a battle of bits building confidence in cryptography d j
play

A battle of bits: building confidence in cryptography D. J. - PDF document

Jul 25, 2023 •463 likes •1.63k views

A battle of bits: building confidence in cryptography D. J. Bernstein University of Illinois at Chicago Tanja Lange Technische Universiteit Eindhoven Negation joint work with: Peter Schwabe Academia Sinica ECC2K-130 joint work with: many,

  1. Our software solves random ECDL on the same curve (with no precomputation) in 35.6 PS3 years on average. For comparison: Bos–Kaihara–Kleinjung–Lenstra– Montgomery software uses 65 PS3 years on average. Computation used 158000 kWh (if PS3 ran at only 300W), wasting ❃ 70000 kWh, unnecessarily generating ❃ 10000 kilograms of carbon dioxide. (0.143 kg CO2 per Swiss kWh.)

  2. Several levels of speedups, starting with fast arithmetic mod ♣ = (2 128 � 3) ❂ (11 ✁ 6949) and continuing up through rho. Most important speedup: We use the negation map.

  3. Several levels of speedups, starting with fast arithmetic mod ♣ = (2 128 � 3) ❂ (11 ✁ 6949) and continuing up through rho. Most important speedup: We use the negation map. Extra cost in each iteration: extract bit of “ s ” (normalized ② , needed anyway); expand bit into mask; use mask to conditionally replace ( s❀ ② ) by ( � s❀ � ② ). 5.5 SPU cycles ( ✙ 1 ✿ 5% of total). No conditional branches.

  4. Bos–Kleinjung–Lenstra say that “on average more elliptic curve group operations are required per step of each walk. This is unavoidable” etc. Specifically: If the precomputed additive-walk table has r points, need 1 extra doubling to escape a cycle after ✙ 2 r additions. And more: “cycle reduction” etc. Bos–Kleinjung–Lenstra say that the benefit of large r is “wiped out by cache inefficiencies.”

  5. There’s really no problem here! We use r = 2048. 1 ❂ (2 r ) = 1 ❂ 4096; negligible. Recall: ♣ has 112 bits. 28 bytes for table entry ( ①❀ ② ). We expand to 36 bytes to accelerate arithmetic. We compress to 32 bytes by insisting on small ①❀ ② ; very fast initial computation. Only 64KB for table. Our Cell table-load cost: 0, overlapping loads with arithmetic. No “cache inefficiencies.”

  6. What about fruitless cycles? We run 45 iterations. We then save s ; run 2 slightly slower iterations tracking minimum ( s❀ ①❀ ② ); then double tracked ( ①❀ ② ) if new s equals saved s . (Occasionally replace 2 by 12 to detect 4-cycles, 6-cycles. Such cycles are almost too rare to worry about, but detecting them has a completely negligible cost.)

  7. Maybe fruitless cycles waste some of the 47 iterations. ✿ ✿ ✿ but this is infrequent. Lose ✙ 0.6% of all iterations. Tracking minimum isn’t free, but most iterations skip it! Same for final s comparison. Still no conditional branches. Overall cost ✙ 1 ✿ 3%. Doubling occurs for only ✙ 1 ❂ 4096 of all iterations. We use SIMD quite lazily here; overall cost ✙ 0 ✿ 6%. Can reduce this cost further.

  8. Are we sure about all this? Are there hidden bottlenecks? Are we accidentally compromising walk randomness?

  9. Are we sure about all this? Are there hidden bottlenecks? Are we accidentally compromising walk randomness? Check by running experiments! e.g. Try 1000 experiments; check that average time is very close to our predictions.

  10. Are we sure about all this? Are there hidden bottlenecks? Are we accidentally compromising walk randomness? Check by running experiments! e.g. Try 1000 experiments; check that average time is very close to our predictions. Problem: 1000 experiments should take 35600 PS3 years. We don’t have many PS3s.

  11. Are we sure about all this? Are there hidden bottlenecks? Are we accidentally compromising walk randomness? Check by running experiments! e.g. Try 1000 experiments; check that average time is very close to our predictions. Problem: 1000 experiments should take 35600 PS3 years. We don’t have many PS3s. Solution: Try same algorithm at some smaller scales.

  12. Our software works for any curve ② 2 = ① 3 � 3 ① + ❜ over the same F ♣ . Same cost of field arithmetic, same cost of curve arithmetic. ② 2 = ① 3 � 3 ① + 238 2 has a point of order ✙ 2 50 . ② 2 = ① 3 � 3 ① + 372 2 has a point of order ✙ 2 55 . ② 2 = ① 3 � 3 ① + 240 2 has a point of order ✙ 2 60 . We tried ❃ 32000 experiments on each of these curves.

  13. Found distinguished points at the predicted rates. Found discrete logarithms using the predicted number of distinguished points. Negation conclusions: Sensible use of negation, with or without SIMD, has negligible impact on cost of each iteration. Impact on number of iterations ♣ is almost exactly 2. Overall benefit is ♣ extremely close to 2.

  14. How to evaluate security for sparse families?

  15. Get people to solve big challenges! 1997: Certicom announces several elliptic-curve challenges. “The Challenge is to compute the ECC private keys from the given list of ECC public keys and associated system parameters. This is the type of problem facing an adversary who wishes to completely defeat an elliptic curve cryptosystem.” Goals: help users select key sizes; compare random and Koblitz; compare F 2 ♠ and F ♣ ; etc.

  16. How to get them hooked? 1997: ECCp-79 broken by Baisley and Harley. 1997: ECC2-79 broken by Harley et al. 1998: ECCp-89, ECC2-89 broken by Harley et al. 1998: ECCp-97 broken by Harley et al. (1288 computers). 1998: ECC2K-95 broken by Harley et al. (200 computers). 1999: ECC2-97 broken by Harley et al. (740 computers). 2000: ECC2K-108 broken by Harley et al. (9500 computers).

  17. More challenging challenges Certicom: “The 109-bit Level I challenges are feasible using a very large network of computers. The 131-bit Level I challenges are expected to be infeasible against realistic software and hardware attacks, unless of course, a new algorithm for the ECDLP is discovered.” 2002: ECCp-109 broken by Monico et al. (10000 computers). 2004: ECC2-109 broken by Monico et al. (2600 computers). open: ECC2K-130

  18. With our latest implementations, ECC2K-130 is breakable in two years on average by ✎ 1595 Phenom II x4 955 CPUs,

  19. With our latest implementations, ECC2K-130 is breakable in two years on average by ✎ 1595 Phenom II x4 955 CPUs, ✎ or 1231 Playstation 3s,

  20. With our latest implementations, ECC2K-130 is breakable in two years on average by ✎ 1595 Phenom II x4 955 CPUs, ✎ or 1231 Playstation 3s, ✎ or 534 GTX 295 cards,

  21. With our latest implementations, ECC2K-130 is breakable in two years on average by ✎ 1595 Phenom II x4 955 CPUs, ✎ or 1231 Playstation 3s, ✎ or 534 GTX 295 cards, ✎ or 308 XC3S5000 FPGAs,

  22. With our latest implementations, ECC2K-130 is breakable in two years on average by ✎ 1595 Phenom II x4 955 CPUs, ✎ or 1231 Playstation 3s, ✎ or 534 GTX 295 cards, ✎ or 308 XC3S5000 FPGAs, ✎ or any combination thereof.

  23. With our latest implementations, ECC2K-130 is breakable in two years on average by ✎ 1595 Phenom II x4 955 CPUs, ✎ or 1231 Playstation 3s, ✎ or 534 GTX 295 cards, ✎ or 308 XC3S5000 FPGAs, ✎ or any combination thereof. This is a computation that Certicom called “infeasible”?

  24. With our latest implementations, ECC2K-130 is breakable in two years on average by ✎ 1595 Phenom II x4 955 CPUs, ✎ or 1231 Playstation 3s, ✎ or 534 GTX 295 cards, ✎ or 308 XC3S5000 FPGAs, ✎ or any combination thereof. This is a computation that Certicom called “infeasible”? Certicom has now backpedaled, saying that ECC2K-130 “may be within reach”.

  25. The target: ECC2K-130 The Koblitz curve ② 2 + ①② = ① 3 + 1 over F 2 131 has 4 ❵ points, where ❵ is prime. Field representation uses irreducible polynomial ❢ = ③ 131 + ③ 13 + ③ 2 + ③ + 1. Certicom generated their challenge points as two random points in order- ❵ subgroup by taking two random points on the curve and multiplying them by 4.

  26. This produced the following points P❀ ◗ : x(P) = 05 1C99BFA6 F18DE467 C80C23B9 8C7994AA y(P) = 04 2EA2D112 ECEC71FC F7E000D7 EFC978BD x(Q) = 06 C997F3E7 F2C66A4A 5D2FDA13 756A37B1 y(Q) = 04 A38D1182 9D32D347 BD0C0F58 4D546E9A (unique encoding of F 2 131 in hex). The challenge: Find an integer ❦ ✷ ❢ 0 ❀ 1 ❀ ✿ ✿ ✿ ❀ ❵ � 1 ❣ such that [ ❦ ] P = ◗ . Bigger picture: 128-bit curves have been proposed for real (RFID, TinyTate).

  27. Equivalence classes for Koblitz curves P and � P have same ① -coordinate. Search for ① -coordinate collision. Search space is only ❵❂ 2; this ♣ gives factor 2 speedup ✿ ✿ ✿ provided that ❢ ( P ✐ ) = ❢ ( � P ✐ ).

  28. Equivalence classes for Koblitz curves P and � P have same ① -coordinate. Search for ① -coordinate collision. Search space is only ❵❂ 2; this ♣ gives factor 2 speedup ✿ ✿ ✿ provided that ❢ ( P ✐ ) = ❢ ( � P ✐ ). More savings: P and ✛ ✐ ( P ) have ① ( ✛ ❥ ( P )) = ① ( P ) 2 ❥ . Consider equivalence classes under Frobenius and ✝ ; ♣ ♣ gain factor 2 ♥ = 2 ✁ 131. Need to ensure that the iteration function satisfies ❢ ( P ✐ ) = ❢ ( ✝ ✛ ❥ ( P ✐ )) for any ❥ .

  29. ♣ Savings is 2 ✁ 131 iterations— but the iteration function has become slower. How much slower?

  30. ♣ Savings is 2 ✁ 131 iterations— but the iteration function has become slower. How much slower? Could again define adding walk starting from ❥ P ✐ ❥ . Redefine ❥ P ✐ ❥ as canonical representative of class containing P ✐ : e.g., lexicographic minimum of P ✐ , � P ✐ , ✛ ( P ✐ ), etc. Iterations now involve many squarings, but squarings are not so expensive in characteristic 2.

  31. Iteration function for Koblitz curves Normal basis of finite field F 2 ♥ has elements ❢ ✏❀ ✏ 2 ❀ ✏ 2 2 ❀ ✏ 2 3 ❀ ✿ ✿ ✿ ❀ ✏ 2 ♥ � 1 ❣ . Representation for ① and ① 2 ✐ =0 ① ✐ ✏ 2 ✐ = ( ① 0 ❀ ① 1 ❀ ① 2 ❀ ✿ ✿ ✿ ❀ ① ♥ � 1 ) P ♥ � 1 ✐ =1 ① ✐ ✏ 2 ✐ = ( ① ♥ � 1 ❀ ① 0 ❀ ✿ ✿ ✿ ❀ ① ♥ � 2 ) P ♥ using ( ✏ 2 ♥ � 1 ) 2 = ✏ 2 ♥ = ✏ . Harley and Gallant-Lambert- Vanstone use that in normal basis, ① ( P ) and ① ( P ) 2 ❥ have same Hamming weight HW( ① ( P )) = P ♥ � 1 ✐ =0 ① ✐ (addition over Z ).

  32. Suggestion: P ✐ +1 = P ✐ + ✛ ❥ ( P ✐ ) ❀ as iteration function. Choice of ❥ depends on HW( ① ( P )). This ensures that the walk is well defined on classes since ❢ ( ✝ ✛ ♠ ( P ✐ )) = ✝ ✛ ♠ ( P ✐ ) + ✛ ❥ ( ✝ ✛ ♠ ( P ✐ )) = ✝ ( ✛ ♠ ( P ✐ ) + ✛ ♠ ( ✛ ❥ ( P ✐ ))) = ✝ ✛ ♠ ( P ✐ + ✛ ❥ ( P ✐ )) = ✝ ✛ ♠ ( P ✐ +1 ) ✿

  33. GLV suggest using ❥ = hash(HW( ① ( P ))), where the hash function maps to [1 ❀ ♥ ]. Harley uses a smaller set of exponents; for his attack on ECC2K-108 he takes ❥ ✷ ❢ 1 ❀ 2 ❀ 4 ❀ 5 ❀ 6 ❀ 7 ❀ 8 ❣ ; computed as ❥ = (HW( ① ( P )) mod 7) + 2 and replacing 3 by 1.

  34. Our choice of iteration function Restricting size of ❥ matters— squarings are cheap but: ✎ in bitslicing need to compute all powers (no branches allowed); ✎ code size matters (in particular for Cell CPU); ✎ logic costs area for FPGA; ✎ having a large set doesn’t actually gain much randomness. Optimization target: time per iteration ✂ # iterations.

  35. How to mention lattices? Having few coefficients lets us exclude short fruitless cycles. To do so, compute the shortest vector in the lattice ♥ ♦ ❥ (1 + ✛ ❥ ) ✈ ❥ = 1 ✈ : ◗ . Usually the shortest vector has negative coefficients (which cannot happen with the iteration); shortest vector with positive coefficients is somewhat longer. For implementation it is better to have a continuous interval of exponents, so shift the interval if shortest vector is short.

  36. Our iteration function: P ✐ +1 = P ✐ + ✛ ❥ ( P ✐ ) where ❥ = (HW( ① ( P )) ❂ 2 mod 8) + 3, so ❥ ✷ ❢ 3 ❀ 4 ❀ 5 ❀ 6 ❀ 7 ❀ 8 ❀ 9 ❀ 10 ❣ . Shortest combination of these powers is long. Note that HW( ① ( P )) is even. Iteration consists of ✎ computing the Hamming weight HW( ① ( P )) of the normal-basis representation of ① ( P ); ✎ checking for distinguished points (is HW( ① ( P )) ✔ 34?); ✎ computing ❥ and P + ✛ ❥ ( P ).

  37. Analysis of our iteration function For a perfectly random walk ♣ ✙ ✙❵❂ 2 iterations are expected on average. Have ❵ ✙ 2 131 ❂ 4 for ECC2K-130. A perfectly random walk on classes under ✝ and Frobenius would reduce number of iterations ♣ by 2 ✁ 131.

  38. Analysis of our iteration function For a perfectly random walk ♣ ✙ ✙❵❂ 2 iterations are expected on average. Have ❵ ✙ 2 131 ❂ 4 for ECC2K-130. A perfectly random walk on classes under ✝ and Frobenius would reduce number of iterations ♣ by 2 ✁ 131. Loss of randomness from having only 8 choices of ❥ . Further loss from non-randomness of Hamming weights:

  39. Hamming weights around 66 are much more likely than at the edges; effect still noticeable after reduction to 8 choices.

  40. Hamming weights around 66 are much more likely than at the edges; effect still noticeable after reduction to 8 choices. q ✐ ♣ 2 1 � P Our ✐ heuristic says that the total loss is 6.9993%. (Higher-order anti-collision analysis: actually above 7%.) This loss is justified by the very fast iteration function.

  41. Hamming weights around 66 are much more likely than at the edges; effect still noticeable after reduction to 8 choices. q ✐ ♣ 2 1 � P Our ✐ heuristic says that the total loss is 6.9993%. (Higher-order anti-collision analysis: actually above 7%.) This loss is justified by the very fast iteration function. Average number of iterations for our attack against ECC2K-130: ♣ ✙❵❂ (2 ✁ 2 ✁ 131) ✁ 1 ✿ 069993 ✙ 2 60 ✿ 9 .

  42. Endomorphisms In general, an efficiently computable endomorphism ✣ of order r speeds up Pollard rho method by factor ♣ r . This theoretical speedup can usually be realized in practice— it just requires some work. Can define walk on classes by inspecting all 2 r points ✝ P❀ ✝ ✣ ( P ) ❀ ✿ ✿ ✿ ❀ ✝ ✣ r � 1 ( P ) to choose unique representative for class and then doing an adding walk; but this is slow.

  43. What is the security of ECC2K-130? How long do ✙ 2 60 ✿ 9 iterations take?

  44. What is the security of ECC2K-130? How long do ✙ 2 60 ✿ 9 iterations take? 70110 ✁ 2 60 ✿ 9 bit operations!

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CS 4803 A block cipher E is a collection of functions from n bits to n bits. Each function is

CS 4803 A block cipher E is a collection of functions from n bits to n bits. Each function is

Block ciphers Building blocks for symmetric cryptography. M EK C Examples: DES, 3DES, AES... CS 4803 A block cipher E is a collection of functions from n bits to n bits. Each function is fully specified by a k-bit key. Computer and

317 views • 4 slides
Quantum Cryptography Slides based in part on A talk on quantum cryptography or how Alice

Quantum Cryptography Slides based in part on A talk on quantum cryptography or how Alice

Quantum Cryptography Slides based in part on A talk on quantum cryptography or how Alice outwits Eve, by Samuel Lomonaco Jr. and Quantum Computing by Andr Bertiaume. The Classical World - Bits either 0 or 1. - Bits can be copied.

639 views • 11 slides
MIPS Instruction Formats 6 bits 5 bits 5 bits 5 bits 5 bits 6 bits for instance,

MIPS Instruction Formats 6 bits 5 bits 5 bits 5 bits 5 bits 6 bits for instance,

MIPS Instruction Formats 6 bits 5 bits 5 bits 5 bits 5 bits 6 bits for instance, add r1, r2, r3 has - 000000 00010 00011 00001 00000 100000 opcode (OP) tells the machine which format 1 VAX Instruction Formats (x86

431 views • 20 slides
A N G L O - S A X O N WA R S A N D C O N F L I C T S M A J O R C O N F L I C T S Battle of

A N G L O - S A X O N WA R S A N D C O N F L I C T S M A J O R C O N F L I C T S Battle of

B Y: T Y R O N E , D WA Y N E , E R I C , A N D S E T H A N G L O - S A X O N WA R S A N D C O N F L I C T S M A J O R C O N F L I C T S Battle of Badon Battle of Alfred Battle of Aylesford Battle of Wippedesfleot

409 views • 11 slides
K. M. ABRAHAM SEBI Confidence through collaboration Crisis of confidence Fear

K. M. ABRAHAM SEBI Confidence through collaboration Crisis of confidence Fear

Enhancing Regional Financial Cooperation in South Asia A Regulators Perspective K. M. ABRAHAM SEBI Confidence through collaboration Crisis of confidence Fear uncertainty Looking for scapegoats Confidence building

247 views • 22 slides
1 Transducers Inherently Discrete values devices that convert from one representation to

1 Transducers Inherently Discrete values devices that convert from one representation to

Interpretation of bits depends on context meaning of a group of bits depends on how they are interpreted 1 byte could be Bits, Bytes, 1 bit in use, 7 wasted bits (e.g., M/F in a database) 8 bits storing a number between 0 and 255

543 views • 3 slides
The Battle of Britain Year 6 Home Learning The Battle of Britain The Battle of Britain was

The Battle of Britain Year 6 Home Learning The Battle of Britain The Battle of Britain was

The Battle of Britain Year 6 Home Learning The Battle of Britain The Battle of Britain was fought between the RAF (Royal Air Force) and the German Luftwaffe (air force). Talk to a family member: Do you know what the Battle of Britain was?

323 views • 21 slides
Strong Cryptography from Weak Secrets Building Efficient PKE and IBE from Distributed Passwords

Strong Cryptography from Weak Secrets Building Efficient PKE and IBE from Distributed Passwords

Distributed Cryptography Distributed Password Public-Key Cryptography The Decision-Linear Case Strong Cryptography from Weak Secrets Building Efficient PKE and IBE from Distributed Passwords Xavier Boyen 1 Cline Chevalier 2 Georg Fuchsbauer 3

680 views • 36 slides
THE LISTING PRESENTATION A Natural Close! CONFIDENCE CONFIDENCE CONFIDENCE CONFIDENCE Hi

THE LISTING PRESENTATION A Natural Close! CONFIDENCE CONFIDENCE CONFIDENCE CONFIDENCE Hi

THE LISTING PRESENTATION A Natural Close! CONFIDENCE CONFIDENCE CONFIDENCE CONFIDENCE Hi (name??) Im Kerri! We had an appointment at ____ and its _____ time (so, Im actually ahead of the game)! <<pause>> Thank

50 views • 4 slides
Enhancing participation in the Confidence Building Measure system, in terms of both quantity and

Enhancing participation in the Confidence Building Measure system, in terms of both quantity and

Enhancing participation in the Confidence Building Measure system, in terms of both quantity and quality WUXI WORKSHOP 5-7 September 2016 Julia Nordmann Germany CBMs CBMs were agreed upon in 1986 promote transparency increase confidence

485 views • 16 slides
Its Applications Aaram Yun, UNIST FIF presentation, 2015 1 Cryptography 2 Cryptography

Its Applications Aaram Yun, UNIST FIF presentation, 2015 1 Cryptography 2 Cryptography

Homomorphic Cryptography & Its Applications Aaram Yun, UNIST FIF presentation, 2015 1 Cryptography 2 Cryptography Bike lock of Internet Provides many important building blocks for security For example, encryption or

699 views • 31 slides
BATTLE OF THE BOOKS C 2016-17 What is Battle of the Books? . Purpose: The purpose of

BATTLE OF THE BOOKS C 2016-17 What is Battle of the Books? . Purpose: The purpose of

BATTLE OF THE BOOKS C 2016-17 What is Battle of the Books? . Purpose: The purpose of the Middle School Battle of the Books is to encourage reading and expose students of all ability levels to quality literature representing a variety

325 views • 9 slides
7.3. Cryptographic algorithms Message M (plaintext, a sequence of bits); key K; published

7.3. Cryptographic algorithms Message M (plaintext, a sequence of bits); key K; published

7.3. Cryptographic algorithms Message M (plaintext, a sequence of bits); key K; published encryption functions E, D; {M} K is the ciphertext (another sequence of bits) Symmetric (secret key) cryptography E(K, M) = {M} K D(K, E(K, M)) = M

571 views • 30 slides
Bits and Bytes Topics Topics Why bits? Representing information as bits

Bits and Bytes Topics Topics Why bits? Representing information as bits

Systems I Bits and Bytes Topics Topics Why bits? Representing information as bits Binary/Hexadecimal Byte representations numbers characters and strings Instructions Bit-level manipulations Boolean algebra

614 views • 33 slides
Bits and Bytes Aug. 29, 2002 Topics Topics n Why bits? n Representing information as bits l

Bits and Bytes Aug. 29, 2002 Topics Topics n Why bits? n Representing information as bits l

15-213 The Class That Gives CMU Its Zip! Bits and Bytes Aug. 29, 2002 Topics Topics n Why bits? n Representing information as bits l Binary/Hexadecimal l Byte representations numbers characters and strings Instructions n

690 views • 34 slides
troll batul How might you model a battle between two trolls? How might you model a battle between

troll batul How might you model a battle between two trolls? How might you model a battle between

CSCI261 Lecture 23: Passing by Reference, Objects and Memory troll batul How might you model a battle between two trolls? How might you model a battle between two trolls? Define and describe trolls (attributes, behavior) Describe the battle

529 views • 15 slides
Game and Learn: An Introduction to Educational Gaming 4. Games and Learning Ruben R. Puentedura,

Game and Learn: An Introduction to Educational Gaming 4. Games and Learning Ruben R. Puentedura,

Game and Learn: An Introduction to Educational Gaming 4. Games and Learning Ruben R. Puentedura, Ph.D Learning from Games Active Learning Gamers Learn From: 1. Doing and reflecting critically Active Learning Example: Europa Universalis III

473 views • 11 slides
H1 FY15 Earnings presentation October 30th, 2014 Yves Guillemot, President and Chief Executive

H1 FY15 Earnings presentation October 30th, 2014 Yves Guillemot, President and Chief Executive

H1 FY15 Earnings presentation October 30th, 2014 Yves Guillemot, President and Chief Executive Officer Alain Martinez, Chief Financial Officer Jean-Benot Roquette, SVP Investor Relations D I S C L A I M E R This statement may contain

693 views • 28 slides
Reliving the history of multi player games @phuesler @rirei At Wooga Evolution is driven by

Reliving the history of multi player games @phuesler @rirei At Wooga Evolution is driven by

Reliving the history of multi player games @phuesler @rirei At Wooga Evolution is driven by teams Technologies Architecture Platforms User interaction Level 1: Read-only interaction High score Pacman read-only access Client Client

1.63k views • 104 slides
never done jalewis@thoughtworks.com @boicy 1 never done 2 never done Incomplete adjective

never done jalewis@thoughtworks.com @boicy 1 never done 2 never done Incomplete adjective

building systems that are never done jalewis@thoughtworks.com @boicy 1 never done 2 never done Incomplete adjective not having all the necessary or appropriate parts 3 never done Incomplete adjective not having all the necessary or

2.35k views • 153 slides
CSE 501 Principles and Applications of Program Analysis Alvin Cheung Spring 15

CSE 501 Principles and Applications of Program Analysis Alvin Cheung Spring 15

CSE 501 Principles and Applications of Program Analysis Alvin Cheung Spring 15 Welcome to CSE 501! The Cast J K J h Q , D , , h i , e K ! h Q 0 , D 0 , , h 0 i , ( 0 , e ) force( Q 0 , D 0 , ( 0 , e ))

866 views • 34 slides
Network Programming Simulation Engines 2008 Chalmers University of Technology Markus Larsson

Network Programming Simulation Engines 2008 Chalmers University of Technology Markus Larsson

Network Programming Simulation Engines 2008 Chalmers University of Technology Markus Larsson markus.larsson@slxgames.com 08-11-26 Simulation Engines 2008, Markus Larsson 1 Networked games Most games are played against some form of

654 views • 50 slides
INTRODUCTION TO PROBABILITY MODELS Lecture 40 Qi Wang , Department of Statistics Dec 3, 2018

INTRODUCTION TO PROBABILITY MODELS Lecture 40 Qi Wang , Department of Statistics Dec 3, 2018

INTRODUCTION TO PROBABILITY MODELS Lecture 40 Qi Wang , Department of Statistics Dec 3, 2018 EXAMPLE 1 Drew wanted to prove to his friend Steve that World of Warcraft (WOW) was bad for his education. He collected data from friends in Stat

449 views • 4 slides
Deploying on EC2 Steve Loughran HP Laboratories, Bristol, UK April 2008

Deploying on EC2 Steve Loughran HP Laboratories, Bristol, UK April 2008

Deploying on EC2 Steve Loughran HP Laboratories, Bristol, UK April 2008 steve.loughran@hpl.hp.com this is a fast feather talk at apachecon 2008 1/14/2004 1 Steve Loughran Researcher at HP Laboratories Area of interest: Deployment Author of

475 views • 22 slides

More recommend