CHARIOT: Cloud-Assisted Access Control for the Internet of Things
Size: px
Start display at page:

Download "CHARIOT: Cloud-Assisted Access Control for the Internet of Things"

Transcription

1 CHARIOT: Cloud-Assisted Access Contol fo the Intenet of Things Clémentine Gitti Euecom Sophia Antipolis, Fance Melek Önen Euecom Sophia Antipolis, Fance Refik Molva Euecom Sophia Antipolis, Fance Abstact The Intenet of Things (IoT) technology has expanded widely acoss the wold, pomising new data management oppotunities fo industies, companies and individuals in diffeent sectos, such as health sevices o tanspot logistics. This tend elies on connecting devices/things to collect, exchange and stoe data. The exponentially inceasing numbe of IoT devices, thei oigin divesity, thei limited capabilities in tems of esouces, as well as the eve-inceasing amount of data, aise new challenges fo secuity and pivacy potection, pecluding taditional access contol solutions to be integated to this new envionment. In this pape, we popose a eliable seveaided policy-based access contol mechanism, named CHARIOT, that enables an IoT platfom to veify cedentials of diffeent devices equesting access (ead/wite) to the data stoed within it. CHARIOT pemits IoT devices to authenticate themselves to the platfom without compomising thei pivacy by using attibutebased signatues. Ou solution also allows secue delegation of costly computational opeations to a cloud seve, hence elieving the wokload at IoT devices side. Index Tems Access Contol, Cloud Computing, Intenet of Things I. INTRODUCTION The Intenet of Things (IoT) has been developed to enable the inteconnection between vaious devices, such as mobile phones, sensos and actuatos, that collect and tansmit data at lage-scale. This technology has been integated to multiple and divesified envionments such as envionmental poduction, health sevices and taffic monitoing. With the explosion of the amount of data exchanges between these devices and thei lage numbe, the need fo secuity and pivacy countemeasues becomes cucial. Seveal studies [1] [3] epot on diffeent vulneabilities of the technology. While many platfoms ae available fo the IoT, access contol issues ae often ovelooked. Vaious attacks exist against such platfoms; fo example, vulneabilities in ToyTalk poducts wee discoveed among which the majoity oiginated fom the lack of secuity at the platfom level wheeby an advesay was easily able to log-in to the platfom at any time 1. Peventing unauthoized access to the platfom and consequently to the data stoed in thee becomes extemely challenging due to the natue of IoT devices. The latte, that ae often simple and esouce-constained, cannot pefom any costly computational opeations. Since platfoms ae usually 1 us/aticle/moe-secuity-vulneabilitiesfound-in-hello-babie-toys-seves installed at untusted thid paties, such as data centes and cloud seves, such paties must not obtain any infomation about the identity of IoT devices and the data that is being collected o accessed. Taditional cedential-based access contol systems do not suit this envionment as such esouce-limited devices ae often not able to geneate cedentials o signatues to satisfy the access contol policy defined fo an IoT platfom. We hence aim to develop a seve-aided access contol solution, named CHARIOT, which ensues the pivacy of the devices identity and of the data towads the platfom. CHARIOT elies on the use of attibute-based signatues to ensue the pope authentication of devices, by defining an access contol policy fo the data stoed at the IoT platfom. Futhemoe, CHARIOT enables an IoT device to delegate most of the access contol opeations to a moe poweful thid paty such as a cloud seve, and only pefom mino opeations at its side in ode to optimize the use of its esouces. The outsouced computation of the cedentials is based on a simple secet shaing of the signing key between the cloud seve and the IoT device. Once the cloud seve has executed the main pat of the geneation of the signatue, the IoT device pefoms vey few additional opeations to finalize it and sends the esulting signatue to the platfom. CHARIOT ensues that no infomation about the devices attibutes in the cedentials is leaked to the platfom no to the cloud seve. In the following section, we detail the poblem aised by designing an access contol potocol suitable to the IoT envionment. In Section I-B, we highlight the main featues of ou cloud seve-assisted access contol potocol fo IoT. Section II descibes the poposed solution CHARIOT and analyzes its secuity. In Section III, we evaluate the pefomance of ou solution and ecall the existing wok. We finally conclude the pape in Section IV. A. Poblem Statement As aleady intoduced, seious issues on secuity have been encounteed because of giving access to sensitive infomation to unauthoized paties in the IoT context [1] [3]. Access contol systems appea to be the essential stategy to ovecome these theats. Nevetheless, taditional access contol solutions elying on public-key infastuctues fall shot fo this technol-

2 ogy mainly because of the vey limited computing esouces of IoT devices in tems of memoy, CPU, stoage and battey. A suitable technique allowing the secue authentication of devices to the platfom is Attibute-Based Signatue (ABS) [4]. Infomally speaking, an ABS potocol in the IoT envionment ensues that given an access policy, wheneve a device signs a message using its attibutes, if the attibutes satisfy this access policy, then this signatue is valid and the device successfully authenticates and accesses the platfom. Additionally, ABS ensues that these attibutes emain hidden in the signatue, and thus the device s identity emains pivate. Indeed, duing the veification phase, the platfom cannot discove any infomation except that the access contol policy is satisfied. Howeve, cuent ABS solutions [5], [6] suffe fom the computational buden of the signatue geneation. Since the signatue computation involves multiple modula exponentiations and thei numbe inceases linealy with the policy s size, the existing tools ae not yet suitable to the IoT envionment. B. Idea Most of the existing ABS solutions ae vey costly in tems of computation and stoage: the geneation of the signatue and its size depend on the numbe of attibutes in the signing policies. In the context of an IoT envionment, a typical access contol policy may contain numeous attibutes because of the lage numbe of IoT devices and thei heteogeneity. Heanz et al. [6] pesent a Theshold ABS scheme with compact signatues wheeby thei size does not depend on the numbe of attibutes in the policies. While the solution is suitable fo the IoT technology, the computational cost still emains significant: the numbe of modula exponentiations is linea with the numbe of attibutes and theefoe cannot be affoded by esouce-constained IoT devices. We popose to impove the computational cost of the above solution at the device s side by delegating most of the signatue geneation to a poweful cloud seve. Similaly to [7], the signing key is secetly shaed between the cloud seve and the IoT device, ensuing a secue delegation of the signatue computation. The cloud seve computes a patial signatue using an outsoucing key, and sends it to the IoT device. The latte finalizes the signatue by pefoming additional lightweight opeations using its pivate key, and fowads it to the platfom. The signatue is accepted by the platfom if the device s attibutes, embedded into the signatue, satisfy the access contol policy. Yet, the ABS solution in [6] incus exta computational and stoage ovehead since the signatue geneation is fixed to an uppe bound due to the use of dummy attibutes. Following a technique intoduced in [8], we modify the oiginal ABS in [6] by emoving the pesence of dummy attibutes. We hence obtain a moe efficient Theshold ABS scheme with constantsize signatues and no dummy attibutes wheeby the most computationally-intensive opeations ae secuely delegated to a cloud seve. The poposed solution guaantees pivacy of paticipating IoT devices against the platfom and cloud seve. Tusted Attibute Authoity Pivate key IoT Device A. Envionment Fig. 1. CHARIOT potocol oveview Outsoucing key Encoded policy Final signatue Outsouced signatue II. CHARIOT Cloud Seve IoT Platfom We define an Outsouced Theshold Attibute-Based Signatue potocol as follows. The fist two algoithms, Setup and Keygen, ae un to initialize the potocol. The Setup algoithm is un to geneate the public paametes accessible to all paticipating paties, and a maste secet key fowaded to an off-line tusted attibute authoity. The Keygen algoithm is un by the tusted attibute authoity to ceate the outsoucing key fo the cloud seve and the pivate key fo the IoT device, egading the access attibutes of this device. The following algoithms, Request, Sign out, Sign and Veify, ae the coe algoithms to enable secue authentication of the IoT device towads the platfom. Fist, the IoT device uns Request to hash the access policy fo the cloud seve using a Keyed-Hash Message Authentication Code (HMAC). The access policy is defined by the platfom and made accessible to the device, but should emain hidden fom the cloud seve s view. Then, the cloud seve, given this hashed access policy, ceates the outsouced signatue using its outsoucing key. It fowads the outsouced signatue to the IoT device. Fom thee, the device finalizes the signatue geneation by using its pivate key and choosing the message. It fowads the final signatue to the IoT platfom. The latte executes Veify to check the validity of the device s signatue and thus its ight fo access. Figue 1 illustates the CHARIOT potocol whee a tusted attibute authoity, an IoT platfom, a cloud seve and an IoT device paticipate. Moe details on the components (keys and signatues) ae given in the next section. B. Peliminaies Notations. Let Y be a finite set. The notation y R Y stands fo y is a andom vaiable unifomly chosen fom Y.

3 Let g G and v (v 1, v 2, v 3 ) whee v i G fo i [1, 3]. We denote E(g, v) the paiing-based vecto (e(g, v 1 ), e(g, v 2 ), e(g, v 3 )) whee e(g, v i ) G T fo i [1, 3]. In addition, we let the multiplication between two column vectos be (v 1, v 2, v 3 ) (v 1, v 2, v 3) (v 1 v 1, v 2 v 2, v 3 v 3) whee v i G fo i [1, 3]. Let X be an attibute set, at be an attibute in X, τ be an injective encoding such that all τ(at) ae paiwise-distinct, and γ be an element in Z p. We denote F X at X (γ+τ(at)) the polynomial of degee X fo attibutes at X. Bilinea Paiings. Let G and G T be two cyclic multiplicative goups of pime ode p. Let e be an efficiently computable mapping e : G G G T such that: e(g a, h b ) e(g, h) ab fo any g, h G and a, b Z p, e(g, h) 1 GT wheneve g, h 1 G. We call e an admissible paiing. Moeove, e is symmetic: fo all g, h G, e(g, h) e(h, g). DLIN Assumption [6]. The Decisional LINea poblem elated to the goup G is defined as follows. Let g be a geneato of G and γ be an unknown exponent in Z p. Given an intege n N and the values g, {g γi } i [1,2n]\{n+1} in G, the aim is to compute g γn+1. (q,n,s,t)-amse-cdh Assumption [6], [8]. The Augmented Multi-Sequence of Exponents Computational Diffie-Hellman poblem elated to the goup pai (G, G T ) is defined as follows. Let g 0, h 0 be two geneatos of G. Let f(x), g(x) be two co-pime polynomials defined as f(x) q i1 (x + x i ) and g(x) s i1 (x + x i ) whee x i, x i ae given. Given q, n, s, t, f(x), g(x) and the following values in G: g 0, h 0, {g αγi 0 } i [0,q+n], g αfγs t 0, {g βγi 0 } i [0,q+t], {g ωγi 0 } i [0,q+t], {h αγi 0 } i [0,2n], h αgγn 0, {h βγi 0 } i [0,n+t 2], {h ωγi 0 } i [0,n+t] whee α, β, γ, ω ae unknown exponents of Z p, the aim is to compute e(g 0, h 0 ) αβfγn+s 1. C. Building Blocks Similaly to Heanz et al. [6], ou ABS scheme elies on two main featues, namely the Attibute-Based Encyption (ABE) scheme with constant-size ciphetexts poposed by [9] and the Goth-Sahai poof systems fo bilinea goups [10]. The ABE scheme in [9] is designed fo the theshold case, whee uses ae authoized to decypt if they have at least t attibutes matching the ones fom an attibute univese, fo some theshold t chosen by the paty who encypts the message. Such scheme elies on expessing a polynomial as the poduct of ieducible factos of degee 1 with coefficients equal to the attibutes fom eithe the use s set o the univese. Faction of such polynomials can thus be simplified when t attibutes among the use s set and the univese match. Heanz et al. [6] design thei Theshold ABS scheme by enabling the signe to implicitly pove that it can decypt a ciphetext geneated as in the ABE scheme [9]. To do so, the signe geneates a Goth-Sahai poof [10] in which the message and access policy ae binded using a technique fom [11]. Infomally, by hashing the to-be-signed message using Wates techniques [12] and embedding it into the Goth-Sahai Common Refeence Sting (CRS), the technique in [11] allows signatues of knowledge. In addition, we modify the ABS scheme pesented in [6] by enabling the outsoucing of the signatue geneation to a cloud seve. Similaly to Chen et al. [7], we let the cloud seve and the IoT device hold shaes of a secet element chosen by the tusted attibute authoity, and use them to geneate the signatue such that the combination of the two shaes ecove the secet. Goth-Sahai Poofs. Goth-Sahai poofs [10] ae used to constuct signatues in ou potocol. Based on the DLIN assumption and symmetic paiings, they guaantee unfogeability and pivacy of signatues. Let g 1, g 2, g G and vectos g 1 (g 1, 1, g), g 2 (1, g 2, g), g 3 G 3 be defined in the CRS used in Goth-Sahai poof systems. Let, s, t Z p and C (1, 1, X) ( g 1 ) ( g 2 ) s ( g 3 ) t whee X G is the element to commit. Let ξ 1, ξ 2 Z p be andomly chosen such that g 3 ( g 1 ) ξ1 ( g 2 ) ξ2. Let the elements of C (g +ξ1t 1, g s+ξ2t 2, X g +s+t(ξ1+ξ2) ) be the esulting commitments. As mentioned in [6], [10], the elements of C ae ciphetexts fom the Boneh-Boyen-Shacham encyption scheme [13] that can be decypted using log g (g 1 ) and log g (g 2 ). Let g 3 ( g 1 ) ξ1 ( g 2 ) ξ2 (1, 1, g 1 ). Hence, g 1, g 2, g 3 ae linealy independent vectos and C is a pefectly hiding commitment. Thus, poofs ae pefectly witness indistinguishable. The committed goup elements ae poved to satisfy some elations when thee ae one commitment pe vaiable and one poof element (made of a constant numbe of goup elements) pe elation. In the context of paiing-based systems, let t T be constant in G T, A i be constant in G, B i G and a i,j Z p, fo i, j [1, k]. The paiing-poduct equations ae k i1 e(a i, B i ) k k i1 j1 e(b i, B j ) ai,j t T. In addition, Non-Inteactive Zeo-Knowledge (NZIK) poofs ae available with paiing-poduct elations. Let S i, T i, fo i [1, k ] and k N be constant values and t T k 1 i1 e(s i, T i ) be a taget element. These exta vaiables incu additional costs. A tapdoo makes possible to simulate the poofs without knowing the witnesses, such that witness indistinguishability is satisfied by the CRS set. In CHARIOT, we use paiing-poduct linea equations, meaning that a i,j 0 fo i, j [1, k], containing thee goup elements.

4 Theshold ABS. Let Ω S Ω S whee Ω is the attibute set of the signe and S is the attibute set included in the signing policy Γ (t, S), whee S s and t is the theshold. Let τ be an injective encoding such that fo all attibutes at in Ω S, the values τ(at) ae paiwise distinct. Let be the andomness in the cloud seve s outsoucing key and γ be pat of the maste secet key held by the tusted attibute authoity. The cloud seve eceives the tuple {g γ+τ(at), τ(at)}at Ω in its outsoucing key. The outsouced signatue geneation equies the cloud seve to pick the components g γ+τ(at) and τ(at) fo at Ω S Ω and to at Ω (γ+τ(at)) compute g S G given these components. This is done using the algoithm Aggegate [14]. Let x i τ(at) fo all at Ω S whee Ω S t. Given ν i g γ+x i and x i fo i [1, t], fo any (j, l) such that 1 j < l t, 1 j i1 (γ+x i ) L j,l νl (g 1 j (γ+x l) ) i1 (γ+x i ). The Aggegate algoithm consists in computing sequentially L j,l fo j [1, t 1] and l [j + 1, t] using the induction 1 x L j,l (L j 1,j /L j 1,l ) l x j and setting L 0,l ν l fo l [1, t]. The algoithm finally outputs L t L t 1,t. The Theshold ABS scheme in [6] uses polynomial factions to enable the paiing-based veification pocess. Infomally, attibutes at the denominato will cancel out if and only if the signe has t attibutes matching the ones in the access policy. The algoithm Aggegate [14] enables to compute the denominato of these polynomial factions by obtaining F g ΩS G, while the numeato is calculated given the public paametes and the attibutes in S. Let the polynomial F (S Dn+t 1 s)\ω S fom [6] be defined as follows: F (S Dn+t 1 s)\ω S at S (γ + τ(at)) at D n+t 1 s (γ + τ(at)) at Ω S (γ + τ(at)) (γ + τ(at)) at (S D n+t 1 s)\ω S The set D n+t 1 s coesponds to the set of dummy attibutes. When Ω S Ω S has exactly t elements, then the degee of the polynomial F (S Dn+t 1 s)\ω S is s+(n+t 1 s) t n 1. Let a i be the coefficients of the polynomial. We e-wite as: n 1 n 1 F (S Dn+t 1 s)\ω S γ i a i γ i a i + a 0 whee a 0 at (S D n+t 1 s)\ω S τ(at). The pivate key contains the components h γi fo i [0, n 2], and thus the element h 1 γ (F (S D n+t 1 s )\Ω S a 0) h n 1 i1 γi 1 a i n 1 i1 (hγi 1 ) ai n 2 j0 (hγj ) aj+1 is computable. Howeve, if Ω S < t, then the polynomial F (S Dn+t 1 s)\ω S has degee stictly geate than n 1. Thus, the element i1 h 1 γ (F (S D n+t 1 s )\Ω S a 0) is not computable since the components h γi fo i > n 2 ae missing in the pivate key. Yet, the use of dummy attibutes to enable the coectness of the polynomial setting bings exta stoage and computational costs. Similaly to [8], we modify the Heanz et al. s polynomial setting in a such way that dummy attibutes ae no longe equied. Let the polynomial F S\ΩS in CHARIOT be defined as follows: F S\ΩS at S(γ + τ(at)) at Ω S (γ + τ(at)) (γ + τ(at)) at S\Ω S When Ω S Ω S has exactly t elements, then the degee of the polynomial F S\ΩS is s t. Let b i be the elements of the polynomial. We e-wite as: s t s t 1 F S\ΩS γ i b i γ s t b s t + γ i b i whee b s t 1. Given the index i [0, s t 1], we obseve that (i + n s + t) [n s + t, n 1] such that n s + t > 0. In addition, γ n s+t (F S\ΩS γ s t ) γ n s+t (γ s t + s t 1 γ i b i γ s t ) γ n s+t ( s t 1 γ i b i ) ( s t 1 γ i+n s+t b i ). The pivate key contains the components h γi fo i [1, n 1], and thus the element h γn s+t (F S\ΩS γ s t ) s t 1 (h γi+n s+t ) bi is computable. Howeve, if Ω S < t, then the polynomial F S\ΩS has degee stictly geate than s t. Thus, the element h γn s+t (F S\ΩS γ s t) is not computable since components h γi missing in the pivate key. s t 1 (h γi+n s+t ) bi fo i > n 1 ae Outsouced Signatue Geneation. The off-line tusted attibute authoity geneates two keys egading the set of the device s attibutes by picking at andom β 1 R Z p and using its maste secet key embedding β Z p. The fist key is an outsoucing key embedding β 2 β + β 1, that is fowaded to the cloud seve. The second key is a pivate key embedding β 1, that is kept secet by the IoT device. The cloud seve computes an outsouced signatue using its outsoucing key, and thus β 2, and the cuent signing policy. Then, the device finalizes the signing pocess by choosing the message and using its pivate key, and thus β 1. The exponent β 2 is canceled out and the final signatue contains β β 2 β 1. The veification is hence possible since it equies the public paametes, whose components embed β, and the signatue of the signing device. The device s signatue is finally checked by a veifie: the signatue is valid fo the chosen message if device s attibutes embedded in the signatue satisfy the signing policy. Howeve, in [7], the cloud seve must know the attibutes of the signe (included in the outsoucing key) and the attibutes of the signing policy when geneating outsouced signatues. In addition, only outside attackes ae consideed and do not enclose the cloud seve when poving attibute pivacy guaantee in [7]. Contay, we suggest that the cloud seve should be consideed as untusted and thus not have any

5 infomation about the attibutes of the devices and of the signing policies. We use an HMAC τ such that inputs at ae waanted to be authentic and have not been modified. We assume that τ sends an attibute at P onto an element τ(at) Z p such that all values τ(at) ae diffeent, and hides the attibutes fom the cloud seve s view. The HMAC τ is shaed among the attibute authoity and the device, and used fo geneating the outsoucing key (such that all the device s attibutes ae hashed using HMAC) and the HMAC-hashed signing policy fo the cloud seve espectively. Hence, the latte computes the outsouced signatue such that it does not lean anything fom the attibutes unless whethe t attibutes match between the signing policy and the device s attibute set. D. Oveview In this section, we give a sight of ou potocol in which thee main phases occu. The fist one enables to set up the potocol and to geneate the public paametes and key mateial. The second phase lets a device ask fo access to the IoT platfom by outsoucing the computation of its equest to a cloud seve. The platfom veifies the equest and access ights of the device, and gives authoization fo access accodingly. Potocol Setup. Fist, a setup algoithm is un once to initiate the CHARIOT potocol. It geneates the public paametes made available to all the paticipating paties, along with the maste secet key given to the off-line tusted attibute authoity. Then, the latte ceates an outsoucing key deliveed to the cloud seve, a unique pivate key fowaded to the IoT device and a secet key given to the IoT platfom. The outsoucing key embeds the attibutes of the device in thei HMAC-hashed fom while the pivate key is calculated in ode to enable the device to complete its access equests to the platfom. Infomally, the outsoucing key and the device s pivate key contain shaes of a secet enabling to apply the outsouced signatue geneation technique. Access Request. When the device wants to access the IoT platfom, it fist asks the cloud seve fo some assistance. Given the outsoucing key and the cuent (HMAC-hashed) policy, the cloud seve geneates an outsouced equest, unde the fom of a signatue, and fowads it to the device. The latte modifies it into its final equest by using its pivate key and by choosing a pesonal message. It finally sends its equest to the platfom. Outsouced and final signatues ae constucted as in the theshold case, based on polynomial factions defined ove the attibutes of the device and of the access policy. By doing so, if the device holds less attibutes than a cetain theshold, the signatue veification will fail and the device will not have access to the platfom. Contay to [6], the signatue geneation does not equie the use of dummy attibutes into polynomials to each coectness of the veification pocess. Moeove, signatues embed Goth-Sahai poof systems allowing the device to implicitly pove that it can decypt a ciphetext coesponding to the ABE scheme [9]. Access Veification. Once eceiving an access equest fom the IoT device, the platfom checks the validity of the coesponding signatue using the public paametes, the cuent policy and the chosen message. If the esult is positive, meaning that the device has the equied attibutes satisfying the policy, then it is authoized fo access. The veification phase woks thanks to the coectness of the ABE scheme [9] and to the pefect completeness, soundness and composable zeo-knowledge of the Goth-Sahai poofs. E. Constuction The CHARIOT constuction is made of six algoithms un among a tusted attibute authoity, an IoT platfom, a cloud seve and an IoT device: Setup(λ, P, n) (paams, msk). On inputs the secuity paamete λ, an attibute univese P and an intege n that is an uppe bound on the size of theshold policies, the algoithm outputs the public paametes paams (which contain (λ, P, n)) and the maste secet key msk (fo the tusted attibute authoity) as follows: The algoithm fist chooses two cyclic goups G, G T of pime ode p > 2 λ with an efficiently computable bilinea map e : G G G T. Let g, h be two geneatos of G and H : {0, 1} {0, 1} k be a collision-esistant hash function fo some k. Let τ be a HMAC that, given a key K, sends an attibute at P onto an element τ(k, at) Z p such that all output values ae diffeent. The algoithm then picks α, β, γ R Z p and computes u g β, v i g α γ i and h i h αγi fo i [0, n]. It geneates the Goth-Sahai CRS by fist choosing two geneatos g 1, g 2 of G. Then, it defines the vectos g 1 (g 1, 1, g) and g 2 (1, g 2, g). Fo i [0, k], it picks ξ i,1, ξ i,2 R Z p and defines the vecto g 3,i ( g 1 ) ξi,1 ( g 2 ) ξi,2 (g ξi,1 1, g ξi,2 2, g ξi,1+ξi,2 ). Exponents {ξ i,1, ξ i,2 } i [0,k] can then be discaded since they ae no longe needed. Finally, the algoithm sets the public paametes paams (λ, P, n, p, G, G T, e, g, h, u, {v i } i [0,n] {h i } i [0,n], g 1, g 2, { g 3,i } i [0,k], H, τ) and the maste secet key msk (α, β, γ). KeyGen(paams, msk, Ω) (osk Ω, sk Ω, sk P T ). On inputs the public paametes paams, the maste secet key msk, an attibute set Ω P, the tusted attibute authoity outputs the outsoucing key osk Ω (fo the cloud seve), the pivate key sk Ω (fo the IoT device) and the secet key sk P T (fo the IoT platfom) as follows: Let K be a andom key to be shaed between the device and the platfom, that will be used to hash the attibutes. Let Ω P be an attibute set. The authoity picks β 1 R Z p and sets β 2 β + β 1. It then chooses R Z p and computes g γ+τ(k,at) fo at Ω, h γ i fo i [1, n 1], h ( β2)γn, g β1 and h β1γn.

6 The authoity sets the outsoucing key osk Ω ({g γ+τ(k,at), τ(k, at)}at Ω, {h γi } i [1,n 1], h ( β2)γn, g β1 ) fo the cloud seve, the pivate key sk Ω (h β1γn, K) fo the IoT device and the secet key sk P T K fo the IoT platfom. Request(Γ, sk Ω ) Γ. On inputs a theshold signing policy Γ (t, S) whee the set S P has S s n attibutes and 1 t s and the pivate key sk Ω, the IoT device hashes each attibute at S with τ esulting into τ(k, at), and ceates the HMAC-hashed set S containing the values τ(k, at) fo all at S. It sets the HMAC-hashed theshold signing policy Γ (t, S) and fowads it to the cloud seve. Sign out (paams, osk Ω, Γ) σ. On inputs the public paametes paams, the outsoucing key osk Ω and an HMAChashed theshold signing policy Γ (t, S) whee S is the HMAC-hashed set of S P and 1 t s n, the cloud seve outputs an outsouced signatue σ as follows: The cloud seve etuns 1 if Ω S < t; othewise, it finds a subset Ω S Ω S such that Ω S t. The cloud seve woks on the HMAC-hashed sets to veify the numbe of attibutes contained in the intesection, since it should not get any infomation about the attibutes in Ω and S except that thee ae at least t matching attibutes. Fo all at Ω S, the cloud seve then uns the algoithm Aggegate({g γ+τ(k,at), τ(k, at)}at ΩS ) at Ω (γ+τ(k,at)) F g S g ΩS T 1. Let the polynomial F S\ΩS be as F S\ΩS at S\Ω S (γ + τ(k, at)) s t γi b i such that b s t 1. Then, it computes T 2 h ( β2)γn s t 1 (h γi+n s+t ) bi that is possible given the public paametes paams and the outsoucing key osk Ω. The obtained values T 1 and T 2 should satisfy the equality: e(t 2, v 1 n s+t) e(t 1, h αf S ) e(u g β1, h s t ) Then, it picks 1, s 1, 2, s 2 R Z p and computes C T 1 (1, 1, T 1 ) ( g 1 ) 1 ( g 2 ) s1 and C T 2 (1, 1, T 2) ( g 1 ) 2 ( g 2 ) s2. Let θ G with commitment C θ (1, 1, θ) ( g 1 ) θ ( g 2 ) s θ fo θ, s θ R Z p, which takes θ h s t and poves the following: e(t 1, H S ) e(u g β1, θ) e(t 2, v n s+t ) (1) S e(g, θ) e(g, h s t ) (2) whee H S h αfs h α at S (γ+τ(k,at)). Equations 1 and 2 ae called poofs π 1 and π 2 espectively, and ae given by π 1 (H 1 (ugβ1 ) θ v 2 (ugβ1 ) sθ vn s+t, s2 1) n s+t, H s1 S and π 2 (g θ, g s θ, 1). It also computes g β1 θ and g β1s θ. Finally, the cloud seve sets the outsouced signatue σ ( C T 1, C T 2, C θ, π 1, π 2, T 2, H S, g β1 θ, g β1s θ ) and fowads it to the IoT device. Sign(paams, sk Ω, M, σ ) σ. On inputs the public paametes paams, the pivate key sk Ω, a message M and an outsouced signatue σ, the IoT device outputs a signatue σ as follows: Given T 2 fom the outsouced signatue σ and h β1γn fom the pivate key sk Ω, the IoT device computes T 2 T 2 h β1γn h ( β2)γn s t 1 (h γi+n s+t ) bi h β1γn h s t 1 ( β)γn (h γi+n s+t ) bi. The obtained values T 1 and T 2 should satisfy the equality: e(t 2, v 1 n s+t) e(t 1, h αf S ) e(u, h s t ) (3) Theeafte, it computes M m 1 m k H(M) {0, 1} k. It uses M to fom a message-specific Goth-Sahai CRS g M ( g 1, g 2, g 3,M ). Moe specifically, fo all i [0, k], g 3,i is pased as (g X,i, g Y,i, g Z,i ) and the device sets g 3,M (g X,0 k X,i, g Y,0 k Y,i, g Z,0 k Z,i ). The i1 gmi i1 gmi i1 gmi device then geneates the Goth-Sahai commitments to the values T 1 and T 2 using g M. It picks t 1, t 2 R Z p and computes: C T1 C T 1 ( g 3,M ) t1 (1, 1, T 1 ) ( g 1 ) 1 ( g 2 ) s1 ( g 3,M ) t1 C T2 C T 2 (1, 1, h β1γn ) ( g 3,M ) t2 (1, 1, T 2 ) ( g 1 ) 2 ( g 2 ) s2 ( g 3,M ) t2 Then, it geneates the NZIK poof that the pai of committed vaiables (T 1, T 2 ) satisfies the paiing-poduct in Equation 3. To do so, let the commitment C θ C θ ( g 3,M ) t θ (1, 1, θ) ( g 1 ) θ ( g 2 ) sθ ( g 3,M ) t θ fo t θ R Z p, which takes θ h s t and poves the following: e(t 1, H S ) e(u, θ) e(t 2, v n s+t ) (4) e(g, θ) e(g, h s t ) (5) whee H S h αf S. Equations 4 and 5 ae called poofs π 1 and π 2 espectively, and ae given by: π 1 π 1 (g β1 θ, g β1s θ, H t1 S (H 1 S u θ v 2 n s+t, H s1 S H t1 S u tθ vn s+t) t2 π 2 π 2 (1, 1, g t θ ) (g θ, g s θ, g t θ ) u tθ v t2 n s+t) u sθ v s2 n s+t, Finally, the IoT device sets the signatue σ ( C T1, C T2, C θ, π 1, π 2 ) and sends it to the IoT platfom. Veify(paams, sk P T, M, σ, Γ) 0/1. On inputs the public paametes paams, the secet key sk P T, a message M, a signatue σ, a theshold policy Γ (t, S), the IoT platfom outputs 0 if the signatue is valid and 1 othewise. The IoT platfom computes M m 1 m k H(M), foms the vecto g 3,M (g X,0 k i1 gmi X,i, g Y,0 k i1 gmi Y,i, g Z,0 k i1 gmi Z,i ), and sets H S h αf S h α at S (γ+τ(k,at)) whee K sk P T. Let π j (π j,1, π j,2, π j,3 ) fo j {1, 2}. It etuns 0 if and only if: E(H S, C T1 ) E(u, C θ ) E(v n s+t, C T2 ) E(π 1,1, g 1 ) E(π 1,2, g 2 ) E(π 1,3, g 3,M ) E(g, C θ ) E(g, (1, 1, h s t )) E(π 2,1, g 1 ) E(π 2,2, g 2 ) E(π 2,3, g 3,M )

7 Coectness. Fo any λ N, any intege n, any univese P, any public paametes and maste secet key (paams, msk) Setup(λ, P, n), any set Ω P, any theshold policy Γ (t, S) whee 1 t S n, and any message M, it is equied that Veify(paams, sk P T, M, Sign(paams, sk Ω, M, Sign out (paams, osk Ω, Request(Γ, sk Ω ))), Γ) 0 wheneve (osk Ω, sk Ω, sk P T ) KeyGen(paams, msk, Ω) and Ω S t. The coectness is demonstated based on the one fo Goth-Sahai poofs [10]. We veify the coectness of Equation 3: e(t 2, vn s+t) 1 e(t 1, h αfs ) s t 1 e(h ( β)γn (h γi+n s+t ) bi, g α F e(g ΩS, h αfs ) s t 1 e(h ( β)γn ((h γi ) γn s+t ) bi, g e(g, h) αf S\Ω S s t 1 e(h ( β)γs t (h γi ) bi, g α ) γ n s+t ) α γ n s+t ) e(g, h) αf S\Ω S s t 1 e(h γs t h ( β)γs t (h γi ) bi, g α ) e(g, h) αf S\Ω S s t e(h ( β)γs t (h γi ) bi, g α ) e(g, h) αf S\Ω S [whee b s t 1] e(g, h) αβγs t e(g, h) αf S\Ω S e(g, h) αf S\Ω S e(g, h) αβγs t e(u, h s t ) F. Secuity Analysis Unfogeability. The CHARIOT potocol can be poven selective-policy and adaptive-message unfogeable unde chosen-message attacks assuming that H is a collisionesistant hash function, the DLIN poblem holds in G and the (q, n, s, t )-amse-cdh poblem holds in (G, G T ). The advesay A (goup of colluding paties that put thei outsoucing/pivate keys togethe) selects the signing policy Γ (t, S ) that it wishes to attack at the beginning of the game, while the message M linked to an eventually foged signatue is not chosen in advance. A can quey fo valid signatues on messages and signing policies of its choice. We give a sketch of the poof and let the eade efe to [6], [8], [15] fo moe details. Let g 1, g 2, { g 3,i } i [1,k] be a modified distibution of the vectos that ae inputs fo the Goth-Sahai CRS geneation. Let an intege ν R [0, k], exponents ξ i,1, ξ i,2 R Z p and integes ρ i R [0, 2q S 1] be andomly chosen fo i [0, k] whee q S is the numbe of signatue queies. Then, let a, b be picked at andom in Z p, g 1 g a, g 2 g b, and g 1 (g 1, 1, g) and g 2 (1, g 2, g). Let g 3,0 ( g 1 ) ξ0,1 ( g 2 ) ξ0,2 ((1, 1, g) ) ν 2q S ρ 0 and g 3,i ( g 1 ) ξi,1 ( g 2 ) ξi,2 ((1, 1, g) ) ρi fo i [1, k]. In the way that the tuple ( g 1, g 2, { g 3,i } i [1,k] ) is calculated, a successful advesay A against unfogeability will successfully help: i) eithe an algoithm to find collisions on the hash function H; ii) o an algoithm to solve the DLIN poblem; iii) o a challenge B inteacting with A to solve the (q, n, s, t )-amse-cdh poblem. Fo the item iii), let q be the cadinality of the attibute univese P, n be the uppe bound on the size of theshold policies, s be the cadinality of the taget attibute set S and t be the taget theshold value. Initialization: B specifies the univese P of attibutes while A chooses the signing policy Γ (t, S ). Setup: B eceives the elements fom the amse-cdh assumption such that it encodes each attibute fom P with eithe the polynomial f(x) fo at / S o g(x) fo at S. Outsoucing Key and Pivate Key Queies: The exponent is calculated with a andom exponent R Z p and the polynomial F ΩS whee Ω S S Ω is known. x + τ(at i ) f(x)f ΩS (x) since at i is eithe in Ω \ Ω S o in Ω S Signatue Queies: B computes M H(M) m 1 m k, evaluates the functions: J(M) ν 2q S + ρ 0 + k i1 ρ i m i, K 1 (M) ξ 0,1 + k i1 ξ i,1 m i and K 2 (M) ξ 0,2 + k i1 ξ i,2 m i, and sets g 3,M ( g 1 ) K1(M) ( g 2 ) K2(M) ((1, 1, g) ) J(M). If J(M) 0, then B abots; othewise, it geneates σ by simulating NZIK poofs. Fogey: A outputs (M, σ ( C T 1, C T 2, C θ, π 1, π 2), Γ ). B then evaluates J(M ), K 1 (M ), K 2 (M ) fo M H(M ) m 1 m k. If thee is a signatue quey on M such that M M and H(M) H(M ), then B abots. This beaks the esistance against collisions of the hash function H. If J(M ) 0, then B abots. g M ( g 1, g 2, g 3,M ) is a pefectly sound Goth-Sahai CRS. When J(M ) 0, the NIZK poofs must be valid egading g M. Hence, g M, C T 1, C T 2 ae extactable Goth-Sahai commitments. Theefoe, B obtains T 1 and T 2, and finds a solution fo the amse-cdh poblem. Pivacy. The CHARIOT potocol can be poven computationally pivate assuming that the DLIN poblem holds in G and τ is a collision-esistant HMAC, ensuing that the only leaked infomation is that attibutes satisfy the signing policy. We give a sketch of the poof and let the eade efe to [6] fo moe details. Let the advesay A (IoT platfom, cloud seve) wish to beak the pivacy of the CHARIOT constuction by inteacting with a challenge B that ties to solve the DLIN poblem.

8 Game 0 is defined as the eal pivacy game given in [6]. When Setup is un, B chooses the vectos g 1, g 2, { g 3,i } i [0,k] such that g 3,i is linealy dependent on g 1 and g 2, fo i [0, k]. Game 1 is simila to Game 0, except that g 3,i is linealy independent of g 1 and g 2, fo i [0, k]. The modification between the two games is indistinguishable if the DLIN poblem is had to solve [10]. In Game 1, C T1, C T2, π 1 could possibly leak infomation about the selected attibutes, but commitments and poofs ae pefectly hiding since they eveal no infomation about the committed values T 1 and T 2. Hence, attibutes pivacy is peseved in Game 1. Moeove, the outsoucing key does not leak anything about the attibutes of the IoT device except that a cetain numbe of them satisfy the signing policy. Indeed, the HMAC τ ensue that, given the key K secetly shaed between the device and the IoT platfom, at P is sent onto τ(k, at) Z p such that all output values ae diffeent. The function τ potects the attibutes fo data integity and authenticity, and secuely hides the attibutes fom the cloud seve s view. A. Pefomance Compaison III. PERFORMANCE ANALYSIS We compae the computational and stoage costs between ou CHARIOT scheme and the oiginal Theshold ABS scheme [6]. In the following tables, Exp G, Mult G and Pai GT denote exponentiation and multiplication in G and paiing opeation in G T espectively. Let n.a. mean non available. Let n be the uppe bound on the size of the policies and k be the paamete used fo the Goth-Sahai poofs. Let Ω be the device s attibute set, S be the signing attibute set such that s S, t be the theshold value and Ω S Ω S such that Ω S t. TABLE I COMPUTATIONAL COST Theshold ABS [6] CHARIOT Mult G Exp G Mult G Exp G Setup - 2n + 3k + 5-2n + 3k + 6 KeyGen - Ω + n - n + Ω + 2 Sign out n.a. n.a. s t s + t 2 t + 32 Sign d + s d + 2s 3k + 5 3k + 4 t t 2 t k k + 4 Veify 3k s + 3k + 1 3k s + 3k + 1 In Table I, let d be the numbe of dummy attibutes such that d n + t 1 s n 1 as in [6]. The sign means no computation of the given opeation. Using dummy attibutes in [6] inceases the numbe of multiplications and exponentiations in G duing the signatue geneation. By emoving dummy attibutes, up to n 1 modula multiplications and exponentiations ae cut fo the CHARIOT signing phase. Then, in CHARIOT, the computations done by a device ae limited to the Goth-Sahai poofs ones; all othe calculations ae delegated to the cloud seve. Theefoe, with the assistance TABLE II CHARIOT STORAGE COST paams msk osk Ω sk Ω σ d Ω + n + 3 Ω n + 2 of a cloud seve, the device is elieved fom most of the signing computations. In Table II, only the stoage diffeence in CHARIOT compaed to the ABS scheme in [6] is taken into account: an element +1 (esp. an element 1) in one cell means that thee is one exta element (esp. thee is one less element) in the CHARIOT potocol compaed to Heanz et al. s potocol. The sign in a given column denotes that stoage is identical in the two potocols egading the component linked to this column. The numbe d of dummy attibutes is equal to n 1 as in [6]. Hence, in [6], a set of n 1 dummy attibutes should be stoed in paams in ode to let the device geneate its signatue, while in CHARIOT, such stoage cost is saved. An exta secet element is equied in msk in CHARIOT to enable the outsoucing of signing computations. The outsoucing key osk Ω in CHARIOT is mainly the pivate key sk Ω in [6]. The device in CHARIOT simply eceives an exta element fom the shaed secet and the key fo the HMAC τ as its pivate key sk Ω. Signatues ae of equal size in Heanz et al. s ABS [6] and CHARIOT schemes, and independent of the numbe of attibutes. B. Pefomance Benchmaking We evaluate the pefomance of ou CHARIOT potocol by calculating the timings of each algoithm. We implement CHARIOT in Cham [16] based on Python language. We set two diffeent configuations, one fo the tusted attibute authoity, the cloud seve and the IoT platfom, and anothe one fo the IoT device. We assume that the attibute authoity, the cloud seve and the platfom have simila noticeable esouces, while the device has much less esouces than these thee paties. The expeiments ae tested: Configuation 1 (fo the attibute authoity, cloud seve and platfom): on a pocesso Intel Coe i with RAM 16GiB and OS Linux Ubuntu LTS; Configuation 2 (fo the device): on a pocesso Genuine Intel(R) U2300 with RAM 2GiB and OS Linux Ubuntu Policies ae supposed to contain up to 30 attibutes egading eal scenaios [17], [18]. Hence, we choose an uppe bound n equal to 30, a policy set S with s 15 attibutes, a theshold t equal to 13 and a device s attibute set Ω with 20 attibutes. The paamete k is chosen egading the bit-size of the hashed message. Since the message to be signed is public, the hash function does not equie to be cyptogaphic but athe collision-esistant. We also suppose that the dictionay of messages picked by IoT devices is of finite and modeated size. Theefoe, we evaluate k with the values 10, 20 and 40

9 in ode to avoid collisions with high pobability. The given timings ae an aveage fom 10 ounds of the CHARIOT potocol. TABLE III TIMINGS IN MILLISECONDS k 10 k 20 k 40 Configuation 1 Setup (attibute authoity, KeyGen cloud seve Sign out and platfom) Veify Configuation 2 Request (device) Sign In Table III, the setup phase is costly but should be executed only once. It lagely depends on the uppe bound n on the size of theshold policies and on the paamete k used fo Goth- Sahai poofs. The key geneation phase is also pefomed only once by the tusted attibute authoity, and is elatively fast since it only elies on n that should not exceed 30 in an IoT envionment. By outsoucing the signatue geneation to a cloud seve, we speed up by thee times the computational timing. Indeed, the cloud seve appoximately needs 270 milliseconds to un the algoithm Sign out while the device would equie 870 milliseconds to do the same (when setting Configuation 2 as fo the device). We ecall that the algoithm Sign out does not depend on the paamete k, and thus does not vaiate with it. Most of the signatue geneation is thus done by the cloud seve unning the algoithm Sign out. The finalization of the signatue geneation is accomplished by the device by unning the algoithm Sign and emains less than 870 milliseconds (esulting fom unning the algoithm Sign out with Configuation 2). Howeve, timings fo signatue finalization and veification incease with the paamete k as these two phases lagely ely on such paamete. Hence, k should not exceed 40 in ode to keep the advantage of outsoucing the signatue geneation to a cloud seve. In the CHARIOT potocol, the paamete k efes to the bit-size of the hashed message. This paamete k should be selected such that collisions ae highly avoided. If the dictionay of messages to be signed is eally small, then k 10 is optimal. Othewise, if the dictionay is slightly bigge, then k 20 is still a easonable choice. In addition, signatue finalization and veification take simila timings to be pefomed since they ae composed of the same kinds of computations. The diffeence comes fom the constant numbe (equal to 27) of paiing opeations caied out when checking the validity of the signatue. Because of the numbe of paiing computations equied fo veification, the Goth-Sahai poof systems appea to be inefficient. Blazy et al. [19] popose a significant eduction of the cost of Goth-Sahai poof systems by using batch veification techniques. The authos impove the veification cost up to fou times the numbe of paiings pe poof veification. We can integate thei batch veification techniques into the CHARIOT potocol to impove the timings of the veification phase. C. Related Wok ABS. Maji et al. [20] explicitly intoduce the notion of ABS and suggest seveal schemes with vey expessive signing policies. The most pactical one is only poven secue in the geneic model, while the one with secuity in the standad model is not efficient since the signatues have size linea in the numbe of goup elements in the secuity paamete. Okamoto et Takashima [21] popose an ABS constuction whee the size of the signatues gows linealy in the size of the span pogam, which is geate than the numbe of selected attibutes in the signing policies. Othe woks on ABS ae given in [5], [22], [23]. Subsequently, Okamoto and Takashima [24] pesent a fully secue ABS scheme that suppots geneal non-monotone policies. Moe ecently, Heanz et al. [6] suggest an ABS constuction with theshold policies and constant-size signatues, which equies the pesence of dummy attibutes following the technique fom Dynamic Theshold Public-Key Encyption [14]. Outsoucing Computations. Seveal papes deal with the poblem of secuely outsoucing expensive computations such as matix multiplications and quadatue computations, edit distance computations, linea algebaic computations and linea pogamming computations [25] [29]. Nevetheless, the afoementioned schemes ae not suitable to alleviate the computational budens that signes meet when geneating signatues. Seve-aided signatue schemes [30] [32] aim to decease the computational cost due to exponentiation calculations by outsoucing the latte to a seve. Nevetheless, these schemes ae not suitable fo access contol management based on cedentials. Mediated cyptogaphic potocols [33] [35] equie a patially tusted on-line seve and povide efficient evocation but cannot be used to extend ABS into an outsouced ABS. Moe ecently, Chen et al. [7] pesent two outsouced ABS schemes. While the fist solution achieves a constant numbe of exponentiation calculations at the signe s side, the size of the signatue emains linea in the numbe of selected attibutes. The second solution obtains constant-size signatues; howeve, the numbe of exponentiations depends on the numbe of dummy attibutes in addition to the numbe of selected attibutes. Yet, the cloud seve must know the attibutes of the signes and of the signing policies in plain in ode to poceed, compomising pivacy. IV. CONCLUSION In this pape, we popose a new potocol fo seve-aided access contol in IoT, called CHARIOT. The potocol s featues compise cloud seve assistance, constant-size signatue and no dummy attibutes. By outsoucing most of the calculations to a cloud seve fo the signatue geneation, we manage to elieve the computational and communication costs at the IoT device s side. By emoving the pesence of dummy attibutes in the potocol, we achieve to obtain a moe efficient and pactical ABS scheme compaed to existing ones. Moeove, ou potocol guaantees pivacy and secue identity management of the involved paties. These contibutions make

10 ou scheme suitable fo secuely authoizing devices with constained esouces to access an IoT platfom. REFERENCES [1] J. Gubbi, R. Buyya, S. Mausic, and M. Palaniswami, Intenet of things (iot): A vision, achitectual elements, and futue diections, Futue Geneation Compute Systems, vol. 29, no. 7, pp , [2] R. H. Webe, Intenet of things - new secuity and pivacy challenges, Compute Law & Secuity Review, vol. 26, no. 1, pp , [3] C. M. Medaglia and A. Sebanati, An oveview of pivacy and secuity issues in the intenet of things, in Poceedings of the 20th Tyhenian Wokshop on Digital Communications, se. The Intenet of Things 10, 2010, pp [4] J. Su, D. Cao, B. Zhao, X. Wang, and I. You, epass: An expessive attibute-based signatue scheme with pivacy and an unfogeability guaantee fo the intenet of things, Futue Geneation Compute Systems, vol. 33, no. Supplement C, pp , [5] J. Li, M. H. Au, W. Susilo, D. Xie, and K. Ren, Attibute-based signatue and its applications, in Poceedings of the 5th ACM Symposium on Infomation, Compute and Communications Secuity, se. ASIACCS 10, 2010, pp [6] J. Heanz, F. Laguillaumie, B. Libet, and C. Ràfols, Shot attibutebased signatues fo theshold pedicates, in Poceedings of the 12th Confeence on Topics in Cyptology, se. CT-RSA 12, 2012, pp [7] X. Chen, J. Li, X. Huang, J. Li, Y. Xiang, and D. S. Wong, Secue outsouced attibute-based signatues, IEEE Tansactions on Paallel and Distibuted Systems, vol. 25, no. 12, pp , [8] W. Susilo, G. Yang, F. Guo, and Q. Huang, Constant-size ciphetexts in theshold attibute-based encyption without dummy attibutes, Infomation Sciences, vol. 429, no. C, pp , Ma [9] J. Heanz, F. Laguillaumie, and C. Ráfols, Constant size ciphetexts in theshold attibute-based encyption, in Poceedings of the confeence on Public Key Cyptogaphy, se. PKC 10, 2010, pp [10] J. Goth and A. Sahai, Efficient non-inteactive poof systems fo bilinea goups, in Poceedings of the 27th Annual Intenational Confeence on Theoy and Applications of Cyptogaphic Techniques, se. EUROCRYPT 08, 2008, pp [11] T. Malkin, I. Teanishi, Y. Vahlis, and M. Yung, Signatues esilient to continual leakage on memoy and computation, in Poceedings of the 8th Confeence on Theoy of Cyptogaphy, se. TCC 11, 2011, pp [12] B. Wates, Efficient identity-based encyption without andom oacles, in Poceedings of the 24th Annual Intenational Confeence on Theoy and Applications of Cyptogaphic Techniques, se. EUROCRYPT 05, 2005, pp [13] D. Boneh, X. Boyen, and H. Shacham, Shot goup signatues, in Poceedings of the 24th Annual Intenational Cyptology Confeence, se. CRYPTO 04, 2004, pp [14] C. Deleablée and D. Pointcheval, Dynamic theshold public-key encyption, in Poceedings of the 28th Annual Confeence on Cyptology, se. CRYPTO 08, 2008, pp [15] J. Heanz, F. Laguillaumie, B. Libet, and C. Ràfols, Shot attibutebased signatues fo theshold pedicates, HAL achives ouvetes - Repot , 2012, [16] J. A. Akinyele, M. D. Geen, and A. D. Rubin, Cham: A famewok fo apidly pototyping cyptosystems, Cyptology epint Achive, Repot 2011/617, 2011, [17] X. Yao, Z. Chen, and Y. Tian, A lightweight attibute-based encyption scheme fo the intenet of things, Futue Geneation Compute Systems, vol. 49, no. Supplement C, pp , [18] M. Ambosin, A. Anzanpou, M. Conti, T. Dagahi, S. R. Moosavi, A. M. Rahmani, and P. Liljebeg, On the feasibility of attibute-based encyption on intenet of things devices, IEEE Mico, vol. 36, no. 6, pp , Nov [19] O. Blazy, G. Fuchsbaue, M. Izabachène, A. Jambet, H. Sibet, and D. Vegnaud, Batch goth-sahai, in Poceedings of the 8th Intenational Confeence on Applied Cyptogaphy and Netwok Secuity, se. ACNS 10, 2010, pp [20] H. K. Maji, M. Pabhakaan, and M. Rosulek, Attibute-based signatues, in Poceedings of the 11th Intenational Confeence on Topics in Cyptology, se. CT-RSA 11, 2011, pp [21] T. Okamoto and K. Takashima, Homomophic encyption and signatues fom vecto decomposition, in Poceedings of the 2nd Intenational Confeence on Paiing-Based Cyptogaphy, se. PAIRING 08, 2008, pp [22] S. F. Shahandashti and R. Safavi-Naini, Theshold attibute-based signatues and thei application to anonymous cedential systems, in Poceedings of the 2Nd Intenational Confeence on Cyptology in Afica, se. AFRICACRYPT 09, 2009, pp [23] J. Li and K. Kim, Hidden attibute-based signatues without anonymity evocation, Infomation Science, vol. 180, no. 9, pp , [24] T. Okamoto and K. Takashima, Efficient attibute-based signatues fo non-monotone pedicates in the standad model, in Poceedings of the 14th Intenational Confeence on Pactice and Theoy in Public Key Cyptogaphy, se. PKC 11, 2011, pp [25] M. J. Atallah, K. N. Pantazopoulos, J. R. Rice, and E. H. Spaffod, Secue outsoucing of scientific computations, Advances in Computes, Tech. Rep., [26] M. J. Atallah and J. Li, Secue outsoucing of sequence compaisons, Infomation Secuity, vol. 4, no. 4, pp , [27] D. Benjamin and M. J. Atallah, Pivate and cheating-fee outsoucing of algebaic computations, in Poceedings of the 2008 Sixth Annual Confeence on Pivacy, Secuity and Tust, se. PST 08, 2008, pp [28] M. J. Atallah and K. B. Fikken, Secuely outsoucing linea algeba computations, in Poceedings of the 5th ACM Symposium on Infomation, Compute and Communications Secuity, se. ASIACCS 10, 2010, pp [29] C. Wang, K. Ren, and J. Wang, Secue and pactical outsoucing of linea pogamming in cloud computing, in Poceedings of the Intenational IEEE Confeence on Compute Communications, se. INFOCOM 11, 2011, pp [30] M. Jakobsson and S. Wetzel, Secue seve-aided signatue geneation, in Poccedings of the 4th Intenational Wokshop on Pactice and Theoy in Public Key Cyptosystems, se. PKC 01, 2001, pp [31] K. Bicakci and N. Baykal, Seve assisted signatues evisited, in Poceedings of the 2004 Intenational Confeence in Topics in Cyptology, se. CT-RSA 04, 2004, pp [32], Impoved seve assisted signatues, Compute Netwoks, vol. 47, pp , [33] D. Boneh, X. Ding, G. Tsudik, and C. M. Wong, A method fo fast evocation of public key cetificates and secuity capabilities, in Poceedings of the 10th Confeence on USENIX Secuity Symposium, se. SSYM 01, [34] D. Boneh, X. Ding, and G. Tsudik, Fine-gained contol of secuity capabilities, ACM Tansactions on Intenet Technology, vol. 4, no. 1, pp , [35] X. Ding, G. Tsudik, and S. Xu, Leak-fee goup signatues with immediate evocation, in Poceedings of the 24th Intenational Confeence on Distibuted Computing Systems, se. ICDCS 04, 2004, pp

Similar documents

Key Establishment Protocols. Cryptography CS 507 Erkay Savas Sabanci University

Key Establishment Protocols. Cryptography CS 507 Erkay Savas Sabanci University Key Establishment Potocols Cyptogaphy CS 507 Ekay Savas Sabanci Univesity ekays@sabanciuniv.edu Key distibution poblem Secuity of the keys Even if the cyptogaphic algoithms & potocols ae cyptogaphically

More information

Lecture 25: Pairing Based Cryptography

Lecture 25: Pairing Based Cryptography 6.897 Special Topics in Cyptogaphy Instucto: Ran Canetti May 5, 2004 Lectue 25: Paiing Based Cyptogaphy Scibe: Ben Adida 1 Intoduction The field of Paiing Based Cyptogaphy has exploded ove the past 3 yeas

More information

10/04/18. P [P(x)] 1 negl(n).

10/04/18. P [P(x)] 1 negl(n). Mastemath, Sping 208 Into to Lattice lgs & Cypto Lectue 0 0/04/8 Lectues: D. Dadush, L. Ducas Scibe: K. de Boe Intoduction In this lectue, we will teat two main pats. Duing the fist pat we continue the

More information

Secret Exponent Attacks on RSA-type Schemes with Moduli N = p r q

Secret Exponent Attacks on RSA-type Schemes with Moduli N = p r q Secet Exponent Attacks on RSA-type Schemes with Moduli N = p q Alexande May Faculty of Compute Science, Electical Engineeing and Mathematics Univesity of Padebon 33102 Padebon, Gemany alexx@uni-padebon.de

More information

Non-Transferable Proxy Re-Encryption Scheme

Non-Transferable Proxy Re-Encryption Scheme Title Non-Tansfeable Poxy Re-Encyption Scheme Autho(s) He, Y; Chim, TW; Hui, CK; Yiu, SM Citation The 5th IFIP Intenational Confeence on New Technologies, Mobility and Secuity (NTMS 12), Istanbul, Tukey,

More information

A more efficient secure event signature protocol for massively multiplayer online games based on P2P Dapeng Li1, a, Liang Hu1,b, and JianFeng Chu1,c

A more efficient secure event signature protocol for massively multiplayer online games based on P2P Dapeng Li1, a, Liang Hu1,b, and JianFeng Chu1,c Intenational Foum on Mechanical, Contol and Automation (IFMCA 2016) A moe efficient secue event signatue potocol fo massively multiplaye online games based on P2P Dapeng Li1, a, Liang Hu1,b, and JianFeng

More information

Stanford University CS259Q: Quantum Computing Handout 8 Luca Trevisan October 18, 2012

Stanford University CS259Q: Quantum Computing Handout 8 Luca Trevisan October 18, 2012 Stanfod Univesity CS59Q: Quantum Computing Handout 8 Luca Tevisan Octobe 8, 0 Lectue 8 In which we use the quantum Fouie tansfom to solve the peiod-finding poblem. The Peiod Finding Poblem Let f : {0,...,

More information

Pearson s Chi-Square Test Modifications for Comparison of Unweighted and Weighted Histograms and Two Weighted Histograms

Pearson s Chi-Square Test Modifications for Comparison of Unweighted and Weighted Histograms and Two Weighted Histograms Peason s Chi-Squae Test Modifications fo Compaison of Unweighted and Weighted Histogams and Two Weighted Histogams Univesity of Akueyi, Bogi, v/noduslód, IS-6 Akueyi, Iceland E-mail: nikolai@unak.is Two

More information

Lifting Private Information Retrieval from Two to any Number of Messages

Lifting Private Information Retrieval from Two to any Number of Messages Lifting Pivate Infomation Retieval fom Two to any umbe of Messages Rafael G.L. D Oliveia, Salim El Rouayheb ECE, Rutges Univesity, Piscataway, J Emails: d746@scaletmail.utges.edu, salim.elouayheb@utges.edu

More information

Construction and Analysis of Boolean Functions of 2t + 1 Variables with Maximum Algebraic Immunity

Construction and Analysis of Boolean Functions of 2t + 1 Variables with Maximum Algebraic Immunity Constuction and Analysis of Boolean Functions of 2t + 1 Vaiables with Maximum Algebaic Immunity Na Li and Wen-Feng Qi Depatment of Applied Mathematics, Zhengzhou Infomation Engineeing Univesity, Zhengzhou,

More information

Design and Analysis of Password-Based Key Derivation Functions

Design and Analysis of Password-Based Key Derivation Functions Design and Analysis of Passwod-Based Key Deivation Functions 245 Fances F. Yao 1 and Yiqun Lisa Yin 2 1 Depatment of Compute Science, City Univesity of Hong Kong, Kowloon, Hong Kong csfyao@cityu.edu.hk

More information

Provable Security in Cryptography

Provable Security in Cryptography Povable Secuity in Cyptogaphy Thomas Baignèes EPFL http://lasecwww.epfl.ch May 29, 2007 (ve. 25) These lectue notes ae a compilation of some of my eadings while I was pepaing two lectues given at EPFL

More information

New problems in universal algebraic geometry illustrated by boolean equations

New problems in universal algebraic geometry illustrated by boolean equations New poblems in univesal algebaic geomety illustated by boolean equations axiv:1611.00152v2 [math.ra] 25 Nov 2016 Atem N. Shevlyakov Novembe 28, 2016 Abstact We discuss new poblems in univesal algebaic

More information

QIP Course 10: Quantum Factorization Algorithm (Part 3)

QIP Course 10: Quantum Factorization Algorithm (Part 3) QIP Couse 10: Quantum Factoization Algoithm (Pat 3 Ryutaoh Matsumoto Nagoya Univesity, Japan Send you comments to yutaoh.matsumoto@nagoya-u.jp Septembe 2018 @ Tokyo Tech. Matsumoto (Nagoya U. QIP Couse

More information

Attribute Based Data Sharing with Attribute Revocation

Attribute Based Data Sharing with Attribute Revocation Attibute Based Data Shaing with Attibute Revocation Shucheng Yu Depatment of ECE Woceste Polytechnic Institute Woceste, MA 01609 yscheng@wpi.edu Cong Wang Depatment of ECE Illinois Institute of Technology

More information

Concurrent Blind Signatures without Random Oracles

Concurrent Blind Signatures without Random Oracles Concuent Blind Signatues without Random Oacles Aggelos Kiayias Hong-Sheng Zhou Abstact We pesent a blind signatue scheme that is efficient and povably secue without andom oacles unde concuent attacks utilizing

More information

Design and Analysis of Password-Based Key Derivation Functions

Design and Analysis of Password-Based Key Derivation Functions Design and Analysis of Passwod-Based Key Deivation Functions Fances F. Yao 1 and Yiqun Lisa Yin 2 1 Depatment of Compute Science City Univesity of Hong Kong Kowloon, Hong Kong Email: csfyao@cityu.edu.hk

More information

ASTR415: Problem Set #6

ASTR415: Problem Set #6 ASTR45: Poblem Set #6 Cuan D. Muhlbege Univesity of Mayland (Dated: May 7, 27) Using existing implementations of the leapfog and Runge-Kutta methods fo solving coupled odinay diffeential equations, seveal

More information

New Finding on Factoring Prime Power RSA Modulus N = p r q

New Finding on Factoring Prime Power RSA Modulus N = p r q Jounal of Mathematical Reseach with Applications Jul., 207, Vol. 37, o. 4, pp. 404 48 DOI:0.3770/j.issn:2095-265.207.04.003 Http://jme.dlut.edu.cn ew Finding on Factoing Pime Powe RSA Modulus = p q Sadiq

More information

The Substring Search Problem

The Substring Search Problem The Substing Seach Poblem One algoithm which is used in a vaiety of applications is the family of substing seach algoithms. These algoithms allow a use to detemine if, given two chaacte stings, one is

More information

More Efficient Oblivious Transfer Extensions with Security for Malicious Adversaries

More Efficient Oblivious Transfer Extensions with Security for Malicious Adversaries Moe Efficient Oblivious Tansfe Extensions with Secuity fo Malicious Advesaies Gilad Ashaov Yehuda Lindell Thomas Schneide Michael Zohne Hebew Univesity Ba-Ilan Univesity Damstadt Damstadt EUROCRYPT 2015

More information

AQI: Advanced Quantum Information Lecture 2 (Module 4): Order finding and factoring algorithms February 20, 2013

AQI: Advanced Quantum Information Lecture 2 (Module 4): Order finding and factoring algorithms February 20, 2013 AQI: Advanced Quantum Infomation Lectue 2 (Module 4): Ode finding and factoing algoithms Febuay 20, 203 Lectue: D. Mak Tame (email: m.tame@impeial.ac.uk) Intoduction In the last lectue we looked at the

More information

C/CS/Phys C191 Shor s order (period) finding algorithm and factoring 11/12/14 Fall 2014 Lecture 22

C/CS/Phys C191 Shor s order (period) finding algorithm and factoring 11/12/14 Fall 2014 Lecture 22 C/CS/Phys C9 Sho s ode (peiod) finding algoithm and factoing /2/4 Fall 204 Lectue 22 With a fast algoithm fo the uantum Fouie Tansfom in hand, it is clea that many useful applications should be possible.

More information

Gradient-based Neural Network for Online Solution of Lyapunov Matrix Equation with Li Activation Function

Gradient-based Neural Network for Online Solution of Lyapunov Matrix Equation with Li Activation Function Intenational Confeence on Infomation echnology and Management Innovation (ICIMI 05) Gadient-based Neual Netwok fo Online Solution of Lyapunov Matix Equation with Li Activation unction Shiheng Wang, Shidong

More information

Encapsulation theory: radial encapsulation. Edmund Kirwan *

Encapsulation theory: radial encapsulation. Edmund Kirwan * Encapsulation theoy: adial encapsulation. Edmund Kiwan * www.edmundkiwan.com Abstact This pape intoduces the concept of adial encapsulation, wheeby dependencies ae constained to act fom subsets towads

More information

Some RSA-based Encryption Schemes with Tight Security Reduction

Some RSA-based Encryption Schemes with Tight Security Reduction Some RSA-based Encyption Schemes with Tight Secuity Reduction Kaou Kuosawa 1 and Tsuyoshi Takagi 2 1 Ibaaki Univesity, 4-12-1 Nakanausawa, Hitachi, Ibaaki, 316-8511, Japan kuosawa@cis.ibaaki.ac.jp 2 Technische

More information

Math 301: The Erdős-Stone-Simonovitz Theorem and Extremal Numbers for Bipartite Graphs

Math 301: The Erdős-Stone-Simonovitz Theorem and Extremal Numbers for Bipartite Graphs Math 30: The Edős-Stone-Simonovitz Theoem and Extemal Numbes fo Bipatite Gaphs May Radcliffe The Edős-Stone-Simonovitz Theoem Recall, in class we poved Tuán s Gaph Theoem, namely Theoem Tuán s Theoem Let

More information

A Simple Model of Communication APIs Application to Dynamic Partial-order Reduction

A Simple Model of Communication APIs Application to Dynamic Partial-order Reduction Simple Model of Communication PIs pplication to Dynamic Patial-ode Reduction Cistian Rosa Stephan Mez Matin Quinson VOCS 2010 22/09/2010 1 / 18 Motivation Distibuted lgoithms ae had to get ight: lack of

More information

FUSE Fusion Utility Sequence Estimator

FUSE Fusion Utility Sequence Estimator FUSE Fusion Utility Sequence Estimato Belu V. Dasaathy Dynetics, Inc. P. O. Box 5500 Huntsville, AL 3584-5500 belu.d@dynetics.com Sean D. Townsend Dynetics, Inc. P. O. Box 5500 Huntsville, AL 3584-5500

More information

CALCULATING THE NUMBER OF TWIN PRIMES WITH SPECIFIED DISTANCE BETWEEN THEM BASED ON THE SIMPLEST PROBABILISTIC MODEL

CALCULATING THE NUMBER OF TWIN PRIMES WITH SPECIFIED DISTANCE BETWEEN THEM BASED ON THE SIMPLEST PROBABILISTIC MODEL U.P.B. Sci. Bull. Seies A, Vol. 80, Iss.3, 018 ISSN 13-707 CALCULATING THE NUMBER OF TWIN PRIMES WITH SPECIFIED DISTANCE BETWEEN THEM BASED ON THE SIMPLEST PROBABILISTIC MODEL Sasengali ABDYMANAPOV 1,

More information

Central Coverage Bayes Prediction Intervals for the Generalized Pareto Distribution

Central Coverage Bayes Prediction Intervals for the Generalized Pareto Distribution Statistics Reseach Lettes Vol. Iss., Novembe Cental Coveage Bayes Pediction Intevals fo the Genealized Paeto Distibution Gyan Pakash Depatment of Community Medicine S. N. Medical College, Aga, U. P., India

More information

Unobserved Correlation in Ascending Auctions: Example And Extensions

Unobserved Correlation in Ascending Auctions: Example And Extensions Unobseved Coelation in Ascending Auctions: Example And Extensions Daniel Quint Univesity of Wisconsin Novembe 2009 Intoduction In pivate-value ascending auctions, the winning bidde s willingness to pay

More information

Multiple Criteria Secretary Problem: A New Approach

Multiple Criteria Secretary Problem: A New Approach J. Stat. Appl. Po. 3, o., 9-38 (04 9 Jounal of Statistics Applications & Pobability An Intenational Jounal http://dx.doi.og/0.785/jsap/0303 Multiple Citeia Secetay Poblem: A ew Appoach Alaka Padhye, and

More information

4/18/2005. Statistical Learning Theory

4/18/2005. Statistical Learning Theory Statistical Leaning Theoy Statistical Leaning Theoy A model of supevised leaning consists of: a Envionment - Supplying a vecto x with a fixed but unknown pdf F x (x b Teache. It povides a desied esponse

More information

Probablistically Checkable Proofs

Probablistically Checkable Proofs Lectue 12 Pobablistically Checkable Poofs May 13, 2004 Lectue: Paul Beame Notes: Chis Re 12.1 Pobablisitically Checkable Poofs Oveview We know that IP = PSPACE. This means thee is an inteactive potocol

More information

An Application of Fuzzy Linear System of Equations in Economic Sciences

An Application of Fuzzy Linear System of Equations in Economic Sciences Austalian Jounal of Basic and Applied Sciences, 5(7): 7-14, 2011 ISSN 1991-8178 An Application of Fuzzy Linea System of Equations in Economic Sciences 1 S.H. Nassei, 2 M. Abdi and 3 B. Khabii 1 Depatment

More information

Surveillance Points in High Dimensional Spaces

Surveillance Points in High Dimensional Spaces Société de Calcul Mathématique SA Tools fo decision help since 995 Suveillance Points in High Dimensional Spaces by Benad Beauzamy Januay 06 Abstact Let us conside any compute softwae, elying upon a lage

More information

The Chromatic Villainy of Complete Multipartite Graphs

The Chromatic Villainy of Complete Multipartite Graphs Rocheste Institute of Technology RIT Schola Wos Theses Thesis/Dissetation Collections 8--08 The Chomatic Villainy of Complete Multipatite Gaphs Anna Raleigh an9@it.edu Follow this and additional wos at:

More information

A NEW VARIABLE STIFFNESS SPRING USING A PRESTRESSED MECHANISM

A NEW VARIABLE STIFFNESS SPRING USING A PRESTRESSED MECHANISM Poceedings of the ASME 2010 Intenational Design Engineeing Technical Confeences & Computes and Infomation in Engineeing Confeence IDETC/CIE 2010 August 15-18, 2010, Monteal, Quebec, Canada DETC2010-28496

More information

E E E. Aggelos Kiayias. Cryptography. Primitives and Protocols. Based on notes by S. Pehlivanoglu, J. Todd, K. Samari, T. Zacharias and H.S.

E E E. Aggelos Kiayias. Cryptography. Primitives and Protocols. Based on notes by S. Pehlivanoglu, J. Todd, K. Samari, T. Zacharias and H.S. P1 P2 P3 E E E IV C1 C2 C3 Aggelos Kiayias Cyptogaphy Pimitives and Potocols Based on notes by S. Pehlivanoglu, J. Todd, K. Samai, T. Zachaias and H.S. Zhou CONTENTS 1 Contents 1 Intoduction 4 1.1 Flipping

More information

Using Laplace Transform to Evaluate Improper Integrals Chii-Huei Yu

Using Laplace Transform to Evaluate Improper Integrals Chii-Huei Yu Available at https://edupediapublicationsog/jounals Volume 3 Issue 4 Febuay 216 Using Laplace Tansfom to Evaluate Impope Integals Chii-Huei Yu Depatment of Infomation Technology, Nan Jeon Univesity of

More information

Psychometric Methods: Theory into Practice Larry R. Price

Psychometric Methods: Theory into Practice Larry R. Price ERRATA Psychometic Methods: Theoy into Pactice Lay R. Pice Eos wee made in Equations 3.5a and 3.5b, Figue 3., equations and text on pages 76 80, and Table 9.1. Vesions of the elevant pages that include

More information

COMPUTATIONS OF ELECTROMAGNETIC FIELDS RADIATED FROM COMPLEX LIGHTNING CHANNELS

COMPUTATIONS OF ELECTROMAGNETIC FIELDS RADIATED FROM COMPLEX LIGHTNING CHANNELS Pogess In Electomagnetics Reseach, PIER 73, 93 105, 2007 COMPUTATIONS OF ELECTROMAGNETIC FIELDS RADIATED FROM COMPLEX LIGHTNING CHANNELS T.-X. Song, Y.-H. Liu, and J.-M. Xiong School of Mechanical Engineeing

More information

Experiment I Voltage Variation and Control

Experiment I Voltage Variation and Control ELE303 Electicity Netwoks Expeiment I oltage aiation and ontol Objective To demonstate that the voltage diffeence between the sending end of a tansmission line and the load o eceiving end depends mainly

More information

Chapter 3: Theory of Modular Arithmetic 38

Chapter 3: Theory of Modular Arithmetic 38 Chapte 3: Theoy of Modula Aithmetic 38 Section D Chinese Remainde Theoem By the end of this section you will be able to pove the Chinese Remainde Theoem apply this theoem to solve simultaneous linea conguences

More information

Cryptography. Primitives and Protocols. Aggelos Kiayias

Cryptography. Primitives and Protocols. Aggelos Kiayias P1 P2 P3 E E E IV C1 C2 C3 Aggelos Kiayias Cyptogaphy Pimitives and Potocols Based on notes by G. Panagiotakos, S. Pehlivanoglu, J. Todd, K. Samai, T. Zachaias and H.S. Zhou CONTENTS 1 Contents 1 Intoduction

More information

Overcoming Weak Expectations

Overcoming Weak Expectations Ovecoming Weak Expectations Yevgeniy Dodis Depatment of Compute Science New Yok Univesity Email: dodis@cs.nyu.edu (Invited Pape) Yu Yu Institute fo Intedisciplinay Infomation Sciences Tsinghua Univesity,

More information

Interaction of Feedforward and Feedback Streams in Visual Cortex in a Firing-Rate Model of Columnar Computations. ( r)

Interaction of Feedforward and Feedback Streams in Visual Cortex in a Firing-Rate Model of Columnar Computations. ( r) Supplementay mateial fo Inteaction of Feedfowad and Feedback Steams in Visual Cotex in a Fiing-Rate Model of Columna Computations Tobias Bosch and Heiko Neumann Institute fo Neual Infomation Pocessing

More information

Control Chart Analysis of E k /M/1 Queueing Model

Control Chart Analysis of E k /M/1 Queueing Model Intenational OPEN ACCESS Jounal Of Moden Engineeing Reseach (IJMER Contol Chat Analysis of E /M/1 Queueing Model T.Poongodi 1, D. (Ms. S. Muthulashmi 1, (Assistant Pofesso, Faculty of Engineeing, Pofesso,

More information

Appraisal of Logistics Enterprise Competitiveness on the Basis of Fuzzy Analysis Algorithm

Appraisal of Logistics Enterprise Competitiveness on the Basis of Fuzzy Analysis Algorithm Appaisal of Logistics Entepise Competitiveness on the Basis of Fuzzy Analysis Algoithm Yan Zhao, Fengge Yao, Minming She Habin Univesity of Commece, Habin, Heilongjiang 150028, China, zhaoyan2000@yahoo.com.cn

More information

School of Electrical and Computer Engineering, Cornell University. ECE 303: Electromagnetic Fields and Waves. Fall 2007

School of Electrical and Computer Engineering, Cornell University. ECE 303: Electromagnetic Fields and Waves. Fall 2007 School of Electical and Compute Engineeing, Conell Univesity ECE 303: Electomagnetic Fields and Waves Fall 007 Homewok 8 Due on Oct. 19, 007 by 5:00 PM Reading Assignments: i) Review the lectue notes.

More information

Anonymous return route information for onion based mix-nets

Anonymous return route information for onion based mix-nets Anonymous etun oute infomation fo onion based mix-nets ABSTRACT Yoshifumi Manabe NTT Communication Science Laboatoies NTT Copoation Atsugi Kanagawa 239-0198 Japan manabeyoshifumi@labnttcojp This pape poposes

More information

Anonymity-enhanced Pseudonym System

Anonymity-enhanced Pseudonym System JAIST Reposi https://dspace.j Title Anonymity-enhanced Pseudonym System Autho(s)Tamua, Yuko; Miyaji, Atsuko Citation Lectue Notes in Compute Science, 2 47 Issue Date 2003 Type Jounal Aticle Text vesion

More information

Bayesian Congestion Control over a Markovian Network Bandwidth Process

Bayesian Congestion Control over a Markovian Network Bandwidth Process Bayesian Congestion Contol ove a Makovian Netwok Bandwidth Pocess Paisa Mansouifad,, Bhaska Kishnamachai, Taa Javidi Ming Hsieh Depatment of Electical Engineeing, Univesity of Southen Califonia, Los Angeles,

More information

Fixed Argument Pairing Inversion on Elliptic Curves

Fixed Argument Pairing Inversion on Elliptic Curves Fixed Agument Paiing Invesion on Elliptic Cuves Sungwook Kim and Jung Hee Cheon ISaC & Dept. of Mathematical Sciences Seoul National Univesity Seoul, Koea {avell7,jhcheon}@snu.ac.k Abstact. Let E be an

More information

Web-based Supplementary Materials for. Controlling False Discoveries in Multidimensional Directional Decisions, with

Web-based Supplementary Materials for. Controlling False Discoveries in Multidimensional Directional Decisions, with Web-based Supplementay Mateials fo Contolling False Discoveies in Multidimensional Diectional Decisions, with Applications to Gene Expession Data on Odeed Categoies Wenge Guo Biostatistics Banch, National

More information

APPLICATION OF MAC IN THE FREQUENCY DOMAIN

APPLICATION OF MAC IN THE FREQUENCY DOMAIN PPLICION OF MC IN HE FREQUENCY DOMIN D. Fotsch and D. J. Ewins Dynamics Section, Mechanical Engineeing Depatment Impeial College of Science, echnology and Medicine London SW7 2B, United Kingdom BSRC he

More information

MATH 415, WEEK 3: Parameter-Dependence and Bifurcations

MATH 415, WEEK 3: Parameter-Dependence and Bifurcations MATH 415, WEEK 3: Paamete-Dependence and Bifucations 1 A Note on Paamete Dependence We should pause to make a bief note about the ole played in the study of dynamical systems by the system s paametes.

More information

Encapsulation theory: the transformation equations of absolute information hiding.

Encapsulation theory: the transformation equations of absolute information hiding. 1 Encapsulation theoy: the tansfomation equations of absolute infomation hiding. Edmund Kiwan * www.edmundkiwan.com Abstact This pape descibes how the potential coupling of a set vaies as the set is tansfomed,

More information

Multihop MIMO Relay Networks with ARQ

Multihop MIMO Relay Networks with ARQ Multihop MIMO Relay Netwoks with ARQ Yao Xie Deniz Gündüz Andea Goldsmith Depatment of Electical Engineeing Stanfod Univesity Stanfod CA Depatment of Electical Engineeing Pinceton Univesity Pinceton NJ

More information

Truncated Squarers with Constant and Variable Correction

Truncated Squarers with Constant and Variable Correction Please veify that ) all pages ae pesent, 2) all figues ae acceptable, 3) all fonts and special chaactes ae coect, and ) all text and figues fit within the Tuncated Squaes with Constant and Vaiable Coection

More information

Application of Parseval s Theorem on Evaluating Some Definite Integrals

Application of Parseval s Theorem on Evaluating Some Definite Integrals Tukish Jounal of Analysis and Numbe Theoy, 4, Vol., No., -5 Available online at http://pubs.sciepub.com/tjant/// Science and Education Publishing DOI:.69/tjant--- Application of Paseval s Theoem on Evaluating

More information

arxiv: v1 [math.co] 1 Apr 2011

arxiv: v1 [math.co] 1 Apr 2011 Weight enumeation of codes fom finite spaces Relinde Juius Octobe 23, 2018 axiv:1104.0172v1 [math.co] 1 Ap 2011 Abstact We study the genealized and extended weight enumeato of the - ay Simplex code and

More information

MULTILAYER PERCEPTRONS

MULTILAYER PERCEPTRONS Last updated: Nov 26, 2012 MULTILAYER PERCEPTRONS Outline 2 Combining Linea Classifies Leaning Paametes Outline 3 Combining Linea Classifies Leaning Paametes Implementing Logical Relations 4 AND and OR

More information

COLLAPSING WALLS THEOREM

COLLAPSING WALLS THEOREM COLLAPSING WALLS THEOREM IGOR PAK AND ROM PINCHASI Abstact. Let P R 3 be a pyamid with the base a convex polygon Q. We show that when othe faces ae collapsed (otated aound the edges onto the plane spanned

More information

Analytical Solutions for Confined Aquifers with non constant Pumping using Computer Algebra

Analytical Solutions for Confined Aquifers with non constant Pumping using Computer Algebra Poceedings of the 006 IASME/SEAS Int. Conf. on ate Resouces, Hydaulics & Hydology, Chalkida, Geece, May -3, 006 (pp7-) Analytical Solutions fo Confined Aquifes with non constant Pumping using Compute Algeba

More information

Do Managers Do Good With Other People s Money? Online Appendix

Do Managers Do Good With Other People s Money? Online Appendix Do Manages Do Good With Othe People s Money? Online Appendix Ing-Haw Cheng Haison Hong Kelly Shue Abstact This is the Online Appendix fo Cheng, Hong and Shue 2013) containing details of the model. Datmouth

More information

SMT 2013 Team Test Solutions February 2, 2013

SMT 2013 Team Test Solutions February 2, 2013 1 Let f 1 (n) be the numbe of divisos that n has, and define f k (n) = f 1 (f k 1 (n)) Compute the smallest intege k such that f k (013 013 ) = Answe: 4 Solution: We know that 013 013 = 3 013 11 013 61

More information

A STUDY OF HAMMING CODES AS ERROR CORRECTING CODES

A STUDY OF HAMMING CODES AS ERROR CORRECTING CODES AGU Intenational Jounal of Science and Technology A STUDY OF HAMMING CODES AS ERROR CORRECTING CODES Ritu Ahuja Depatment of Mathematics Khalsa College fo Women, Civil Lines, Ludhiana-141001, Punjab, (India)

More information

Exploration of the three-person duel

Exploration of the three-person duel Exploation of the thee-peson duel Andy Paish 15 August 2006 1 The duel Pictue a duel: two shootes facing one anothe, taking tuns fiing at one anothe, each with a fixed pobability of hitting his opponent.

More information

ELASTIC ANALYSIS OF CIRCULAR SANDWICH PLATES WITH FGM FACE-SHEETS

ELASTIC ANALYSIS OF CIRCULAR SANDWICH PLATES WITH FGM FACE-SHEETS THE 9 TH INTERNATIONAL CONFERENCE ON COMPOSITE MATERIALS ELASTIC ANALYSIS OF CIRCULAR SANDWICH PLATES WITH FGM FACE-SHEETS R. Sbulati *, S. R. Atashipou Depatment of Civil, Chemical and Envionmental Engineeing,

More information

Information-Theoretic

Information-Theoretic Infomation-Theoetic Key Ageement fom Close Secets Leonid Reyzin Januay 5, 2018 IISc 1 Infomation-Theoetic Key Ageement fom Close Secets: A Suvey 0 1 assume these ae close and patially secet 2 Infomation-Theoetic

More information

F-IF Logistic Growth Model, Abstract Version

F-IF Logistic Growth Model, Abstract Version F-IF Logistic Gowth Model, Abstact Vesion Alignments to Content Standads: F-IFB4 Task An impotant example of a model often used in biology o ecology to model population gowth is called the logistic gowth

More information

ON THE INVERSE SIGNED TOTAL DOMINATION NUMBER IN GRAPHS. D.A. Mojdeh and B. Samadi

ON THE INVERSE SIGNED TOTAL DOMINATION NUMBER IN GRAPHS. D.A. Mojdeh and B. Samadi Opuscula Math. 37, no. 3 (017), 447 456 http://dx.doi.og/10.7494/opmath.017.37.3.447 Opuscula Mathematica ON THE INVERSE SIGNED TOTAL DOMINATION NUMBER IN GRAPHS D.A. Mojdeh and B. Samadi Communicated

More information

Information Retrieval Advanced IR models. Luca Bondi

Information Retrieval Advanced IR models. Luca Bondi Advanced IR models Luca Bondi Advanced IR models 2 (LSI) Pobabilistic Latent Semantic Analysis (plsa) Vecto Space Model 3 Stating point: Vecto Space Model Documents and queies epesented as vectos in the

More information

ac p Answers to questions for The New Introduction to Geographical Economics, 2 nd edition Chapter 3 The core model of geographical economics

ac p Answers to questions for The New Introduction to Geographical Economics, 2 nd edition Chapter 3 The core model of geographical economics Answes to questions fo The New ntoduction to Geogaphical Economics, nd edition Chapte 3 The coe model of geogaphical economics Question 3. Fom intoductoy mico-economics we know that the condition fo pofit

More information

Chapter 10 Mechanism Design and Postcontractual Hidden Knowledge

Chapter 10 Mechanism Design and Postcontractual Hidden Knowledge Chapte 10 Mechanism Design and Postcontactual Hidden Knowledge 10.1 Mechanisms, Unavelling, Coss Checking, and the Revelation Pinciple A mechanism is a set of ules that one playe constucts and anothe feely

More information

Determining solar characteristics using planetary data

Determining solar characteristics using planetary data Detemining sola chaacteistics using planetay data Intoduction The Sun is a G-type main sequence sta at the cente of the Sola System aound which the planets, including ou Eath, obit. In this investigation

More information

E E E. Aggelos Kiayias. Cryptography. Primitives and Protocols. Notes by S. Pehlivanoglu, J. Todd, and H.S. Zhou

E E E. Aggelos Kiayias. Cryptography. Primitives and Protocols. Notes by S. Pehlivanoglu, J. Todd, and H.S. Zhou P1 P2 P3 E E E IV C1 C2 C3 Aggelos Kiayias Cyptogaphy Pimitives and Potocols Notes by S. Pehlivanoglu, J. Todd, and H.S. Zhou CONTENTS 1 Contents 2 1 Intoduction To begin discussing the basic popeties

More information

Classical Worm algorithms (WA)

Classical Worm algorithms (WA) Classical Wom algoithms (WA) WA was oiginally intoduced fo quantum statistical models by Pokof ev, Svistunov and Tupitsyn (997), and late genealized to classical models by Pokof ev and Svistunov (200).

More information

A Converse to Low-Rank Matrix Completion

A Converse to Low-Rank Matrix Completion A Convese to Low-Rank Matix Completion Daniel L. Pimentel-Alacón, Robet D. Nowak Univesity of Wisconsin-Madison Abstact In many pactical applications, one is given a subset Ω of the enties in a d N data

More information

A Comparative Study of Exponential Time between Events Charts

A Comparative Study of Exponential Time between Events Charts Quality Technology & Quantitative Management Vol. 3, No. 3, pp. 347-359, 26 QTQM ICAQM 26 A Compaative Study of Exponential Time between Events Chats J. Y. Liu 1, M. Xie 1, T. N. Goh 1 and P. R. Shama

More information

Improved Factoring Attacks on Multi-Prime RSA with Small Prime Difference

Improved Factoring Attacks on Multi-Prime RSA with Small Prime Difference Impoved Factoing Attacks on Multi-Pime RSA with Small Pime Diffeence Mengce Zheng 1,2, Nobou Kunihio 2, and Honggang Hu 1 1 Univesity of Science and Technology of China, China mengce.zheng@gmail.com 2

More information

A Probabilistic Approach to Susceptibility Measurement in a Reverberation Chamber

A Probabilistic Approach to Susceptibility Measurement in a Reverberation Chamber A Pobabilistic Appoach to Susceptibility Measuement in a Revebeation Chambe Emmanuel Amado, Chistophe Lemoine, Philippe Besnie To cite this vesion: Emmanuel Amado, Chistophe Lemoine, Philippe Besnie. A

More information

1D2G - Numerical solution of the neutron diffusion equation

1D2G - Numerical solution of the neutron diffusion equation DG - Numeical solution of the neuton diffusion equation Y. Danon Daft: /6/09 Oveview A simple numeical solution of the neuton diffusion equation in one dimension and two enegy goups was implemented. Both

More information

EM Boundary Value Problems

EM Boundary Value Problems EM Bounday Value Poblems 10/ 9 11/ By Ilekta chistidi & Lee, Seung-Hyun A. Geneal Desciption : Maxwell Equations & Loentz Foce We want to find the equations of motion of chaged paticles. The way to do

More information

Centripetal Force OBJECTIVE INTRODUCTION APPARATUS THEORY

Centripetal Force OBJECTIVE INTRODUCTION APPARATUS THEORY Centipetal Foce OBJECTIVE To veify that a mass moving in cicula motion expeiences a foce diected towad the cente of its cicula path. To detemine how the mass, velocity, and adius affect a paticle's centipetal

More information

Three-dimensional Quantum Cellular Neural Network and Its Application to Image Processing *

Three-dimensional Quantum Cellular Neural Network and Its Application to Image Processing * Thee-dimensional Quantum Cellula Neual Netwok and Its Application to Image Pocessing * Sen Wang, Li Cai, Huanqing Cui, Chaowen Feng, Xiaokuo Yang Science College, Ai Foce Engineeing Univesity Xi an 701,

More information

On the ratio of maximum and minimum degree in maximal intersecting families

On the ratio of maximum and minimum degree in maximal intersecting families On the atio of maximum and minimum degee in maximal intesecting families Zoltán Lóánt Nagy Lale Özkahya Balázs Patkós Máté Vize Septembe 5, 011 Abstact To study how balanced o unbalanced a maximal intesecting

More information

Analysis of high speed machining center spindle dynamic unit structure performance Yuan guowei

Analysis of high speed machining center spindle dynamic unit structure performance Yuan guowei Intenational Confeence on Intelligent Systems Reseach and Mechatonics Engineeing (ISRME 0) Analysis of high speed machining cente spindle dynamic unit stuctue pefomance Yuan guowei Liaoning jidian polytechnic,dan

More information

7.2. Coulomb s Law. The Electric Force

7.2. Coulomb s Law. The Electric Force Coulomb s aw Recall that chaged objects attact some objects and epel othes at a distance, without making any contact with those objects Electic foce,, o the foce acting between two chaged objects, is somewhat

More information

THE INFLUENCE OF THE MAGNETIC NON-LINEARITY ON THE MAGNETOSTATIC SHIELDS DESIGN

THE INFLUENCE OF THE MAGNETIC NON-LINEARITY ON THE MAGNETOSTATIC SHIELDS DESIGN THE INFLUENCE OF THE MAGNETIC NON-LINEARITY ON THE MAGNETOSTATIC SHIELDS DESIGN LIVIU NEAMŢ 1, ALINA NEAMŢ, MIRCEA HORGOŞ 1 Key wods: Magnetostatic shields, Magnetic non-lineaity, Finite element method.

More information

Fall 2014 Randomized Algorithms Oct 8, Lecture 3

Fall 2014 Randomized Algorithms Oct 8, Lecture 3 Fall 204 Randomized Algoithms Oct 8, 204 Lectue 3 Pof. Fiedich Eisenband Scibes: Floian Tamè In this lectue we will be concened with linea pogamming, in paticula Clakson s Las Vegas algoithm []. The main

More information

Revision of Lecture Eight

Revision of Lecture Eight Revision of Lectue Eight Baseband equivalent system and equiements of optimal tansmit and eceive filteing: (1) achieve zeo ISI, and () maximise the eceive SNR Thee detection schemes: Theshold detection

More information

Estimation of the Correlation Coefficient for a Bivariate Normal Distribution with Missing Data

Estimation of the Correlation Coefficient for a Bivariate Normal Distribution with Missing Data Kasetsat J. (Nat. Sci. 45 : 736-74 ( Estimation of the Coelation Coefficient fo a Bivaiate Nomal Distibution with Missing Data Juthaphon Sinsomboonthong* ABSTRACT This study poposes an estimato of the

More information

J. Electrical Systems 1-3 (2005): Regular paper

J. Electrical Systems 1-3 (2005): Regular paper K. Saii D. Rahem S. Saii A Miaoui Regula pape Coupled Analytical-Finite Element Methods fo Linea Electomagnetic Actuato Analysis JES Jounal of Electical Systems In this pape, a linea electomagnetic actuato

More information

Hidden Identity-Based Signatures

Hidden Identity-Based Signatures Hidden Identity-Based Signatues ggelos Kiayias Hong-Sheng Zhou bstact This pape intoduces Hidden Identity-based Signatues (Hidden-IBS), a type of digital signatues that povide mediated signe-anonymity

More information

6 PROBABILITY GENERATING FUNCTIONS

6 PROBABILITY GENERATING FUNCTIONS 6 PROBABILITY GENERATING FUNCTIONS Cetain deivations pesented in this couse have been somewhat heavy on algeba. Fo example, detemining the expectation of the Binomial distibution (page 5.1 tuned out to

More information

3.1 Random variables

3.1 Random variables 3 Chapte III Random Vaiables 3 Random vaiables A sample space S may be difficult to descibe if the elements of S ae not numbes discuss how we can use a ule by which an element s of S may be associated

More information

Relating Branching Program Size and. Formula Size over the Full Binary Basis. FB Informatik, LS II, Univ. Dortmund, Dortmund, Germany

Relating Branching Program Size and. Formula Size over the Full Binary Basis. FB Informatik, LS II, Univ. Dortmund, Dortmund, Germany Relating Banching Pogam Size and omula Size ove the ull Binay Basis Matin Saueho y Ingo Wegene y Ralph Wechne z y B Infomatik, LS II, Univ. Dotmund, 44 Dotmund, Gemany z ankfut, Gemany sauehof/wegene@ls.cs.uni-dotmund.de

More information
2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback