full indifferentiable security of the xor of two or more
play

Full Indifferentiable Security of the Xor of Two or More Random - PowerPoint PPT Presentation

Feb 04, 2023 •172 likes •1.8k views

Full Indifferentiable Security of the Xor of Two or More Random Permutations Using the 2 Method Srimanta Bhattacharya and Mridul Nandi Indian Statistical Institute, Kolkata. Eurocrypt 2018 Tel Aviv, Israel 30th April, 2018 Outline 1

  1. Introduction XORP and XORP [ k ] PRF-Security: Indistinguishability PRF-Security: Indistinguishability $ XORP A XORP ( A ) ∶ = ∣ Pr [A XORP → 1 ] − Pr [A $ → 1 ]∣ Adv prf Focus on information theoretic security of XORP . A comutationally unbounded. A deterministic. Restrict A to q queries. 1 = ( X 1 , 1 ,...,X 1 ,q ) , XORP and $ returns X q 2 = ( X 2 , 1 ,...,X 2 ,q ) ∈ Ω q X q Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  2. Introduction XORP and XORP [ k ] PRF-Security: Indistinguishability PRF-Security: Indistinguishability $ XORP A XORP ( A ) ∶ = ∣ Pr [A XORP → 1 ] − Pr [A $ → 1 ]∣ Adv prf Focus on information theoretic security of XORP . A comutationally unbounded. A deterministic. Restrict A to q queries. 1 = ( X 1 , 1 ,...,X 1 ,q ) , XORP and $ returns X q 2 = ( X 2 , 1 ,...,X 2 ,q ) ∈ Ω q X q Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  3. Introduction XORP and XORP [ k ] PRF-Security: Indistinguishability PRF-Security: Indistinguishability $ XORP A XORP ( A ) ∶ = ∣ Pr [A XORP → 1 ] − Pr [A $ → 1 ]∣ Adv prf Focus on information theoretic security of XORP . A comutationally unbounded. A deterministic. Restrict A to q queries. 1 = ( X 1 , 1 ,...,X 1 ,q ) , XORP and $ returns X q 2 = ( X 2 , 1 ,...,X 2 ,q ) ∈ Ω q X q XORP [ k ] (A) ≤ max E⊆ Ω q ∑ x q ∈E ( Pr [ X q 1 = x q ] − Pr [ X q 2 = x q ]) . Adv prf Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  4. Introduction XORP and XORP [ k ] PRF-Security Results Upper Bounds on Adv prf XORP (A) and Adv prf XORP [ k ] (A) 3 Bellare and Impagliazzo, 1999: O ( nq 2 ) for XORP 2 3 N Lucks, 2000: O ( q k + 1 N k ) for XORP [ k ] ,k ≥ 2 . Patarin, 2008, Patarin, 2013: O ( q N ) Cogliati et al., 2014: O ( q k + 2 N k + 1 ) , O (( kq 2 k + 2 N 2 k + 1 ) 3 ) for XORP [ k ] Dai et al., 2017: O ( q N ) for XORP . XORP [ k ] ( A ) = Adv prf XORP ( A ) Mennink and Preneel, 2015: Adv prf Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  5. Introduction Indifferentiability Moving from Secret to Public Permutation Moving from Secret to Public Permutation In PRF-security (indistinguishability) setting permuatations remain secret. Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  6. Introduction Indifferentiability Moving from Secret to Public Permutation Moving from Secret to Public Permutation In PRF-security (indistinguishability) setting permuatations remain secret. Motivation behind making the permutations public Sometimes block ciphers are instantiated with fixed keys. Many unkeyed permutations are designed as an underlying primitive of encryption Bertoni et al., 2011a, MAC Bertoni et al., 2011b, hash functions Bertoni et al., 2013, Rivest et al., 2008, Wu, 2011, Gauravaram et al., 2009 CAESAR candidates have been analyzed in the public permutation model. Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  7. Introduction Indifferentiability Indifferentiable-Security Notion Indifferentiable-Security Notion Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  8. Introduction Indifferentiability Indifferentiable-Security Notion Indifferentiable-Security Notion Real World Ideal World F T S G A Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  9. Introduction Indifferentiability Indifferentiable-Security Notion Indifferentiable-Security Notion Real World Ideal World F T S G A T F , G S ( A ) = ∣ Pr [A T , F → 1 ] − Pr [A G , S → 1 ]∣ . Adv diff Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  10. Introduction Indifferentiability Indifferentiable-Security Notion Indifferentiable-Security Notion Real World Ideal World F T S G A T F , G S ( A ) = ∣ Pr [A T , F → 1 ] − Pr [A G , S → 1 ]∣ . Adv diff Maurer et al., 2004 ∃ S s.t. Adv diff T F , G S (A) ⇒ T is indifferentiable is negligible ∀ adversary A . from G . Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  11. Introduction Indifferentiability Indifferentiability of XORP Indifferentiability of XORP Π = ( Π 0 , Π 1 , Π − 1 0 , Π − 1 1 ) $ XORP S A Purpose of S is to simulate Π such that ( XORP , Π ) is indistinguishable from ( $ , S ) . S has oracle access to $. Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  12. Introduction Indifferentiability Indifferentiability of XORP Real World and Ideal World Real World: Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  13. Introduction Indifferentiability Indifferentiability of XORP Real World and Ideal World Real World: Construction Query: A queries with x . XORP returns Π 0 ( x ) ⊕ Π 1 ( x ) to A . Primitive Query: Forward Query: A queries Π 0 or Π 1 with x and gets Π 0 ( x ) or Π 1 ( x ) . Backward Query: A queries Π 0 or Π 1 with y 0 ( y ) or and obtains Π − 1 1 ( y ) . Π − 1 Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  14. Introduction Indifferentiability Indifferentiability of XORP Real World and Ideal World Real World: Ideal World: Construction Query: A queries with x . XORP returns Π 0 ( x ) ⊕ Π 1 ( x ) to A . Primitive Query: Forward Query: A queries Π 0 or Π 1 with x and gets Π 0 ( x ) or Π 1 ( x ) . Backward Query: A queries Π 0 or Π 1 with y 0 ( y ) or and obtains Π − 1 1 ( y ) . Π − 1 Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  15. Introduction Indifferentiability Indifferentiability of XORP Real World and Ideal World Real World: Ideal World: Random Function Query: $ returns $ ( x ) . Construction Query: A queries with x . XORP Simulator Query: returns Π 0 ( x ) ⊕ Π 1 ( x ) to Forward Query: A A . queries S with ( x,b ) . S returns V b ∈ { 0 , 1 } n . Primitive Query: Backward Query: A Forward Query: A queries S with ( y,b ) . S queries Π 0 or Π 1 with x and gets Π 0 ( x ) or Π 1 ( x ) . returns V b ∈ { 0 , 1 } n ∪ {�} . Backward Query: A � indicates that S queries Π 0 or Π 1 with y aborted after certain 0 ( y ) or and obtains Π − 1 number of iterations. 1 ( y ) . Π − 1 Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  16. Introduction Indifferentiability Indifferentiability of XORP Goal Purpose of S is to simulate Π such that ( XORP , Π ) is indistinguishable from ( $ , S ) . V b should be close to Π b (or Π − 1 b in case of backward query). Construct S such that XORP , $ ( A ) = ∣ Pr [ A XORP , Π → 1 ] − Pr [ A $ , S → 1 ]∣ Adv diff should be negligible. Restrict A to q queries and obtain a concrete upper bound on XORP , $ ( A ) (in terms of parameters q and n ) Adv diff Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  17. Introduction Indifferentiability Results Results Construction Best known bound Our bound √ q 3 / 2 2 n Mennink and Preneel, 2015 q / 2 n XORP √ XORP [ k ] 2 nk ( k ≥ 4 even) Lee, 2017 q / 2 n q k + 1 Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  18. Introduction Techniques Mirror Theory Mirror Theory and It’s Limitations Introduced in Patarin, 2010; motivated from the PRF-security of XORP [ k ] type constructions. Lower bound on the number of solutions satisfying a system of linear equations involving exactly two variables. ✓ Together with the × Complex: some stpes are not H-coefficient technique clear. × Limitation in indifferentiability provides a bound on the setting: PRF-security of XORP . × No equation in single variable ✓ Powerful: Optimal security × Adversary can make public of EDM, EWCDM, permutation calls. Need to etc. Mennink and Neves, 2017a, consider single variable Mennink and Neves, 2017b equations. Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  19. χ 2 Method Introduction Techniques χ 2 Method X q ∶= ( X 1 ,...,X q ) and Z q ∶= ( Z 1 ,...,Z q ) distributed over Ω q = Ω × ⋯ × Ω according to P 0 and P 1 respectively. Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  20. χ 2 Method Introduction Techniques χ 2 Method X q ∶= ( X 1 ,...,X q ) and Z q ∶= ( Z 1 ,...,Z q ) distributed over Ω q = Ω × ⋯ × Ω according to P 0 and P 1 respectively. P 0 ∣ x i − 1 ( x i ) = Pr [ X i = x i ∣ X 1 = x 1 ,...,X i − 1 = x i − 1 ] , P 1 ∣ x i − 1 ( x i ) = Pr [ Z i = x i ∣ Z 1 = x 1 ,...,Z i − 1 = x i − 1 ] . Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  21. χ 2 Method Introduction Techniques χ 2 Method X q ∶= ( X 1 ,...,X q ) and Z q ∶= ( Z 1 ,...,Z q ) distributed over Ω q = Ω × ⋯ × Ω according to P 0 and P 1 respectively. P 0 ∣ x i − 1 ( x i ) = Pr [ X i = x i ∣ X 1 = x 1 ,...,X i − 1 = x i − 1 ] , P 1 ∣ x i − 1 ( x i ) = Pr [ Z i = x i ∣ Z 1 = x 1 ,...,Z i − 1 = x i − 1 ] . Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  22. χ 2 Method Introduction Techniques χ 2 Method X q ∶= ( X 1 ,...,X q ) and Z q ∶= ( Z 1 ,...,Z q ) distributed over Ω q = Ω × ⋯ × Ω according to P 0 and P 1 respectively. P 0 ∣ x i − 1 ( x i ) = Pr [ X i = x i ∣ X 1 = x 1 ,...,X i − 1 = x i − 1 ] , P 1 ∣ x i − 1 ( x i ) = Pr [ Z i = x i ∣ Z 1 = x 1 ,...,Z i − 1 = x i − 1 ] . Definition Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  23. χ 2 Method Introduction Techniques χ 2 Method X q ∶= ( X 1 ,...,X q ) and Z q ∶= ( Z 1 ,...,Z q ) distributed over Ω q = Ω × ⋯ × Ω according to P 0 and P 1 respectively. P 0 ∣ x i − 1 ( x i ) = Pr [ X i = x i ∣ X 1 = x 1 ,...,X i − 1 = x i − 1 ] , P 1 ∣ x i − 1 ( x i ) = Pr [ Z i = x i ∣ Z 1 = x 1 ,...,Z i − 1 = x i − 1 ] . Definition ∥ P 0 − P 1 ∥ ∶= 1 2 ∑ x q ∈ Ω q ∣ P 0 ( x q ) − P 1 ( x q )∣ . Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  24. χ 2 Method Introduction Techniques χ 2 Method X q ∶= ( X 1 ,...,X q ) and Z q ∶= ( Z 1 ,...,Z q ) distributed over Ω q = Ω × ⋯ × Ω according to P 0 and P 1 respectively. P 0 ∣ x i − 1 ( x i ) = Pr [ X i = x i ∣ X 1 = x 1 ,...,X i − 1 = x i − 1 ] , P 1 ∣ x i − 1 ( x i ) = Pr [ Z i = x i ∣ Z 1 = x 1 ,...,Z i − 1 = x i − 1 ] . Definition ∥ P 0 − P 1 ∥ ∶= 1 2 ∑ x q ∈ Ω q ∣ P 0 ( x q ) − P 1 ( x q )∣ . ( P 0 ∣ xi − 1 ( x i )− P 1 ∣ xi − 1 ( x i )) 2 χ 2 ( x i − 1 ) = χ 2 ( P 0 ∣ x i − 1 , P 1 ∣ x i − 1 ) ∶= ∑ x i ∈ Ω . P 1 ∣ xi − 1 ( x i ) Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  25. χ 2 Method Introduction Techniques χ 2 Method X q ∶= ( X 1 ,...,X q ) and Z q ∶= ( Z 1 ,...,Z q ) distributed over Ω q = Ω × ⋯ × Ω according to P 0 and P 1 respectively. P 0 ∣ x i − 1 ( x i ) = Pr [ X i = x i ∣ X 1 = x 1 ,...,X i − 1 = x i − 1 ] , P 1 ∣ x i − 1 ( x i ) = Pr [ Z i = x i ∣ Z 1 = x 1 ,...,Z i − 1 = x i − 1 ] . Definition ∥ P 0 − P 1 ∥ ∶= 1 2 ∑ x q ∈ Ω q ∣ P 0 ( x q ) − P 1 ( x q )∣ . ( P 0 ∣ xi − 1 ( x i )− P 1 ∣ xi − 1 ( x i )) 2 χ 2 ( x i − 1 ) = χ 2 ( P 0 ∣ x i − 1 , P 1 ∣ x i − 1 ) ∶= ∑ x i ∈ Ω . P 1 ∣ xi − 1 ( x i ) Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  26. χ 2 Method Introduction Techniques χ 2 Method X q ∶= ( X 1 ,...,X q ) and Z q ∶= ( Z 1 ,...,Z q ) distributed over Ω q = Ω × ⋯ × Ω according to P 0 and P 1 respectively. P 0 ∣ x i − 1 ( x i ) = Pr [ X i = x i ∣ X 1 = x 1 ,...,X i − 1 = x i − 1 ] , P 1 ∣ x i − 1 ( x i ) = Pr [ Z i = x i ∣ Z 1 = x 1 ,...,Z i − 1 = x i − 1 ] . Definition ∥ P 0 − P 1 ∥ ∶= 1 2 ∑ x q ∈ Ω q ∣ P 0 ( x q ) − P 1 ( x q )∣ . ( P 0 ∣ xi − 1 ( x i )− P 1 ∣ xi − 1 ( x i )) 2 χ 2 ( x i − 1 ) = χ 2 ( P 0 ∣ x i − 1 , P 1 ∣ x i − 1 ) ∶= ∑ x i ∈ Ω . P 1 ∣ xi − 1 ( x i ) Theorem (Dai et al., 2017) ∥ P 0 − P 1 ∥ ≤ ( 1 i = 1 Ex [ χ 2 ( X i − 1 )]) 1 2 ∑ q 2 Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  27. χ 2 Method Introduction Techniques χ 2 Method(contd..) Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  28. χ 2 Method Introduction Techniques χ 2 Method(contd..) Ingredients Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  29. χ 2 Method Introduction Techniques χ 2 Method(contd..) Ingredients 1 Pinsker’s inequality, 2 chain rule of Kullback-Leibler divergence (KL divergence), and 3 Jensen’s inequality. Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  30. χ 2 Method Introduction Techniques χ 2 Method(contd..) Ingredients 1 Pinsker’s inequality, 2 chain rule of Kullback-Leibler divergence (KL divergence), and 3 Jensen’s inequality. Applications Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  31. χ 2 Method Introduction Techniques χ 2 Method(contd..) Ingredients 1 Pinsker’s inequality, 2 chain rule of Kullback-Leibler divergence (KL divergence), and 3 Jensen’s inequality. Applications 1 PRF-security of the truncated random permutation in Stam, 1978. 2 Full PRF-security of XORP and improved PRF-security of EDM in Dai et al., 2017. 3 Full PRF-security of the variable output length XOR pseudorandom functions in Bhattacharya and Nandi, 2018. Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  32. Simulator and Transcript Simulator for XORP Simulator Overview SIM FWD and SIM BCK S consists of a pair of stateful randomized algorithms Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  33. Simulator and Transcript Simulator for XORP Simulator Overview SIM FWD and SIM BCK S consists of a pair of stateful randomized algorithms SIM FWD - algorithm for forward queries Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  34. Simulator and Transcript Simulator for XORP Simulator Overview SIM FWD and SIM BCK S consists of a pair of stateful randomized algorithms SIM FWD - algorithm for forward queries SIM BCK - algorithm for backward queries Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  35. Simulator and Transcript Simulator for XORP Simulator Overview SIM FWD and SIM BCK S consists of a pair of stateful randomized algorithms SIM FWD - algorithm for forward queries SIM BCK - algorithm for backward queries S tries to be consistent with the XORP by ‘consulting’ with $. Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  36. Simulator and Transcript Simulator for XORP Simulator Overview SIM FWD and SIM BCK S consists of a pair of stateful randomized algorithms SIM FWD - algorithm for forward queries SIM BCK - algorithm for backward queries S tries to be consistent with the XORP by ‘consulting’ with $. Tries to maintain $ ( x ) = SIM FWD ( x, 0 ) ⊕ SIM FWD ( x, 1 ) for x ∈ { 0 , 1 } n . Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  37. Simulator and Transcript Simulator for XORP Simulator Overview SIM FWD and SIM BCK S consists of a pair of stateful randomized algorithms SIM FWD - algorithm for forward queries SIM BCK - algorithm for backward queries S tries to be consistent with the XORP by ‘consulting’ with $. Tries to maintain $ ( x ) = SIM FWD ( x, 0 ) ⊕ SIM FWD ( x, 1 ) for x ∈ { 0 , 1 } n . If it fails (during backward queries only) after n attempts SIM BCK returns � . Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  38. Simulator and Transcript Simulator for XORP Simulator Overview Internal State Sets D , R 0 , and R 1 simulate the domain of Π 0 and Π 1 and their ranges respectively. Lists (indexed by elements of D ) L 0 , L 1 - simulate the input-output mappings of Π 0 and Π 1 respectively. Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  39. Simulator and Transcript Simulator for XORP Simulator Overview Internal State Sets D , R 0 , and R 1 simulate the domain of Π 0 and Π 1 and their ranges respectively. Lists (indexed by elements of D ) L 0 , L 1 - simulate the input-output mappings of Π 0 and Π 1 respectively. For b ∈ { 0 , 1 } ,x ∈ D ,y ∈ R b , L b ( x ) = y implies Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  40. Simulator and Transcript Simulator for XORP Simulator Overview Internal State Sets D , R 0 , and R 1 simulate the domain of Π 0 and Π 1 and their ranges respectively. Lists (indexed by elements of D ) L 0 , L 1 - simulate the input-output mappings of Π 0 and Π 1 respectively. For b ∈ { 0 , 1 } ,x ∈ D ,y ∈ R b , L b ( x ) = y implies V b = y was output on a forward query ( x,b ) , or Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  41. Simulator and Transcript Simulator for XORP Simulator Overview Internal State Sets D , R 0 , and R 1 simulate the domain of Π 0 and Π 1 and their ranges respectively. Lists (indexed by elements of D ) L 0 , L 1 - simulate the input-output mappings of Π 0 and Π 1 respectively. For b ∈ { 0 , 1 } ,x ∈ D ,y ∈ R b , L b ( x ) = y implies V b = y was output on a forward query ( x,b ) , or V b = x was output on a backward query ( y,b ) Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  42. Simulator and Transcript Simulator for XORP Simulator Overview Internal State Sets D , R 0 , and R 1 simulate the domain of Π 0 and Π 1 and their ranges respectively. Lists (indexed by elements of D ) L 0 , L 1 - simulate the input-output mappings of Π 0 and Π 1 respectively. For b ∈ { 0 , 1 } ,x ∈ D ,y ∈ R b , L b ( x ) = y implies V b = y was output on a forward query ( x,b ) , or V b = x was output on a backward query ( y,b ) For all x ∈ D , the relationship L 0 ( x ) ⊕ L 1 ( x ) = $ ( x ) is always satisfied. Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  43. Simulator and Transcript Simulator for XORP Simulator Detail SIM FWD Data : x ∈ { 0 , 1 } n ,b ∈ { 0 , 1 } Result : V b ∈ { 0 , 1 } n if x ∈ D then return L b ( x ) end Z ← $ ( x ) V b ← $ { 0 , 1 } n ∖ {R b ∪ { Z ⊕ R 1 − b }} R b ← R b ∪ { V b } , R 1 − b ← R 1 − b ∪ { Z ⊕ V b } D ← D ∪ { x } L b ( x ) ← V b , L 1 − b ( x ) ← Z ⊕ V b return V b Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  44. Simulator and Transcript Simulator for XORP Simulator Detail SIM FWD Data : x ∈ { 0 , 1 } n ,b ∈ { 0 , 1 } Result : V b ∈ { 0 , 1 } n if x ∈ D then return L b ( x ) end Z ← $ ( x ) V b ← $ { 0 , 1 } n ∖ {R b ∪ { Z ⊕ R 1 − b }} R b ← R b ∪ { V b } , R 1 − b ← R 1 − b ∪ { Z ⊕ V b } D ← D ∪ { x } L b ( x ) ← V b , L 1 − b ( x ) ← Z ⊕ V b return V b Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  45. Simulator and Transcript Simulator for XORP Simulator Detail SIM FWD Data : x ∈ { 0 , 1 } n ,b ∈ { 0 , 1 } Result : V b ∈ { 0 , 1 } n if x ∈ D then return L b ( x ) end Z ← $ ( x ) V b ← $ { 0 , 1 } n ∖ {R b ∪ { Z ⊕ R 1 − b }} R b ← R b ∪ { V b } , R 1 − b ← R 1 − b ∪ { Z ⊕ V b } D ← D ∪ { x } L b ( x ) ← V b , L 1 − b ( x ) ← Z ⊕ V b return V b Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  46. Simulator and Transcript Simulator for XORP Simulator Detail SIM FWD Data : x ∈ { 0 , 1 } n ,b ∈ { 0 , 1 } Result : V b ∈ { 0 , 1 } n if x ∈ D then return L b ( x ) end Z ← $ ( x ) V b ← $ { 0 , 1 } n ∖ {R b ∪ { Z ⊕ R 1 − b }} R b ← R b ∪ { V b } , R 1 − b ← R 1 − b ∪ { Z ⊕ V b } D ← D ∪ { x } L b ( x ) ← V b , L 1 − b ( x ) ← Z ⊕ V b return V b Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  47. Simulator and Transcript Simulator for XORP Simulator Detail SIM BCK Data : y ∈ { 0 , 1 } n ,b ∈ { 0 , 1 } Result : V b ∈ { 0 , 1 } n ∪ {⊥} if y = L b ( x ) for x ∈ D then return x D ′ ← D repeat V b ← $ { 0 , 1 } n ∖ D ′ , Z ← $ ( V b ) if Z ⊕ y ∉ R 1 − b then D ← D ∪ { V b } , R b ← R b ∪ { y } , L b ( V b ) ← y, R 1 − b ← R 1 − b ∪ { Z ⊕ y } , L 1 − b ( V b ) ← Z ⊕ y return V b end D ′ ← D ′ ∪ { V b } until n times ; return � Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  48. Simulator and Transcript Simulator for XORP Simulator Detail SIM BCK Data : y ∈ { 0 , 1 } n ,b ∈ { 0 , 1 } Result : V b ∈ { 0 , 1 } n ∪ {⊥} if y = L b ( x ) for x ∈ D then return x D ′ ← D repeat V b ← $ { 0 , 1 } n ∖ D ′ , Z ← $ ( V b ) if Z ⊕ y ∉ R 1 − b then D ← D ∪ { V b } , R b ← R b ∪ { y } , L b ( V b ) ← y, R 1 − b ← R 1 − b ∪ { Z ⊕ y } , L 1 − b ( V b ) ← Z ⊕ y return V b end D ′ ← D ′ ∪ { V b } until n times ; return � Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  49. Simulator and Transcript Simulator for XORP Simulator Detail SIM BCK Data : y ∈ { 0 , 1 } n ,b ∈ { 0 , 1 } Result : V b ∈ { 0 , 1 } n ∪ {⊥} if y = L b ( x ) for x ∈ D then return x D ′ ← D repeat V b ← $ { 0 , 1 } n ∖ D ′ , Z ← $ ( V b ) if Z ⊕ y ∉ R 1 − b then D ← D ∪ { V b } , R b ← R b ∪ { y } , L b ( V b ) ← y, R 1 − b ← R 1 − b ∪ { Z ⊕ y } , L 1 − b ( V b ) ← Z ⊕ y return V b end D ′ ← D ′ ∪ { V b } until n times ; return � Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  50. Simulator and Transcript Simulator for XORP Simulator Detail SIM BCK Data : y ∈ { 0 , 1 } n ,b ∈ { 0 , 1 } Result : V b ∈ { 0 , 1 } n ∪ {⊥} if y = L b ( x ) for x ∈ D then return x D ′ ← D repeat V b ← $ { 0 , 1 } n ∖ D ′ , Z ← $ ( V b ) if Z ⊕ y ∉ R 1 − b then D ← D ∪ { V b } , R b ← R b ∪ { y } , L b ( V b ) ← y, R 1 − b ← R 1 − b ∪ { Z ⊕ y } , L 1 − b ( V b ) ← Z ⊕ y return V b end D ′ ← D ′ ∪ { V b } until n times ; return � Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  51. Simulator and Transcript Simulator for XORP Simulator Detail SIM BCK Data : y ∈ { 0 , 1 } n ,b ∈ { 0 , 1 } Result : V b ∈ { 0 , 1 } n ∪ {⊥} if y = L b ( x ) for x ∈ D then return x D ′ ← D repeat V b ← $ { 0 , 1 } n ∖ D ′ , Z ← $ ( V b ) if Z ⊕ y ∉ R 1 − b then D ← D ∪ { V b } , R b ← R b ∪ { y } , L b ( V b ) ← y, R 1 − b ← R 1 − b ∪ { Z ⊕ y } , L 1 − b ( V b ) ← Z ⊕ y return V b end D ′ ← D ′ ∪ { V b } until n times ; return � Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  52. Simulator and Transcript Simulator for XORP Simulator Detail SIM BCK Data : y ∈ { 0 , 1 } n ,b ∈ { 0 , 1 } Result : V b ∈ { 0 , 1 } n ∪ {⊥} if y = L b ( x ) for x ∈ D then return x D ′ ← D repeat V b ← $ { 0 , 1 } n ∖ D ′ , Z ← $ ( V b ) if Z ⊕ y ∉ R 1 − b then D ← D ∪ { V b } , R b ← R b ∪ { y } , L b ( V b ) ← y, R 1 − b ← R 1 − b ∪ { Z ⊕ y } , L 1 − b ( V b ) ← Z ⊕ y return V b end D ′ ← D ′ ∪ { V b } until n times ; return � Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  53. Simulator and Transcript Simulator for XORP Simulator Detail SIM BCK Data : y ∈ { 0 , 1 } n ,b ∈ { 0 , 1 } Result : V b ∈ { 0 , 1 } n ∪ {⊥} if y = L b ( x ) for x ∈ D then return x D ′ ← D repeat V b ← $ { 0 , 1 } n ∖ D ′ , Z ← $ ( V b ) if Z ⊕ y ∉ R 1 − b then D ← D ∪ { V b } , R b ← R b ∪ { y } , L b ( V b ) ← y, R 1 − b ← R 1 − b ∪ { Z ⊕ y } , L 1 − b ( V b ) ← Z ⊕ y return V b end D ′ ← D ′ ∪ { V b } until n times ; return � Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  54. Simulator and Transcript Transcript to the Adversary Additional Information Additional Information Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  55. Simulator and Transcript Transcript to the Adversary Additional Information Additional Information After the interation with real/ideal world is over Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  56. Simulator and Transcript Transcript to the Adversary Additional Information Additional Information After the interation with real/ideal world is over A is given additional information. Real World Query: A knows the tuple ( x i , Π 0 ( x i ) , Π 1 ( x i )) = S i . Distributions: p fwd and p bck for forward and backward queries. 0 0 Ideal World Query: A knows the tuple ( x i ,V 0 ,i ,V 1 ,i ) (In case of ‘abort’ ( x i ,V 0 ,i ,V 1 ,i ) = � ). Distributions: p fwd and p bck for forward 1 1 and backward queries. Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  57. Main Result: Indifferentiability of XORP Result and Outline Outline Indifferentiability of XORP : Outline Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  58. Main Result: Indifferentiability of XORP Result and Outline Outline Indifferentiability of XORP : Outline √ Theorem XORP , $ ( q ) ≤ 1 . 25 q Let N ≥ 16 and q < N 2 . Then Adv diff N . Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  59. Main Result: Indifferentiability of XORP Result and Outline Outline Indifferentiability of XORP : Outline √ Theorem XORP , $ ( q ) ≤ 1 . 25 q Let N ≥ 16 and q < N 2 . Then Adv diff N . Goal is to calculate Ex [ χ 2 ( S i − 1 )] over the real world distributions ( p fwd and p bck ). 0 0 Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  60. Main Result: Indifferentiability of XORP Result and Outline Outline Indifferentiability of XORP : Outline √ Theorem XORP , $ ( q ) ≤ 1 . 25 q Let N ≥ 16 and q < N 2 . Then Adv diff N . Goal is to calculate Ex [ χ 2 ( S i − 1 )] over the real world distributions ( p fwd and p bck ). 0 0 Need to consider two cases. Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  61. Main Result: Indifferentiability of XORP Result and Outline Outline Indifferentiability of XORP : Outline √ Theorem XORP , $ ( q ) ≤ 1 . 25 q Let N ≥ 16 and q < N 2 . Then Adv diff N . Goal is to calculate Ex [ χ 2 ( S i − 1 )] over the real world distributions ( p fwd and p bck ). 0 0 Need to consider two cases. s i is a forward query Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  62. Main Result: Indifferentiability of XORP Result and Outline Outline Indifferentiability of XORP : Outline √ Theorem XORP , $ ( q ) ≤ 1 . 25 q Let N ≥ 16 and q < N 2 . Then Adv diff N . Goal is to calculate Ex [ χ 2 ( S i − 1 )] over the real world distributions ( p fwd and p bck ). 0 0 Need to consider two cases. s i is a forward query s i is a backward query Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  63. Main Result: Indifferentiability of XORP Result and Outline Forward Query Forward Query Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  64. Main Result: Indifferentiability of XORP Result and Outline Forward Query Forward Query ( p fwd ( s i ∣ s i − 1 )− p fwd ( s i ∣ s i − 1 )) 2 χ 2 ( s i − 1 ) = ∑ s i . 0 1 ( s i ∣ s i − 1 ) p fwd 1 Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  65. Main Result: Indifferentiability of XORP Result and Outline Forward Query Forward Query ( p fwd ( s i ∣ s i − 1 )− p fwd ( s i ∣ s i − 1 )) 2 χ 2 ( s i − 1 ) = ∑ s i . 0 1 ( s i ∣ s i − 1 ) p fwd 1 To consider χ 2 ( S i − 1 ) for real world distribution S i − 1 . Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  66. Main Result: Indifferentiability of XORP Result and Outline Forward Query Forward Query ( p fwd ( s i ∣ s i − 1 )− p fwd ( s i ∣ s i − 1 )) 2 χ 2 ( s i − 1 ) = ∑ s i . 0 1 ( s i ∣ s i − 1 ) p fwd 1 To consider χ 2 ( S i − 1 ) for real world distribution S i − 1 . Each S j ∈ { S i − 1 } may correspond to a forward or a backward query. Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  67. Main Result: Indifferentiability of XORP Result and Outline Forward Query Forward Query ( p fwd ( s i ∣ s i − 1 )− p fwd ( s i ∣ s i − 1 )) 2 χ 2 ( s i − 1 ) = ∑ s i . 0 1 ( s i ∣ s i − 1 ) p fwd 1 To consider χ 2 ( S i − 1 ) for real world distribution S i − 1 . Each S j ∈ { S i − 1 } may correspond to a forward or a backward query. The distributions p fwd and p bck are identical; the distribution of S i − 1 0 0 does not depend on the query type of each individual S j . Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  68. Main Result: Indifferentiability of XORP Result and Outline Forward Query Forward Query ( p fwd ( s i ∣ s i − 1 )− p fwd ( s i ∣ s i − 1 )) 2 χ 2 ( s i − 1 ) = ∑ s i . 0 1 ( s i ∣ s i − 1 ) p fwd 1 To consider χ 2 ( S i − 1 ) for real world distribution S i − 1 . Each S j ∈ { S i − 1 } may correspond to a forward or a backward query. The distributions p fwd and p bck are identical; the distribution of S i − 1 0 0 does not depend on the query type of each individual S j . Allows to treat χ 2 ( S i − 1 ) as a random variable and take its expectation under the distribution of S i − 1 . Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  69. Main Result: Indifferentiability of XORP Result and Outline Forward Query Forward Query ( p fwd ( s i ∣ s i − 1 )− p fwd ( s i ∣ s i − 1 )) 2 χ 2 ( s i − 1 ) = ∑ s i . 0 1 ( s i ∣ s i − 1 ) p fwd 1 To consider χ 2 ( S i − 1 ) for real world distribution S i − 1 . Each S j ∈ { S i − 1 } may correspond to a forward or a backward query. The distributions p fwd and p bck are identical; the distribution of S i − 1 0 0 does not depend on the query type of each individual S j . Allows to treat χ 2 ( S i − 1 ) as a random variable and take its expectation under the distribution of S i − 1 . Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  70. Main Result: Indifferentiability of XORP Result and Outline Forward Query Forward Query ( p fwd ( s i ∣ s i − 1 )− p fwd ( s i ∣ s i − 1 )) 2 χ 2 ( s i − 1 ) = ∑ s i . 0 1 ( s i ∣ s i − 1 ) p fwd 1 To consider χ 2 ( S i − 1 ) for real world distribution S i − 1 . Each S j ∈ { S i − 1 } may correspond to a forward or a backward query. The distributions p fwd and p bck are identical; the distribution of S i − 1 0 0 does not depend on the query type of each individual S j . Allows to treat χ 2 ( S i − 1 ) as a random variable and take its expectation under the distribution of S i − 1 . Forward Query Bound i = 1 Ex [ χ 2 ( S i − 1 )] ≤ 8 q 3 ∑ q N 3 Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  71. Main Result: Indifferentiability of XORP Result and Outline Backward Query Backward Query Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  72. Main Result: Indifferentiability of XORP Result and Outline Backward Query Backward Query Steps are similar to the backward query case. Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

  73. Main Result: Indifferentiability of XORP Result and Outline Backward Query Backward Query Steps are similar to the backward query case. s i ≠ ⊥ and s i = ⊥ are treated separately. Srimanta Bhattacharya and Mridul Nandi Full Indifferentiable Security of the Xor of Random Permutations

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Verified Indifferentiable Hashing into Elliptic Curves eguelin 1 Santiago Zanella B Gilles

Verified Indifferentiable Hashing into Elliptic Curves eguelin 1 Santiago Zanella B Gilles

Verified Indifferentiable Hashing into Elliptic Curves eguelin 1 Santiago Zanella B Gilles Barthe 2 , Benjamin Gr egoire 3 , Sylvain Heraud 3 and Federico Olmedo 2 Microsoft Research Cambridge 1 IMDEA Software Institute 2 ee 3 INRIA Sophia

1.02k views • 36 slides
Indifferentiable Authenticated Encryption Pooya Farshim Manuel Barbosa (Porto) (CNRS

Indifferentiable Authenticated Encryption Pooya Farshim Manuel Barbosa (Porto) (CNRS

Indifferentiable Authenticated Encryption Pooya Farshim Manuel Barbosa (Porto) (CNRS &amp; ENS) Indifferentiable Authenticated Encryption Pooya Farshim Manuel Barbosa (Porto) (CNRS &amp; ENS) Hash Functions long &amp; short

1.25k views • 79 slides
Full Disk Encryption Larry Carson, Associate Director, Information Security Management What

Full Disk Encryption Larry Carson, Associate Director, Information Security Management What

Full Disk Encryption Larry Carson, Associate Director, Information Security Management What Security Really Looks Like at UBC New s-w orthy Security I ncidents UBC Laptop Loss &amp; UVic Loss of 11,845 VGH Loss of 450 medical Recovery with

426 views • 17 slides
Security analysis of a Full-Body Scanner Keaton Mowery, Eric Wustrow, Tom Wypych, Corey

Security analysis of a Full-Body Scanner Keaton Mowery, Eric Wustrow, Tom Wypych, Corey

Security analysis of a Full-Body Scanner Keaton Mowery, Eric Wustrow, Tom Wypych, Corey Singleton, Chris Comfort, Eric Rescorla, Stephen Checkoway, J. Alex Halderman, Hovav Shacham How many people been through airport security in the USA? TSA

733 views • 16 slides
Intro to Bitcoin Research or Why Bitcoin is a full employment act for security engineers

Intro to Bitcoin Research or Why Bitcoin is a full employment act for security engineers

Intro to Bitcoin Research or Why Bitcoin is a full employment act for security engineers Joseph Bonneau CITP, Princeton Thanks to Andrew Miller, Arvind Narayanan, Jeremy Clark, Joshua Kroll, Ed Felten Part I: Bitcoin in 6 easy steps

752 views • 32 slides
full year results full year results full year results full full year results full year results full

full year results full year results full year results full full year results full year results full

AMP results presentation FULL YEAR RESULTS 2010 full year results full year results full year results full full year results full year results full year results full 2010 full year results Craig Dunn Chief Executive Officer Paul Leaming Chief

691 views • 24 slides
HSEye Full Full- Full Full - - -Time HSE eye Time HSE eye Time HSE eye Time HSE eye 1

HSEye Full Full- Full Full - - -Time HSE eye Time HSE eye Time HSE eye Time HSE eye 1

HSEye Full Full- Full Full - - -Time HSE eye Time HSE eye Time HSE eye Time HSE eye 1 Health, Safety, and Environment ( HSE ) is crucial for any Oil &amp; Gas and Construction business 2 Main Main accident kinds for the latest three

317 views • 13 slides
Lightweight Symmetric Crypto on a Full Circle: From Industry to Academia and Back Christian

Lightweight Symmetric Crypto on a Full Circle: From Industry to Academia and Back Christian

Lightweight Symmetric Crypto on a Full Circle: From Industry to Academia and Back Christian Rechberger TU Graz and DTU Security of modern IT Systems User Secure System Communication Protocol Cryptographic Primitive Security of modern IT

523 views • 51 slides
A STRONG FOURTH QUARTER CONCLUDED A SOLID YEAR -ACCELERATING INVESTMENTS IN CORPORATE SECURITY IN

A STRONG FOURTH QUARTER CONCLUDED A SOLID YEAR -ACCELERATING INVESTMENTS IN CORPORATE SECURITY IN

Samu Konttinen, CEO Interim Results Q4 and full year 2016 A STRONG FOURTH QUARTER CONCLUDED A SOLID YEAR -ACCELERATING INVESTMENTS IN CORPORATE SECURITY IN 2017 AGENDA Highlights from Q4 and full year Business &amp; Market update

515 views • 28 slides
Relaxing Full-Codebook Security: A Refined Analysis of Key-Length Extension Schemes Peter Gai 1

Relaxing Full-Codebook Security: A Refined Analysis of Key-Length Extension Schemes Peter Gai 1

Key-Length Extension Main Lemma Randomized Cascading Plain Cascading Conclusion Relaxing Full-Codebook Security: A Refined Analysis of Key-Length Extension Schemes Peter Gai 1 Jooyoung Lee 2 Yannick Seurin 3 John Steinberger 4 Stefano

1.35k views • 102 slides
New Proof Methods for Attribute-Based Encryption: Achieving Full Security through Selective

New Proof Methods for Attribute-Based Encryption: Achieving Full Security through Selective

New Proof Methods for Attribute-Based Encryption: Achieving Full Security through Selective Techniques Allison Lewko Brent Waters Roots of Attribute-Based Encryption Moving beyond Public Key Encryption: CEO Manager 1 Manager 2 Bob

341 views • 19 slides
What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

Network security Network security Foundations: what is security? cryptography Network Security Network Security authentication message integrity key distribution and certification Security in practice: Srinidhi Varadarajan

332 views • 6 slides
Security II: Security Strikes Back 15-441/641 Fall 2019 Profs Peter Steenkiste &amp; Justine

Security II: Security Strikes Back 15-441/641 Fall 2019 Profs Peter Steenkiste &amp; Justine

Security II: Security Strikes Back 15-441/641 Fall 2019 Profs Peter Steenkiste &amp; Justine Sherry What should my graph look like? Real graph from last year Getting full credit on your graph Needs to show phases of TCP! You might need

564 views • 45 slides
Security Security as term, Possible Security violations Authentication Criteria for

Security Security as term, Possible Security violations Authentication Criteria for

BS1 WS19/20 topic-based slides Security Security as term, Possible Security violations Authentication Criteria for Trust in Computer Systems Three hearts of Windows Security DACLs A Look at Security System is secure if

988 views • 20 slides
CPSC410/611: Security Security Security Attacks Security Threats Crypto

CPSC410/611: Security Security Security Attacks Security Threats Crypto

CPSC 410 / 611 : Operating Systems CPSC410/611: Security Security Security Attacks Security Threats Crypto Authentication Examples SSL Security Threats Breach of confidentiality unauthorized access to

458 views • 18 slides
2010 Full Year Result 2010 Full Year Result 23 February 2011 2010 Full Year Result 2010 Full

2010 Full Year Result 2010 Full Year Result 23 February 2011 2010 Full Year Result 2010 Full

2010 Full Year Result 2010 Full Year Result 23 February 2011 2010 Full Year Result 2010 Full Year Result Terry Davis Group Managing Director Highlights of 2010 Result Strong operational performances Australian beverages EBIT up 7.3% and

564 views • 21 slides
Academic Language for Secondary English Classrooms Using Sentence Stems to Support Common Core

Academic Language for Secondary English Classrooms Using Sentence Stems to Support Common Core

Academic Language for Secondary English Classrooms Using Sentence Stems to Support Common Core Learning Standards Working Definitions Academic Language is the language of the discipline as well as the language used for all academic purposes.

382 views • 6 slides
01. Introduction to Business Case Studies Lets begin with the end in mind Conducted by

01. Introduction to Business Case Studies Lets begin with the end in mind Conducted by

PGDBFS 301 - CBFS 11/9/19 SESSION 01 PGDBFS 301 Cases in Business Finance and Strategy (CBFS) Conducted by Nadun Kumara Postgraduate Diploma in Business Finance &amp; Strategy 01. Introduction to Business Case Studies Lets begin

309 views • 11 slides
How to give a good talk Mark Messier Indiana University Fermilab Users Meeting June 13, 2019

How to give a good talk Mark Messier Indiana University Fermilab Users Meeting June 13, 2019

How to give a good talk Mark Messier Indiana University Fermilab Users Meeting June 13, 2019 These are some personal tips that I try to follow to prepare for my own high-profile talks. For me the key is to first think about who my audience

742 views • 48 slides
How has Digital Technology changed our perception of musical performance and progress?

How has Digital Technology changed our perception of musical performance and progress?

How has Digital Technology changed our perception of musical performance and progress? Performance: 1) a musical, dramatic, or other entertainment presented before an audience... 6) the manner in which or the efficiency with which something

299 views • 10 slides
The Modern QE/QA Role: Supporting DevOps the Smart Way What are we talking about? The Quality

The Modern QE/QA Role: Supporting DevOps the Smart Way What are we talking about? The Quality

The Modern QE/QA Role: Supporting DevOps the Smart Way What are we talking about? The Quality Engineer role Construction Project Analogy QA vs. QE Re-tuning Automation Shifting traditional QA/QE right tasks left What a Modern

705 views • 34 slides
Elegance &amp; Simplicity and Scale, Contrast &amp; Proportion Luc Renambot renambot@uic.edu

Elegance &amp; Simplicity and Scale, Contrast &amp; Proportion Luc Renambot renambot@uic.edu

User Interface Design and Programming CS422 Elegance &amp; Simplicity and Scale, Contrast &amp; Proportion Luc Renambot renambot@uic.edu Book Designing Visual Interfaces by Mullet and Sano Select the elements &quot;maximize meaning,

498 views • 34 slides
Pro Formas (Welch, Chapter 21) Ivo Welch The Purpose Pro Formas ( PF s) project the future,

Pro Formas (Welch, Chapter 21) Ivo Welch The Purpose Pro Formas ( PF s) project the future,

Pro Formas (Welch, Chapter 21) Ivo Welch The Purpose Pro Formas ( PF s) project the future, in the language of business. A PF is a hypothetical future financial statement. Forecasting is very difficult! Harder for young uncertain

680 views • 38 slides
Launching Decentralized Autonomous Organizations On Aragon Table of Contents Overview Road

Launching Decentralized Autonomous Organizations On Aragon Table of Contents Overview Road

Launching Decentralized Autonomous Organizations On Aragon Table of Contents Overview Road to release Understanding the problems Project objective Target audience Introducing: Aragon Colonies Evolutionary feedback loop of DAMits

306 views • 18 slides

More recommend