cold boot attacks on ring module lwe under the ntt
play

Cold Boot Attacks on Ring & Module-LWE Under the NTT Martin R. - PowerPoint PPT Presentation

Jan 17, 2024 •666 likes •1.16k views

Cold Boot Attacks on Ring & Module-LWE Under the NTT Martin R. Albrecht, Amit Deo, Kenneth G. Paterson Royal Holloway, University of London September 12, 2018 1 / 30 Cold boot attack scenario Originally investigated by [HSHCPCFAF09]

  1. Cold Boot Attacks on Ring & Module-LWE Under the NTT Martin R. Albrecht, Amit Deo, Kenneth G. Paterson Royal Holloway, University of London September 12, 2018 1 / 30

  2. Cold boot attack scenario ◮ Originally investigated by [HSHCPCFAF09] ◮ An attack method involving physical access to memory storing cryptographic secret keys ◮ The attacker ejects the memory (lunch-time attack) and plugs into their own machine ◮ The attacker locates key material in memory and uses data remanence effects [HSHCPCFAF09] to recover the key ◮ Works on any cryptographic primitive where there is a secret key 2 / 30

  3. Cold boot attacks [HSHCPCFAF09] ◮ < 1% bit flip rate towards ground state after 10 minutes cooling to -50 ◦ C ◮ Limiting case is 0 . 17% after 1 hour cooling with liquid nitrogen to -196 ◦ C 3 / 30

  4. Cold boot attack scenario ◮ Bits in RAM decay towards ground state (0/1) on power down ◮ Cool RAM to extreme temperatures to slow decay State of RAM with power on 1 0 1 1 0 1 0 1 0 0 1 1 4 / 30

  5. Cold boot attack scenario ◮ Bits in RAM decay towards ground state (0/1) on power down ◮ Cool RAM to extreme temperatures to slow decay State of RAM with power on 1 0 1 1 0 1 0 1 0 0 1 1 Freeze + extract RAM 0 0 1 1 0 1 1 1 0 0 1 1 4 / 30

  6. Cold boot attack scenario ◮ Bits in RAM decay towards ground state (0/1) on power down ◮ Cool RAM to extreme temperatures to slow decay State of RAM with power on 1 0 1 1 0 1 0 1 0 0 1 1 Freeze + extract RAM 0 0 1 1 0 1 1 1 0 0 1 1 Eventual ground state decay 0 0 0 0 1 1 1 1 0 0 0 0 4 / 30

  7. Cold boot attack flips ◮ 2 classes of bit flips: ◮ Standard bit flips (towards memory ground state) rate ρ 0 ◮ Retrograde bit flips (away from memory ground state) rate ρ 1 ≈ 0 . 1% ◮ Assuming half the bits of the key not in ground state = ⇒ # bit flips ≈ (# bits in key) · ( ρ 0 + ρ 1 ) / 2 ◮ Bit flip rates are written in the form ( ρ 0 , ρ 1 ) 5 / 30

  8. Current state-of-the-art ◮ DES: (0.5, 0.001) bit flip rate trivially [HSHCPCFAF09] ◮ AES: ◮ AES-128: (0.7,0) bit-flip rate in 1 sec on average [KY10] ◮ AES-256: (0.65,0) bit-flip rate in 90 secs on average [Tso09] ◮ RSA (1024-bit modulus): (0.4,0.001) bit-flip rate in 2.4 secs on average [PPS12] ◮ NTRU: (0.01,0.001) bit-flip rate in minutes to hours on average for the ntru-crypto eps449ep1 parameters ( N = 449 , df = 134 , dg = 149 , p = 3 , q = 2048) [PV17] 6 / 30

  9. Post quantum cryptography ◮ Cryptography resistant to quantum cryptanalytic algorithms ◮ Plans for wide-spread use and standardisation – NIST process ◮ 23 lattice-based proposals, the majority of which are LWE based 7 / 30

  10. Post quantum cryptography ◮ Cryptography resistant to quantum cryptanalytic algorithms ◮ Plans for wide-spread use and standardisation – NIST process ◮ 23 lattice-based proposals, the majority of which are LWE based Are there effective cold boot attacks on some of the LWE-based contenders? 7 / 30

  11. LWE keys Notation: R q = Z q [ x ] / ( x n + 1), n a power-of-two We focus on the two main efficient variations of LWE: ◮ Ring-LWE: ◮ SecKey = s ∈ R q ◮ Module-LWE: ◮ SecKey = s ∈ R d q 8 / 30

  12. LWE keys Notation: R q = Z q [ x ] / ( x n + 1), n a power-of-two We focus on the two main efficient variations of LWE: ◮ Ring-LWE: ◮ SecKey = s ∈ R q ◮ Module-LWE: ◮ SecKey = s ∈ R d q Trade-off between d and n : ◮ MLWE Kyber: n = 256 , d = 3 ◮ RLWE NewHope: n = 1024 , d = 1 8 / 30

  13. Practical key storage for ring/module-LWE ◮ The number theoretic transform ( NTT ) is used for efficiency ◮ Without NTT , polynomial multiplication takes O ( n 2 ) ops ◮ With NTT , polynomial multiplication takes O ( n log n ) ops ◮ Polynomials in the secret key s often stored using an NTT 9 / 30

  14. The NTT cold boot problem “Decode a noisy NTT” OR “Recover s from s = NTT n ( s ) + ∆ mod q ” ˜ ◮ Assumption: We have κ ≪ n bit flips ◮ ∆’s components have a low Hamming weight binary signed digit representation (BSDR) ◮ A BSDR of 7 is “1, 0, 0, -1” since 7 = 1 ∗ 8 − 1 ◮ κ bit flips = ⇒ BSDR (∆) has Hamming weight κ ◮ s has small coefficients 10 / 30

  15. The NTT cold boot problem “Decode a noisy NTT” OR “Recover s from s = NTT n ( s ) + ∆ mod q ” ˜ ◮ Assumption: We have κ ≪ n bit flips ◮ ∆’s components have a low Hamming weight binary signed digit representation (BSDR) ◮ A BSDR of 7 is “1, 0, 0, -1” since 7 = 1 ∗ 8 − 1 ◮ κ bit flips = ⇒ BSDR (∆) has Hamming weight κ ◮ s has small coefficients MLWE Kyber [Sch+17] dimension: n = 256 , d = 3 RLWE NewHope [Pop+17] dimension: n = 1024 , d = 1 10 / 30

  16. Attack overview “Decode a noisy NTT” OR “Recover s from s = NTT n ( s ) + ∆ mod q ” ˜ 3 main components: 1. Divide and conquer to reduce dimension 2. Work a low-dimensional solution up to solve the problem 3. Lattice + combinatorial attack to solve low dimensional instance 11 / 30

  17. Divide and conquer Definition Let ω be a primitive n th root of unity. Then for any a ∈ Z n q , n − 1 � ω ( i +1 / 2) j a j NTT ( a ) := j =0 NTT n =2 k NTT n / 2 NTT n / 2 NTT n / 4 NTT n / 4 NTT n / 4 NTT n / 4 12 / 30

  18. Divide and conquer For power of two n : ◮ a e = ( a 0 , a 2 , . . . , a n − 2 ) ◮ a o = ( a 1 , a 3 , . . . , a n − 1 ) Formulae For i = 0 , . . . , n / 2 − 1 NTT n ( a ) i + NTT n ( a ) i + n / 2 = 2 · NTT n / 2 ( a e ) i NTT n ( a ) i − NTT n ( a ) i + n / 2 = 2 ω i +1 / 2 · NTT n / 2 ( a o ) i 13 / 30

  19. Divide and conquer Original n -dimensional instance: ˜ s = NTT n ( s ) + ∆ mod q Folded n / 2-dimensional instance: For i = 0 , . . . , n / 2 − 1 (∆ + ) i � �� � � � ˜ s i + ˜ = 2 · NTT n / 2 ( s e ) i + ∆ i + ∆ i + n / 2 (1) s i + n / 2 = 2 ω i +1 / 2 · NTT n / 2 ( s o ) i � � s i − ˜ ˜ s i + n / 2 + ∆ i − ∆ i + n / 2 (2) � �� � (∆ − ) i (1) – the positive fold, (2) – the negative fold And repeat on the positive folded instance . . . 14 / 30

  20. Can we reach trivial dimension? Writing ∆ = (∆ ℓ , ∆ r ), the error terms after folding once are ◮ ∆ + = ∆ ℓ + ∆ r ∈ Z n / 2 q ◮ ∆ − = ∆ ℓ − ∆ r ∈ Z n / 2 q Example (∆ ℓ ) i (∆ r ) i ∆ = . . . || 1 , 0 , 0 , 0 , 0 || . . . || . . . || 0 , 0 , 0 , 0 , − 1 || . . . (∆ + ) i = 1 , 0 , 0 , 0 , 0 (∆ − ) i = 1 , 0 , 0 , 0 , 0 + 0 , 0 , 0 , 0 , − 1 − 0 , 0 , 0 , 0 , − 1 1 , 0 , 0 , 0 , − 1 − 1 , 0 , 0 , 0 , 1 15 / 30

  21. Can we reach trivial dimension? Writing ∆ = (∆ ℓ , ∆ r ), the error terms after folding once are ◮ ∆ + = ∆ ℓ + ∆ r ∈ Z n / 2 q ◮ ∆ − = ∆ ℓ − ∆ r ∈ Z n / 2 q Example (∆ ℓ ) i (∆ r ) i ∆ = . . . || 1 , 0 , 0 , 0 , 0 || . . . || . . . || 0 , 0 , 0 , 0 , − 1 || . . . (∆ + ) i = 1 , 0 , 0 , 0 , 0 (∆ − ) i = 1 , 0 , 0 , 0 , 0 + 0 , 0 , 0 , 0 , − 1 − 0 , 0 , 0 , 0 , − 1 1 , 0 , 0 , 0 , − 1 − 1 , 0 , 0 , 0 , 1 Notes: ◮ These are less sparse when written in BSDR ◮ Repeated folding → “∆” term approaches a uniform distribution ◮ “ s ” terms stay the same size 15 / 30

  22. Summary of divide and conquer component ( n = 2 k , ∆) top level − → Legend: (dim , ∆) ( n / 2 , ∆ + ) ( n / 2 , ∆ − ) ( n / 4 , ∆ ++ ) ( n / 4 , ∆ + − ) ( n / 8 , ∆ +++ ) ( n / 8 , ∆ ++ − ) ← − bottom level 16 / 30

  23. Summary of divide and conquer component ( n = 2 k , ∆) top level − → Legend: (dim , ∆) ( n / 2 , ∆ + ) ( n / 2 , ∆ − ) ( n / 4 , ∆ ++ ) ( n / 4 , ∆ + − ) ( n / 8 , ∆ +++ ) ( n / 8 , ∆ ++ − ) ← − bottom level 16 / 30

  24. Summary of divide and conquer component ( n = 2 k , ∆) top level − → Legend: (dim , ∆) ( n / 2 , ∆ + ) ( n / 2 , ∆ − ) ( n / 4 , ∆ ++ ) ( n / 4 , ∆ + − ) ( n / 8 , ∆ +++ ) ( n / 8 , ∆ ++ − ) ← − bottom level 16 / 30

  25. Summary of divide and conquer component ( n = 2 k , ∆) top level − → Legend: (dim , ∆) ( n / 2 , ∆ + ) ( n / 2 , ∆ − ) ( n / 4 , ∆ ++ ) ( n / 4 , ∆ + − ) ( n / 8 , ∆ +++ ) ( n / 8 , ∆ ++ − ) ← − bottom level 16 / 30

  26. Working a solution up a level Instance in ∆ = (∆ ℓ , ∆ r ) divides into two instances in ◮ ∆ + = ∆ ℓ + ∆ r ∈ Z n / 2 q ◮ ∆ − = ∆ ℓ − ∆ r ∈ Z n / 2 q Given ∆ + , guess which bits come from ∆ ℓ and which come from ∆ r to reconstruct ∆. Assuming κ ≪ n , at most 2 κ guesses. 1 Each guess is verified by plugging the solution into sibling instance. Small complication when bit flips in ∆ ℓ and ∆ r collide! ≫ 2 κ guesses for cold boot exhaustive search 1 Compare to � n log( q ) � κ 17 / 30

  27. What we have so far ( n = 2 k , ∆) top level − → ( n / 2 , ∆ + ) ( n / 2 , ∆ − ) ( n / 4 , ∆ ++ ) ( n / 4 , ∆ + − ) ( n / 8 , ∆ +++ ) ( n / 8 , ∆ ++ − ) ← − bottom level 18 / 30

  28. What we have so far ( n = 2 k , ∆) top level − → ( n / 2 , ∆ + ) ( n / 2 , ∆ − ) ( n / 4 , ∆ ++ ) ( n / 4 , ∆ + − ) ( n / 8 , ∆ +++ ) ( n / 8 , ∆ ++ − ) ← − bottom level 18 / 30

  29. What we have so far ( n = 2 k , ∆) top level − → ( n / 2 , ∆ + ) ( n / 2 , ∆ − ) ( n / 4 , ∆ ++ ) ( n / 4 , ∆ + − ) ( n / 8 , ∆ +++ ) ( n / 8 , ∆ ++ − ) ← − bottom level 18 / 30

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

21/02/2012 CSN08101 Digital Forensics Lecture 5A: PC Boot Sequence and Storage Devices Module

21/02/2012 CSN08101 Digital Forensics Lecture 5A: PC Boot Sequence and Storage Devices Module

21/02/2012 CSN08101 Digital Forensics Lecture 5A: PC Boot Sequence and Storage Devices Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak Objectives BIOS and boot process Storage devices Partitions Computer Hardware

777 views • 15 slides
BI BIOS S an and d Se Secu cure e Bo Boot t Attacks acks Unc ncover ered ed Advanced

BI BIOS S an and d Se Secu cure e Bo Boot t Attacks acks Unc ncover ered ed Advanced

BI BIOS S an and d Se Secu cure e Bo Boot t Attacks acks Unc ncover ered ed Advanced Threat Research, Intel Security John Loucaides (presenting) In n The he Be Begi ginnin nning Was as The he Leg egacy acy BI BIOS.. S..

1.27k views • 100 slides
Jack Fried Cold Electronics Review October 13, 2016 10/13/2016 Cold Electronics Review 1 APA

Jack Fried Cold Electronics Review October 13, 2016 10/13/2016 Cold Electronics Review 1 APA

SBND Warm Electronics Design and Integration Test with DAQ System Jack Fried Cold Electronics Review October 13, 2016 10/13/2016 Cold Electronics Review 1 APA with Integrated Cold Electronics Cold electronics module and its attachment to

540 views • 34 slides
Ultra-Fast Boot Approach Using Suspend to RAM on Linux based IVI System 2017/6/1 Panasonic

Ultra-Fast Boot Approach Using Suspend to RAM on Linux based IVI System 2017/6/1 Panasonic

Ultra-Fast Boot Approach Using Suspend to RAM on Linux based IVI System 2017/6/1 Panasonic Corporation Kazuomi KATO Agenda 1. Introduction 2. Approaches for optimizing startup time 3. Improvement the time at the COLD boot 4. Improvement the

642 views • 36 slides
Cold War Development of the Cold War The Cold War (1945-91) was one of perception where

Cold War Development of the Cold War The Cold War (1945-91) was one of perception where

Origins of the Cold War Development of the Cold War The Cold War (1945-91) was one of perception where neither side fully understood the intentions and ambitions of the other. This led to mistrust and military build-ups. United States

398 views • 37 slides
RE-FRAME LET'S MAKE A CLOCK (WOW!) TO UNDERSTAND RE-FRAME, YOU MUST BE ABLE TO LIVE WITHOUT IT.

RE-FRAME LET'S MAKE A CLOCK (WOW!) TO UNDERSTAND RE-FRAME, YOU MUST BE ABLE TO LIVE WITHOUT IT.

RE-FRAME LET'S MAKE A CLOCK (WOW!) TO UNDERSTAND RE-FRAME, YOU MUST BE ABLE TO LIVE WITHOUT IT. BOOT https://github.com/boot-clj/boot BOOT TEMPLATES boot -d seancorfield/boot-new new -t tenzing -n &lt;name&gt; [+a &lt;option&gt;]* $ cd

566 views • 22 slides
Reconstructing RSA Private Keys from Random Key Bits Nadia Heninger and Hovav Shacham

Reconstructing RSA Private Keys from Random Key Bits Nadia Heninger and Hovav Shacham

Reconstructing RSA Private Keys from Random Key Bits Nadia Heninger and Hovav Shacham Princeton UCSD August 17, 2009 Motivation:Cold boot or memory attacks A new side-channel attack on cryptographic keys that leaks information

359 views • 23 slides
Securing Linux VMs in a Hosted Environment mikbras@microsoft.com Goal attacks from the

Securing Linux VMs in a Hosted Environment mikbras@microsoft.com Goal attacks from the

Securing Linux VMs in a Hosted Environment mikbras@microsoft.com Goal attacks from the outside To protect Linux VMs from outside attacks (from processes running on the host). Injecting code into the boot chain. Stealing data from

559 views • 18 slides
BIOS and Secure Boot Attacks Uncovered Ruxcon 2014 Advanced Threat Research, Intel Security John

BIOS and Secure Boot Attacks Uncovered Ruxcon 2014 Advanced Threat Research, Intel Security John

BIOS and Secure Boot Attacks Uncovered Ruxcon 2014 Advanced Threat Research, Intel Security John Loucaides (presenting) In n The he Be Begi ginnin nning Was as The he Leg egacy acy BI BIOS.. S.. Leg egacy acy BI BIOS 1. CPU

1.36k views • 101 slides
Module-LWE vs. Ring-LWE? Amit Deo Royal Holloway, University of London 15 January, 2018 1/56

Module-LWE vs. Ring-LWE? Amit Deo Royal Holloway, University of London 15 January, 2018 1/56

Module-LWE vs. Ring-LWE? Amit Deo Royal Holloway, University of London 15 January, 2018 1/56 Main Aim of the Talk 1. Discuss popular variants of the LWE problem 2. Present a collection of reductions between the variants 3. Explicitly state

990 views • 78 slides
Attacks on Ring Learning with Errors Kristin E. Lauter ** joint work with Yara Elias, Ekin

Attacks on Ring Learning with Errors Kristin E. Lauter ** joint work with Yara Elias, Ekin

Attacks on Ring Learning with Errors Kristin E. Lauter ** joint work with Yara Elias, Ekin Ozman, and Katherine Stange UC Irvine, August 31, 2015 Lattice-Based Cryptography Post-quantum cryptography Ajtai-Dwork: public-key crypto based

500 views • 27 slides
On Projective Module with unique Maximal Submodule The 51th Ring and Representation Theory

On Projective Module with unique Maximal Submodule The 51th Ring and Representation Theory

( ) On Projective Module with unique Maximal Submodule The 51th Ring and Representation Theory Symposium Okayama University of Science Masahisa Sato Aichi University &amp; University of Yamanashi 13:10-13:40

514 views • 25 slides
Privacy Attacks Practicum Privacy &amp; Fairness in Data Science CS848 Fall 2019 2 Module 1:

Privacy Attacks Practicum Privacy &amp; Fairness in Data Science CS848 Fall 2019 2 Module 1:

Privacy Attacks Practicum Privacy &amp; Fairness in Data Science CS848 Fall 2019 2 Module 1: Intro to Privacy 1. Privacy Attacks Practicum 2. Differential Privacy 3. Basic Algorithms 4. Designing Complex Algorithms &amp; Composition 3

677 views • 44 slides
Secure Boot mistakes Jasper van Woudenberg (Job de Haas) jasper@riscure.com @jzvw 1 Secure

Secure Boot mistakes Jasper van Woudenberg (Job de Haas) jasper@riscure.com @jzvw 1 Secure

Top 10 Secure Boot mistakes Jasper van Woudenberg (Job de Haas) jasper@riscure.com @jzvw 1 Secure Boot Theory Internal boot ROM 1 st stage boot loader N th stage Verify signature Optional decrypt boot loader OS / Application 2

517 views • 25 slides
I Boot when U-Boot @bernardomr (MIA) @_evict 1 / 44 Agenda 1. Introduction 2. The target device

I Boot when U-Boot @bernardomr (MIA) @_evict 1 / 44 Agenda 1. Introduction 2. The target device

I Boot when U-Boot @bernardomr (MIA) @_evict 1 / 44 Agenda 1. Introduction 2. The target device 3. The bootkit 4. Defending / Detecting 2 / 44 Introduction Vincent Works at KPN REDteam Likes Linux and low-level stu Located in Amsterdam

792 views • 44 slides
Trending Boot Technology The Most Determinate Piece of Equipment in Skiing is the Boot. Boots are

Trending Boot Technology The Most Determinate Piece of Equipment in Skiing is the Boot. Boots are

Trending Boot Technology The Most Determinate Piece of Equipment in Skiing is the Boot. Boots are the transmitters of body movement to the ski. Proper support, comfort, and performance application make the difference between a good day on the snow

431 views • 29 slides
Space Survey Training P r e s e n t e d b y J i m N o l a n , F e d e r a l C o s t i n g C

Space Survey Training P r e s e n t e d b y J i m N o l a n , F e d e r a l C o s t i n g C

Click to edit Master title style Space Survey Training P r e s e n t e d b y J i m N o l a n , F e d e r a l C o s t i n g C o n c e p t s , L L C S u s a n C e s s a c , U M S y s t e m C o n t r o l l e r s O f f i c e 1 Click

811 views • 22 slides
The Helmholtz Association Project Large Scale Data Management and Analysis (LSDMA) Kilian

The Helmholtz Association Project Large Scale Data Management and Analysis (LSDMA) Kilian

The Helmholtz Association Project Large Scale Data Management and Analysis (LSDMA) Kilian Schwarz, GSI; Christopher Jung, KIT Overview Motivation Data Life Cycle LSDMAs dual approach Facts and Numbers Initial

488 views • 13 slides
Agenda Welcome and introductions Old business Field trip and CEB member recruitment

Agenda Welcome and introductions Old business Field trip and CEB member recruitment

Joint Base Elmendorf-Richardson I n t e g r i t y - S e r v i c e - E x c e l l e n c e Community Environmental Board &amp; Nike Site Summit Public Meeting October 19, 2016 Colonel Scott Matthews, Installation Co-Chair Mr. Art Isham,

685 views • 29 slides
Safe Initialization of Objects Fengyun Liu LAMP, EPFL June 26, 2020 Challenges Reasoning

Safe Initialization of Objects Fengyun Liu LAMP, EPFL June 26, 2020 Challenges Reasoning

Safe Initialization of Objects Fengyun Liu LAMP, EPFL June 26, 2020 Challenges Reasoning Problem Evaluation Inference Model A 50-year old problem class Hello { 1 val message = &quot;Hello, &quot; + name 2 val name = &quot;world&quot;

1.69k views • 135 slides
T HE Muon Ionization Cooling Experiment, to be operated at the Rutherford Appleton Laboratory in

T HE Muon Ionization Cooling Experiment, to be operated at the Rutherford Appleton Laboratory in

3HP2-9 1 The Cooling and Safety Design of a Pair of Binary Leads for the MICE Coupling Magnets L. Wang, S. Sun, Y. Cao, L. X. Yin, X. L. Guo, H. Pan, M. A. Green, Senior Member, IEEE, D. R. Li, A. Demello, and S. P. Virostek safety contingency,

451 views • 4 slides
LCLS-II 3.9GHz Cryomodules Assembly at Fermilab Tug Arkan / Chuck Grimm LCLS-II 3.9 GHz CM Delta

LCLS-II 3.9GHz Cryomodules Assembly at Fermilab Tug Arkan / Chuck Grimm LCLS-II 3.9 GHz CM Delta

LCLS-II 3.9GHz Cryomodules Assembly at Fermilab Tug Arkan / Chuck Grimm LCLS-II 3.9 GHz CM Delta Final Design Review January 29-30, 2019 Outline - Production Strategy - Fermilab Cryomodule Assembly Facility (CAF) infrastructure - Detailed CM

648 views • 45 slides
SEUSS: Skip Redundant Paths to Make Serverless Fast James Cadden , Thomas Unger, Yara Awad, Han

SEUSS: Skip Redundant Paths to Make Serverless Fast James Cadden , Thomas Unger, Yara Awad, Han

SEUSS: Skip Redundant Paths to Make Serverless Fast James Cadden , Thomas Unger, Yara Awad, Han Dong, Orran Krieger, Jonathan Appavoo Department of Computer Science Boston University The Proceedings of EuroSys, 2020 April 29th, 2020

570 views • 19 slides
uncertainty and changing risk profiles? Dr Dr Ju Judy La Lawren ence Senior Research Fellow

uncertainty and changing risk profiles? Dr Dr Ju Judy La Lawren ence Senior Research Fellow

Can we provide dynamic adaptive policy to address uncertainty and changing risk profiles? Dr Dr Ju Judy La Lawren ence Senior Research Fellow Climate Change Research Institute Victoria University Of Wellington Managin ing th the e

801 views • 51 slides

More recommend