Z Theorem 4 Given 2k (k 1) random variables X 1, X 2,, X 2k, the probability distribution of each X i, (1 i 2k) is same as the variable Z. For the random variable U = compress32to8( 2k k=1 X i), the variable U converges discrete uniform distribution if and only if k converges infinite. Proof. a. For 2k=2, the random variable U satisfies U = compress32to8(z 1 + Z 2 ), and the probability formula of it can be defined as P {U = u} = P {Z 2 = ũ z}p {Z 1 = z} (3.11) u=compress32to8(ũ) z Ω Via evaluate the formula 3.11, the probability distribution of U is detailed from Figure 4, probability data in textbfappendix 2: Figure 4: Distribution of U (2k=2) b. For 2k=4, the random variable U satisfies U = compress32to8(z 1 + Z 2 + Z 3 + Z 4 ), and the probability formula of it can be defined as 9
10 P {Ũ = ũ} = P {Z 1 = z 1 }P {Z 2 = z 2 }P {Z 3 = z 3 }P {Z 4 = ũ z 1 z 2 z 3 } z 1 Ω z 2 Ω z 3 Ω P {U = u} = u=compress32to8(ũ) P {Ũ = ũ} (3.12) Via evaluating the formula 3.12, the probability distribution of U is detailed from Figure 5, probability data in Appendix 3: Figure 5: Probability Distribution of U (2k=4) Note, while k > 4, the formula to evaluate probability of random variable is too large, so that we will not list anymore. c. For 2k=8, the random variable U satisfies that U = compress32to8( 8 i=1 Z i). Via evaluating of probability, we can obtain the probability distribution as Figure 6 showing, and probability data in Appendix 4. Figure 6: Probability Distribution of U (2k=8) 10
11 d. For 2k=16, the random variable U satisfies that U = compress32to8( 16 i=1 Z i). Via evaluating of probability, we can obtain the probability distribution as Figure 7 showing, and probability data in Appendix5. Figure 7: Probability Distribution of U (2k=16) e. For 2k=32, the random variable U satisfies that U = compress32to8( 32 i=1 Z i); Via evaluating of probability we obtain the probability distribution as Figure 8 showing, and probability data in Appendix6. Figure 8: Probability Distribution of U (2k=32) f. For 2k=64, the random variable U satisfies that U = compress32to8( 64 i=1 Z i). Via evaluating of probability, we obtain the probability distribution as Figure 9 showing, and probability data in Appendix7. 11
12 Figure 9: Probability Distribution of U (2k=64) g. Given 2k=128, the random variable U satisfies that U = compress32to8( 128 i=1 Z i). Via evaluating of probability, we obtain the probability distribution as Figure 10 showing, and probability data in Appendix 8. Figure 10: Probability Distribution of U (2k=128) h. For 2k=256,the random variable U satisfies that U = compress32to8( 256 i=1 Z i). Via evaluating of probability, we obtain the probability distribution as Figure 11 showing, and probability data in Appendix 9. 12
13 Figure 11: Probability Distribution of U (2k=256) i. Give 2k=512,the random variable U satisfies that U = compress32to8( 512 i=1 Z i),via evaluating of probability we obtain the probability distribution as Figure 12 showing, and probability data in Appendix 10. Figure 12: Probability Distribution of U (2k=512) ɛ > 0, N N, when k > N, according to central limit theorem in Theorem 1 describing, the independent random variable series Z 1, Z 2,, Z 2k satisfy 2k i=1 P { Z i 2ku x} φ(x) < ɛ (3.13) 2kσ,so that the probability function of random variable U satisfies P {compress32to8( 2k i=1 Z i ) x} P {X x} < ɛ (3.14) 13
14 Thus, for k,the unit-variance random 2k i=1 Zi 2ku 2kσ obeys normal distribution,so that lim k compress32to8( 512 i=1 Z i) obeys discrete uniform distribution,a distribution same as random variable X. Theorem 5 Suppose random Matrixes A and B in which the data obeys discrete uniform distribution and matrix C = A B, the elementary in Matrix C obeys discrete uniform distribution. Proof. In process of proving Theorem 4,for k 64, via rounding probability of outcomes u to 8 decimal places, we find that the probability of each u in the variable U satisfies P {U = u} = (3.15) Where u is integer in range from -128 to127, we can get the distribution of U is same as random variable X. For random Matrix A and Matrix B with size of 512*512 in which the elementary boasts data type of int8, the size of two matrixes is greater than 128. Via specified operator in our Tensority algorithm C = A B, each elementary c ij in Matrix C satisfies 512 c ij = compress32to8( a ik b kj ) (3.16) according to Theorem 4, we can see that the c ij obeys discrete uniform distribution. Theorem 6 The result Matrix M obeys discrete uniform distribution. Proof. In our Tensority algorithm, the step of filling random sequence into the series of matrix A 0, A 1,, A 256,and then selecting R 0, R 1, R 2, R 31 from A 0, A 1,, A 256,is to construct 32 random matrixes R 0, R 1, R 2, R 31. Next, the algorithm evaluates result Matrix M via following formula k=1 M = R 31, R1 R0 R31, R1 R0 According Theorem 5,any elementary in the result matrix of any R i Rj obeys discrete uniform distribution, so that arbitrary elementary in matrix M obeys discrete uniform distribution. Hence,based on Theorem 3 and proof of Theorem 4, 5, and 6, we prove our Tensority algorithm boasts max-entropy, and satisfies the best random required. 4 Experiment To show that our Tensority algorithm boasts good random property in the program executing, we execute the Tensority algorithm 100 times and take sample data from result Matrix M. Then, we randomly collect 6 random variables Y 1, Y 2, Y 3, Y 4, Y 5, Y 6 to test by χ 2 test. 4.1 Model Building H 0 :Y i (0 i 9) obeys discrete uniform distribution Assuming Y i satisfies P {Y i = j} = where, j is a sample in Y i, an integer of data type int8. As data in appendix 11 shows,we collect n = 100 sample data, evaluating value of χ 2 according to formula χ 2 = 256 k=1 n p k ( f i n p i) At the level of α = 0.05, we evaluate χ 2 α(df)= if and only if χ 2 χ 2 α(df), we reject H 0 ; otherwise,accept H 0 14
15 4.2 Sample Testing According to the sample in Appendix11,the result of χ 2 test in Table 1 is evaluated by SPSS software. Table 1: Sample Testing Variable Y 1 Y 2 Y 3 Y 4 Y 5 Y 6 χ df Asymptotic significance Via result of Sample Testing in Table 1,we can see that χ 2 of sample of random variables selected Y i in result matrix M is less than χ 2 α(df), so that we can accept assumption H 0, and this confirming that our algorithm can keep good random property in executing. 5 Conclusion and Prospect The paper proposes Tensority algorithm for BTM which introduces matrix and tensor operations to PoW instead of direct hash in Bitcoin. After random proof and experiment, we can discover that the target Matrix of Tensority constructed obeys discrete uniform distribution in theory, a distribution with good random property. During the Tensority algorithm execution,sample data can accept the assumption of H 0 according to the result of χ 2 test, in other words, the variables tested obeys discrete uniform distribution. It s important to note that for a PoW algorithm, fast validation is another important aspect in addition to hard validated work generation. In this paper, we adopt 256 round matrix multiplication between float64 matrices of 256 x 256. It needs relatively reasonable time to verify the block. To further optimize validation time, there are different method in terms of different platform. SIMD[9], a class of parallel computers in Flynn s taxonomy, is an optional optimization technique. Different platforms have different SIMD design framework. Intel x86 platform provides MMX[10], SSE[11] and AVX[12] to support SIMD. AMD also supports related instructions such as 3DNow![13] and so on. For RSIC architecture, ARM proposed NEON[14] instructions supporting vector operations of many types and optimize parallel matrix multiplication. In summary, multiplication round and matrix dimension should be adjusted for different performance needs and scenes. References [1] Leslie Lamport, Robert Shostak, and Marshall Pease. The byzantine generals problem. ACM Transactions on Programming Languages and Systems (TOPLAS), 4(3): , [2] Satoshi Nakamoto. Bitcoin: A peer-to-peer electronic cash system [3] Gavin Wood. Ethereum: A secure decentralised generalised transaction ledger. Ethereum Project Yellow Paper, 151:1 32, [4] Ethash. [5] Colin Percival. Stronger key derivation via sequential memory-hard functions. Self-published, pages 1 16, [6] Charles Lee. Litecoin, [7] Fowler-Noll-Vo hash function. E2%80%93Vo_hash_function. [8] Parameters of the Fnv-1/Fnv-1a hash. index.html#fnv-param. [9] SIMD. 15
16 [10] MMX. [11] SSE. [12] AVX. [13] 3DNow! [14] NENO. 16
17 A Appendix In this section,all data about random proof of Tensority is listed. From Appendix1 to Appendix 10 recording the probability data in proof process,the format of data is that Sample:Probability. In evaluating probability process, the sum of total probability of Sample in Matrix of which size is greater than 64 is less than 1, due to precision of machine being limited. The last Appendix 11 records sample data for χ 2 test. A.1 Appendix 1 0: : e-05 2: e-05 3: e-05 4: e-05 5: e-05 6: : e-05 8: : e-05 10: : e-05 12: : e-05 14: : : : e-05 18: : e-05 20: : : : e-05 24: : e-05 26: : : : e-05 30: : e-05 32: : : : : : e-05 38: : : : e-05 42: : e-05 44: : : : e-05 48: : e-05 50: : : : e-05 54: : : : : : e-05 60: : e-05 62: : : : : : e-05 68: : : : e-05 72: : e-05 74: : : : : : e-05 80: : : : e-05 84: : : : : : e-05 90: : : : : : : : e-05 98: : : : e : : e : : : : e : : e : : : : e : : : : : : : : e : : : : : : e : : e : :
18 133: e : e : : : : : e : e : e : : e : e : : : : : : : e : : e : e : : e : : : : e : : e : : : : : : : e : e : : : e : : e : : e : : : : : e : : : : : e : e : e : : e : e : : : e : : : e : e : e : : e : e : e : : e : : : : e : : : : : : e : : e : : : : : : : : e : : e : : : e : e : : : : e : : : : e : : e : e : : : : : : : : : e : : : e : : e : : e : e : : e : : : e : : e : e : : e : : : e : : : : e : : e : : e : : e : : : e : : e-05 18
19 330: : e : : e : : e : e : : e : : e : : : : : : : : e : e : : : e : : : e : : : : : e : : : : : e : : : e : : : e : e : : e : : e : : : : e : e : e : : : e : : : e : e : : e : : : : e : : : e : e : e : : : : : : e : e : e : : : : : e : : : e : e : : : : : : : : : e : : : e : e : : : e : : e : : : e : : : : : e : : : : e : e : : : e : : e : e : : e : : : e : : e : : : : : e : : e : : e : : e : e : e : e : : : : e : : e : : e : : e-05 19
20 555: : : e : : : : e : : e : : : : : : e : : e : e : e : e : : : e : : : : : : : : e : : e : : : : e : : : : e : : : e : : e : : e : : e : e : : : : e : : e : : e : : : e : : : e : : e : : : : e : : : e : e : e : : : e : e : e : : : : : : e : : : : e : : : e : : e : e : : e : e : e : e : : : : e : e : e : : : e : e : e : : : : e : : : : : : e : : e : : : : : : : e : e : : e : : : : e : e : : e : : e : : : : e : e : : e : e : : e : : e-05 20
21 803: e : e : : : e : : : : : e : : : e : : : : e : : : : : : e : e : : : : : e : e : : : e : : : : : e : : e : : e : e : e : : : e : : : : e : : e : e : : e : : : e : : e : : e : e : e : : : e : e : : : e : : e : e : : : e : : : e : : e : : : : e : e : : : : : : e : : e : : : : e : : : : e : : e : : : e : : e : : : e : e : : : : e : e : e : : e : : : e : e : e : : e : : : e : : e : e : e : : : : : e : : : : : : : : e : : : : e : : e-05 21
22 1068: e : e : : e : e : e : : e : : e : e : e : : : e : : e : : : : : : e : : : e : e : : : : e : : : e : : e : : e : : e : e : : e : : e : : : : : e : e : e : : e : e : e : : e : : : e : : e : : : e : : e : : e : : : : e : : : e : e : : : e : : : : e : : : : : e : : : : e : e : : e : : e : e : e : e : : : : : : e : e : : e : e : e : : e : : : : e : : e : e : : : : : e : : : : : : e : : : : e : e : : : : e : : e : : e : : e : : e : e : e : : e : : e-05 22
23 1350: : : : e : e : e : : e : : : : e : : : : : : : : e : e : : : : e : : e : : : e : : : e : e : : e : e : e : e : e : e : : : : : e : e : : e : : e : e : : : : e : : e : : e : : e : : e : : : e : e : : : : : : : : e : e : : : e : : e : : e : : : e : e : e : : e : : e : e : e : e : : e : : : e : : : e : e : : : : e : e : : : : e : : : : e : : e : e : : e : : : e : : e : e : e : : : : : e : e : e : e : : : : e : : : : : : : e : : e : : : e : e : e-05 23
24 1648: e : e : : e : : : : e : e : : : : : : e : e : e : : e : e : : e : e : : : e : : : : : e : e : : : e : e : e : : e : : : : : e : : : e : e : : e : e : e : e : : e : : e : e : : : e : : : : e : : e : e : : e : e : : : : : : : : : : e : : e : e : e : : e : e : e : : : e : e : : e : : e : : : e : : e : : e : : e : e : e : : : : : e : : : : e : : : e : : : : : e : : e : e : : : e : : e : : : e : e : : e : e : : : e : e : : e : : : e : e : : e : : : :
CBEAM: Ecient Authenticated Encryption from Feebly One-Way φ Functions
CBEAM: Ecient Authenticated Encryption from Feebly One-Way φ Functions Author: Markku-Juhani O. Saarinen Presented by: Jean-Philippe Aumasson CT-RSA '14, San Francisco, USA 26 February 2014 1 / 19 Sponge
More informationThe Blockchain folk theorem
The Blockchain folk theorem Bruno Biais (HEC & TSE), Christophe Bisière (TSE), Matthieu Bouvard (Mc Gill & TSE), Catherine Casamatta (TSE) April 2018 What s a blockchain? Distributed ledger, records transactions
More informationThe Hash Function JH 1
The Hash Function JH 1 16 January, 2011 Hongjun Wu 2,3 wuhongjun@gmail.com 1 The design of JH is tweaked in this report. The round number of JH is changed from 35.5 to 42. This new version may be referred
More informationDepth-Robust Graphs and Their Cumulative Memory Complexity. Joël Alwen IST Austria Jeremiah Blocki Purdue University Krzysztof Pietrzak IST Austria
Depth-Robust Graphs and Their Cumulative Memory Complexity Joël Alwen IST Austria Jeremiah Blocki Purdue University Krzysztof Pietrzak IST Austria Moderately Hard Function Intuitive Properties: 1. Computable
More informationCryptographic Hash Functions
Cryptographic Hash Functions Çetin Kaya Koç koc@ece.orst.edu Electrical & Computer Engineering Oregon State University Corvallis, Oregon 97331 Technical Report December 9, 2002 Version 1.5 1 1 Introduction
More informationNew Attacks on the Concatenation and XOR Hash Combiners
New Attacks on the Concatenation and XOR Hash Combiners Itai Dinur Department of Computer Science, Ben-Gurion University, Israel Abstract. We study the security of the concatenation combiner H 1(M) H 2(M)
More informationOptimal and Player-Replaceable Consensus with an Honest Majority Silvio Micali and Vinod Vaikuntanathan
Computer Science and Artificial Intelligence Laboratory Technical Report MIT-CSAIL-TR-2017-004 March 31, 2017 Optimal and Player-Replaceable Consensus with an Honest Majority Silvio Micali and Vinod Vaikuntanathan
More informationCryptographic Hashing
Innovation and Cryptoventures Cryptographic Hashing Campbell R. Harvey Duke University, NBER and Investment Strategy Advisor, Man Group, plc January 30, 2017 Campbell R. Harvey 2017 2 Overview Cryptographic
More informationThe Blockchain Folk Theorem
The Blockchain Folk Theorem Bruno Biais (TSE), Christophe Bisière (TSE), Matthieu Bouvard (McGill) and Catherine Casamatta (TSE) Swissquote Conference 2017 on Fintech Swiss Finance Institute Ecole Polytechnique
More informationLecture 18 - Secret Sharing, Visual Cryptography, Distributed Signatures
Lecture 18 - Secret Sharing, Visual Cryptography, Distributed Signatures Boaz Barak November 27, 2007 Quick review of homework 7 Existence of a CPA-secure public key encryption scheme such that oracle
More informationAsymmetric Encryption
-3 s s Encryption Comp Sci 3600 Outline -3 s s 1-3 2 3 4 5 s s Outline -3 s s 1-3 2 3 4 5 s s Function Using Bitwise XOR -3 s s Key Properties for -3 s s The most important property of a hash function
More informationSP-CNN: A Scalable and Programmable CNN-based Accelerator. Dilan Manatunga Dr. Hyesoon Kim Dr. Saibal Mukhopadhyay
SP-CNN: A Scalable and Programmable CNN-based Accelerator Dilan Manatunga Dr. Hyesoon Kim Dr. Saibal Mukhopadhyay Motivation Power is a first-order design constraint, especially for embedded devices. Certain
More informationProof of Kernel Work
Proof of Kernel Work A Resilient & Scalable Blockchain Consensus Algorithm for Dynamic Low-Energy Networks Leif-Nissen Lundbæk, XAIN Daniel Janes Beutel, XAIN Michael Huth, Imperial College London Laurence
More informationOne Weird Trick to Stop Selfish Miners: Fresh Bitcoins, A Solution for the Honest Miner
One Weird Trick to Stop Selfish Miners: Fresh Bitcoins, A Solution for the Honest Miner, University of Applied Sciences mbillah@hs-mittweida.de May 11, 2015 1/ 70 Contents What is Bitcoin What is Mining
More informationBlind Collective Signature Protocol
Computer Science Journal of Moldova, vol.19, no.1(55), 2011 Blind Collective Signature Protocol Nikolay A. Moldovyan Abstract Using the digital signature (DS) scheme specified by Belarusian DS standard
More informationGravity: Distributed ledger data management protocol.
Gravity: Distributed ledger data management protocol. June 7, 2018 Abstract The concept of a cryptographically protected and distributed transaction ledger has demonstrated its eciency in a series of projects.
More informationHeiko AYDT PhD (Computer Science) Technology Enthusiast, Software Engineer. Blockchain Technology in a Nutshell
Heiko AYDT PhD (Computer Science) Technology Enthusiast, Software Engineer Blockchain Technology in a Nutshell Conceptually, it s a distributed ledger. What is a Blockchain? Example: simple ledger Ledger
More informationAuthentication. Chapter Message Authentication
Chapter 5 Authentication 5.1 Message Authentication Suppose Bob receives a message addressed from Alice. How does Bob ensure that the message received is the same as the message sent by Alice? For example,
More informationHashes and Message Digests Alex X. Liu & Haipeng Dai
Hashes and Message Digests Alex X. Liu & Haipeng Dai haipengdai@nju.edu.cn 313 CS Building Department of Computer Science and Technology Nanjing University Integrity vs. Secrecy Integrity: attacker cannot
More informationWHITE PAPER ON QUANTUM COMPUTING AND QUANTUM COMMUNICATION
WHITE PAPER ON QUANTUM COMPUTING AND QUANTUM COMMUNICATION Based on the discussion during the respective workshop at the ZEISS Symposium Optics in the Quantum World on 18 April 2018 in Oberkochen, Germany
More informationContents. ID Quantique SA Tel: Chemin de la Marbrerie 3 Fax : Carouge
Contents Introduction... 3 Quantis TRNG... 3 Quantifying Randomness... 4 Randomness Extractor... 4 Randomness Extraction in the Quantis Software Package... 5 Conclusion... 7 References... 7 ID Quantique
More information1 Cryptographic hash functions
CSCI 5440: Cryptography Lecture 6 The Chinese University of Hong Kong 24 October 2012 1 Cryptographic hash functions Last time we saw a construction of message authentication codes (MACs) for fixed-length
More informationAll-Or-Nothing Transforms Using Quasigroups
All-Or-Nothing Transforms Using Quasigroups Stelios I Marnas, Lefteris Angelis, and George L Bleris Department of Informatics, Aristotle University 54124 Thessaloniki, Greece Email: {marnas,lef,bleris}@csdauthgr
More informationIntroduction to Information Security
Introduction to Information Security Lecture 4: Hash Functions and MAC 2007. 6. Prof. Byoungcheon Lee sultan (at) joongbu. ac. kr Information and Communications University Contents 1. Introduction - Hash
More informationMarwan Burelle. Parallel and Concurrent Programming. Introduction and Foundation
and and marwan.burelle@lse.epita.fr http://wiki-prog.kh405.net Outline 1 2 and 3 and Evolutions and Next evolutions in processor tends more on more on growing of cores number GPU and similar extensions
More informationProgramming with SIMD Instructions
Programming with SIMD Instructions Debrup Chakraborty Computer Science Department, Centro de Investigación y de Estudios Avanzados del Instituto Politécnico Nacional México D.F., México. email: debrup@cs.cinvestav.mx
More information1 Cryptographic hash functions
CSCI 5440: Cryptography Lecture 6 The Chinese University of Hong Kong 23 February 2011 1 Cryptographic hash functions Last time we saw a construction of message authentication codes (MACs) for fixed-length
More informationMessage Authentication Codes (MACs)
Message Authentication Codes (MACs) Tung Chou Technische Universiteit Eindhoven, The Netherlands October 8, 2015 1 / 22 About Me 2 / 22 About Me Tung Chou (Tony) 2 / 22 About Me Tung Chou (Tony) Ph.D.
More informationOptimal Use of Montgomery Multiplication on Smart Cards
Optimal Use of Montgomery Multiplication on Smart Cards Arnaud Boscher and Robert Naciri Oberthur Card Systems SA, 71-73, rue des Hautes Pâtures, 92726 Nanterre Cedex, France {a.boscher, r.naciri}@oberthurcs.com
More informationUMAC: Fast and Secure Message Authentication
The proceedings version of this paper appears in Advances in Cryptology CRYPTO 99 [7]. This is the full version. It is available from www.cs.ucdavis.edu/~rogaway/umac/ UMAC: Fast and Secure Message Authentication
More informationPseudo-Random Generators
Pseudo-Random Generators Why do we need random numbers? Simulation Sampling Numerical analysis Computer programming (e.g. randomized algorithm) Elementary and critical element in many cryptographic protocols
More informationPseudo-Random Generators
Pseudo-Random Generators Topics Why do we need random numbers? Truly random and Pseudo-random numbers. Definition of pseudo-random-generator What do we expect from pseudorandomness? Testing for pseudo-randomness.
More informationOutline. policies for the first part. with some potential answers... MCS 260 Lecture 10.0 Introduction to Computer Science Jan Verschelde, 9 July 2014
Outline 1 midterm exam on Friday 11 July 2014 policies for the first part 2 questions with some potential answers... MCS 260 Lecture 10.0 Introduction to Computer Science Jan Verschelde, 9 July 2014 Intro
More informationCIS 6930/4930 Computer and Network Security. Topic 4. Cryptographic Hash Functions
CIS 6930/4930 Computer and Network Security Topic 4. Cryptographic Hash Functions 1 The SHA-1 Hash Function 2 Secure Hash Algorithm (SHA) Developed by NIST, specified in the Secure Hash Standard, 1993
More informationBehavioral Simulations in MapReduce
Behavioral Simulations in MapReduce Guozhang Wang, Marcos Vaz Salles, Benjamin Sowell, Xun Wang, Tuan Cao, Alan Demers, Johannes Gehrke, Walker White Cornell University 1 What are Behavioral Simulations?
More informationWeek 12: Hash Functions and MAC
Week 12: Hash Functions and MAC 1. Introduction Hash Functions vs. MAC 2 Hash Functions Any Message M Hash Function Generate a fixed length Fingerprint for an arbitrary length message. No Key involved.
More informationTopics. Pseudo-Random Generators. Pseudo-Random Numbers. Truly Random Numbers
Topics Pseudo-Random Generators Why do we need random numbers? Truly random and Pseudo-random numbers. Definition of pseudo-random-generator What do we expect from pseudorandomness? Testing for pseudo-randomness.
More informationNotes on Zero Knowledge
U.C. Berkeley CS172: Automata, Computability and Complexity Handout 9 Professor Luca Trevisan 4/21/2015 Notes on Zero Knowledge These notes on zero knowledge protocols for quadratic residuosity are based
More informationCryptanalysis of a hash function, and the modular subset sum problem
Cryptanalysis of a hash function, and the modular subset sum problem Chris Monico Department of Mathematics and Statistics Texas Tech University January 17, 2018 Abstract Recently, Shpilrain and Sosnovski
More informationCPSC 467b: Cryptography and Computer Security
Outline Authentication CPSC 467b: Cryptography and Computer Security Lecture 18 Michael J. Fischer Department of Computer Science Yale University March 29, 2010 Michael J. Fischer CPSC 467b, Lecture 18
More informationExperience in Factoring Large Integers Using Quadratic Sieve
Experience in Factoring Large Integers Using Quadratic Sieve D. J. Guan Department of Computer Science, National Sun Yat-Sen University, Kaohsiung, Taiwan 80424 guan@cse.nsysu.edu.tw April 19, 2005 Abstract
More informationBlock AIR Methods. For Multicore and GPU. Per Christian Hansen Hans Henrik B. Sørensen. Technical University of Denmark
Block AIR Methods For Multicore and GPU Per Christian Hansen Hans Henrik B. Sørensen Technical University of Denmark Model Problem and Notation Parallel-beam 3D tomography exact solution exact data noise
More informationPhysically Unclonable Functions
Physically Unclonable Functions Rajat Subhra Chakraborty Associate Professor Department of Computer Science and Engineering IIT Kharagpur E-mail: rschakraborty@cse.iitkgp.ernet.in ISEA Workshop IIT Kharagpur,
More informationEntropy Rate of Stochastic Processes
Entropy Rate of Stochastic Processes Timo Mulder tmamulder@gmail.com Jorn Peters jornpeters@gmail.com February 8, 205 The entropy rate of independent and identically distributed events can on average be
More informationarxiv: v1 [cs.sc] 17 Apr 2013
EFFICIENT CALCULATION OF DETERMINANTS OF SYMBOLIC MATRICES WITH MANY VARIABLES TANYA KHOVANOVA 1 AND ZIV SCULLY 2 arxiv:1304.4691v1 [cs.sc] 17 Apr 2013 Abstract. Efficient matrix determinant calculations
More informationSimple Proofs of Sequential Work
Simple Proofs of Sequential Work Bram Cohen Krzysztof Pietrzak Eurocrypt 2018, Tel Aviv, May 1st 2018 Outline What How Why Proofs of Sequential Work Sketch of Construction & Proof Sustainable Blockchains
More informationSecurity of Blockchain Technologies
Security of Blockchain Technologies Master Thesis Karl Wüst 2016-07-11 Supervisor: Prof. Dr. Srdjan Capkun Advisor: Arthur Gervais Department of Computer Science, ETH Zürich Abstract Proof of Work (PoW)
More informationDigital Signature Scheme Based on a New Hard Problem
Computer Science Journal of Moldova, vol.16, no.2(47), 2008 Digital Signature Scheme Based on a New Hard Problem Niolay A. Moldovyan Abstract Factorizing composite number n = qr, where q and r are two
More informationCHAPTER 2 EXTRACTION OF THE QUADRATICS FROM REAL ALGEBRAIC POLYNOMIAL
24 CHAPTER 2 EXTRACTION OF THE QUADRATICS FROM REAL ALGEBRAIC POLYNOMIAL 2.1 INTRODUCTION Polynomial factorization is a mathematical problem, which is often encountered in applied sciences and many of
More informationINF2270 Spring Philipp Häfliger. Lecture 8: Superscalar CPUs, Course Summary/Repetition (1/2)
INF2270 Spring 2010 Philipp Häfliger Summary/Repetition (1/2) content From Scalar to Superscalar Lecture Summary and Brief Repetition Binary numbers Boolean Algebra Combinational Logic Circuits Encoder/Decoder
More informationB. Encryption using quasigroup
Sequence Randomization Using Quasigroups and Number Theoretic s Vaignana Spoorthy Ella Department of Computer Science Oklahoma State University Stillwater, Oklahoma, USA spoorthyella@okstateedu Abstract
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 16 October 30, 2017 CPSC 467, Lecture 16 1/52 Properties of Hash Functions Hash functions do not always look random Relations among
More informationA recursive relation and some statistical properties for the Möbius function
International Journal of Mathematics and Computer Science, 11(2016), no. 2, 215 248 M CS A recursive relation and some statistical properties for the Möbius function Rong Qiang Wei College of Earth Sciences
More informationRemainders. We learned how to multiply and divide in elementary
Remainders We learned how to multiply and divide in elementary school. As adults we perform division mostly by pressing the key on a calculator. This key supplies the quotient. In numerical analysis and
More informationSIGNATURE SCHEMES & CRYPTOGRAPHIC HASH FUNCTIONS. CIS 400/628 Spring 2005 Introduction to Cryptography
SIGNATURE SCHEMES & CRYPTOGRAPHIC HASH FUNCTIONS CIS 400/628 Spring 2005 Introduction to Cryptography This is based on Chapter 8 of Trappe and Washington DIGITAL SIGNATURES message sig 1. How do we bind
More informationElliptic Curves I. The first three sections introduce and explain the properties of elliptic curves.
Elliptic Curves I 1.0 Introduction The first three sections introduce and explain the properties of elliptic curves. A background understanding of abstract algebra is required, much of which can be found
More informationA Deep Convolutional Neural Network Based on Nested Residue Number System
A Deep Convolutional Neural Network Based on Nested Residue Number System Hiroki Nakahara Tsutomu Sasao Ehime University, Japan Meiji University, Japan Outline Background Deep convolutional neural network
More informationAES-VCM, AN AES-GCM CONSTRUCTION USING AN INTEGER-BASED UNIVERSAL HASH FUNCTION.
AES-VCM, AN AES-GCM CONSTRUCTION USING AN INTEGER-BASED UNIVERSAL HASH FUNCTION. ED KNAPP Abstract. We give a framework for construction and composition of universal hash functions. Using this framework,
More informationLecture 1: Introduction to Public key cryptography
Lecture 1: Introduction to Public key cryptography Thomas Johansson T. Johansson (Lund University) 1 / 44 Key distribution Symmetric key cryptography: Alice and Bob share a common secret key. Some means
More informationSTRIBOB : Authenticated Encryption
1 / 19 STRIBOB : Authenticated Encryption from GOST R 34.11-2012 or Whirlpool Markku-Juhani O. Saarinen mjos@item.ntnu.no Norwegian University of Science and Technology Directions in Authentication Ciphers
More information2.6 Complexity Theory for Map-Reduce. Star Joins 2.6. COMPLEXITY THEORY FOR MAP-REDUCE 51
2.6. COMPLEXITY THEORY FOR MAP-REDUCE 51 Star Joins A common structure for data mining of commercial data is the star join. For example, a chain store like Walmart keeps a fact table whose tuples each
More informationOn Quasigroup Pseudo Random Sequence Generators
On Quasigroup Pseudo Random Sequence Generators V. Dimitrova, J. Markovski Institute of Informatics, Faculty of Natural Sciences and Mathematics Ss Cyril and Methodius University, 1 Skopje, FYRO Macedonia
More informationarxiv: v1 [hep-lat] 7 Oct 2010
arxiv:.486v [hep-lat] 7 Oct 2 Nuno Cardoso CFTP, Instituto Superior Técnico E-mail: nunocardoso@cftp.ist.utl.pt Pedro Bicudo CFTP, Instituto Superior Técnico E-mail: bicudo@ist.utl.pt We discuss the CUDA
More informationBLOCKCHAIN technology, which was firstly coined in
1 Performance Analysis of the Raft Consensus Algorithm for Private Blockchains Dongyan Huang, Xiaoli Ma, Fellow, IEEE, and Shengli Zhang, Senior Member, IEEE arxiv:1808.01081v1 [cs.ni] 3 Aug 2018 Abstract
More information1 What is numerical analysis and scientific computing?
Mathematical preliminaries 1 What is numerical analysis and scientific computing? Numerical analysis is the study of algorithms that use numerical approximation (as opposed to general symbolic manipulations)
More informationarxiv: v2 [cs.cr] 8 Nov 2018
Deconstructing the Blockchain to Approach Physical Limits Vivek Bagaria, Sreeram Kannan, David Tse, Giulia Fanti, Pramod Viswanath arxiv:1810.08092v2 [cs.cr] 8 Nov 2018 Stanford University, University
More informationTribhuvan University Institute of Science and Technology 2067
11CSc. MTH. -2067 Tribhuvan University Institute of Science and Technology 2067 Bachelor Level/First Year/ Second Semester/ Science Full Marks: 80 Computer Science and Information Technology Pass Marks:
More informationAURORA: A Cryptographic Hash Algorithm Family
AURORA: A Cryptographic Hash Algorithm Family Submitters: Sony Corporation 1 and Nagoya University 2 Algorithm Designers: Tetsu Iwata 2, Kyoji Shibutani 1, Taizo Shirai 1, Shiho Moriai 1, Toru Akishita
More informationEvolutionary Game for Mining Pool Selection in Blockchain Networks
Evolutionary Game for Mining Pool Selection in Blockchain Networks Xiaojun Liu, Wenbo Wang, Dusit Niyato, Narisa Zhao and Ping Wang Institute of Systems Engineering, Dalian University of Technology, Dalian,
More informationPRIMES Math Problem Set
PRIMES Math Problem Set PRIMES 017 Due December 1, 01 Dear PRIMES applicant: This is the PRIMES 017 Math Problem Set. Please send us your solutions as part of your PRIMES application by December 1, 01.
More informationSources of randomness
Random Number Generator Chapter 7 In simulations, we generate random values for variables with a specified distribution Ex., model service times using the exponential distribution Generation of random
More informationENEE 459-C Computer Security. Message authentication (continue from previous lecture)
ENEE 459-C Computer Security Message authentication (continue from previous lecture) Last lecture Hash function Cryptographic hash function Message authentication with hash function (attack?) with cryptographic
More information3 The fundamentals: Algorithms, the integers, and matrices
3 The fundamentals: Algorithms, the integers, and matrices 3.4 The integers and division This section introduces the basics of number theory number theory is the part of mathematics involving integers
More informationAttacking and defending the McEliece cryptosystem
Attacking and defending the McEliece cryptosystem (Joint work with Daniel J. Bernstein and Tanja Lange) Christiane Peters Technische Universiteit Eindhoven PQCrypto 2nd Workshop on Postquantum Cryptography
More informationFoundations of Network and Computer Security
Foundations of Network and Computer Security John Black Lecture #6 Sep 8 th 2005 CSCI 6268/TLEN 5831, Fall 2005 Announcements Quiz #1 later today Still some have not signed up for class mailing list Perhaps
More informationCombining Memory and Landmarks with Predictive State Representations
Combining Memory and Landmarks with Predictive State Representations Michael R. James and Britton Wolfe and Satinder Singh Computer Science and Engineering University of Michigan {mrjames, bdwolfe, baveja}@umich.edu
More informationLies My Calculator and Computer Told Me
Lies My Calculator and Computer Told Me 2 LIES MY CALCULATOR AND COMPUTER TOLD ME Lies My Calculator and Computer Told Me See Section.4 for a discussion of graphing calculators and computers with graphing
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 15 October 20, 2014 CPSC 467, Lecture 15 1/37 Common Hash Functions SHA-2 MD5 Birthday Attack on Hash Functions Constructing New
More informationA Pseudo-Random Encryption Mode
A Pseudo-Random Encryption Mode Moni Naor Omer Reingold Block ciphers are length-preserving private-key encryption schemes. I.e., the private key of a block-cipher determines a permutation on strings of
More informationJim Lambers MAT 610 Summer Session Lecture 2 Notes
Jim Lambers MAT 610 Summer Session 2009-10 Lecture 2 Notes These notes correspond to Sections 2.2-2.4 in the text. Vector Norms Given vectors x and y of length one, which are simply scalars x and y, the
More informationWinter 2008 Introduction to Modern Cryptography Benny Chor and Rani Hod. Assignment #2
0368.3049.01 Winter 2008 Introduction to Modern Cryptography Benny Chor and Rani Hod Assignment #2 Published Sunday, February 17, 2008 and very slightly revised Feb. 18. Due Tues., March 4, in Rani Hod
More informationWavelet Transform And Principal Component Analysis Based Feature Extraction
Wavelet Transform And Principal Component Analysis Based Feature Extraction Keyun Tong June 3, 2010 As the amount of information grows rapidly and widely, feature extraction become an indispensable technique
More informationNew attacks on Keccak-224 and Keccak-256
New attacks on Keccak-224 and Keccak-256 Itai Dinur 1, Orr Dunkelman 1,2 and Adi Shamir 1 1 Computer Science department, The Weizmann Institute, Rehovot, Israel 2 Computer Science Department, University
More informationFundamentals of Modern Cryptography
Fundamentals of Modern Cryptography BRUCE MOMJIAN This presentation explains the fundamentals of modern cryptographic methods. Creative Commons Attribution License http://momjian.us/presentations Last
More informationA Simple Left-to-Right Algorithm for Minimal Weight Signed Radix-r Representations
IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. XX, NO. X, MONTH 2007 1 A Simple Left-to-Right Algorithm for Minimal Weight Signed Radix-r Representations James A. Muir Abstract We present a simple algorithm
More informationHash Functions. Ali El Kaafarani. Mathematical Institute Oxford University. 1 of 34
Hash Functions Ali El Kaafarani Mathematical Institute Oxford University 1 of 34 Outline 1 Definition and Notions of Security 2 The Merkle-damgård Transform 3 MAC using Hash Functions 4 Cryptanalysis:
More informationChair for Network Architectures and Services Institute of Informatics TU München Prof. Carle. Network Security. Chapter 2 Basics
Chair for Network Architectures and Services Institute of Informatics TU München Prof. Carle Network Security Chapter 2 Basics 2.4 Random Number Generation for Cryptographic Protocols Motivation It is
More informationParallel Numerics. Scope: Revise standard numerical methods considering parallel computations!
Parallel Numerics Scope: Revise standard numerical methods considering parallel computations! Required knowledge: Numerics Parallel Programming Graphs Literature: Dongarra, Du, Sorensen, van der Vorst:
More informationThanks to: University of Illinois at Chicago NSF CCR Alfred P. Sloan Foundation
The Poly1305-AES message-authentication code D. J. Bernstein Thanks to: University of Illinois at Chicago NSF CCR 9983950 Alfred P. Sloan Foundation The AES function ( Rijndael 1998 Daemen Rijmen; 2001
More informationA Small Subgroup Attack on Arazi s Key Agreement Protocol
Small Subgroup ttack on razi s Key greement Protocol Dan Brown Certicom Research, Canada dbrown@certicom.com lfred Menezes Dept. of C&O, University of Waterloo, Canada ajmeneze@uwaterloo.ca bstract In
More informationParallel Cube Tester Analysis of the CubeHash One-Way Hash Function
Parallel Cube Tester Analysis of the CubeHash One-Way Hash Function Alan Kaminsky Department of Computer Science B. Thomas Golisano College of Computing and Information Sciences Rochester Institute of
More informationToward High Performance Matrix Multiplication for Exact Computation
Toward High Performance Matrix Multiplication for Exact Computation Pascal Giorgi Joint work with Romain Lebreton (U. Waterloo) Funded by the French ANR project HPAC Séminaire CASYS - LJK, April 2014 Motivations
More informationKatz, Lindell Introduction to Modern Cryptrography
Katz, Lindell Introduction to Modern Cryptrography Slides Chapter 12 Markus Bläser, Saarland University Digital signature schemes Goal: integrity of messages Signer signs a message using a private key
More informationBandwidth-Hard Functions: Reductions and Lower Bounds
Bandwidth-Hard Functions: Reductions and Lower Bounds Jeremiah Blocki 1, Ling Ren, and Samson Zhou 1 1 Department of Computer Science, Purdue University, West Lafayette, IN. jblocki@purdue.edu, samsonzhou@gmail.com
More informationSliding right into disaster - Left-to-right sliding windows leak
Sliding right into disaster - Left-to-right sliding windows leak Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal and
More informationBig-O Notation and Complexity Analysis
Big-O Notation and Complexity Analysis Jonathan Backer backer@cs.ubc.ca Department of Computer Science University of British Columbia May 28, 2007 Problems Reading: CLRS: Growth of Functions 3 GT: Algorithm
More informationImproving Disk Sector Integrity Using 3-dimension Hashing Scheme
Improving Disk Sector Integrity Using 3-dimension Hashing Scheme Zoe L. Jiang, Lucas C.K. Hui, K.P. Chow, S.M. Yiu and Pierre K.Y. Lai Department of Computer Science The University of Hong Kong, Hong Kong
More informationCryptography and Security Final Exam
Cryptography and Security Final Exam Solution Serge Vaudenay 29.1.2018 duration: 3h no documents allowed, except one 2-sided sheet of handwritten notes a pocket calculator is allowed communication devices
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 18 November 6, 2017 CPSC 467, Lecture 18 1/52 Authentication While Preventing Impersonation Challenge-response authentication protocols
More informationDomain Extender for Collision Resistant Hash Functions: Improving Upon Merkle-Damgård Iteration
Domain Extender for Collision Resistant Hash Functions: Improving Upon Merkle-Damgård Iteration Palash Sarkar Cryptology Research Group Applied Statistics Unit Indian Statistical Institute 203, B.T. Road,
More information