Communication security: Formal models and proofs
|
|
- Rosamund Ross
- 5 years ago
- Views:
Transcription
1 Commnication secrity: Formal models and proofs Hbert Comon September 1, Introdction to protocol secrity The context (I) credit cards contactless cards telephones online transactions cars, fridges,... Internet of Things Big Brother: NSA Biomedical applications... The context (III) Secrity protocols Testing is not very sefl Hiding the code is not a good idea The scope of formal methods A simple handshake protocol A! B : n, r. aenc(ha, ni, pk(sk B ), r) B! A : r 0. aenc(n, pk(sk A ), r 0 ) 1
2 The formal verification problem 8A. A k P = 8A. A k P 1 A k P 2 Universal qantification on A: techniqes. we cannot apply directly model-checking One important isse: range of A? Attacker models The DY-attacker Messages are terms, the attacker is defined throgh an eqation theory or an inference system The comptational attacker Messages are bitstrings, the attacker is a probabilistic polynomial time Tring machine Other attackers Goals of the lectre Verification inpts Cryptographic libraries Protocol programs Attacker model Secrity property Goals of the lectre Show how to derive the proof obligations in a parametric way, abstracting from crypto libraries, attacker models. Focs on the semantics of protocols, for arbitrary libraries and attacker models. 2
3 Roadmap 4 sccessive versions of the calcls, by increasing expressiveness (we cold have considered the last case only...) 1. Simple case 2. Adding events: reqired for agreement properties 3. Adding replication 4. Adding channel generation: reqired for comptational semantics Then indistingishability properties (privacy). 2 A simple version of the process calcls Cryptographic libraries Syntax An arbitrary set of cryptographic primitives F : hash, pblic-key encryption(s), symmetric encryption(s), zkp,... represented by (typed) fnction symbols At least one random generation algorithm. Random nmbers are represented by names n, n 1, r,... ot of a set N Terms are bilt over variables, fnction symbols and names. Cryptographic libraries Semantics M is an interpretation domain. Typically grond or constrctor terms (the DY semantics) or bitstrings (the comptational semantics). M incldes error messages (exceptions) Err. If is an environment (mapping from variables to M), is a term, [] M is the interpretation of in M w.r.t. The interpretation is strict: : M is a (partial) F-algebra. Cryptographic libraries A possible set of fnction symbols i 2 Err ) [f( 1,..., n )]] M 2 Err aenc(, pk, r) is (spposed to be) the asymmetric encryption of with the pblic key pk and random inpt r. dec(, sk) is (spposed to be) the decryption of with the secret key sk 3
4 pk(sk) is (spposed to be) the pblic key associated with the secret key sk h, vi 1 (), 2 () Cryptographic libraries A DY model M DY (messages) is the least set of grond terms sch that: N M DY if, v 2 M DY then h, vi 2M DY if k 2N then pk(k) 2 M DY if 2 M DY, k, r 2N,thenaenc(, pk(k), r) 2 M DY. M DY also incldes special error terms Err (not messages). dec(aenc(, pk(k), r), k)! For k, r 2N, a message 1 (h, vi)!,v are messages 2 (h, vi)! v,v are messages [] M DY = # Any irredcible grond term, which is not a message, is an error. Cryptographic libraries Comptational models 2 N is a secrity parameter maps N to {0, 1} M c (, ) {0, 1} [[n]] Mc(, ) = (n) aenc(,, ), dec(, ), pk( ) are interpreted as a pblic-key encryption scheme. with an interpretation of pairing/projections, M c (, ) is an F-algebra 4
5 A simple process calcls Syntax P ::= 0 nll process (stalled) in(x).p inpt of x (binds x) ot(t).p otpt of t if EQ(, v) then P else P conditional branching let y = in P evalation (binds y) n.p random generation P kp parallel composition All variable occrrences are bond. Example The simple handshake protocol A! B : n, r. aenc(ha, ni, pk(sk B ), r) B! A : r 0. aenc(n, pk(sk A ), r 0 ) A(sk a, pk(sk b )) = B(sk b )= n, r. ot(aenc(hpk(sk a ), ni, pk(sk b ), r)). in(z). let z 1 = dec(z, sk a ) in if EQ(z 1, n) then 0(Sccess) else 0(Fail) r 0. in(x).let y = dec(x, sk b ) in let y 1 = 1 (y) in let y 2 = 2 (y) in ot(aenc(y 2, y 1, r 0 )). 0. sk a, sk b. ot(hpk(sk a ), pk(sk b )i). (A(sk a, pk(sk b )) k B(sk b )) Strctral eqivalence 0 k P P P k Q Q k P P k (Q k R) (P k Q) k R n.p n 0.P {n 7! n 0 } in(x).p in(x 0 ).P {x 7! x 0 } let x = in P let x 0 = in P {x 7! x 0 } ( n.p )kq n 0.(P kq) if n /2 freenames(q) Operational semantics States of the network are tples (,,P ), where 5
6 is a frame of the form n.m 1,...,m k,wheren is a set of names (sed so far) and m 1,...,m k is a seqence of vales in M (that have been sent ot so far) is an environment: an assignment of the free variables to vales in M P is a process The semantics is a labeled transition system, whose labels are the inpts provided by the attacker (sometimes, an empty inpt) 6
7 Operational semantics The transition system (I) (,,in(x).p )! (, ]{x 7! }, P ) (,,P ) (,,if EQ(s, t) then P else Q) 0, P 0 ) 0, P 0 ) if[[s]] M =[[t]] M /2 Err (,,Q) (,,if EQ(s, t) then P else Q) 0, P 0 ) 0, P 0 ) if[[s]] M 6=[[t]] M or [[s]] M 2 Err or [t] M 2 Err Operational semantics The transition system (II) if [] M = w/2 Err (,,let x = in P )! (, ]{x 7! w}, P ) ( n.,, ot(s).p )! ( n. [s] M,,P ) (,,P ) (,,P kq) 0, P 0 ) 0, P 0 kq) if n /2 n [ freename( ) ( n.,, n.p )! n ] n.,, P ) 7
8 Example Restricting the feasible transitions ( 1, 1, P 1 ) 1! k 1! ( k, k, P k ) is possible w.r.t. model M and an attacker A if, for every i, Note: cold inclde a state in A. A([[ i ] M i, P i)=[[ i ] M i Example DY There is a DY attacker A sch that A( )=[[] M DY where I is defined by: `I # i For every f 2F ` 1 ` n ` f( 1,..., n ) # n. 1,..., n ` i if n 0 2N\n. n. ` n 0 Exercise In the simple handshake example, describe all feasible transition seqences in the DY model (assme the name extrsion, let, conditionals and otpts are always performed before inpts). Is the nonce n secret? Example comptational A is a Probabilistic Polynomial Time Tring machine (PPT). Some inpts that were not possible in the DY model might now be possible. A typical example A might be able to compte (with a significant probability) [aenc(, pk(k 1 ), r 1 )]] Mc(, ) from [[aenc(v, pk(k 1 ), r 1 )]] Mc(, ) 9A, Prob{, : A([[aenc(v, pk(k 1 ), r 1 )]] Mc(, ) )= [aenc(, pk(k 1 ), r 1 )]] Mc(, ) } > ( ) 8
9 is non-negligible: there is a polynomial Pol sch that lim inf ( ) Pol( ) > 1!+1 Confidentiality In the DY case Is there a DY attacker A and a feasible transition seqence (;, ;, P )! (,,Q) sch that A(, Q) =s? This problem is in NP In the comptational case Is there a PPT A sch that, for every comptational model M c (, ), the probability that there is a feasible seqence (;, ;, P )! (,,Q) sch that A(, Q) =s is negligible in? This reqires in general assmptions on the libraries For example, the protocol n s.in(x).if EQ(x, n) then ot(s) 0 else 0 satisfies the confidentiality of s in the comptational model, as soon as n is niformly drawn at random. (For any attacker the probability of sccess is bonded by 1 2 ). Exercises In the following cases, give reasonable processes A, B and either give an attack on the confidentiality of s or prove that there is no sch attack in the DY model. 9
10 1. A! B : n, r. hpk(sk A ), aenc(s, pk(sk B ), r)i B! A r 0. hpk(sk B ), aenc(s, pk(sk A ), r 0 )i P = sk a, sk b. ot(hpk(sk A ), pk(sk B )i) (A(sk a, pk(sk B )) k B(sk b )) 2. A! B : s, r 1, r 2. aenc(hpk(sk A ), aenc(s, pk(sk B ), r 1 )i, pk(sk B ), r 2 ) B! A : r 3, r 4.aenc(hpk(sk B ), aenc(s, pk(sk A ), r 3 )i, pk(sk A ), r 4 ) P = sk a, sk b. ot(hpk(sk A ), pk(sk B )i) (A(sk a, pk(sk B )) k B(sk b ) k B(sk b )) 3 Symbolic (Abstract) semantics Gathering feasability conditions States of the network are tples (,,P, ), where,,p as before is a constraint: eqalities, diseqalities and comptational constraints of the form.. (,,in(x).p, )! (,,P, ^. x) (,,if EQ(s, t) then P else Q, )! (,,P, ^ EQ(s, t)) (,,if EQ(s, t) then P else Q, )! (,,P, ^ EQ(s, t)) Conseqences Advantages A finite transition system (regardless of the model) Confidentiality redces to constraint satisfaction ^ f. s in NP in the DY model 10
11 Conseqences Comptational case Specify the assmptions on the libraries: impossibility conditions. 6.n S, aenc(n, pk(k), r). n ) S. n S 1.x^ S 2,x.y ) S 1, S 2.y S 1.x 1 ^...^ S n.x n ) S 1,...,S n.f(x 1,...,x n ) S, S 1, S 2 are finite sets of terms. [3mm] Check the constraint satisfiability, together with (in PTIME!!). s and the above axioms Exercise Back to the simple handshake protocol. Stdy its secrity in the comptational model, assming the properties of the cryptographic libraries that are described in the lectre. 11
Complexity of automatic verification of cryptographic protocols
Complexity of automatic verification of cryptographic protocols Clermont Ferrand 02/02/2017 Vincent Cheval Equipe Pesto, INRIA, Nancy 1 Cryptographic protocols Communication on public network Cryptographic
More informationSection 7.4: Integration of Rational Functions by Partial Fractions
Section 7.4: Integration of Rational Fnctions by Partial Fractions This is abot as complicated as it gets. The Method of Partial Fractions Ecept for a few very special cases, crrently we have no way to
More informationFailure Diagnosis of Discrete Event Systems: A Temporal Logic Approach
Failre Diagnosis of Discrete Event Systems: A Temporal Logic Approach Shengbing Jiang Electrical & Controls Integration Lab General Motors R&D 1 Otline Introdction Notion of Diagnosability in Temporal
More informationCS 395T. Probabilistic Polynomial-Time Calculus
CS 395T Probabilistic Polynomial-Time Calculus Security as Equivalence Intuition: encryption scheme is secure if ciphertext is indistinguishable from random noise Intuition: protocol is secure if it is
More informationIntrodction Finite elds play an increasingly important role in modern digital commnication systems. Typical areas of applications are cryptographic sc
A New Architectre for a Parallel Finite Field Mltiplier with Low Complexity Based on Composite Fields Christof Paar y IEEE Transactions on Compters, Jly 996, vol 45, no 7, pp 856-86 Abstract In this paper
More information4.2 First-Order Logic
64 First-Order Logic and Type Theory The problem can be seen in the two qestionable rles In the existential introdction, the term a has not yet been introdced into the derivation and its se can therefore
More informationRestricted Three-Body Problem in Different Coordinate Systems
Applied Mathematics 3 949-953 http://dx.doi.org/.436/am..394 Pblished Online September (http://www.scirp.org/jornal/am) Restricted Three-Body Problem in Different Coordinate Systems II-In Sidereal Spherical
More informationThe Cryptanalysis of a New Public-Key Cryptosystem based on Modular Knapsacks
The Cryptanalysis of a New Pblic-Key Cryptosystem based on Modlar Knapsacks Yeow Meng Chee Antoine Jox National Compter Systems DMI-GRECC Center for Information Technology 45 re d Ulm 73 Science Park Drive,
More informationA Computationally Complete Symbolic Attacker for Equivalence Properties
A Computationally Complete Symbolic Attacker for Equivalence Properties ABSTRACT Gergei Bana INRIA Paris-Rocquencourt Paris, France bana@math.upenn.edu We consider the problem of computational indistinguishability
More informationFormal Methods for Deriving Element Equations
Formal Methods for Deriving Element Eqations And the importance of Shape Fnctions Formal Methods In previos lectres we obtained a bar element s stiffness eqations sing the Direct Method to obtain eact
More information2406 JOURNAL OF SOFTWARE, VOL. 8, NO. 10, OCTOBER 2013
2406 JOURNAL OF SOFTWARE, VOL. 8, NO. 10, OCTOBER 2013 A Grop Key Agreement With Efficient Commnication for Ad Hoc Networks Zongy Song 1, Pengfei Cai 1, Jie Yang 2 1. School of Compter Science and Engineering,
More informationClassify by number of ports and examine the possible structures that result. Using only one-port elements, no more than two elements can be assembled.
Jnction elements in network models. Classify by nmber of ports and examine the possible strctres that reslt. Using only one-port elements, no more than two elements can be assembled. Combining two two-ports
More informationLecture Notes On THEORY OF COMPUTATION MODULE - 2 UNIT - 2
BIJU PATNAIK UNIVERSITY OF TECHNOLOGY, ODISHA Lectre Notes On THEORY OF COMPUTATION MODULE - 2 UNIT - 2 Prepared by, Dr. Sbhend Kmar Rath, BPUT, Odisha. Tring Machine- Miscellany UNIT 2 TURING MACHINE
More informationSPV 03 Workshop on Security Protocols Verification PROGRAM
SPV 03 Workshop on Secrity Protocols Verification PROGRAM 9h00 Invited Talk. Towards cryptographically sond formal analysis of secre protocols. Ran Canetti. 10h00 A Cryptographically Sond Secrity Proof
More informationSources of Non Stationarity in the Semivariogram
Sorces of Non Stationarity in the Semivariogram Migel A. Cba and Oy Leangthong Traditional ncertainty characterization techniqes sch as Simple Kriging or Seqential Gassian Simlation rely on stationary
More informationCHANNEL SELECTION WITH RAYLEIGH FADING: A MULTI-ARMED BANDIT FRAMEWORK. Wassim Jouini and Christophe Moy
CHANNEL SELECTION WITH RAYLEIGH FADING: A MULTI-ARMED BANDIT FRAMEWORK Wassim Joini and Christophe Moy SUPELEC, IETR, SCEE, Avene de la Bolaie, CS 47601, 5576 Cesson Sévigné, France. INSERM U96 - IFR140-
More informationChapter 3 MATHEMATICAL MODELING OF DYNAMIC SYSTEMS
Chapter 3 MATHEMATICAL MODELING OF DYNAMIC SYSTEMS 3. System Modeling Mathematical Modeling In designing control systems we mst be able to model engineered system dynamics. The model of a dynamic system
More informationUNCERTAINTY FOCUSED STRENGTH ANALYSIS MODEL
8th International DAAAM Baltic Conference "INDUSTRIAL ENGINEERING - 19-1 April 01, Tallinn, Estonia UNCERTAINTY FOCUSED STRENGTH ANALYSIS MODEL Põdra, P. & Laaneots, R. Abstract: Strength analysis is a
More informationCuckoo hashing: Further analysis
Information Processing Letters 86 (2003) 215 219 www.elsevier.com/locate/ipl Cckoo hashing: Frther analysis Lc Devroye,PatMorin School of Compter Science, McGill University, 3480 University Street, Montreal,
More informationA Model-Free Adaptive Control of Pulsed GTAW
A Model-Free Adaptive Control of Plsed GTAW F.L. Lv 1, S.B. Chen 1, and S.W. Dai 1 Institte of Welding Technology, Shanghai Jiao Tong University, Shanghai 00030, P.R. China Department of Atomatic Control,
More informationDecoder Error Probability of MRD Codes
Decoder Error Probability of MRD Codes Maximilien Gadolea Department of Electrical and Compter Engineering Lehigh University Bethlehem, PA 18015 USA E-mail: magc@lehighed Zhiyan Yan Department of Electrical
More informationNonlinear parametric optimization using cylindrical algebraic decomposition
Proceedings of the 44th IEEE Conference on Decision and Control, and the Eropean Control Conference 2005 Seville, Spain, December 12-15, 2005 TC08.5 Nonlinear parametric optimization sing cylindrical algebraic
More informationEfficient Public-Key Distance Bounding
Efficient Public-Key Distance Bounding HNDN KILINÇ ND SERGE VUDENY 1 1. Introduction of Distance Bounding 2. Formal Definitions for Security and Privacy 3. Weak uthenticated Key greement 4. Our Protocols:
More informationSimplified Identification Scheme for Structures on a Flexible Base
Simplified Identification Scheme for Strctres on a Flexible Base L.M. Star California State University, Long Beach G. Mylonais University of Patras, Greece J.P. Stewart University of California, Los Angeles
More informationA process algebraic analysis of privacy-type properties in cryptographic protocols
A process algebraic analysis of privacy-type properties in cryptographic protocols Stéphanie Delaune LSV, CNRS & ENS Cachan, France Saturday, September 6th, 2014 S. Delaune (LSV) Verification of cryptographic
More informationThe Linear Quadratic Regulator
10 The Linear Qadratic Reglator 10.1 Problem formlation This chapter concerns optimal control of dynamical systems. Most of this development concerns linear models with a particlarly simple notion of optimality.
More informationNonparametric Identification and Robust H Controller Synthesis for a Rotational/Translational Actuator
Proceedings of the 6 IEEE International Conference on Control Applications Mnich, Germany, October 4-6, 6 WeB16 Nonparametric Identification and Robst H Controller Synthesis for a Rotational/Translational
More informationFOUNTAIN codes [3], [4] provide an efficient solution
Inactivation Decoding of LT and Raptor Codes: Analysis and Code Design Francisco Lázaro, Stdent Member, IEEE, Gianligi Liva, Senior Member, IEEE, Gerhard Bach, Fellow, IEEE arxiv:176.5814v1 [cs.it 19 Jn
More informationSTABILIZATIO ON OF LONGITUDINAL AIRCRAFT MOTION USING MODEL PREDICTIVE CONTROL AND EXACT LINEARIZATION
8 TH INTERNATIONAL CONGRESS OF THE AERONAUTICAL SCIENCES STABILIZATIO ON OF LONGITUDINAL AIRCRAFT MOTION USING MODEL PREDICTIVE CONTROL AND EXACT LINEARIZATION Čeliovsý S.*, Hospodář P.** *CTU Prage, Faclty
More informationElements of Coordinate System Transformations
B Elements of Coordinate System Transformations Coordinate system transformation is a powerfl tool for solving many geometrical and kinematic problems that pertain to the design of gear ctting tools and
More informationTyped Kleene Algebra with Products and Iteration Theories
Typed Kleene Algebra with Prodcts and Iteration Theories Dexter Kozen and Konstantinos Mamoras Compter Science Department Cornell University Ithaca, NY 14853-7501, USA {kozen,mamoras}@cs.cornell.ed Abstract
More informationNotes on BAN Logic CSG 399. March 7, 2006
Notes on BAN Logic CSG 399 March 7, 2006 The wide-mouthed frog protocol, in a slightly different form, with only the first two messages, and time stamps: A S : A, {T a, B, K ab } Kas S B : {T s, A, K ab
More informationSolving a System of Equations
Solving a System of Eqations Objectives Understand how to solve a system of eqations with: - Gass Elimination Method - LU Decomposition Method - Gass-Seidel Method - Jacobi Method A system of linear algebraic
More informationCapacity Provisioning for Schedulers with Tiny Buffers
Capacity Provisioning for Schedlers with Tiny Bffers Yashar Ghiassi-Farrokhfal and Jörg Liebeherr Department of Electrical and Compter Engineering University of Toronto Abstract Capacity and bffer sizes
More informationRESGen: Renewable Energy Scenario Generation Platform
1 RESGen: Renewable Energy Scenario Generation Platform Emil B. Iversen, Pierre Pinson, Senior Member, IEEE, and Igor Ardin Abstract Space-time scenarios of renewable power generation are increasingly
More informationDecoder Error Probability of MRD Codes
Decoder Error Probability of MRD Codes Maximilien Gadolea Department of Electrical and Compter Engineering Lehigh University Bethlehem, PA 18015 USA E-mail: magc@lehigh.ed Zhiyan Yan Department of Electrical
More informationConditions for Approaching the Origin without Intersecting the x-axis in the Liénard Plane
Filomat 3:2 (27), 376 377 https://doi.org/.2298/fil7276a Pblished by Faclty of Sciences and Mathematics, University of Niš, Serbia Available at: http://www.pmf.ni.ac.rs/filomat Conditions for Approaching
More informationMath 273b: Calculus of Variations
Math 273b: Calcls of Variations Yacob Kreh Homework #3 [1] Consier the 1D length fnctional minimization problem min F 1 1 L, or min 1 + 2, for twice ifferentiable fnctions : [, 1] R with bonary conitions,
More informationDesign and Analyses of some 1-D Chaotic Generators for Secure Data
SETIT 2009 5 th International Conference: Sciences of Electronic, Tenologies of Information and Telecommnications Mar 22-26, 2009 TUISIA Design and Analyses of some 1-D Chaotic Generators for Secre Data
More informationOn the circuit complexity of the standard and the Karatsuba methods of multiplying integers
On the circit complexity of the standard and the Karatsba methods of mltiplying integers arxiv:1602.02362v1 [cs.ds] 7 Feb 2016 Igor S. Sergeev The goal of the present paper is to obtain accrate estimates
More informationBayes and Naïve Bayes Classifiers CS434
Bayes and Naïve Bayes Classifiers CS434 In this lectre 1. Review some basic probability concepts 2. Introdce a sefl probabilistic rle - Bayes rle 3. Introdce the learning algorithm based on Bayes rle (ths
More informationThe Coset Distribution of Triple-Error-Correcting Binary Primitive BCH Codes
IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 5, NO., APRIL 00 177 The Coset Distribtion of iple-error-correcting Binary Primitive BCH Codes Pascale Charpin, Member, IEEE, TorHelleseth, Fellow, IEEE, VictorA.
More informationAnalysing privacy-type properties in cryptographic protocols
Analysing privacy-type properties in cryptographic protocols Stéphanie Delaune LSV, CNRS & ENS Cachan, France Wednesday, January 14th, 2015 S. Delaune (LSV) Verification of cryptographic protocols 14th
More informationIntroduction to Elliptic Curve Cryptography
Indian Statistical Institute Kolkata May 19, 2017 ElGamal Public Key Cryptosystem, 1984 Key Generation: 1 Choose a suitable large prime p 2 Choose a generator g of the cyclic group IZ p 3 Choose a cyclic
More informationCryptography CS 555. Topic 23: Zero-Knowledge Proof and Cryptographic Commitment. CS555 Topic 23 1
Cryptography CS 555 Topic 23: Zero-Knowledge Proof and Cryptographic Commitment CS555 Topic 23 1 Outline and Readings Outline Zero-knowledge proof Fiat-Shamir protocol Schnorr protocol Commitment schemes
More informationRisk-Sensitive Control under a Class of Denial-of-Service Attack Models
is-sensitive Control nder a Class of Denial-of-Service Attac Models echnical eport of the ISIS Grop University of Notre Dame ISIS-200-003 September, 200 Getachew K. Befead, Vijay Gpta and Panos J. Antsalis
More informationSystem identification of buildings equipped with closed-loop control devices
System identification of bildings eqipped with closed-loop control devices Akira Mita a, Masako Kamibayashi b a Keio University, 3-14-1 Hiyoshi, Kohok-k, Yokohama 223-8522, Japan b East Japan Railway Company
More informationSecurity Protocols and Application Final Exam
Security Protocols and Application Final Exam Solution Philippe Oechslin and Serge Vaudenay 25.6.2014 duration: 3h00 no document allowed a pocket calculator is allowed communication devices are not allowed
More informationPerformance analysis of GTS allocation in Beacon Enabled IEEE
1 Performance analysis of GTS allocation in Beacon Enabled IEEE 8.15.4 Pangn Park, Carlo Fischione, Karl Henrik Johansson Abstract Time-critical applications for wireless sensor networks (WSNs) are an
More informationCryptoVerif: A Computationally Sound Mechanized Prover for Cryptographic Protocols
CryptoVerif: A Computationally Sound Mechanized Prover for Cryptographic Protocols Bruno Blanchet CNRS, École Normale Supérieure, INRIA, Paris March 2009 Bruno Blanchet (CNRS, ENS, INRIA) CryptoVerif March
More informationGraphs and Their. Applications (6) K.M. Koh* F.M. Dong and E.G. Tay. 17 The Number of Spanning Trees
Graphs and Their Applications (6) by K.M. Koh* Department of Mathematics National University of Singapore, Singapore 1 ~ 7543 F.M. Dong and E.G. Tay Mathematics and Mathematics EdOOation National Institte
More informationCS 282A/MATH 209A: Foundations of Cryptography Prof. Rafail Ostrovsky. Lecture 7
CS 282A/MATH 209A: Foundations of Cryptography Prof. Rafail Ostrovsky Lecture 7 Lecture date: Monday, 28 February, 2005 Scribe: M.Chov, K.Leung, J.Salomone 1 Oneway Trapdoor Permutations Recall that a
More informationSetting The K Value And Polarization Mode Of The Delta Undulator
LCLS-TN-4- Setting The Vale And Polarization Mode Of The Delta Undlator Zachary Wolf, Heinz-Dieter Nhn SLAC September 4, 04 Abstract This note provides the details for setting the longitdinal positions
More informationProbabilistic Polynomial-Time Process Calculus for Security Protocol Analysis. Standard analysis methods. Compositionality
Probabilistic Polynomial-Time Process Calculus for Security Protocol Analysis J. Mitchell, A. Ramanathan, A. Scedrov, V. Teague P. Lincoln, P. Mateus, M. Mitchell Standard analysis methods Finite-state
More informationA Note on Irreducible Polynomials and Identity Testing
A Note on Irrecible Polynomials an Ientity Testing Chanan Saha Department of Compter Science an Engineering Inian Institte of Technology Kanpr Abstract We show that, given a finite fiel F q an an integer
More informationOptimal Control of a Heterogeneous Two Server System with Consideration for Power and Performance
Optimal Control of a Heterogeneos Two Server System with Consideration for Power and Performance by Jiazheng Li A thesis presented to the University of Waterloo in flfilment of the thesis reqirement for
More informationEssentials of optimal control theory in ECON 4140
Essentials of optimal control theory in ECON 4140 Things yo need to know (and a detail yo need not care abot). A few words abot dynamic optimization in general. Dynamic optimization can be thoght of as
More informationAxial Compressor Design Parameters
Trbomachinery Lectre Notes 007-09-9 Axial Compressor Design Parameters Damian Vogt Corse MJ49 Nomenclatre Sbscripts Symbol Denotation Unit c Absolte velocity m/s h Enthalpy J/kg m& Mass flow rate kg/s
More informationHomogeneous Liner Systems with Constant Coefficients
Homogeneos Liner Systems with Constant Coefficients Jly, 06 The object of stdy in this section is where A is a d d constant matrix whose entries are real nmbers. As before, we will look to the exponential
More informationEXCITATION RATE COEFFICIENTS OF MOLYBDENUM ATOM AND IONS IN ASTROPHYSICAL PLASMA AS A FUNCTION OF ELECTRON TEMPERATURE
EXCITATION RATE COEFFICIENTS OF MOLYBDENUM ATOM AND IONS IN ASTROPHYSICAL PLASMA AS A FUNCTION OF ELECTRON TEMPERATURE A.N. Jadhav Department of Electronics, Yeshwant Mahavidyalaya, Ned. Affiliated to
More informationStudy of the diffusion operator by the SPH method
IOSR Jornal of Mechanical and Civil Engineering (IOSR-JMCE) e-issn: 2278-684,p-ISSN: 2320-334X, Volme, Isse 5 Ver. I (Sep- Oct. 204), PP 96-0 Stdy of the diffsion operator by the SPH method Abdelabbar.Nait
More informationQuantum Key Distribution Using Decoy State Protocol
American J. of Engineering and Applied Sciences 2 (4): 694-698, 2009 ISSN 94-7020 2009 Science Pblications Qantm Key Distribtion sing Decoy State Protocol,2 Sellami Ali, 2 Shhairi Sahardin and,2 M.R.B.
More informationExtending Dolev-Yao with Assertions
Extending Dolev-Yao with Assertions Vaishnavi Sundararajan Chennai Mathematical Institute FOSAD 2015 August 31, 2015 (Joint work with R Ramanujam and S P Suresh) Vaishnavi S Extending Dolev-Yao with Assertions
More informationCryptographic Protocols Notes 2
ETH Zurich, Department of Computer Science SS 2018 Prof. Ueli Maurer Dr. Martin Hirt Chen-Da Liu Zhang Cryptographic Protocols Notes 2 Scribe: Sandro Coretti (modified by Chen-Da Liu Zhang) About the notes:
More informationStability of Model Predictive Control using Markov Chain Monte Carlo Optimisation
Stability of Model Predictive Control sing Markov Chain Monte Carlo Optimisation Elilini Siva, Pal Golart, Jan Maciejowski and Nikolas Kantas Abstract We apply stochastic Lyapnov theory to perform stability
More informationLecture 9 Julie Staub Avi Dalal Abheek Anand Gelareh Taban. 1 Introduction. 2 Background. CMSC 858K Advanced Topics in Cryptography February 24, 2004
CMSC 858K Advanced Topics in Cryptography February 24, 2004 Lecturer: Jonathan Katz Lecture 9 Scribe(s): Julie Staub Avi Dalal Abheek Anand Gelareh Taban 1 Introduction In previous lectures, we constructed
More informationOn relative errors of floating-point operations: optimal bounds and applications
On relative errors of floating-point operations: optimal bonds and applications Clade-Pierre Jeannerod, Siegfried M. Rmp To cite this version: Clade-Pierre Jeannerod, Siegfried M. Rmp. On relative errors
More informationSolving ECDLP via List Decoding
Solving ECDLP via List Decoding Fanggo Zhang 1,2 and Shengli Li 3 1 School of Data and Compter Science, Sn Yat-sen University, Gangzho 510006, China 2 Gangdong Key Laboratory of Information Secrity, Gangzho
More informationStep-Size Bounds Analysis of the Generalized Multidelay Adaptive Filter
WCE 007 Jly - 4 007 London UK Step-Size onds Analysis of the Generalized Mltidelay Adaptive Filter Jnghsi Lee and Hs Chang Hang Abstract In this paper we analyze the bonds of the fixed common step-size
More information1 Undiscounted Problem (Deterministic)
Lectre 9: Linear Qadratic Control Problems 1 Undisconted Problem (Deterministic) Choose ( t ) 0 to Minimize (x trx t + tq t ) t=0 sbject to x t+1 = Ax t + B t, x 0 given. x t is an n-vector state, t a
More informationPerformance analysis of the MAP equalizer within an iterative receiver including a channel estimator
Performance analysis of the MAP eqalizer within an iterative receiver inclding a channel estimator Nora Sellami ISECS Rote Menzel Chaer m 0.5 B.P 868, 308 Sfax, Tnisia Aline Romy IRISA-INRIA Camps de Bealie
More informationi=1 y i 1fd i = dg= P N i=1 1fd i = dg.
ECOOMETRICS II (ECO 240S) University of Toronto. Department of Economics. Winter 208 Instrctor: Victor Agirregabiria SOLUTIO TO FIAL EXAM Tesday, April 0, 208. From 9:00am-2:00pm (3 hors) ISTRUCTIOS: -
More informationBLOOM S TAXONOMY. Following Bloom s Taxonomy to Assess Students
BLOOM S TAXONOMY Topic Following Bloom s Taonomy to Assess Stdents Smmary A handot for stdents to eplain Bloom s taonomy that is sed for item writing and test constrction to test stdents to see if they
More informationDepartment of Industrial Engineering Statistical Quality Control presented by Dr. Eng. Abed Schokry
Department of Indstrial Engineering Statistical Qality Control presented by Dr. Eng. Abed Schokry Department of Indstrial Engineering Statistical Qality Control C and U Chart presented by Dr. Eng. Abed
More informationConcepts Introduced. Digital Electronics. Logic Blocks. Truth Tables
Concepts Introdced Digital Electronics trth tables, logic eqations, and gates combinational logic seqential logic Digital electronics operate at either high or low voltage. Compters se a binary representation
More informationChapter 7: Signature Schemes. COMP Lih-Yuan Deng
Chapter 7: Signature Schemes COMP 7120-8120 Lih-Yuan Deng lihdeng@memphis.edu Overview Introduction Security requirements for signature schemes ElGamal signature scheme Variants of ElGamal signature scheme
More informationJoint Transfer of Energy and Information in a Two-hop Relay Channel
Joint Transfer of Energy and Information in a Two-hop Relay Channel Ali H. Abdollahi Bafghi, Mahtab Mirmohseni, and Mohammad Reza Aref Information Systems and Secrity Lab (ISSL Department of Electrical
More informationResearch Article Permanence of a Discrete Predator-Prey Systems with Beddington-DeAngelis Functional Response and Feedback Controls
Hindawi Pblishing Corporation Discrete Dynamics in Natre and Society Volme 2008 Article ID 149267 8 pages doi:101155/2008/149267 Research Article Permanence of a Discrete Predator-Prey Systems with Beddington-DeAngelis
More informationWhen are Two Numerical Polynomials Relatively Prime?
J Symbolic Comptation (1998) 26, 677 689 Article No sy980234 When are Two Nmerical Polynomials Relatively Prime? BERNHARD BECKERMANN AND GEORGE LABAHN Laboratoire d Analyse Nmériqe et d Optimisation, Université
More informationNon-Conversation-Based Zero Knowledge
Non-Conversation-Based Zero Knowledge JOËL ALWEN Università di Salerno 84084 Fisciano (SA) ITALY jfa237@nyu.edu GIUSEPPE PERSIANO Università di Salerno 84084 Fisciano (SA) ITALY giuper@dia.unisa.it Submission
More informationModel Discrimination of Polynomial Systems via Stochastic Inputs
Model Discrimination of Polynomial Systems via Stochastic Inpts D. Georgiev and E. Klavins Abstract Systems biologists are often faced with competing models for a given experimental system. Unfortnately,
More informationIntroduction to Quantum Information Processing
Introdction to Qantm Information Processing Lectre 5 Richard Cleve Overview of Lectre 5 Review of some introdctory material: qantm states, operations, and simple qantm circits Commnication tasks: one qbit
More informationApproximate Solution of Convection- Diffusion Equation by the Homotopy Perturbation Method
Gen. Math. Notes, Vol. 1, No., December 1, pp. 18-114 ISSN 19-7184; Copyright ICSRS Pblication, 1 www.i-csrs.org Available free online at http://www.geman.in Approximate Soltion of Convection- Diffsion
More informationNSL Verification and Attacks Agents Playing Both Roles
NSL Verification and Attacks Agents Playing Both Roles Pedro Adão Gergei Bana Abstract Background: [2] and eprint version: [1] 1 The Axioms Equality is a Congruence. The first axiom says that the equality
More informationGradient Projection Anti-windup Scheme on Constrained Planar LTI Systems. Justin Teo and Jonathan P. How
1 Gradient Projection Anti-windp Scheme on Constrained Planar LTI Systems Jstin Teo and Jonathan P. How Technical Report ACL1 1 Aerospace Controls Laboratory Department of Aeronatics and Astronatics Massachsetts
More informationCDS 110b: Lecture 1-2 Introduction to Optimal Control
CDS 110b: Lectre 1-2 Introdction to Optimal Control Richard M. Mrray 4 Janary 2006 Goals: Introdce the problem of optimal control as method of trajectory generation State the maimm principle and give eamples
More informationRobust Tracking and Regulation Control of Uncertain Piecewise Linear Hybrid Systems
ISIS Tech. Rept. - 2003-005 Robst Tracking and Reglation Control of Uncertain Piecewise Linear Hybrid Systems Hai Lin Panos J. Antsaklis Department of Electrical Engineering, University of Notre Dame,
More informationB-469 Simplified Copositive and Lagrangian Relaxations for Linearly Constrained Quadratic Optimization Problems in Continuous and Binary Variables
B-469 Simplified Copositive and Lagrangian Relaxations for Linearly Constrained Qadratic Optimization Problems in Continos and Binary Variables Naohiko Arima, Snyong Kim and Masakaz Kojima October 2012,
More informationModelling by Differential Equations from Properties of Phenomenon to its Investigation
Modelling by Differential Eqations from Properties of Phenomenon to its Investigation V. Kleiza and O. Prvinis Kanas University of Technology, Lithania Abstract The Panevezys camps of Kanas University
More informationChapter 4 Supervised learning:
Chapter 4 Spervised learning: Mltilayer Networks II Madaline Other Feedforward Networks Mltiple adalines of a sort as hidden nodes Weight change follows minimm distrbance principle Adaptive mlti-layer
More informationConvergence analysis of ant colony learning
Delft University of Technology Delft Center for Systems and Control Technical report 11-012 Convergence analysis of ant colony learning J van Ast R Babška and B De Schtter If yo want to cite this report
More informationLecture 8: September 26
10-704: Information Processing and Learning Fall 2016 Lectrer: Aarti Singh Lectre 8: September 26 Note: These notes are based on scribed notes from Spring15 offering of this corse. LaTeX template cortesy
More informationTHE HOHENBERG-KOHN THEOREM FOR MARKOV SEMIGROUPS
THE HOHENBERG-KOHN THEOREM FOR MARKOV SEMIGROUPS OMAR HIJAB Abstract. At the basis of mch of comptational chemistry is density fnctional theory, as initiated by the Hohenberg-Kohn theorem. The theorem
More informationMAXIMUM AND ANTI-MAXIMUM PRINCIPLES FOR THE P-LAPLACIAN WITH A NONLINEAR BOUNDARY CONDITION. 1. Introduction. ν = λ u p 2 u.
2005-Ojda International Conference on Nonlinear Analysis. Electronic Jornal of Differential Eqations, Conference 14, 2006, pp. 95 107. ISSN: 1072-6691. URL: http://ejde.math.txstate.ed or http://ejde.math.nt.ed
More informationSymbol R R + C Table : Notation Meaning Set of all real nmbers Set of positive real nmbers Set of all complex nmbers A(s) T, conjgate transpose A(s) Λ
EESystems Department, University of Sothern California. March 000. Mltiplier IQCs for Uncertain Time-delays Myngsoo Jn and Michael G. Safonov Dept. of Electrical Engineering Systems University of Sothern
More informationThe Dual of the Maximum Likelihood Method
Department of Agricltral and Resorce Economics University of California, Davis The Dal of the Maximm Likelihood Method by Qirino Paris Working Paper No. 12-002 2012 Copyright @ 2012 by Qirino Paris All
More informationA New Approach to Direct Sequential Simulation that Accounts for the Proportional Effect: Direct Lognormal Simulation
A ew Approach to Direct eqential imlation that Acconts for the Proportional ffect: Direct ognormal imlation John Manchk, Oy eangthong and Clayton Detsch Department of Civil & nvironmental ngineering University
More informationFaster Inversion and Other Black Box Matrix Computations Using Efficient Block Projections
Faster Inversion and Other Black Box Matrix Comptations Using Efficient Block Projections Wayne Eberly 1, Mark Giesbrecht, Pascal Giorgi,, Arne Storjohann, Gilles Villard (1) Department of Compter Science,
More informationLecture 4 Chiu Yuen Koo Nikolai Yakovenko. 1 Summary. 2 Hybrid Encryption. CMSC 858K Advanced Topics in Cryptography February 5, 2004
CMSC 858K Advanced Topics in Cryptography February 5, 2004 Lecturer: Jonathan Katz Lecture 4 Scribe(s): Chiu Yuen Koo Nikolai Yakovenko Jeffrey Blank 1 Summary The focus of this lecture is efficient public-key
More informationSemantic Security and Indistinguishability in the Quantum World
Semantic Security and Indistinguishability in the Quantum World Tommaso Gagliardoni 1, Andreas Hülsing 2, Christian Schaffner 3 1 IBM Research, Swiss; TU Darmstadt, Germany 2 TU Eindhoven, The Netherlands
More information