depth robust graphs and their cumulative
play

Depth-Robust Graphs and Their Cumulative Memory Complexity Jol Alwen - PowerPoint PPT Presentation

Mar 19, 2023 •209 likes •834 views

Depth-Robust Graphs and Their Cumulative Memory Complexity Jol Alwen IST Austria Jeremiah Blocki Purdue University Krzysztof Pietrzak IST Austria Moderately Hard Function Intuitive Properties: 1. Computable by honest party. 2.

  1. Depth-Robust Graphs and Their Cumulative Memory Complexity Joël Alwen – IST Austria Jeremiah Blocki – Purdue University Krzysztof Pietrzak – IST Austria

  2. Moderately Hard Function Intuitive Properties: 1. Computable by honest party. 2. Brute-force evaluation is very expensive for adversary.

  3. Moderately Hard Function Intuitive Properties: 1. Computable by honest party. 2. Brute-force evaluation is very expensive for adversary. Applications: Limit the rate of invocations of a critical function.

  4. Moderately Hard Function Intuitive Properties: 1. Computable by honest party. 2. Brute-force evaluation is very expensive for adversary. Applications: Limit the rate of invocations of a critical function. • Password Based Cryptography • Password Hashing (E.g. Login Server) • Key Derivation Functions

  5. Moderately Hard Function Intuitive Properties: 1. Computable by honest party. 2. Brute-force evaluation is very expensive for adversary. Applications: Limit the rate of invocations of a critical function. • Password Based Cryptography • Password Hashing (E.g. Login Server) • Key Derivation Functions • Proofs-of-Effort • Distributed PoW for Consensus (E.g. Ethereum, Lightcoin, Dogecoin, etc.) • Against SPAM [ABMW05, DGN03, DNW05] • Against Sybil attacks.

  6. Why “Memory” Hard? In practice cost-effective brute-forcing often uses GPUs, FGPAs & ASICs. • Bitcoin miners, DES Cracker [EFF98], Sagitta Password Cracker, etc. • Why? ASICs provide a financial incentive. • Specifically: Computation is cheaper for custom hardware (e.g. ASICs) then general purpose CPUs. • Want: More egalitarian notion of “hardness” than computation. • ℕ 1. Can be computed in sequential time n. 2. Requires as much parallel space-time as possible for any function satisfying 1.

  7. Why “Memory” Hard? In practice cost-effective brute-forcing often uses GPUs, FGPAs & ASICs. • Bitcoin miners, DES Cracker [EFF98], Sagitta Password Cracker, etc. • Why? ASICs provide a financial incentive. • Specifically: Computation is cheaper for custom hardware (e.g. ASICs) then general purpose CPUs. • Want: More egalitarian notion of “hardness” than computation. • Goal: A notion of complexity that approximates the hardware cost of an ASIC performing the computation. • ℕ 1. Can be computed in sequential time n. 2. Requires as much parallel space-time as possible for any function satisfying 1.

  8. Why “Memory” Hard? In practice cost-effective brute-forcing often uses GPUs, FGPAs & ASICs. • Bitcoin miners, DES Cracker [EFF98], Sagitta Password Cracker, etc. • Why? ASICs provide a financial incentive. • Specifically: Computation is cheaper for custom hardware (e.g. ASICs) then general purpose CPUs. • Want: More egalitarian notion of “hardness” than computation. • Goal: A notion of complexity that approximates the hardware cost of an ASIC performing the computation. VLSI: “Area x Time” (AT) complexity used to measure efficiency of a • ℕ circuit 1. Can be computed in sequential time n. 2. Requires as much parallel space-time as possible for any function satisfying 1.

  9. Why “Memory” Hard? In practice cost-effective brute-forcing often uses GPUs, FGPAs & ASICs. • Bitcoin miners, DES Cracker [EFF98], Sagitta Password Cracker, etc. • Why? ASICs provide a financial incentive. • Specifically: Computation is cheaper for custom hardware (e.g. ASICs) then general purpose CPUs. • Want: More egalitarian notion of “hardness” than computation. • Goal: A notion of complexity that approximates the hardware cost of an ASIC performing the computation. VLSI: “Area x Time” (AT) [Per09] : “expensive” ≈ large “space × parallel- time” (ST) complexity complexity used to measure efficiency of a circuit • ℕ 1. Can be computed in sequential time n. 2. Requires as much parallel space-time as possible for any function satisfying 1.

  10. Why “Memory” Hard? ℕ In practice cost-effective brute-forcing often uses GPUs, FGPAs & ASICs. • Bitcoin miners, DES Cracker [EFF98], Sagitta Password Cracker, etc. • Why? ASICs provide a financial incentive. • Specifically: Computation is cheaper for custom hardware (e.g. ASICs) then general purpose CPUs. • Want: More egalitarian notion of “hardness” than computation. • Goal: A notion of complexity that approximates the hardware cost of an ASIC performing the computation. [Per09] : “expensive” ≈ large “space × parallel- time” (ST) complexity 1. Can be computed in sequential time n. 2. Requires as much parallel space-time as possible for any function satisfying 1. Requires as much parallel space-time as possible for any function satisfying 1.

  11. Data-(in)dependence • An MHF is a mode of operation usually over a round function.

  12. Data-(in)dependence • An MHF is a mode of operation usually over a round function. • Is the memory access pattern of the honest (sequential) evaluation algorithms input-dependent or not? • No: data-independent MHF (iMHF). Example: Argon2i, Balloon Hashing. • Yes: data-dependent MHF (dMHF). Example: scrypt, Argon2d.

  13. Data-(in)dependence • An MHF is a mode of operation usually over a round function. • Is the memory access pattern of the honest (sequential) evaluation algorithms input-dependent or not? • No: data-independent MHF (iMHF). Example: Argon2i, Balloon Hashing. • Yes: data-dependent MHF (dMHF). Example: scrypt, Argon2d. iMHF advantage: Implementations easier to secure against certain cache-timing attacks. • Important for some password based crypto applications.

  14. iMHFs • Password Hashing Competition • Winner: Argon2i [BDK15] • Finalists: Catena[FLW15], Lyr2 [SAASB15], Pomelo [W15],… • Other contestants: Rig-v2 [CJMS14], Gambit [P14], TwoCats [C14],… • Since PHC: Balloon Hashing [BCGS16], Alwen-Serbinenko[AS15]

  15. iMHFs • Password Hashing Competition • Winner: Argon2i [BDK15] • Finalists: Catena[FLW15], Lyr2 [SAASB15], Pomelo [W15],… • Other contestants: Rig-v2 [CJMS14], Gambit [P14], TwoCats [C14],… • Since PHC: Balloon Hashing [BCGS16], Alwen-Serbinenko[AS15] • Usually designed based on intuition and verified via cryptanalysis. • Exceptions: Catena, Balloon Hashing, AS15 • Balloon Hashing has security proof for sequential adversaries in ROM. • AS15 has proof for parallel adversaries in ROM.

  16. Amortization and Parallelism Problem:

  17. Amortization and Parallelism Problem: S 1 space ST 1 = S 1 × T 1 cost of computing T 1 f once time

  18. Amortization and Parallelism Problem: S 3 S 1 space ST 1 = S 1 × T 1 cost of computing T 1 T 3 f once time

  19. Amortization and Parallelism Problem: S 3 S 1 space ≈ S 3 × T 3 = ST 3 ST 1 = S 1 × T 1 cost of computing cost of computing T 1 T 3 f once time f three times

  20. Amortization and Parallelism Problem : function f n (consisting of n RO calls) such that: 𝑇𝑈 𝑔 × 𝑜 = 𝑃 ( 𝑇𝑈 𝑔 ) 𝑜 𝑜 × 𝑜 𝑜 𝑜 × 𝑜 × 𝑜 𝑔 × 𝑜 S 3 S 1 space ≈ S 3 × T 3 = ST 3 ST 1 = S 1 × T 1 cost of computing cost of computing T 1 T 3 f once time f three times [AS15] ∃ function f n (consisting of n RO calls) such that: 𝑇𝑈 𝑔 × 𝑜 = 𝑃(𝑇𝑈 𝑔 )

  21. Cumulative Memory Complexity • Fix an execution... m space iterations t

  22. Cumulative Memory Complexity • Fix an execution... ST Cost m space iterations t

  23. Cumulative Memory Complexity • Fix an execution... • Idea: Define the cost to be area under the “memory curve”. Cumulative Memory Cost ST Cost m ↦ space space iterations iterations t

  24. Parallel Pebbling Game • Intuition: Models Parallel Computation • Iteratively place pebbles on the nodes of DAG G . • Initially no pebbles on G . Each node can have at most one pebble. • Goal: Place a pebble on sink node(s) of G . • Rules: 1. Can place a pebble on v only if all of parents of v currently have a pebble. ⇒ can always place a pebble on source nodes 2. Can remove any pebble at any time.

  25. A New Parallel Pebbling Game Parallel Pebbling Game: Same as Black Pebbling, except can touch many pebbles per iteration. Complexity: Cumulative Pebbling Complexity (CPC). CPC-cost =

  26. A New Parallel Pebbling Game Parallel Pebbling Game: Same as Black Pebbling, except can touch many pebbles per iteration. Complexity: Cumulative Pebbling Complexity (CPC). CPC-cost = 1+

  27. A New Parallel Pebbling Game Parallel Pebbling Game: Same as Black Pebbling, except can touch many pebbles per iteration. Complexity: Cumulative Pebbling Complexity (CPC). CPC-cost = 1+ 2+

  28. A New Parallel Pebbling Game Parallel Pebbling Game: Same as Black Pebbling, except can touch many pebbles per iteration. Complexity: Cumulative Pebbling Complexity (CPC). CPC-cost = 1+ 2+ 1 = 4

  29. A New Parallel Pebbling Game Parallel Pebbling Game: Same as Black Pebbling, except can touch many pebbles per iteration. Complexity: Cumulative Pebbling Complexity (CPC). CPC-cost = 1+ 2+ 1 = 4 CPC(Graph G) := min CPC(Pebbling of G)

  30. “We Can Only Pebble A Graph Function” • View a mode of operation as DAG. ( hash graph”, “graph function”)

  31. “We Can Only Pebble A Graph Function” • View a mode of operation as DAG. ( hash graph”, “graph function”) • Theorem [AS15] • Let H : {0,1} 2w → {0,1} w be a RO and G be a DAG. ⟹ 𝐷𝑁𝐷 𝑔 ≥ 𝐷𝑄𝐷(𝐻)/4 • Let f be the function given by ( G , H ).

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Graphs Graphs Simple graphs Algorithms Depth-first search Breadth-first search

Graphs Graphs Simple graphs Algorithms Depth-first search Breadth-first search

CS171 Introduction to Computer Science II Graphs Graphs Simple graphs Algorithms Depth-first search Breadth-first search shortest path Connected components Directed graphs Weighted graphs Minimum spanning tree

781 views • 53 slides
Unsupervised Monocular Depth Estimation CNN Robust to Training Data Diversity Valery

Unsupervised Monocular Depth Estimation CNN Robust to Training Data Diversity Valery

Unsupervised Monocular Depth Estimation CNN Robust to Training Data Diversity Valery Anisimovskiy, Andrey Shcherbinin, 15 May, 2020 Sergey Turko and Ilya Kurilin Problem Statement: Depth Sensors limitations IR depth sensor Stereo camera

670 views • 21 slides
Exact inference and learning for cumulative distribution functions on loopy graphs Jim C. Huang,

Exact inference and learning for cumulative distribution functions on loopy graphs Jim C. Huang,

Exact inference and learning for cumulative distribution functions on loopy graphs Jim C. Huang, Nebojsa Jojic and Christopher Meek NIPS 2010 Presented by Jenny Lam Previous work Cumulative distribution networks and the derivative-sum-

337 views • 23 slides
Graphs Graphs Definitions Implementation/Representation of graphs Search

Graphs Graphs Definitions Implementation/Representation of graphs Search

CS171 Introduction to Computer Science II Science II Graphs Graphs Definitions Implementation/Representation of graphs Search Depth-first search Depth-first search Breadth-first search Applications Find a path

464 views • 30 slides
Graphs Graphs Simple graphs Algorithms Depth-first search Breadth-first search

Graphs Graphs Simple graphs Algorithms Depth-first search Breadth-first search

CS171 Introduction to Computer Science II Science II Graphs Graphs Simple graphs Algorithms Depth-first search Breadth-first search shortest path shortest path Connected components Directed graphs Weighted

499 views • 32 slides
Graphs Graphs Simple graphs Algorithms Depth-first search Breadth-first search

Graphs Graphs Simple graphs Algorithms Depth-first search Breadth-first search

CS171 Introduction to Computer Science II Science II Graphs Graphs Simple graphs Algorithms Depth-first search Breadth-first search shortest path shortest path Connected components Directed graphs Weighted

955 views • 51 slides
for Robust Robot Mapping Workshop on Robust and Multimodal Inference in Factor Graphs Pratik

for Robust Robot Mapping Workshop on Robust and Multimodal Inference in Factor Graphs Pratik

Dynamic Covariance Scaling for Robust Robot Mapping Workshop on Robust and Multimodal Inference in Factor Graphs Pratik Agarwal , Gian Diego Tipaldi, Luciano Spinello, Cyrill Stachniss and Wolfram Burgard University of Freiburg, Germany Maps

840 views • 45 slides
Adaptive Diffusions for Scalable and Robust Learning over Graphs ICASSP2017 Georgios B.

Adaptive Diffusions for Scalable and Robust Learning over Graphs ICASSP2017 Georgios B.

Adaptive Diffusions for Scalable and Robust Learning over Graphs ICASSP2017 Georgios B. Giannakis A. N. Nikolakopoulos D. K. Berberidis Dept. of ECE and Digital Tech. Center, University of Minnesota Acknowledgments: NSF 1500713,1711471, NIH

277 views • 23 slides
OVERVIEW OF OVERVIEW OF CUMULATIVE EFFECTS CUMULATIVE EFFECTS ASSESSMENT ASSESSMENT What is

OVERVIEW OF OVERVIEW OF CUMULATIVE EFFECTS CUMULATIVE EFFECTS ASSESSMENT ASSESSMENT What is

OVERVIEW OF OVERVIEW OF CUMULATIVE EFFECTS CUMULATIVE EFFECTS ASSESSMENT ASSESSMENT What is Cumulative Effects Assessment? Definition: The process of systematically identifying and analyzing cumulative environmental change as a result of

702 views • 48 slides
Robust and Practical Depth Map Fusion for Time-of-Flight Cameras Markus Ylimki 1 , Juho Kannala

Robust and Practical Depth Map Fusion for Time-of-Flight Cameras Markus Ylimki 1 , Juho Kannala

Robust and Practical Depth Map Fusion for Time-of-Flight Cameras Markus Ylimki 1 , Juho Kannala 2 , Janne Heikkil 1 1 Center for Machine Vision Research, University of Oulu, Oulu, Finland 2 Department of Computer Science, Aalto University,

701 views • 18 slides
Variational Smoothing on Delaunay Graphs W. Nicholas Greene Robust Robotics Group, MIT CSAIL LPM

Variational Smoothing on Delaunay Graphs W. Nicholas Greene Robust Robotics Group, MIT CSAIL LPM

FLaME: Fast Lightweight Mesh Estimation using Variational Smoothing on Delaunay Graphs W. Nicholas Greene Robust Robotics Group, MIT CSAIL LPM Workshop IROS 2017 September 28, 2017 with Nicholas Roy 1 We want Autonomous Vision-Based

859 views • 81 slides
Com putin g the Depth of a Flat Marshall Bern Xerox PARC an d David Eppstein UC Irvin e 1

Com putin g the Depth of a Flat Marshall Bern Xerox PARC an d David Eppstein UC Irvin e 1

Com putin g the Depth of a Flat Marshall Bern Xerox PARC an d David Eppstein UC Irvin e 1 Robust Regression Given data with depen den t an d in depen den t vars Describe depen den t vars as fun ction of in dep. on es Should be robust again

299 views • 16 slides
CMPSCI 187: Programming With Data Structures Lecture #32: Searching Graphs David Mix Barrington

CMPSCI 187: Programming With Data Structures Lecture #32: Searching Graphs David Mix Barrington

CMPSCI 187: Programming With Data Structures Lecture #32: Searching Graphs David Mix Barrington 28 November 2012 Searching Graphs Review Graphs and Implementations The isPath Problem Using a Stack: Depth-First Search Using a

541 views • 11 slides
Graphs () Graphs () Graphs Graphs Graphs are collections of nodes

Graphs () Graphs () Graphs Graphs Graphs are collections of nodes

Graphs () Graphs () Graphs Graphs Graphs are collections of nodes in which various pairs are connected by K08 line segments. The

627 views • 17 slides
Week 4 Kullmann Graphs and directed graphs Elementary Graph Algorithms Trees Breadth-first

Week 4 Kullmann Graphs and directed graphs Elementary Graph Algorithms Trees Breadth-first

CS 270 Algorithms Oliver Week 4 Kullmann Graphs and directed graphs Elementary Graph Algorithms Trees Breadth-first search Graphs and directed graphs Depth-first 1 search Topological sorting Trees 2 Breadth-first search 3

593 views • 28 slides
Graph Traversals: Breadth-First and Depth-First Search Eric

Graph Traversals: Breadth-First and Depth-First Search Eric

Graph Traversals: Breadth-First and Depth-First Search Eric Eaton Bryn Mawr College Computer Science Department What is a Graph? Graphs are collections of vertex vertices joined by edges

1.45k views • 101 slides
Water Chemical formula H 2 0. The existence of strong hydrogen bond Exists in nature as Ice, water

Water Chemical formula H 2 0. The existence of strong hydrogen bond Exists in nature as Ice, water

Water Chemical formula H 2 0. The existence of strong hydrogen bond Exists in nature as Ice, water and vapour. Melting point 0 C, boiling point 100 C. Specific heat (water): 1 calorie/gm/degree C. Second highest! very important for

948 views • 19 slides
1 & 2 Samuel Series Lesson #049 April 19, 2016 Dean Bible Ministries

1 & 2 Samuel Series Lesson #049 April 19, 2016 Dean Bible Ministries

1 & 2 Samuel Series Lesson #049 April 19, 2016 Dean Bible Ministries www.deanbibleministries.org Dr. Robert L. Dean, Jr. W ATCH Y OUR M OUTH 1 S AMUEL 14:15-46 Gilgal Pictorial Library Vol. 2: Benjamin Pictorial Library Vol. 2: Benjamin

505 views • 26 slides
Utilizing User Access Patterns in Enterprise Search Udo Kruschwitz School of Computer Science

Utilizing User Access Patterns in Enterprise Search Udo Kruschwitz School of Computer Science

Overview Log Data Adaptive Search Adaptive Navigation Evaluation Current Work Conclusions Utilizing User Access Patterns in Enterprise Search Udo Kruschwitz School of Computer Science and Electronic Engineering University of Essex United

1.26k views • 63 slides
S PECTRUM D ATA - II Nabeela Aijaz, Michael Hurley, Apolo Luis, Joel Rinsky, Chandrika Satyavolu,

S PECTRUM D ATA - II Nabeela Aijaz, Michael Hurley, Apolo Luis, Joel Rinsky, Chandrika Satyavolu,

O UTLINES T HE P ROBLEM D ETAILS ON SOLVING THE PROBLEM R ESULTS C ONCLUSION AND FUTURE RESULTS I MPROVED L INEAR A LGEBRA M ETHODS FOR R EDSHIFT C OMPUTATION FROM L IMITED S PECTRUM D ATA - II Nabeela Aijaz, Michael Hurley, Apolo Luis, Joel

674 views • 35 slides
MACHINE LEARNING Linear and Weighted Regression Support Vector Regression 1 APPLIED MACHINE

MACHINE LEARNING Linear and Weighted Regression Support Vector Regression 1 APPLIED MACHINE

APPLIED MACHINE LEARNING MACHINE LEARNING Linear and Weighted Regression Support Vector Regression 1 APPLIED MACHINE LEARNING Classification (reminder) Maps N -dimensions input x N to discrete values y E.g.: x = [ Length , Color ]

931 views • 68 slides
CSC 311: Introduction to Machine Learning Lecture 5 - Decision Trees & Bias-Variance

CSC 311: Introduction to Machine Learning Lecture 5 - Decision Trees & Bias-Variance

CSC 311: Introduction to Machine Learning Lecture 5 - Decision Trees & Bias-Variance Decomposition Roger Grosse Chris Maddison Juhan Bae Silviu Pitis University of Toronto, Fall 2020 Intro ML (UofT) CSC311-Lec5 1 / 49 Today Decision

1.49k views • 50 slides
Automated Reasoning Model Checking with Spin (III) Alan Bundy Automated Reasoning Model

Automated Reasoning Model Checking with Spin (III) Alan Bundy Automated Reasoning Model

Automated Reasoning Model Checking with Spin (III) Alan Bundy Automated Reasoning Model Checking with Spin (III) Lecture 12, page 1 Outline of Verification Process Objective: form one big automata, which Spin can use for verification.

1.01k views • 25 slides
? ? Protect Provide Opportunity Space ! ! ! ! ! ! Subjectivity ! ! ! ! Behaviour Command

? ? Protect Provide Opportunity Space ! ! ! ! ! ! Subjectivity ! ! ! ! Behaviour Command

School Family Work Love Childhood Adulthood Play Leisure standard change The normative Agentic Competent discourse Child Public Changing Society Culture Rational y Independent t Active n i a risk t Protect Provide r e

456 views • 3 slides

More recommend