Hash functions : MAC / HMAC
|
|
- Roland McCarthy
- 6 years ago
- Views:
Transcription
1 Hash functons : MAC / HMAC Outlne Message Authentcaton Codes Keyed hash famly Uncondtonally Secure MACs Ref: D Stnson: Cryprography Theory and Practce (3 rd ed), Chap 4. Unversal hash famly Notatons: X s a set of possble messages Y s a fnte set of possble message dgests or authentcaton tags? F X,Y s the set of all functons from X to Y : Defnton 4.1: A keyed hash famly s a four-tuple F =(X, Y, K,H), where the followng condton are satsfed: K, the keyspace, s a fnte set of possble keys H, the hash famly, a fnte set of at most K hash functons. For each K K, there s a hash functon h K H. Each h k : X Y Compresson functon: X s a fnte set, N= X. Eg X = {0,1} k+r N = 2 k+r Y s a fnte set M= Y. Eg Y = {0,1} r M=2 r F X,Y = M N F s denoted (N,M)-hash famly 1
2 Random Oracle Model Model to analyze the probablty of computng premage, second pre-mage or collsons: In ths model, a hash functon h K : X Y s chosen randomly from F The only way to compute a value h K (x) s to query the oracle. THEOREM 4.1 Suppose that h F X,Y s chosen randomly, and let X 0 X. Suppose that the values h(x) have been determned (by queryng an oracle for h) f and only f x X 0. Then, for all x X \ X 0 and all y Y, Pr[h(x)=y] = 1/M Algorthms n the Random Oracle Model Randomzed algorthms make random choces durng ther executon. A Las Vegas algorthm s a randomzed algorthm may fal to gve an answer f the algorthm does return an answer, then the answer must be correct. A randomzed algorthm has average-case success probablty ε f the probablty that the algorthm returns a correct answer, averaged over all problem nstances of a specfed sze, s at least ε (0 ε<1). For all x (randomly chosen among all nputs of sze s): Pr( Algo(x) s correct) ε (ε,q)-algorthm : termnology to desgn a Las Vegas algorthm that: the average-case success probablty ε the number of oracle queres made by algorthms s at most q. 2
3 Example of (ε,q)-algorthm Algorthm 4.1: FIND PREIMAGE (h, y, q) choose any X 0 X, X 0 = q for each x X 0 do { f h(x) = y then return (x) ; } return (falure) THEOREM 4.2 For any X 0 X wth X 0 = q, the average-case success probablty of Algorthm 4.1 s ε=1 - (1-1/M) q. Algorthm 4.1 s a (1 - (1-1/M) q ; q ) algorthm Proof Let y Y be fxed. Let Χ 0 = {x 1,x 2..,x q }. The Algo s successful ff there exsts such that h(x ) = y. For 1 q, let E denote the event h(x ) = y. The E s are ndependent events; from Theo. 4.1, Pr[E ] = 1/M for all 1 q. Therefore, Pr[E 1 E 2... E q ] =1 1 1 q M The success probablty of Algorthm 4.1, for any fxed y, s constant. Therefore, the success probablty averaged over all y Y s dentcal, too. Message Authentcaton Codes One common way of constructng a MAC s to ncorporate a secret key nto an unkeyed hash functon. Suppose we construct a keyed hash functon h K from an unkeyed terated hash functon h, by defnng IV=K and keepng ths ntal value secret. Attack: the adversary can easly compute hash wthout knowng K (so IV) wth a (1-1) algorthm: Let t = sze of the blocks n the terated scheme Choose x and compute z r = h(x pad(x)) (one oracle call) Let x = x pad(x) w, where w s any btstrng of length t Let y = x pad(x ) = x pad(x) w pad(x ) (snce paddng s known) Now compute y = IteratedScheme( y, w pad(x ) ) (terated scheme s known) Return y ; 3
4 Message Authentcaton Codes Assume MD terated scheme s used, let z r = h K (x) The adversary computes z r+1 compress(h K (x) y r+1 ) z r+2 compress(z r+1 y r+2 ) z r compress((z r -11 y r ) and returns z r that verfes z r =h K (x ). Def: an (ε,q)-forger s an adversary who queres message x 1,,x q, gets a vald (x, y), x! {x 1,,x q } wth a probablty at least ε that the adversary outputs a forgery (e a correct couple (x,h(x)) Nested MACs and HMAC A nested MAC bulds a MAC algorthm from the composton of two hash famles (X,Y,K,G), (Y,Z,L,H) composton: (X,Z,M,G H) M = K L G H = { g h: g G, h H } (g h) (K,L) (x) = h L ( g K (x) ) for all x X The nested MAC s secure f (Y,Z,L,H) s secure as a MAC, gven a fxed key (X,Y,K,G) s collson-resstant, gven a fxed key 4
5 Nested MACs and HMAC 3 adversares: a forger for the nested MAC (bg MAC attack) (K,L) s chosen and kept secret The adversary chooses x and query a bg (nested) MAC oracle for values of h L (g K (x)) output (x,z) such that z = h L (g K (x )) (x was not query) a forger for the lttle MAC (lttle MAC attack) (Y,Z,L,H) L s chosen and kept secret The adversary chooses y and query a lttle MAC oracle for values of h L (y) output (y,z) such that z = h L (y ) (y was not query) Nested MACs and HMAC a collson-fnder for the hash functon, when the key s secret (unknown-key collson attack) (X,Y,K,G) K s secret The adversary chooses x and query a hash oracle for values of g K (x) output x, x such that x x and g K (x ) = g K (x ) 5
6 Nested MACs and HMAC THEOREM 4.9 Suppose (X,Z,M,G H) s a nested MAC. Suppose there does not exst an (ε 1,q+1)-collson attack for a randomly chosen functon g K G, when the key K s secret. Further, suppose that there does not exst an (ε 2,q)-forger for a randomly chosen functon h L H, where L s secret. Fnally, suppose there exsts an (ε,q)-forger for the nested MAC, for a randomly chosen functon (g h) (K,L) G H. Then ε ε 1 +ε 2 Proof Adversary queres x 1,..,x q to a bg MAC oracle and get (x 1, z 1 )..(x q, z q ) and outputs vald (x, z) Proof x, x 1,.., x q make q+1 queres to a hash oracle. y = g K (x), y 1 = g K (x 1 ),..., y q = g K (x q ) f y {y 1,..,y q }, say y = y, then x, x s soluton to Collson f y! {y 1,..,y q }, output (y, z) whch s a vald par for the lttle MAC. make q lttle MAC queres and get (y 1,z 1 ),..., (y q,z q ) probablty that (x, z) s vald and y! {y 1,..,y q } s at least ε-ε 1. Success probablty of any lttle MAC attack s most ε 2 so ε 2 ε-ε 1 ε ε 1 +ε 2 6
7 Nested MACs and HMAC HMAC s a nested MAC algorthm that s proposed FIPS standard. HMAC K (x) = SHA-1( (K opad) SHA-1( (K pad) x ) ) x s a message K s a 512-bt key pad = (512 bt) opad = 5C5C.5C (512 bt) CBC-MAC(x, K) Cryptosystem 4.2: CBC-MAC (x, K) denote x = x 1 x n,x s a btstrng of length t IV (t zeroes) y 0 IV for 1 to n do y e K (y -1 x ) return (y n ) 7
8 CBC-MAC(x, K) (1/2, O(2 t/2 ))-forger attack n 3, q t/2 x 3,, x n are fxed btstrngs of length t. choose any q dstnct btstrngs of length t, x 11,, x 1q, and randomly choose x 21,, x 2 q defne x l = x l, for 1 q and 3 l n defne x = x 1 x n for 1 q x x j f j, because x 1 x 1j. The adversary requests the MACs of x 1, x 2,, x q CBC-MAC(x, K) In the computaton of MAC of each x, values y 0 y n are computed, and y n s the resultng MAC. Now suppose that and x have x dentcal MACs. h K (x ) = h K (x j ) f and only f y 2 = y 2j, whch happens f and only f y 1 x 2 = y j 1 x 2j. Let x δ be any btstrng of length t v = x 1 (x 2 x δ ) x n w = x j 1 (x j 2 x δ ) x j n The adversary requests the MAC of v It s not dffcult to see that v and w have dentcal MACs, so the adversary s successfully able to construct the MAC of w,.e. h K (w) = h K (v)!!! 8
9 4.5 Uncondtonally Secure MACs (Skp ths secton!!) Uncondtonally secure MACs a key s used to produce only one authentcaton tag an adversary make at most one query. Decepton probablty Pd q maxmum value of ε such that (ε,q)-forger for q = 0, 1 payoff (x, y) = Pr[y = h K0 (x)] Impersonaton attack ((ε,0)-forger) Pd 0 = max{ payoff(x,y): x X, y Y } (4.1) Uncondtonally Secure MACs Substtuton attack ((ε,1)-forger) query x and y s reply, x X, y Y probablty that (x, y ) s a vald s payoff(x,y ;x,y), x X and x x payoff(x,y ;x,y) = Pr[y = h K0 (x )) y = h K0 (x)] = V = {(x, y): {K K : h K (x) = y} 1} Pd 1 = max{ payoff(x, y ; x, y): x, x X, y, y Y, (x,y) V, x x } (4.2) 9
10 Uncondtonally Secure MACs Example 4.1 X = Y = Z 3 and K = Z 3 Z 3 for each K = (a,b) K and each x X, h (a,b) (x) = ax + b mod 3 H = {h (a,b) : (a,b) Z 3 Z 3 } Pd 0 = 1/3 query x = 0 and answer y = 0 possble key K 0 {(0,0),(1,0),(2,0)} If (1,1) s vald ff K 0 = (1,0) The probablty that K 0 s key s 1/3 Pd 1 = 1/3 Key\x (0,0) (0,1) (0,2) (1,0) (1,1) (1,2) (2,0) (2,1) (2,2) Authentcaton matrx Strongly Unversal Hash Famles Defnton 4.2: Suppose that (X,Y,K,H) s an (N,M) hash famly. Ths hash famly s strongly unversal provded that the followng condton s satsfed for every x, x X such that x x, and for every y, y Y : {K K : h K (x) = y, h K (x ) = y } = K /M 2 Example 4.1 s a strongly unversal (3,3)-hash famly. 10
11 Uncondtonally Secure MACs LEMMA 4.10 Suppose that (X,Y,K,H) s a strongly unversal (N,M)-hash famly. Then {K K : h K (x) = y} = K /M for every x X and for every y Y. Proof x, x X and y Y, where x x {K K : h K (x) = y} = Uncondtonally Secure MACs THEOREM 4.11 Suppose that (X,Y,K,H) s a strongly unversal (N,M)-hash famly. Then (X,Y,K,H) s an authentcaton code wth Pd 0 = Pd 1 = 1/M Proof From Lemma 4.10 payoff(x,y) = 1/M for every x X and y Y, and Pd 0 = 1/M x,x X such that x x and y,y Y, where (x,y) V payoff(x,y ;x,y)= Therefore Pd 1 = 1/M 11
12 Uncondtonally Secure MACs THEOREM 4.12 Let p be prme. For a, b Z p, defne f a,b : Z p Z p by the rule f (a,b) (x) = ax + b mod p Then (Z p, Z p, Z p Z p, {f a,b : Z p Z p }) s a strongly unversal (p,p)-hash famly. Proof x, x, y, y Z p, where x x. ax + b y (mod p), and a x + b y (mod p) a = (y-y )(x -x) -1 mod p, and b = y - x(y -y)(x -x) -1 mod p (note that (x - x) -1 mod p exsts because x! x (mod p) and p s prme) 12
Introduction to Algorithms
Introducton to Algorthms 6.046J/8.40J Lecture 7 Prof. Potr Indyk Data Structures Role of data structures: Encapsulate data Support certan operatons (e.g., INSERT, DELETE, SEARCH) Our focus: effcency of
More informationLecture 4: Universal Hash Functions/Streaming Cont d
CSE 5: Desgn and Analyss of Algorthms I Sprng 06 Lecture 4: Unversal Hash Functons/Streamng Cont d Lecturer: Shayan Oves Gharan Aprl 6th Scrbe: Jacob Schreber Dsclamer: These notes have not been subjected
More informationCryptanalysis of pairing-free certificateless authenticated key agreement protocol
Cryptanalyss of parng-free certfcateless authentcated key agreement protocol Zhan Zhu Chna Shp Development Desgn Center CSDDC Wuhan Chna Emal: zhuzhan0@gmal.com bstract: Recently He et al. [D. He J. Chen
More informationIntroduction to Algorithms
Introducton to Algorthms 6.046J/18.401J Lecture 7 Prof. Potr Indyk Data Structures Role of data structures: Encapsulate data Support certan operatons (e.g., INSERT, DELETE, SEARCH) What data structures
More informationProvable Security Signatures
Provable Securty Sgnatures UCL - Louvan-la-Neuve Wednesday, July 10th, 2002 LIENS-CNRS Ecole normale supéreure Summary Introducton Sgnature FD PSS Forkng Lemma Generc Model Concluson Provable Securty -
More informationAttacks on RSA The Rabin Cryptosystem Semantic Security of RSA Cryptology, Tuesday, February 27th, 2007 Nils Andersen. Complexity Theoretic Reduction
Attacks on RSA The Rabn Cryptosystem Semantc Securty of RSA Cryptology, Tuesday, February 27th, 2007 Nls Andersen Square Roots modulo n Complexty Theoretc Reducton Factorng Algorthms Pollard s p 1 Pollard
More informationCalculation of time complexity (3%)
Problem 1. (30%) Calculaton of tme complexty (3%) Gven n ctes, usng exhaust search to see every result takes O(n!). Calculaton of tme needed to solve the problem (2%) 40 ctes:40! dfferent tours 40 add
More informationLecture Space-Bounded Derandomization
Notes on Complexty Theory Last updated: October, 2008 Jonathan Katz Lecture Space-Bounded Derandomzaton 1 Space-Bounded Derandomzaton We now dscuss derandomzaton of space-bounded algorthms. Here non-trval
More informationCryptanalysis of Some Double-Block-Length Hash Modes of Block Ciphers with n-bit Block and n-bit Key
Cryptanalyss of Some Double-Block-Length Hash Modes of Block Cphers wth n-bt Block and n-bt Key Deukjo Hong and Daesung Kwon Abstract In ths paper, we make attacks on DBL (Double-Block-Length) hash modes
More informationLecture Notes on Linear Regression
Lecture Notes on Lnear Regresson Feng L fl@sdueducn Shandong Unversty, Chna Lnear Regresson Problem In regresson problem, we am at predct a contnuous target value gven an nput feature vector We assume
More informationInner Product. Euclidean Space. Orthonormal Basis. Orthogonal
Inner Product Defnton 1 () A Eucldean space s a fnte-dmensonal vector space over the reals R, wth an nner product,. Defnton 2 (Inner Product) An nner product, on a real vector space X s a symmetrc, blnear,
More informationModule 3 LOSSY IMAGE COMPRESSION SYSTEMS. Version 2 ECE IIT, Kharagpur
Module 3 LOSSY IMAGE COMPRESSION SYSTEMS Verson ECE IIT, Kharagpur Lesson 6 Theory of Quantzaton Verson ECE IIT, Kharagpur Instructonal Objectves At the end of ths lesson, the students should be able to:
More informationCHALMERS GÖTEBORGS UNIVERSITET. TDA352 (Chalmers) - DIT250 (GU) 12 Jan. 2017, 14:00-18:00
CHALMERS GÖTEBORGS UNIVERSITET CRYPTOGRAPHY TDA352 (Chalmers) - DIT250 (GU) 12 Jan. 2017, 14:00-18:00 No extra materal s allowed durng the exam except for pens and a smple calculator (not smartphones).
More informationErrors for Linear Systems
Errors for Lnear Systems When we solve a lnear system Ax b we often do not know A and b exactly, but have only approxmatons  and ˆb avalable. Then the best thng we can do s to solve ˆx ˆb exactly whch
More informationFirst Year Examination Department of Statistics, University of Florida
Frst Year Examnaton Department of Statstcs, Unversty of Florda May 7, 010, 8:00 am - 1:00 noon Instructons: 1. You have four hours to answer questons n ths examnaton.. You must show your work to receve
More informationDISCRIMINANTS AND RAMIFIED PRIMES. 1. Introduction A prime number p is said to be ramified in a number field K if the prime ideal factorization
DISCRIMINANTS AND RAMIFIED PRIMES KEITH CONRAD 1. Introducton A prme number p s sad to be ramfed n a number feld K f the prme deal factorzaton (1.1) (p) = po K = p e 1 1 peg g has some e greater than 1.
More informationLecture 3: Shannon s Theorem
CSE 533: Error-Correctng Codes (Autumn 006 Lecture 3: Shannon s Theorem October 9, 006 Lecturer: Venkatesan Guruswam Scrbe: Wdad Machmouch 1 Communcaton Model The communcaton model we are usng conssts
More informationMessage modification, neutral bits and boomerangs
Message modfcaton, neutral bts and boomerangs From whch round should we start countng n SHA? Antone Joux DGA and Unversty of Versalles St-Quentn-en-Yvelnes France Jont work wth Thomas Peyrn 1 Dfferental
More informationLearning Theory: Lecture Notes
Learnng Theory: Lecture Notes Lecturer: Kamalka Chaudhur Scrbe: Qush Wang October 27, 2012 1 The Agnostc PAC Model Recall that one of the constrants of the PAC model s that the data dstrbuton has to be
More informationWeek 5: Neural Networks
Week 5: Neural Networks Instructor: Sergey Levne Neural Networks Summary In the prevous lecture, we saw how we can construct neural networks by extendng logstc regresson. Neural networks consst of multple
More informationMin Cut, Fast Cut, Polynomial Identities
Randomzed Algorthms, Summer 016 Mn Cut, Fast Cut, Polynomal Identtes Instructor: Thomas Kesselhem and Kurt Mehlhorn 1 Mn Cuts n Graphs Lecture (5 pages) Throughout ths secton, G = (V, E) s a mult-graph.
More information3.1 Expectation of Functions of Several Random Variables. )' be a k-dimensional discrete or continuous random vector, with joint PMF p (, E X E X1 E X
Statstcs 1: Probablty Theory II 37 3 EPECTATION OF SEVERAL RANDOM VARIABLES As n Probablty Theory I, the nterest n most stuatons les not on the actual dstrbuton of a random vector, but rather on a number
More informationGoogle PageRank with Stochastic Matrix
Google PageRank wth Stochastc Matrx Md. Sharq, Puranjt Sanyal, Samk Mtra (M.Sc. Applcatons of Mathematcs) Dscrete Tme Markov Chan Let S be a countable set (usually S s a subset of Z or Z d or R or R d
More informationLogarithm Cartesian authentication codes
Informaton and Computaton 184 23 93 18 www.elsever.com/locate/c Logarthm Cartesan authentcaton codes T.W. Sze, a S. Chanson, a C. Dng, a T. Helleseth, b and M.G. Parker b, a Department of Computer Scence,
More informationA 2D Bounded Linear Program (H,c) 2D Linear Programming
A 2D Bounded Lnear Program (H,c) h 3 v h 8 h 5 c h 4 h h 6 h 7 h 2 2D Lnear Programmng C s a polygonal regon, the ntersecton of n halfplanes. (H, c) s nfeasble, as C s empty. Feasble regon C s unbounded
More informationNotes on Frequency Estimation in Data Streams
Notes on Frequency Estmaton n Data Streams In (one of) the data streamng model(s), the data s a sequence of arrvals a 1, a 2,..., a m of the form a j = (, v) where s the dentty of the tem and belongs to
More informationLinear Regression Analysis: Terminology and Notation
ECON 35* -- Secton : Basc Concepts of Regresson Analyss (Page ) Lnear Regresson Analyss: Termnology and Notaton Consder the generc verson of the smple (two-varable) lnear regresson model. It s represented
More informationLecture 10: May 6, 2013
TTIC/CMSC 31150 Mathematcal Toolkt Sprng 013 Madhur Tulsan Lecture 10: May 6, 013 Scrbe: Wenje Luo In today s lecture, we manly talked about random walk on graphs and ntroduce the concept of graph expander,
More informationExpected Value and Variance
MATH 38 Expected Value and Varance Dr. Neal, WKU We now shall dscuss how to fnd the average and standard devaton of a random varable X. Expected Value Defnton. The expected value (or average value, or
More informationAPPENDIX A Some Linear Algebra
APPENDIX A Some Lnear Algebra The collecton of m, n matrces A.1 Matrces a 1,1,..., a 1,n A = a m,1,..., a m,n wth real elements a,j s denoted by R m,n. If n = 1 then A s called a column vector. Smlarly,
More informationFinding Dense Subgraphs in G(n, 1/2)
Fndng Dense Subgraphs n Gn, 1/ Atsh Das Sarma 1, Amt Deshpande, and Rav Kannan 1 Georga Insttute of Technology,atsh@cc.gatech.edu Mcrosoft Research-Bangalore,amtdesh,annan@mcrosoft.com Abstract. Fndng
More informationLecture 3: Probability Distributions
Lecture 3: Probablty Dstrbutons Random Varables Let us begn by defnng a sample space as a set of outcomes from an experment. We denote ths by S. A random varable s a functon whch maps outcomes nto the
More information8.4 COMPLEX VECTOR SPACES AND INNER PRODUCTS
SECTION 8.4 COMPLEX VECTOR SPACES AND INNER PRODUCTS 493 8.4 COMPLEX VECTOR SPACES AND INNER PRODUCTS All the vector spaces you have studed thus far n the text are real vector spaces because the scalars
More informationStanford University CS254: Computational Complexity Notes 7 Luca Trevisan January 29, Notes for Lecture 7
Stanford Unversty CS54: Computatonal Complexty Notes 7 Luca Trevsan January 9, 014 Notes for Lecture 7 1 Approxmate Countng wt an N oracle We complete te proof of te followng result: Teorem 1 For every
More informationProblem Set 9 Solutions
Desgn and Analyss of Algorthms May 4, 2015 Massachusetts Insttute of Technology 6.046J/18.410J Profs. Erk Demane, Srn Devadas, and Nancy Lynch Problem Set 9 Solutons Problem Set 9 Solutons Ths problem
More informationFinding Primitive Roots Pseudo-Deterministically
Electronc Colloquum on Computatonal Complexty, Report No 207 (205) Fndng Prmtve Roots Pseudo-Determnstcally Ofer Grossman December 22, 205 Abstract Pseudo-determnstc algorthms are randomzed search algorthms
More information6.842 Randomness and Computation February 18, Lecture 4
6.842 Randomness and Computaton February 18, 2014 Lecture 4 Lecturer: Rontt Rubnfeld Scrbe: Amartya Shankha Bswas Topcs 2-Pont Samplng Interactve Proofs Publc cons vs Prvate cons 1 Two Pont Samplng 1.1
More informationThe Multiple Classical Linear Regression Model (CLRM): Specification and Assumptions. 1. Introduction
ECONOMICS 5* -- NOTE (Summary) ECON 5* -- NOTE The Multple Classcal Lnear Regresson Model (CLRM): Specfcaton and Assumptons. Introducton CLRM stands for the Classcal Lnear Regresson Model. The CLRM s also
More information1 Matrix representations of canonical matrices
1 Matrx representatons of canoncal matrces 2-d rotaton around the orgn: ( ) cos θ sn θ R 0 = sn θ cos θ 3-d rotaton around the x-axs: R x = 1 0 0 0 cos θ sn θ 0 sn θ cos θ 3-d rotaton around the y-axs:
More informationp 1 c 2 + p 2 c 2 + p 3 c p m c 2
Where to put a faclty? Gven locatons p 1,..., p m n R n of m houses, want to choose a locaton c n R n for the fre staton. Want c to be as close as possble to all the house. We know how to measure dstance
More informationStanford University CS359G: Graph Partitioning and Expanders Handout 4 Luca Trevisan January 13, 2011
Stanford Unversty CS359G: Graph Parttonng and Expanders Handout 4 Luca Trevsan January 3, 0 Lecture 4 In whch we prove the dffcult drecton of Cheeger s nequalty. As n the past lectures, consder an undrected
More informationTHE ARIMOTO-BLAHUT ALGORITHM FOR COMPUTATION OF CHANNEL CAPACITY. William A. Pearlman. References: S. Arimoto - IEEE Trans. Inform. Thy., Jan.
THE ARIMOTO-BLAHUT ALGORITHM FOR COMPUTATION OF CHANNEL CAPACITY Wllam A. Pearlman 2002 References: S. Armoto - IEEE Trans. Inform. Thy., Jan. 1972 R. Blahut - IEEE Trans. Inform. Thy., July 1972 Recall
More informationLecture 5 September 17, 2015
CS 229r: Algorthms for Bg Data Fall 205 Prof. Jelan Nelson Lecture 5 September 7, 205 Scrbe: Yakr Reshef Recap and overvew Last tme we dscussed the problem of norm estmaton for p-norms wth p > 2. We had
More informationComments on a secure dynamic ID-based remote user authentication scheme for multiserver environment using smart cards
Comments on a secure dynamc ID-based remote user authentcaton scheme for multserver envronment usng smart cards Debao He chool of Mathematcs tatstcs Wuhan nversty Wuhan People s Republc of Chna Emal: hedebao@63com
More informationRSA /2002/13(08) , ); , ) RSA RSA : RSA RSA [2] , [1,4]
1000-9825/2002/13(081729-06 2002 Journal of Software Vol13, No8 RSA 1,2 1, 1 (, 200433; 2 (, 200070 E-mal: yfhu@fudaneducn http://wwwfudaneducn : RSA RSA :, ; RSA,,, RSA,, : ; RSA ; ;RSA; : TP309 : A RSA
More informationCS : Algorithms and Uncertainty Lecture 17 Date: October 26, 2016
CS 29-128: Algorthms and Uncertanty Lecture 17 Date: October 26, 2016 Instructor: Nkhl Bansal Scrbe: Mchael Denns 1 Introducton In ths lecture we wll be lookng nto the secretary problem, and an nterestng
More informationHomework 9 Solutions. 1. (Exercises from the book, 6 th edition, 6.6, 1-3.) Determine the number of distinct orderings of the letters given:
Homework 9 Solutons PROBLEM ONE 1 (Exercses from the book, th edton,, 1-) Determne the number of dstnct orderngs of the letters gven: (a) GUIDE Soluton: 5! (b) SCHOOL Soluton:! (c) SALESPERSONS Soluton:
More informationIntroduction to Cryptography
B504 / I538: Introduction to Cryptography Spring 2017 Lecture 12 Recall: MAC existential forgery game 1 n Challenger (C) k Gen(1 n ) Forger (A) 1 n m 1 m 1 M {m} t 1 MAC k (m 1 ) t 1 m 2 m 2 M {m} t 2
More informationLecture 21: Numerical methods for pricing American type derivatives
Lecture 21: Numercal methods for prcng Amercan type dervatves Xaoguang Wang STAT 598W Aprl 10th, 2014 (STAT 598W) Lecture 21 1 / 26 Outlne 1 Fnte Dfference Method Explct Method Penalty Method (STAT 598W)
More informationLow-Contention Data Structures
Low-Contenton Data Structures [Extended Abstract] James Aspnes Department of Computer Scence Yale Unversty New Haven, CT 06511 aspnes@cs.yale.edu Davd Esenstat Ytong Yn esenstatdavd@gmal.com State Key
More informationENEE 459-C Computer Security. Message authentication (continue from previous lecture)
ENEE 459-C Computer Security Message authentication (continue from previous lecture) Last lecture Hash function Cryptographic hash function Message authentication with hash function (attack?) with cryptographic
More informationConvexity preserving interpolation by splines of arbitrary degree
Computer Scence Journal of Moldova, vol.18, no.1(52), 2010 Convexty preservng nterpolaton by splnes of arbtrary degree Igor Verlan Abstract In the present paper an algorthm of C 2 nterpolaton of dscrete
More informationEGR 544 Communication Theory
EGR 544 Communcaton Theory. Informaton Sources Z. Alyazcoglu Electrcal and Computer Engneerng Department Cal Poly Pomona Introducton Informaton Source x n Informaton sources Analog sources Dscrete sources
More informationComplete subgraphs in multipartite graphs
Complete subgraphs n multpartte graphs FLORIAN PFENDER Unverstät Rostock, Insttut für Mathematk D-18057 Rostock, Germany Floran.Pfender@un-rostock.de Abstract Turán s Theorem states that every graph G
More informationFirst day August 1, Problems and Solutions
FOURTH INTERNATIONAL COMPETITION FOR UNIVERSITY STUDENTS IN MATHEMATICS July 30 August 4, 997, Plovdv, BULGARIA Frst day August, 997 Problems and Solutons Problem. Let {ε n } n= be a sequence of postve
More informationNumerical Algorithms for Visual Computing 2008/09 Example Solutions for Assignment 4. Problem 1 (Shift invariance of the Laplace operator)
Numercal Algorthms for Vsual Computng 008/09 Example Solutons for Assgnment 4 Problem (Shft nvarance of the Laplace operator The Laplace equaton s shft nvarant,.e., nvarant under translatons x x + a, y
More informationLai-Massey Scheme and Quasi-Feistel Networks (Extended Abstract)
La-Massey Scheme and Quas-Festel Networks (Extended Abstract Aaram Yun, Je Hong Park 2, and Jooyoung Lee 2 Unversty of Mnnesota - Twn Ctes aaramyun@gmalcom 2 ETRI Network & Communcaton Securty Dvson, Korea
More information5199/IOC5063 Theory of Cryptology, 2014 Fall
5199/IOC5063 Theory of Cryptology, 2014 Fall Homework 2 Reference Solution 1. This is about the RSA common modulus problem. Consider that two users A and B use the same modulus n = 146171 for the RSA encryption.
More informationREAL ANALYSIS I HOMEWORK 1
REAL ANALYSIS I HOMEWORK CİHAN BAHRAN The questons are from Tao s text. Exercse 0.0.. If (x α ) α A s a collecton of numbers x α [0, + ] such that x α
More informationSingular Value Decomposition: Theory and Applications
Sngular Value Decomposton: Theory and Applcatons Danel Khashab Sprng 2015 Last Update: March 2, 2015 1 Introducton A = UDV where columns of U and V are orthonormal and matrx D s dagonal wth postve real
More informationarxiv: v1 [math.co] 1 Mar 2014
Unon-ntersectng set systems Gyula O.H. Katona and Dánel T. Nagy March 4, 014 arxv:1403.0088v1 [math.co] 1 Mar 014 Abstract Three ntersecton theorems are proved. Frst, we determne the sze of the largest
More informationVQ widely used in coding speech, image, and video
at Scalar quantzers are specal cases of vector quantzers (VQ): they are constraned to look at one sample at a tme (memoryless) VQ does not have such constrant better RD perfomance expected Source codng
More informationLecture 10 Support Vector Machines II
Lecture 10 Support Vector Machnes II 22 February 2016 Taylor B. Arnold Yale Statstcs STAT 365/665 1/28 Notes: Problem 3 s posted and due ths upcomng Frday There was an early bug n the fake-test data; fxed
More informationIntroduction to Information Security
Introduction to Information Security Lecture 4: Hash Functions and MAC 2007. 6. Prof. Byoungcheon Lee sultan (at) joongbu. ac. kr Information and Communications University Contents 1. Introduction - Hash
More informationMath 594. Solutions 1
Math 594. Solutons 1 1. Let V and W be fnte-dmensonal vector spaces over a feld F. Let G = GL(V ) and H = GL(W ) be the assocated general lnear groups. Let X denote the vector space Hom F (V, W ) of lnear
More informationLecture 14 (03/27/18). Channels. Decoding. Preview of the Capacity Theorem.
Lecture 14 (03/27/18). Channels. Decodng. Prevew of the Capacty Theorem. A. Barg The concept of a communcaton channel n nformaton theory s an abstracton for transmttng dgtal (and analog) nformaton from
More informationTHE CHINESE REMAINDER THEOREM. We should thank the Chinese for their wonderful remainder theorem. Glenn Stevens
THE CHINESE REMAINDER THEOREM KEITH CONRAD We should thank the Chnese for ther wonderful remander theorem. Glenn Stevens 1. Introducton The Chnese remander theorem says we can unquely solve any par of
More informationMaximizing the number of nonnegative subsets
Maxmzng the number of nonnegatve subsets Noga Alon Hao Huang December 1, 213 Abstract Gven a set of n real numbers, f the sum of elements of every subset of sze larger than k s negatve, what s the maxmum
More information1 The Mistake Bound Model
5-850: Advanced Algorthms CMU, Sprng 07 Lecture #: Onlne Learnng and Multplcatve Weghts February 7, 07 Lecturer: Anupam Gupta Scrbe: Bryan Lee,Albert Gu, Eugene Cho he Mstake Bound Model Suppose there
More informationAPPROXIMATE PRICES OF BASKET AND ASIAN OPTIONS DUPONT OLIVIER. Premia 14
APPROXIMAE PRICES OF BASKE AND ASIAN OPIONS DUPON OLIVIER Prema 14 Contents Introducton 1 1. Framewor 1 1.1. Baset optons 1.. Asan optons. Computng the prce 3. Lower bound 3.1. Closed formula for the prce
More informationChapter 8 SCALAR QUANTIZATION
Outlne Chapter 8 SCALAR QUANTIZATION Yeuan-Kuen Lee [ CU, CSIE ] 8.1 Overvew 8. Introducton 8.4 Unform Quantzer 8.5 Adaptve Quantzaton 8.6 Nonunform Quantzaton 8.7 Entropy-Coded Quantzaton Ch 8 Scalar
More informationSupplement: Proofs and Technical Details for The Solution Path of the Generalized Lasso
Supplement: Proofs and Techncal Detals for The Soluton Path of the Generalzed Lasso Ryan J. Tbshran Jonathan Taylor In ths document we gve supplementary detals to the paper The Soluton Path of the Generalzed
More informationMath 261 Exercise sheet 2
Math 261 Exercse sheet 2 http://staff.aub.edu.lb/~nm116/teachng/2017/math261/ndex.html Verson: September 25, 2017 Answers are due for Monday 25 September, 11AM. The use of calculators s allowed. Exercse
More information2.3 Nilpotent endomorphisms
s a block dagonal matrx, wth A Mat dm U (C) In fact, we can assume that B = B 1 B k, wth B an ordered bass of U, and that A = [f U ] B, where f U : U U s the restrcton of f to U 40 23 Nlpotent endomorphsms
More informationσ τ τ τ σ τ τ τ σ Review Chapter Four States of Stress Part Three Review Review
Chapter Four States of Stress Part Three When makng your choce n lfe, do not neglect to lve. Samuel Johnson Revew When we use matrx notaton to show the stresses on an element The rows represent the axs
More informationCryptography CS 555. Topic 13: HMACs and Generic Attacks
Cryptography CS 555 Topic 13: HMACs and Generic Attacks 1 Recap Cryptographic Hash Functions Merkle-Damgård Transform Today s Goals: HMACs (constructing MACs from collision-resistant hash functions) Generic
More informationThe Second Anti-Mathima on Game Theory
The Second Ant-Mathma on Game Theory Ath. Kehagas December 1 2006 1 Introducton In ths note we wll examne the noton of game equlbrum for three types of games 1. 2-player 2-acton zero-sum games 2. 2-player
More informationLecture 7: Gluing prevarieties; products
Lecture 7: Glung prevaretes; products 1 The category of algebrac prevaretes Proposton 1. Let (f,ϕ) : (X,O X ) (Y,O Y ) be a morphsm of algebrac prevaretes. If U X and V Y are affne open subvaretes wth
More informationU.C. Berkeley CS294: Spectral Methods and Expanders Handout 8 Luca Trevisan February 17, 2016
U.C. Berkeley CS94: Spectral Methods and Expanders Handout 8 Luca Trevsan February 7, 06 Lecture 8: Spectral Algorthms Wrap-up In whch we talk about even more generalzatons of Cheeger s nequaltes, and
More informationCHAPTER III Neural Networks as Associative Memory
CHAPTER III Neural Networs as Assocatve Memory Introducton One of the prmary functons of the bran s assocatve memory. We assocate the faces wth names, letters wth sounds, or we can recognze the people
More informationISSN: ISO 9001:2008 Certified International Journal of Engineering and Innovative Technology (IJEIT) Volume 3, Issue 1, July 2013
ISSN: 2277-375 Constructon of Trend Free Run Orders for Orthogonal rrays Usng Codes bstract: Sometmes when the expermental runs are carred out n a tme order sequence, the response can depend on the run
More informationTornado and Luby Transform Codes. Ashish Khisti Presentation October 22, 2003
Tornado and Luby Transform Codes Ashsh Khst 6.454 Presentaton October 22, 2003 Background: Erasure Channel Elas[956] studed the Erasure Channel β x x β β x 2 m x 2 k? Capacty of Noseless Erasure Channel
More informationA new construction of 3-separable matrices via an improved decoding of Macula s construction
Dscrete Optmzaton 5 008 700 704 Contents lsts avalable at ScenceDrect Dscrete Optmzaton journal homepage: wwwelsevercom/locate/dsopt A new constructon of 3-separable matrces va an mproved decodng of Macula
More informationInformation-Theoretic Timed-Release Security: Key-Agreement, Encryption, and Authentication Codes
Informaton-Theoretc Tmed-Release Securty: Key-Agreement, Encrypton, and Authentcaton Codes Yohe Watanabe, Takenobu Seto, Junj Shkata Graduate School of Envronment and Informaton Scences, Yokohama Natonal
More information5 The Rational Canonical Form
5 The Ratonal Canoncal Form Here p s a monc rreducble factor of the mnmum polynomal m T and s not necessarly of degree one Let F p denote the feld constructed earler n the course, consstng of all matrces
More information18.1 Introduction and Recap
CS787: Advanced Algorthms Scrbe: Pryananda Shenoy and Shjn Kong Lecturer: Shuch Chawla Topc: Streamng Algorthmscontnued) Date: 0/26/2007 We contnue talng about streamng algorthms n ths lecture, ncludng
More informationAppendix B. Criterion of Riemann-Stieltjes Integrability
Appendx B. Crteron of Remann-Steltes Integrablty Ths note s complementary to [R, Ch. 6] and [T, Sec. 3.5]. The man result of ths note s Theorem B.3, whch provdes the necessary and suffcent condtons for
More informationDesign and Analysis of Algorithms
Desgn and Analyss of Algorthms CSE 53 Lecture 4 Dynamc Programmng Junzhou Huang, Ph.D. Department of Computer Scence and Engneerng CSE53 Desgn and Analyss of Algorthms The General Dynamc Programmng Technque
More informationRandomness and Computation
Randomness and Computaton or, Randomzed Algorthms Mary Cryan School of Informatcs Unversty of Ednburgh RC 208/9) Lecture 0 slde Balls n Bns m balls, n bns, and balls thrown unformly at random nto bns usually
More informationMATH 5707 HOMEWORK 4 SOLUTIONS 2. 2 i 2p i E(X i ) + E(Xi 2 ) ä i=1. i=1
MATH 5707 HOMEWORK 4 SOLUTIONS CİHAN BAHRAN 1. Let v 1,..., v n R m, all lengths v are not larger than 1. Let p 1,..., p n [0, 1] be arbtrary and set w = p 1 v 1 + + p n v n. Then there exst ε 1,..., ε
More informationSELECTED PROOFS. DeMorgan s formulas: The first one is clear from Venn diagram, or the following truth table:
SELECTED PROOFS DeMorgan s formulas: The frst one s clear from Venn dagram, or the followng truth table: A B A B A B Ā B Ā B T T T F F F F T F T F F T F F T T F T F F F F F T T T T The second one can be
More informationFoundations of Arithmetic
Foundatons of Arthmetc Notaton We shall denote the sum and product of numbers n the usual notaton as a 2 + a 2 + a 3 + + a = a, a 1 a 2 a 3 a = a The notaton a b means a dvdes b,.e. ac = b where c s an
More informationCircular chosen-ciphertext security with compact ciphertexts
Crcular chosen-cphertext securty wth compact cphertexts Denns Hofhenz January 19, 2013 Abstract A key-dependent message (KDM secure encrypton scheme s secure even f an adversary obtans encryptons of messages
More informationVARIATION OF CONSTANT SUM CONSTRAINT FOR INTEGER MODEL WITH NON UNIFORM VARIABLES
VARIATION OF CONSTANT SUM CONSTRAINT FOR INTEGER MODEL WITH NON UNIFORM VARIABLES BÂRZĂ, Slvu Faculty of Mathematcs-Informatcs Spru Haret Unversty barza_slvu@yahoo.com Abstract Ths paper wants to contnue
More informationCollege of Computer & Information Science Fall 2009 Northeastern University 20 October 2009
College of Computer & Informaton Scence Fall 2009 Northeastern Unversty 20 October 2009 CS7880: Algorthmc Power Tools Scrbe: Jan Wen and Laura Poplawsk Lecture Outlne: Prmal-dual schema Network Desgn:
More informationÉCOLE POLYTECHNIQUE FÉDÉRALE DE LAUSANNE
ÉCOLE POLYTECHNIQUE FÉDÉRALE DE LAUSANNE School of Computer and Communcaton Scences Handout 0 Prncples of Dgtal Communcatons Solutons to Problem Set 4 Mar. 6, 08 Soluton. If H = 0, we have Y = Z Z = Y
More informationGeneralized Linear Methods
Generalzed Lnear Methods 1 Introducton In the Ensemble Methods the general dea s that usng a combnaton of several weak learner one could make a better learner. More formally, assume that we have a set
More informationEXPANSIVE MAPPINGS. by W. R. Utz
Volume 3, 978 Pages 6 http://topology.auburn.edu/tp/ EXPANSIVE MAPPINGS by W. R. Utz Topology Proceedngs Web: http://topology.auburn.edu/tp/ Mal: Topology Proceedngs Department of Mathematcs & Statstcs
More informationLeftovers from Lecture 3
Leftovers from Lecture 3 Implementing GF(2^k) Multiplication: Polynomial multiplication, and then remainder modulo the defining polynomial f(x): (1,1,0,1,1) *(0,1,0,1,1) = (1,1,0,0,1) For small size finite
More informationMath 217 Fall 2013 Homework 2 Solutions
Math 17 Fall 013 Homework Solutons Due Thursday Sept. 6, 013 5pm Ths homework conssts of 6 problems of 5 ponts each. The total s 30. You need to fully justfy your answer prove that your functon ndeed has
More information