challenges in evaluating costs of known lattice attacks
play

Challenges in evaluating costs of known lattice attacks Daniel J. - PDF document

Sep 24, 2022 •94 likes •799 views

1 Challenges in evaluating costs of known lattice attacks Daniel J. Bernstein Tanja Lange Based on attack survey from 2019 BernsteinChuengsatiansup Langevan Vredendaal. Why analysis is important: Guide attack optimization.

  1. 1 Challenges in evaluating costs of known lattice attacks Daniel J. Bernstein Tanja Lange Based on attack survey from 2019 Bernstein–Chuengsatiansup– Lange–van Vredendaal. Why analysis is important: • Guide attack optimization. • Guide attack selection. • Evaluate crypto parameters. • Evaluate crypto designs. • Advise users on security.

  2. 2 Three typical attack problems Define R = Z [ x ] = ( x 761 − x − 1); “small” = all coeffs in {− 1 ; 0 ; 1 } ; w = 286; q = 4591. Attacker wants to find small weight- w secret a ∈ R . Problem 1: Public G ∈ R =q with aG + e = 0. Small secret e ∈ R . Problem 2: Public G ∈ R =q and aG + e . Small secret e ∈ R . Problem 3: Public G 1 ; G 2 ∈ R =q . Public aG 1 + e 1 ; aG 2 + e 2 . Small secrets e 1 ; e 2 ∈ R .

  3. 3 Examples of target cryptosystems Secret key: small a ; small e . Public key reveals multiplier G and approximation A = aG + e . Public key for “NTRU”: G = − e=a , and A = 0.

  4. 3 Examples of target cryptosystems Secret key: small a ; small e . Public key reveals multiplier G and approximation A = aG + e . Public key for “NTRU”: G = − e=a , and A = 0. Public key for “Ring-LWE”: random G , and A = aG + e .

  5. 3 Examples of target cryptosystems Secret key: small a ; small e . Public key reveals multiplier G and approximation A = aG + e . Public key for “NTRU”: G = − e=a , and A = 0. Public key for “Ring-LWE”: random G , and A = aG + e . Systematization of naming, recognizing similarity + credits: “NTRU” ⇒ Quotient NTRU. “Ring-LWE” ⇒ Product NTRU.

  6. 4 Encryption for Quotient NTRU: Input small b , small d . Ciphertext: B = 3 Gb + d .

  7. 4 Encryption for Quotient NTRU: Input small b , small d . Ciphertext: B = 3 Gb + d . Encryption for Product NTRU: Input encoded message M . Randomly generate small b , small d , small c . Ciphertext: B = Gb + d and C = Ab + M + c .

  8. 4 Encryption for Quotient NTRU: Input small b , small d . Ciphertext: B = 3 Gb + d . Encryption for Product NTRU: Input encoded message M . Randomly generate small b , small d , small c . Ciphertext: B = Gb + d and C = Ab + M + c . Next slides: survey of G; a; e; c; M details and variants in NISTPQC submissions. Source: Bernstein, “Comparing proofs of security for lattice-based encryption”.

  9. 5 system parameter set type set of multipliers ( Z = 32768) 640 × 640 Product frodo 640 ( Z = 65536) 976 × 976 Product frodo 976 ( Z = 65536) 1344 × 1344 Product frodo 1344 (( Z = 3329)[ x ] = ( x 256 + 1)) 2 × 2 Product kyber 512 (( Z = 3329)[ x ] = ( x 256 + 1)) 3 × 3 Product kyber 768 (( Z = 3329)[ x ] = ( x 256 + 1)) 4 × 4 Product kyber 1024 ( Z = 251)[ x ] = ( x 512 + 1) Product lac 128 ( Z = 251)[ x ] = ( x 1024 + 1) Product lac 192 ( Z = 251)[ x ] = ( x 1024 + 1) Product lac 256 ( Z = 12289)[ x ] = ( x 512 + 1) Product newhope 512 ( Z = 12289)[ x ] = ( x 1024 + 1) Product newhope 1024 ( Z = 2048)[ x ] = ( x 509 − 1) Quotient ntru hps2048509 ( Z = 2048)[ x ] = ( x 677 − 1) Quotient ntru hps2048677 ( Z = 4096)[ x ] = ( x 821 − 1) Quotient ntru hps4096821 ( Z = 8192)[ x ] = ( x 701 − 1) Quotient ntru hrss701 ( Z = 4621)[ x ] = ( x 653 − x − 1) Product ntrulpr 653 ( Z = 4591)[ x ] = ( x 761 − x − 1) Product ntrulpr 761 ( Z = 5167)[ x ] = ( x 857 − x − 1) Product ntrulpr 857 ( Z = 4096) 636 × 636 Product round5n1 1 ( Z = 32768) 876 × 876 Product round5n1 3 ( Z = 32768) 1217 × 1217 Product round5n1 5 ( Z = 8192)[ x ] = ( x 586 + : : : + 1) Product round5nd 1.0d ( Z = 4096)[ x ] = ( x 852 + : : : + 1) Product round5nd 3.0d ( Z = 8192)[ x ] = ( x 1170 + : : : + 1) Product round5nd 5.0d ( Z = 1024)[ x ] = ( x 509 − 1) Product round5nd 1.5d ( Z = 4096)[ x ] = ( x 757 − 1) Product round5nd 3.5d ( Z = 2048)[ x ] = ( x 947 − 1) Product round5nd 5.5d (( Z = 8192)[ x ] = ( x 256 + 1)) 2 × 2 Product saber light (( Z = 8192)[ x ] = ( x 256 + 1)) 3 × 3 Product saber main (( Z = 8192)[ x ] = ( x 256 + 1)) 4 × 4 Product saber fire ( Z = 4621)[ x ] = ( x 653 − x − 1) Quotient sntrup 653 ( Z = 4591)[ x ] = ( x 761 − x − 1) Quotient sntrup 761 ( Z = 5167)[ x ] = ( x 857 − x − 1) Quotient sntrup 857 ( Z = (2 3120 − 2 1560 − 1)) 2 × 2 Product threebears baby ( Z = (2 3120 − 2 1560 − 1)) 3 × 3 Product threebears mama ( Z = (2 3120 − 2 1560 − 1)) 4 × 4 Product threebears papa

  10. 6 short element Z 640 × 8 ; {− 12 ; : : : ; 12 } ; Pr 1 ; 4 ; 17 ; : : : (spec page 23) Z 976 × 8 ; {− 10 ; : : : ; 10 } ; Pr 1 ; 6 ; 29 ; : : : (spec page 23) Z 1344 × 8 ; {− 6 ; : : : ; 6 } ; Pr 2 ; 40 ; 364 ; : : : (spec page 23) ( Z [ x ] = ( x 256 + 1)) 2 ; P 0 ≤ i< 4 {− 0 : 5 ; 0 : 5 } ( Z [ x ] = ( x 256 + 1)) 3 ; P 0 ≤ i< 4 {− 0 : 5 ; 0 : 5 } ( Z [ x ] = ( x 256 + 1)) 4 ; P 0 ≤ i< 4 {− 0 : 5 ; 0 : 5 } Z [ x ] = ( x 512 + 1); {− 1 ; 0 ; 1 } ; Pr 1 ; 2 ; 1; weight 128 ; 128 Z [ x ] = ( x 1024 + 1); {− 1 ; 0 ; 1 } ; Pr 1 ; 6 ; 1; weight 128 ; 128 Z [ x ] = ( x 1024 + 1); {− 1 ; 0 ; 1 } ; Pr 1 ; 2 ; 1; weight 256 ; 256 Z [ x ] = ( x 512 + 1); P 0 ≤ i< 16 {− 0 : 5 ; 0 : 5 } Z [ x ] = ( x 1024 + 1); P 0 ≤ i< 16 {− 0 : 5 ; 0 : 5 } Z [ x ] = ( x 509 − 1); {− 1 ; 0 ; 1 } Z [ x ] = ( x 677 − 1); {− 1 ; 0 ; 1 } Z [ x ] = ( x 821 − 1); {− 1 ; 0 ; 1 } Z [ x ] = ( x 701 − 1); {− 1 ; 0 ; 1 } ; key correlation ≥ 0 Z [ x ] = ( x 653 − x − 1); {− 1 ; 0 ; 1 } ; weight 252 Z [ x ] = ( x 761 − x − 1); {− 1 ; 0 ; 1 } ; weight 250 Z [ x ] = ( x 857 − x − 1); {− 1 ; 0 ; 1 } ; weight 281 Z 636 × 8 ; {− 1 ; 0 ; 1 } ; weight 57 ; 57 Z 876 × 8 ; {− 1 ; 0 ; 1 } ; weight 223 ; 223 Z 1217 × 8 ; {− 1 ; 0 ; 1 } ; weight 231 ; 231 Z [ x ] = ( x 586 + : : : + 1); {− 1 ; 0 ; 1 } ; weight 91 ; 91 Z [ x ] = ( x 852 + : : : + 1); {− 1 ; 0 ; 1 } ; weight 106 ; 106 Z [ x ] = ( x 1170 + : : : + 1); {− 1 ; 0 ; 1 } ; weight 111 ; 111 Z [ x ] = ( x 509 − 1); {− 1 ; 0 ; 1 } ; weight 68 ; 68; ending 0 Z [ x ] = ( x 757 − 1); {− 1 ; 0 ; 1 } ; weight 121 ; 121; ending 0 Z [ x ] = ( x 947 − 1); {− 1 ; 0 ; 1 } ; weight 194 ; 194; ending 0 ( Z [ x ] = ( x 256 + 1)) 2 ; P 0 ≤ i< 10 {− 0 : 5 ; 0 : 5 } ( Z [ x ] = ( x 256 + 1)) 3 ; P 0 ≤ i< 8 {− 0 : 5 ; 0 : 5 } ( Z [ x ] = ( x 256 + 1)) 4 ; P 0 ≤ i< 6 {− 0 : 5 ; 0 : 5 } Z [ x ] = ( x 653 − x − 1); {− 1 ; 0 ; 1 } ; weight 288 Z [ x ] = ( x 761 − x − 1); {− 1 ; 0 ; 1 } ; weight 286 Z [ x ] = ( x 857 − x − 1); {− 1 ; 0 ; 1 } ; weight 322 0 ≤ i< 312 2 10 i {− 2 ; − 1 ; 0 ; 1 ; 2 } ; Pr 1 ; 32 ; 62 ; 32 ; 1; * Z 2 ; P 0 ≤ i< 312 2 10 i {− 1 ; 0 ; 1 } ; Pr 13 ; 38 ; 13; * Z 3 ; P 0 ≤ i< 312 2 10 i {− 1 ; 0 ; 1 } ; Pr 5 ; 22 ; 5; * Z 4 ; P

  11. 7 key offset (numerator or noise or rounding method) Z 640 × 8 ; {− 12 ; : : : ; 12 } ; Pr 1 ; 4 ; 17 ; : : : (spec page 23) Z 976 × 8 ; {− 10 ; : : : ; 10 } ; Pr 1 ; 6 ; 29 ; : : : (spec page 23) Z 1344 × 8 ; {− 6 ; : : : ; 6 } ; Pr 2 ; 40 ; 364 ; : : : (spec page 23) ( Z [ x ] = ( x 256 + 1)) 2 ; P 0 ≤ i< 4 {− 0 : 5 ; 0 : 5 } ( Z [ x ] = ( x 256 + 1)) 3 ; P 0 ≤ i< 4 {− 0 : 5 ; 0 : 5 } ( Z [ x ] = ( x 256 + 1)) 4 ; P 0 ≤ i< 4 {− 0 : 5 ; 0 : 5 } Z [ x ] = ( x 512 + 1); {− 1 ; 0 ; 1 } ; Pr 1 ; 2 ; 1; weight 128 ; 128 Z [ x ] = ( x 1024 + 1); {− 1 ; 0 ; 1 } ; Pr 1 ; 6 ; 1; weight 128 ; 128 Z [ x ] = ( x 1024 + 1); {− 1 ; 0 ; 1 } ; Pr 1 ; 2 ; 1; weight 256 ; 256 Z [ x ] = ( x 512 + 1); P 0 ≤ i< 16 {− 0 : 5 ; 0 : 5 } Z [ x ] = ( x 1024 + 1); P 0 ≤ i< 16 {− 0 : 5 ; 0 : 5 } Z [ x ] = ( x 509 − 1); {− 1 ; 0 ; 1 } ; weight 127 ; 127 Z [ x ] = ( x 677 − 1); {− 1 ; 0 ; 1 } ; weight 127 ; 127 Z [ x ] = ( x 821 − 1); {− 1 ; 0 ; 1 } ; weight 255 ; 255 Z [ x ] = ( x 701 − 1); {− 1 ; 0 ; 1 } ; key correlation ≥ 0; · ( x − 1) round {− 2310 ; : : : ; 2310 } to 3 Z round {− 2295 ; : : : ; 2295 } to 3 Z round {− 2583 ; : : : ; 2583 } to 3 Z round Z = 4096 to 8 Z round Z = 32768 to 16 Z round Z = 32768 to 8 Z round Z = 8192 to 16 Z round Z = 4096 to 8 Z round Z = 8192 to 16 Z reduce mod x 508 + : : : + 1; round Z = 1024 to 8 Z reduce mod x 756 + : : : + 1; round Z = 4096 to 16 Z reduce mod x 946 + : : : + 1; round Z = 2048 to 8 Z round Z = 8192 to 8 Z round Z = 8192 to 8 Z round Z = 8192 to 8 Z Z [ x ] = ( x 653 − x − 1); {− 1 ; 0 ; 1 } ; invertible mod 3 Z [ x ] = ( x 761 − x − 1); {− 1 ; 0 ; 1 } ; invertible mod 3 Z [ x ] = ( x 857 − x − 1); {− 1 ; 0 ; 1 } ; invertible mod 3 0 ≤ i< 312 2 10 i {− 2 ; − 1 ; 0 ; 1 ; 2 } ; Pr 1 ; 32 ; 62 ; 32 ; 1; * Z 2 ; P 0 ≤ i< 312 2 10 i {− 1 ; 0 ; 1 } ; Pr 13 ; 38 ; 13; * Z 3 ; P 0 ≤ i< 312 2 10 i {− 1 ; 0 ; 1 } ; Pr 5 ; 22 ; 5; * Z 4 ; P

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Challenges in evaluating costs Three typical attack problems of known lattice attacks Define R =

Challenges in evaluating costs Three typical attack problems of known lattice attacks Define R =

1 2 Challenges in evaluating costs Three typical attack problems of known lattice attacks Define R = Z [ x ] = ( x 761 x 1); Daniel J. Bernstein small = all coeffs in { 1 ; 0 ; 1 } ; Tanja Lange w = 286; q = 4591. Attacker

1.73k views • 140 slides
Exploring the parameter space in lattice attacks Daniel J. Bernstein Tanja Lange Based on

Exploring the parameter space in lattice attacks Daniel J. Bernstein Tanja Lange Based on

1 Exploring the parameter space in lattice attacks Daniel J. Bernstein Tanja Lange Based on attack survey from 2019 BernsteinChuengsatiansup Langevan Vredendaal. Some hard lattice meta-problems: Analyze cost of known attacks.

489 views • 36 slides
Revisiting Lattice Attacks on overstretched NTRU parameters P. Kirchner &amp; P-A. Fouque

Revisiting Lattice Attacks on overstretched NTRU parameters P. Kirchner &amp; P-A. Fouque

Revisiting Lattice Attacks on overstretched NTRU parameters P. Kirchner &amp; P-A. Fouque Universit de Rennes 1, France EUROCRYPT 2017 05/01/17 1 Plan 1. Background on NTRU and Previous Attacks 2. A New Subring Attack 3.

697 views • 40 slides
Lattice Calculation of PDFs Two Challenges. Euclidean lattice precludes the calculation of

Lattice Calculation of PDFs Two Challenges. Euclidean lattice precludes the calculation of

Lattice Calculation of PDFs Two Challenges. Euclidean lattice precludes the calculation of light-cone correlation functions So Use Operator-Product-Expansion to formulate in terms of Mellin Moments with respect to Bjorken x . Z d

317 views • 10 slides
Evaluating and Estimating CO2 Facility Needs and Costs Chris Bledsoe 4 th Annual Wyoming CO2

Evaluating and Estimating CO2 Facility Needs and Costs Chris Bledsoe 4 th Annual Wyoming CO2

Evaluating and Estimating CO2 Facility Needs and Costs Chris Bledsoe 4 th Annual Wyoming CO2 Conference June 29-30, 2010 Overview Understand the process for evaluating CO2 facility needs Overview of FEED study topics Discuss

355 views • 20 slides
Lattice Attacks against Elliptic-Curve Signatures with Blinded Scalar Multiplication Dahmun

Lattice Attacks against Elliptic-Curve Signatures with Blinded Scalar Multiplication Dahmun

Lattice Attacks against Elliptic-Curve Signatures with Blinded Scalar Multiplication Dahmun Goudarzi, Matthieu Rivain, Damien Vergnaud SAC 2016, 12 Aug, St. Johns Outline EC signature schemes based on random nonces computed from [ k ]

696 views • 52 slides
Lattice Attacks on RSA Nadia Heninger University of Pennsylvania September 19, 2017 Reminder:

Lattice Attacks on RSA Nadia Heninger University of Pennsylvania September 19, 2017 Reminder:

Lattice Attacks on RSA Nadia Heninger University of Pennsylvania September 19, 2017 Reminder: Textbook RSA [Rivest Shamir Adleman 1977] Public Key Private Key N = pq modulus p , q primes e encryption d decryption exponent ( d = e 1 mod (

989 views • 88 slides
Lender Liability: Evaluating, Minimizing and Defending Claims Defending Against Attacks on Loans in

Lender Liability: Evaluating, Minimizing and Defending Claims Defending Against Attacks on Loans in

Presenting a live 90 minute webinar with interactive Q&amp;A Lender Liability: Evaluating, Minimizing and Defending Claims Defending Against Attacks on Loans in Workouts, Defaults, and Bankruptcy TUES DAY, DECEMBER 21, 2010 1pm Eastern |

1.33k views • 131 slides
Review on Lattice Muon g-2 HVP Calculation Kohtaroh Miura (GSI Helmholtz-Instute Mainz) Lattice

Review on Lattice Muon g-2 HVP Calculation Kohtaroh Miura (GSI Helmholtz-Instute Mainz) Lattice

Introduction Challenges and Progresses Discussion Summary and Conclusions Review on Lattice Muon g-2 HVP Calculation Kohtaroh Miura (GSI Helmholtz-Instute Mainz) Lattice 2018, 36th International Symposium on Lattice Field Theory, Michigan

885 views • 49 slides
TPM-Fail TPM meets Timing and Lattice Attacks Daniel Moghimi Berk Sunar Thomas Eisenbarth

TPM-Fail TPM meets Timing and Lattice Attacks Daniel Moghimi Berk Sunar Thomas Eisenbarth

TPM-Fail TPM meets Timing and Lattice Attacks Daniel Moghimi Berk Sunar Thomas Eisenbarth Nadia Heninger 01/08/2020 Real World Crypto TPM 2 Trusted Platform Module (TPM) Software is Hackers? insecure. Bad Guys? Heartbleed? Rootkits?

437 views • 39 slides
On dual lattice attacks against small-secret LWE and parameter choices in HElib and SEAL Martin

On dual lattice attacks against small-secret LWE and parameter choices in HElib and SEAL Martin

On dual lattice attacks against small-secret LWE and parameter choices in HElib and SEAL Martin R. Albrecht Information Security Group, Royal Holloway, University of London Learning with Errors or 1 Oded Regev. On lattices, learning with

586 views • 26 slides
Lender Liability: Evaluating, Minimizing Lender Liability: Evaluating, Minimizing and Defending

Lender Liability: Evaluating, Minimizing Lender Liability: Evaluating, Minimizing and Defending

Presenting a live 90 minute webinar with interactive Q&amp;A Lender Liability: Evaluating, Minimizing Lender Liability: Evaluating, Minimizing and Defending Claims Defending Against Attacks on Loans in Workouts, Defaults and Bankruptcy THURS

979 views • 95 slides
Evaluating the Security of Implementations Against Side Channel Attacks Activities from ANSSI

Evaluating the Security of Implementations Against Side Channel Attacks Activities from ANSSI

Evaluating the Security of Implementations Against Side Channel Attacks Activities from ANSSI Laboratory for Embedded Security Emmanuel Prouff emmanuel.prouff@ssi.gouv.fr Agence Nationale de la S ecurit e des Syst` emes dInformation

790 views • 68 slides
Attacks on Lattice Crypto December 7th, 2016 FluxFingers Workgroup Symmetric Cryptography Ruhr

Attacks on Lattice Crypto December 7th, 2016 FluxFingers Workgroup Symmetric Cryptography Ruhr

RUHR-UNIVERSITT BOCHUM Attacks on Lattice Crypto December 7th, 2016 FluxFingers Workgroup Symmetric Cryptography Ruhr University Bochum Friedrich Wiemer Friedrich Wiemer | Attacks on Lattice Crypto | December 7th, 2016 1 RUHR-UNIVERSITT

686 views • 47 slides
CHALLENGES FOR THE APPROVAL OF ANTI- CANCER IMMUNOTHERAPEUTIC DRUGS Challenges in evaluating

CHALLENGES FOR THE APPROVAL OF ANTI- CANCER IMMUNOTHERAPEUTIC DRUGS Challenges in evaluating

CHALLENGES FOR THE APPROVAL OF ANTI- CANCER IMMUNOTHERAPEUTIC DRUGS Challenges in evaluating relative effectiveness Mira Pavlovic MDT Services mira.pavlovic@mdt-services.eu EMA-CDDF JOINT MEETING London, February 4-5, 2016 Preliminary

531 views • 26 slides
Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl,

Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl,

S C I E N C E P A S S I O N T E C H N O L O G Y Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University of Technology, Austria CHES 2017,

753 views • 58 slides
An L 3 -U 3 -quotient algorithm for finitely presented groups Sebastian Jambor University of

An L 3 -U 3 -quotient algorithm for finitely presented groups Sebastian Jambor University of

An L 3 -U 3 -quotient algorithm for finitely presented groups Sebastian Jambor University of Auckland The goal Let G = a , b | r 1 , . . . , r k be a finitely presented group. Compute all quotients of G that are isomorphic to one of the

1.01k views • 10 slides
Computing polycyclic quotients of finitely ( L -)presented groups via Gr obner bases Max Horn

Computing polycyclic quotients of finitely ( L -)presented groups via Gr obner bases Max Horn

Computing polycyclic quotients of finitely ( L -)presented groups via Gr obner bases Max Horn joint work with Bettina Eick Technische Universit at Braunschweig ICMS 2010, Kobe, Japan Overview Polycyclic quotients of L -presented groups

1.02k views • 85 slides
On the equitable partitions of H ( 12 , 2 ) [ 3 9 ] with quotient matrix 7 5 Den is

On the equitable partitions of H ( 12 , 2 ) [ 3 9 ] with quotient matrix 7 5 Den is

On the equitable partitions of H ( 12 , 2 ) [ 3 9 ] with quotient matrix 7 5 Den is Krotov Sobolev Institute of Mathematics, Novosibirsk, Russia (joint work with K. Vorobev) Shanghai Jiao Tong University June 17, 2018, Shanghai

957 views • 31 slides
Regressor selection using Lipschitz quotients on the F-16 aircraft benchmark Matija Perne,

Regressor selection using Lipschitz quotients on the F-16 aircraft benchmark Matija Perne,

Workshop on Nonlinear System Identification Benchmarks, Lige, 11. 4. 2018 Regressor selection using Lipschitz quotients on the F-16 aircraft benchmark Matija Perne, Martin Stepani ARRS L2-8174 Method for the forecasting of local

608 views • 19 slides
KempfNess type theorems and Nahms equations Maxence Mayrand University of Toronto December

KempfNess type theorems and Nahms equations Maxence Mayrand University of Toronto December

KempfNess type theorems and Nahms equations Maxence Mayrand University of Toronto December 7, 2019 Maxence Mayrand (UofT) Kempf-Ness and Nahm December 7, 2019 1 / 15 Setup of KempfNess type theorems Let ( M , , I , L ,

680 views • 15 slides
Quotients of the shift map (for frogs) Will Brian Toposym 2016 Prague 29 July 2016 Will Brian

Quotients of the shift map (for frogs) Will Brian Toposym 2016 Prague 29 July 2016 Will Brian

Getting started A proof by forcing: w ( X ) &lt; p A model-theoretic proof: w ( X ) = 1 Quotients of the shift map (for frogs) Will Brian Toposym 2016 Prague 29 July 2016 Will Brian Quotients of the shift map Getting started A theorem

767 views • 57 slides
tt ss rss

tt ss rss

tt ss rss Prt C rs P tt rst

776 views • 35 slides
New criteria for a ring to have a semisimple left quotient ring V. V. Bavula (University of

New criteria for a ring to have a semisimple left quotient ring V. V. Bavula (University of

New criteria for a ring to have a semisimple left quotient ring V. V. Bavula (University of Sheffield) V. V. Bavula, New criteria for a ring to have a semisim- ple left quotient ring. Arxiv:math.RA:1303.0859. talk-NewCrit-SS-lQuot.tex 1

359 views • 15 slides

More recommend