cryptography from rings chris peikert
play

Cryptography from Rings Chris Peikert University of Michigan HEAT - PowerPoint PPT Presentation

Nov 14, 2022 •191 likes •840 views

Cryptography from Rings Chris Peikert University of Michigan HEAT Summer School 13 Oct 2015 1 / 13 Agenda 1 Polynomial rings, ideal lattices and Ring-LWE 2 Basic Ring-LWE encryption 3 Fully homomorphic encryption Selected bibliography:

  1. Cryptography from Rings Chris Peikert University of Michigan HEAT Summer School 13 Oct 2015 1 / 13

  2. Agenda 1 Polynomial rings, ideal lattices and Ring-LWE 2 Basic Ring-LWE encryption 3 Fully homomorphic encryption Selected bibliography: LPR’10 and ’13 V. Lyubashevsky, C. Peikert, O. Regev. “On Ideal Lattices and Learning with Errors Over Rings,” Eurocrypt’10 and JACM’13. “A Toolkit for Ring-LWE Cryptography,” Eurocrypt’13. BV’11 Z. Brakerski and V. Vaikuntanathan. “Fully Homomorphic Encryption from Ring-LWE. . . ” CRYPTO’11. 2 / 13

  3. Rings in Lattice Cryptography (A Selective History) 1996-97 Ajtai(-Dwork) worst-case/average-case reduction, one-way function & public-key encryption (very inefficient) 3 / 13

  4. Rings in Lattice Cryptography (A Selective History) 1996-97 Ajtai(-Dwork) worst-case/average-case reduction, one-way function & public-key encryption (very inefficient) 1996 NTRU efficient “ring-based” encryption (heuristic security) 3 / 13

  5. Rings in Lattice Cryptography (A Selective History) 1996-97 Ajtai(-Dwork) worst-case/average-case reduction, one-way function & public-key encryption (very inefficient) 1996 NTRU efficient “ring-based” encryption (heuristic security) 2002 Micciancio’s ring-based one-way function with worst-case hardness from ideal lattices (no encryption) 3 / 13

  6. Rings in Lattice Cryptography (A Selective History) 1996-97 Ajtai(-Dwork) worst-case/average-case reduction, one-way function & public-key encryption (very inefficient) 1996 NTRU efficient “ring-based” encryption (heuristic security) 2002 Micciancio’s ring-based one-way function with worst-case hardness from ideal lattices (no encryption) 2005 Regev’s LWE: encryption with worst-case hardness (inefficient) 3 / 13

  7. Rings in Lattice Cryptography (A Selective History) 1996-97 Ajtai(-Dwork) worst-case/average-case reduction, one-way function & public-key encryption (very inefficient) 1996 NTRU efficient “ring-based” encryption (heuristic security) 2002 Micciancio’s ring-based one-way function with worst-case hardness from ideal lattices (no encryption) 2005 Regev’s LWE: encryption with worst-case hardness (inefficient) 2008– Countless applications of LWE (still inefficient) 3 / 13

  8. Rings in Lattice Cryptography (A Selective History) 1996-97 Ajtai(-Dwork) worst-case/average-case reduction, one-way function & public-key encryption (very inefficient) 1996 NTRU efficient “ring-based” encryption (heuristic security) 2002 Micciancio’s ring-based one-way function with worst-case hardness from ideal lattices (no encryption) 2005 Regev’s LWE: encryption with worst-case hardness (inefficient) 2008– Countless applications of LWE (still inefficient) 2010 Ring-LWE: very efficient encryption, worst-case hardness () 3 / 13

  9. Cyclotomic Rings ◮ The m th cyclotomic ring is R = Z [ ζ ] where ζ = ζ m has order m . I.e., ζ m = 1 and ζ j � = 1 for 1 < j < m . 4 / 13

  10. Cyclotomic Rings ◮ The m th cyclotomic ring is R = Z [ ζ ] where ζ = ζ m has order m . I.e., ζ m = 1 and ζ j � = 1 for 1 < j < m . ◮ Fact: X m − 1 = � d | m Φ d ( X ) for irreducible √ � ( X − ω i ) ∈ Z [ X ] , Φ m ( X ) = ω = exp(2 π − 1 /m ) ∈ C . i ∈ Z ∗ m 4 / 13

  11. Cyclotomic Rings ◮ The m th cyclotomic ring is R = Z [ ζ ] where ζ = ζ m has order m . I.e., ζ m = 1 and ζ j � = 1 for 1 < j < m . ◮ Fact: X m − 1 = � d | m Φ d ( X ) for irreducible √ � ( X − ω i ) ∈ Z [ X ] , Φ m ( X ) = ω = exp(2 π − 1 /m ) ∈ C . i ∈ Z ∗ m ω 2 ω 3 ω 1 ω 1 ω 4 ω 5 ω 8 ω 5 ω 7 ω 7 Φ 9 ( X ) = 1 + X 3 + X 6 Φ 8 ( X ) = 1 + X 4 4 / 13

  12. Cyclotomic Rings ◮ The m th cyclotomic ring is R = Z [ ζ ] where ζ = ζ m has order m . I.e., ζ m = 1 and ζ j � = 1 for 1 < j < m . ◮ Fact: X m − 1 = � d | m Φ d ( X ) for irreducible √ � ( X − ω i ) ∈ Z [ X ] , Φ m ( X ) = ω = exp(2 π − 1 /m ) ∈ C . i ∈ Z ∗ m Therefore, Z [ ζ ] ∼ = Z [ X ] / Φ m ( X ) via ζ ↔ X . ω 2 ω 3 ω 1 ω 1 ω 4 ω 5 ω 8 ω 5 ω 7 ω 7 Φ 9 ( X ) = 1 + X 3 + X 6 Φ 8 ( X ) = 1 + X 4 4 / 13

  13. Cyclotomic Rings ◮ The m th cyclotomic ring is R = Z [ ζ ] where ζ = ζ m has order m . I.e., ζ m = 1 and ζ j � = 1 for 1 < j < m . ◮ Fact: X m − 1 = � d | m Φ d ( X ) for irreducible √ � ( X − ω i ) ∈ Z [ X ] , Φ m ( X ) = ω = exp(2 π − 1 /m ) ∈ C . i ∈ Z ∗ m Therefore, Z [ ζ ] ∼ = Z [ X ] / Φ m ( X ) via ζ ↔ X . ◮ We have deg( R ) = deg(Φ m ) = n := ϕ ( m ) , and R has a Z -basis { ζ 0 , ζ 1 , . . . , ζ n − 1 } : the power basis. This corresponds to Z [ X ] / Φ m ( X ) representation. 4 / 13

  14. Cyclotomic Rings ◮ The m th cyclotomic ring is R = Z [ ζ ] where ζ = ζ m has order m . I.e., ζ m = 1 and ζ j � = 1 for 1 < j < m . ◮ Fact: X m − 1 = � d | m Φ d ( X ) for irreducible √ � ( X − ω i ) ∈ Z [ X ] , Φ m ( X ) = ω = exp(2 π − 1 /m ) ∈ C . i ∈ Z ∗ m Therefore, Z [ ζ ] ∼ = Z [ X ] / Φ m ( X ) via ζ ↔ X . ◮ We have deg( R ) = deg(Φ m ) = n := ϕ ( m ) , and R has a Z -basis { ζ 0 , ζ 1 , . . . , ζ n − 1 } : the power basis. This corresponds to Z [ X ] / Φ m ( X ) representation. , . . . , ζ p − 1 ◮ There are other Z -bases, e.g., { ζ 0 p , . . . ζ k − 1 , ζ k +1 } . p p p 4 / 13

  15. Cyclotomic Rings Key Facts 1 For prime p : Φ p ( X ) = 1 + X + X 2 + · · · + X p − 1 . 5 / 13

  16. Cyclotomic Rings Key Facts 1 For prime p : Φ p ( X ) = 1 + X + X 2 + · · · + X p − 1 . 2 For m = p e : Φ m ( X ) = Φ p ( X m/p ) = 1 + X m/p + · · · + X m − m/p . 5 / 13

  17. Cyclotomic Rings Key Facts 1 For prime p : Φ p ( X ) = 1 + X + X 2 + · · · + X p − 1 . 2 For m = p e : Φ m ( X ) = Φ p ( X m/p ) = 1 + X m/p + · · · + X m − m/p . ✗ Otherwise, Φ m ( X ) is less “regular” and more “dense.” So it can be cumbersome to work with Z [ X ] / Φ m ( X ) . 5 / 13

  18. Cyclotomic Rings Key Facts 1 For prime p : Φ p ( X ) = 1 + X + X 2 + · · · + X p − 1 . 2 For m = p e : Φ m ( X ) = Φ p ( X m/p ) = 1 + X m/p + · · · + X m − m/p . ✗ Otherwise, Φ m ( X ) is less “regular” and more “dense.” So it can be cumbersome to work with Z [ X ] / Φ m ( X ) . Reduction to the Prime-Power Case ◮ Say m has prime-power factorization m 1 · · · m ℓ . 5 / 13

  19. Cyclotomic Rings Key Facts 1 For prime p : Φ p ( X ) = 1 + X + X 2 + · · · + X p − 1 . 2 For m = p e : Φ m ( X ) = Φ p ( X m/p ) = 1 + X m/p + · · · + X m − m/p . ✗ Otherwise, Φ m ( X ) is less “regular” and more “dense.” So it can be cumbersome to work with Z [ X ] / Φ m ( X ) . Reduction to the Prime-Power Case ◮ Say m has prime-power factorization m 1 · · · m ℓ . By ζ m i ↔ ζ m/m i , m R = Z [ ζ m ] ∼ = Z [ ζ m 1 , . . . , ζ m ℓ ] . 5 / 13

  20. Cyclotomic Rings Key Facts 1 For prime p : Φ p ( X ) = 1 + X + X 2 + · · · + X p − 1 . 2 For m = p e : Φ m ( X ) = Φ p ( X m/p ) = 1 + X m/p + · · · + X m − m/p . ✗ Otherwise, Φ m ( X ) is less “regular” and more “dense.” So it can be cumbersome to work with Z [ X ] / Φ m ( X ) . Reduction to the Prime-Power Case ◮ Say m has prime-power factorization m 1 · · · m ℓ . By ζ m i ↔ ζ m/m i , m R = Z [ ζ m ] ∼ = Z [ ζ m 1 , . . . , ζ m ℓ ] . ◮ R has powerful Z -basis { ζ j 1 m 1 · · · ζ j ℓ { ζ j i � m ℓ } = m i } , 0 ≤ j i < ϕ ( m i ) . 5 / 13

  21. Cyclotomic Rings Key Facts 1 For prime p : Φ p ( X ) = 1 + X + X 2 + · · · + X p − 1 . 2 For m = p e : Φ m ( X ) = Φ p ( X m/p ) = 1 + X m/p + · · · + X m − m/p . ✗ Otherwise, Φ m ( X ) is less “regular” and more “dense.” So it can be cumbersome to work with Z [ X ] / Φ m ( X ) . Reduction to the Prime-Power Case ◮ Say m has prime-power factorization m 1 · · · m ℓ . By ζ m i ↔ ζ m/m i , m R = Z [ ζ m ] ∼ = Z [ ζ m 1 , . . . , ζ m ℓ ] . ◮ R has powerful Z -basis { ζ j 1 m 1 · · · ζ j ℓ { ζ j i � m ℓ } = m i } , 0 ≤ j i < ϕ ( m i ) . In general, powerful basis � = power basis { ζ j m } , 0 ≤ j < ϕ ( m ) . 5 / 13

  22. Cyclotomic Rings Key Facts 1 For prime p : Φ p ( X ) = 1 + X + X 2 + · · · + X p − 1 . 2 For m = p e : Φ m ( X ) = Φ p ( X m/p ) = 1 + X m/p + · · · + X m − m/p . ✗ Otherwise, Φ m ( X ) is less “regular” and more “dense.” So it can be cumbersome to work with Z [ X ] / Φ m ( X ) . Reduction to the Prime-Power Case ◮ Say m has prime-power factorization m 1 · · · m ℓ . By ζ m i ↔ ζ m/m i , m R = Z [ ζ m ] ∼ = Z [ ζ m 1 , . . . , ζ m ℓ ] . ◮ R has powerful Z -basis { ζ j 1 m 1 · · · ζ j ℓ { ζ j i � m ℓ } = m i } , 0 ≤ j i < ϕ ( m i ) . In general, powerful basis � = power basis { ζ j m } , 0 ≤ j < ϕ ( m ) . ◮ Bottom line: we can efficiently reduce operations in R to independent operations in prime-power cyclotomics Z [ ζ m i ] . 5 / 13

  23. Canonical Geometry of R ◮ Need a geometry and notion of “short” for ring elements. Use coefficient vector w.r.t. a Z -basis? Which basis to use? 6 / 13

  24. Canonical Geometry of R ◮ Need a geometry and notion of “short” for ring elements. Use coefficient vector w.r.t. a Z -basis? Which basis to use? None! 6 / 13

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The Geometry of Rings Chris Peikert Georgia Institute of Technology ECRYPT II Summer School on

The Geometry of Rings Chris Peikert Georgia Institute of Technology ECRYPT II Summer School on

The Geometry of Rings Chris Peikert Georgia Institute of Technology ECRYPT II Summer School on Lattices Porto, Portugal 2 Oct 2012 1 / 13 LWE Over Rings (Over-Simplified) [LPR10] Ring R := Z [ X ] / (1 + X n ) for some n = 2 k , R q :=

1.31k views • 79 slides
Lattices: . . . to Cryptography Chris Peikert Georgia Institute of Technology Visions of

Lattices: . . . to Cryptography Chris Peikert Georgia Institute of Technology Visions of

Lattices: . . . to Cryptography Chris Peikert Georgia Institute of Technology Visions of Cryptography 10 December 2013 1 / 12 Agenda 1 The two one main lattice-based OWF 2 Two simple tricks that yield all of lattice cryptography 3 Lots of

909 views • 51 slides
On Ideal Lattices and Learning With Errors Over Rings Vadim Lyubashevsky 1 Chris Peikert 2 Oded

On Ideal Lattices and Learning With Errors Over Rings Vadim Lyubashevsky 1 Chris Peikert 2 Oded

On Ideal Lattices and Learning With Errors Over Rings Vadim Lyubashevsky 1 Chris Peikert 2 Oded Regev 1 1 Tel Aviv University 2 Georgia Institute of Technology Eurocrypt 2010 1 / 12 The Learning With Errors Problem [Regev05]

819 views • 59 slides
Lattices: From Worst-Case, to Average-Case, to Cryptography Chris Peikert Georgia Institute of

Lattices: From Worst-Case, to Average-Case, to Cryptography Chris Peikert Georgia Institute of

Lattices: From Worst-Case, to Average-Case, to Cryptography Chris Peikert Georgia Institute of Technology Public Key Cryptography and the Geometry of Numbers 6 May 2010 1 / 16 Talk Agenda 1 Smoothing and discrete Gaussians 2 From worst-case

1.43k views • 74 slides
Lattice Cryptography for the Internet Chris Peikert Georgia Institute of Technology Post-Quantum

Lattice Cryptography for the Internet Chris Peikert Georgia Institute of Technology Post-Quantum

Lattice Cryptography for the Internet Chris Peikert Georgia Institute of Technology Post-Quantum Cryptography 2 October 2014 1 / 12 Lattice-Based Cryptography p d o m x g = y N = = p m e mod N q e ( g a , g b ) (Images

873 views • 70 slides
Recovering Short Generators of Principal Ideals in Cyclotomic Rings L eo Ducas CWI,

Recovering Short Generators of Principal Ideals in Cyclotomic Rings L eo Ducas CWI,

Recovering Short Generators of Principal Ideals in Cyclotomic Rings L eo Ducas CWI, Amsterdam, The Netherlands Joint work with Ronald Cramer Chris Peikert Oded Regev Conference on Mathematics of Cryptography, August 2015, UC Irvine 1 1

770 views • 59 slides
Fundamentals of Lattice-Based Cryptography Chris Peikert University of Michigan 2nd Crypto

Fundamentals of Lattice-Based Cryptography Chris Peikert University of Michigan 2nd Crypto

Fundamentals of Lattice-Based Cryptography Chris Peikert University of Michigan 2nd Crypto Innovation School Shanghai, China 13 December 2019 1 / 23 Talk Outline 1 Lattices and hard problems 2 The SIS and LWE problems; basic applications 3

970 views • 94 slides
How (Not) to Instantiate Ring-LWE Chris Peikert University of Michigan Security and Cryptography

How (Not) to Instantiate Ring-LWE Chris Peikert University of Michigan Security and Cryptography

How (Not) to Instantiate Ring-LWE Chris Peikert University of Michigan Security and Cryptography for Networks 1 September 2016 1 / 12 Conclusions 2 / 12 Conclusions 1 Prior insecure Ring-LWE instantiations turn out to use quite narrow error

861 views • 65 slides
A Too it for Ri - E y o Vadim Lyubashevsky 1 Chris Peikert 2 Oded

A Too it for Ri - E y o Vadim Lyubashevsky 1 Chris Peikert 2 Oded

A Too it for Ri - E y o Vadim Lyubashevsky 1 Chris Peikert 2 Oded Regev 3 1 INRIA &amp; ENS Paris 2 Georgia Tech 3 Courant Institute, NYU Eurocrypt 2013 27 May 1 / 12 A Toolkit for Ring-LWE Cryptography Vadim

814 views • 70 slides
Lattice-Based Cryptography: Trapdoors, Discrete Gaussians, and Applications Chris Peikert

Lattice-Based Cryptography: Trapdoors, Discrete Gaussians, and Applications Chris Peikert

Lattice-Based Cryptography: Trapdoors, Discrete Gaussians, and Applications Chris Peikert Georgia Institute of Technology crypt@b-it 2013 1 / 21 Agenda 1 Strong trapdoors for lattices 2 Discrete Gaussians, sampling, and preimage

2.02k views • 113 slides
Lattice-Based Cryptography: Constructing Trapdoors and More Applications Chris Peikert Georgia

Lattice-Based Cryptography: Constructing Trapdoors and More Applications Chris Peikert Georgia

Lattice-Based Cryptography: Constructing Trapdoors and More Applications Chris Peikert Georgia Institute of Technology crypt@b-it 2013 1 / 18 Lattice-Based One-Way Functions Public key Z n m A for q =

871 views • 84 slides
Kuperbergs Collimation Sieve vs. CSIDH Chris Peikert University of Michigan Quantum

Kuperbergs Collimation Sieve vs. CSIDH Chris Peikert University of Michigan Quantum

Kuperbergs Collimation Sieve vs. CSIDH Chris Peikert University of Michigan Quantum Cryptanalysis of Post-Quantum Cryptography Simons Institute 24 February 2020 1 / 16 He Gives C-Sieves on the CSIDH Chris Peikert University of Michigan

1.61k views • 85 slides
Lattice-Based Cryptography Chris Peikert University of Michigan QCrypt 2016 1 / 24 Agenda 1

Lattice-Based Cryptography Chris Peikert University of Michigan QCrypt 2016 1 / 24 Agenda 1

Lattice-Based Cryptography Chris Peikert University of Michigan QCrypt 2016 1 / 24 Agenda 1 Foundations: lattice problems, SIS/LWE and their applications 2 Ring-Based Crypto: NTRU, Ring-SIS/LWE and ideal lattices 3 Practical Implementations:

1.03k views • 101 slides
Some Recent Progress in Lattice-Based Cryptography Chris Peikert SRI TCC 2009 1 / 17

Some Recent Progress in Lattice-Based Cryptography Chris Peikert SRI TCC 2009 1 / 17

Some Recent Progress in Lattice-Based Cryptography Chris Peikert SRI TCC 2009 1 / 17 Lattice-Based Cryptography p d o m x g = y N = = p m e mod N q e ( g a , g b ) (Images courtesy xkcd.org) 2 / 17 Lattice-Based

923 views • 74 slides
Recovering Short Generators of Principal Ideals in Cyclotomic Rings Ronald Cramer, L eo Ducas,

Recovering Short Generators of Principal Ideals in Cyclotomic Rings Ronald Cramer, L eo Ducas,

Recovering Short Generators of Principal Ideals in Cyclotomic Rings Ronald Cramer, L eo Ducas, Chris Peikert , Oded Regev 9 July 2015 Simons Institute Workshop on Math of Modern Crypto 1 / 15 Short Generators of Ideals in Cryptography A

688 views • 43 slides
Efficient Collision-Resistant Hashing from Worst-Case Assumptions on Cyclic Lattices Chris Peikert

Efficient Collision-Resistant Hashing from Worst-Case Assumptions on Cyclic Lattices Chris Peikert

Efficient Collision-Resistant Hashing from Worst-Case Assumptions on Cyclic Lattices Chris Peikert 1 Alon Rosen 2 1 MIT CSAIL 2 Harvard DEAS Theory of Cryptography Conference 5 March 2006 Chris Peikert, Alon Rosen (MIT, Harvard) Efficient

897 views • 61 slides
The Command Line Matthew Bender CMSC Command Line Workshop October 16, 2015 Matthew Bender

The Command Line Matthew Bender CMSC Command Line Workshop October 16, 2015 Matthew Bender

The Command Line Matthew Bender CMSC Command Line Workshop October 16, 2015 Matthew Bender (2015) The Command Line October 16, 2015 1 / 21 The Unix Philosophy Section 1 The Unix Philosophy Matthew Bender (2015) The Command Line October

605 views • 45 slides
Industrial Internet of Things Chenyang Lu Cyber-Physical Systems Laboratory Department of

Industrial Internet of Things Chenyang Lu Cyber-Physical Systems Laboratory Department of

Dependable Industrial Internet of Things Chenyang Lu Cyber-Physical Systems Laboratory Department of Computer Science and Engineering IoT for Industry 4.0 11.6+ billion hours operating experience 36,800+ wireless field networks

604 views • 35 slides
Adaptation Philipp Koehn 27 October 2020 Philipp Koehn Machine Translation: Adaptation 27

Adaptation Philipp Koehn 27 October 2020 Philipp Koehn Machine Translation: Adaptation 27

Adaptation Philipp Koehn 27 October 2020 Philipp Koehn Machine Translation: Adaptation 27 October 2020 Adaptation 1 Better quality when system is adapted to a task Domain adaptation to a specific domain, e.g., information technology

962 views • 46 slides
Galois groups arising from arithmetic differential equations ALEXANDRU BUIUM University of New

Galois groups arising from arithmetic differential equations ALEXANDRU BUIUM University of New

Galois groups arising from arithmetic differential equations ALEXANDRU BUIUM University of New Mexico 1. Aim of the talk 1) Briefly introduce arithmetic differential equations (Reference: AB, Inventiones 1995; AB, book, AMS 2005) 2) Show

484 views • 32 slides
On the Ring-LWE and Polynomial-LWE problems Miruna Roca, Damien Stehl, Alexandre Wallet

On the Ring-LWE and Polynomial-LWE problems Miruna Roca, Damien Stehl, Alexandre Wallet

On the Ring-LWE and Polynomial-LWE problems Miruna Roca, Damien Stehl, Alexandre Wallet Alexandre Wallet 1 / 37 ApproxSVP ApproxSVP ( O K -modules) ( O K -ideals) [LS15] [PRS17] [AD17] decision decision RLWE search RLWE

959 views • 54 slides
On the Ring-LWE and Polynomial-LWE problems Miruna Roca, Damien Stehl, Alexandre Wallet 1/35

On the Ring-LWE and Polynomial-LWE problems Miruna Roca, Damien Stehl, Alexandre Wallet 1/35

On the Ring-LWE and Polynomial-LWE problems Miruna Roca, Damien Stehl, Alexandre Wallet 1/35 A. Wallet About todays talk Its post-quantum (public-key) crypto time! Cryptography = building secure schemes Theoretical security = reduction

659 views • 49 slides
IPORPR WG (IP over Resilient Packet Rings) Chairs: F. Kastenholz; A. Herrera IETF IPoRPR Mar

IPORPR WG (IP over Resilient Packet Rings) Chairs: F. Kastenholz; A. Herrera IETF IPoRPR Mar

IPORPR WG (IP over Resilient Packet Rings) Chairs: F. Kastenholz; A. Herrera IETF IPoRPR Mar 2001 IPoRPR Work Group F.Kastenholz; A. Herrera IPoRPR WG Status Current Charter focused on IP over IEEE 802.17 RPR WG deliverable is a

320 views • 11 slides
SIMPSONS for beam modelling in high intensity rings Shinji Machida STFC/Rutherford Appleton

SIMPSONS for beam modelling in high intensity rings Shinji Machida STFC/Rutherford Appleton

SIMPSONS for beam modelling in high intensity rings Shinji Machida STFC/Rutherford Appleton Laboratory 19 September 2019 Many thanks to H. Hotchi for his contribution to the code and letting me show his results. Based on the presentation at

520 views • 40 slides

More recommend