gr bner bases applications in cryptology
play

Grbner Bases. Applications in Cryptology Algorithms Buchberger and - PowerPoint PPT Presentation

Sep 11, 2022 •666 likes •2.52k views

Grbner - Crypto J.-C. Faugre Plan Grbner bases: properties Zero dim solve Grbner Bases. Applications in Cryptology Algorithms Buchberger and Macaulay Ecient Algorithms F 5 algorithm Jean-Charles Faugre Complexity result

  1. Gröbner - Crypto Degree 3 IV x 3 x 2 2 y 3 x 2 z J.-C. Faugère y x y z 3 f 0 0 0 0 1 Plan f 2 f 4 y 3 f 0 1 1 8 1 9 0 Gröbner bases: properties x 3 f 1 1 8 1 9 0 8 f 1 f 5 Zero dim solve z 2 f 0 0 0 0 3 Algorithms y 2 f 0 3 7 8 0 Buchberger and Macaulay x 2 f 3 7 8 0 2 2 E¢cient Algorithms F 5 algorithm z 1 f 0 0 0 0 6 Complexity result y 1 f 0 6 1 2 4 0 x 1 f 6 1 2 4 0 1 4

  2. Gröbner - Crypto Degree 3 V J.-C. Faugère x 3 x 2 2 y 3 x 2 2 2 y 2 z 3 y x y z x y z y z x z z z 3 f 0 0 0 0 1 1 8 1 9 8 5 7 Plan y 3 f 0 1 1 8 1 9 0 8 5 0 7 0 Gröbner bases: properties x 3 f 1 1 8 1 9 0 8 5 0 7 0 0 Zero dim solve z 4 f 0 0 0 0 0 1 3 2 4 2 2 Algorithms y 4 f 0 0 1 3 0 2 4 0 2 2 0 Buchberger and Macaulay x 4 f 0 1 3 0 2 4 0 2 2 0 0 E¢cient Algorithms f F 5 algorithm A 3 = z 5 f 0 0 0 0 0 0 1 1 2 2 0 1 8 Complexity result y 5 f 0 0 0 1 0 1 2 2 0 0 1 8 0 x 5 f 0 0 1 0 1 2 2 0 0 1 8 0 0 We have constructed 3 new polynomials f 6 = y 3 + 8 y 2 z + xz 2 + 18 yz 2 + 15 z 3 f 7 = xz 2 + 11 yz 2 + 13 z 3 f 8 = yz 2 + 18 z 3 We have the linear equivalences: x f 2 $ x f 4 $ f 6 and f 4 � ! f 2

  3. Gröbner - Crypto Degree 4: reduction to 0 ! J.-C. Faugère Plan Gröbner bases: properties Zero dim solve Algorithms The matrix whose rows are Buchberger and Macaulay E¢cient Algorithms F 5 algorithm x 2 f i , x yf i , y 2 f i , x zf i , y zf i , z 2 f i , i = 1 , 2 , 3 Complexity result is not full rank !

  4. Gröbner - Crypto Why ? J.-C. Faugère Plan Gröbner bases: properties Zero dim solve Algorithms Buchberger and Macaulay 6 � 3 = 18 rows E¢cient Algorithms but only x 4 , x 3 y , . . . , y z 3 , z 4 15 columns F 5 algorithm Complexity result Simple linear algebra theorem: 3 useless row (which ones ?)

  5. Gröbner - Crypto Trivial relations J.-C. Faugère Plan Gröbner bases: properties f 2 f 3 � f 3 f 2 = 0 Zero dim solve Algorithms Buchberger and Macaulay can be rewritten E¢cient Algorithms F 5 algorithm 3 x 2 f 3 + ( 7 + b ) xy f 3 + 8 y 2 f 3 + 22 xz f 3 Complexity result + 11 yz f 3 + 22 z 2 f 3 � x 2 f 2 � 18 xy f 2 � 19 y 2 f 2 � 8 xz f 2 � 5 yz f 2 � 7 z 2 f 2 = 0 We can remove the row x 2 f 2 ! remove x 2 f 1 same way f 1 f 3 � f 3 f 1 = 0 � ! remove x 2 f 1 ! but f 1 f 2 � f 2 f 1 = 0 � ???

  6. Gröbner - Crypto Combining trivial relations J.-C. Faugère Plan Gröbner bases: properties 0 = ( f 2 f 1 � f 1 f 2 ) � 3 ( f 3 f 1 � f 1 f 3 ) Zero dim solve = ( f 2 � 3 f 3 ) f 1 � f 1 f 2 + 3 f 1 f 3 0 Algorithms 0 = f 4 f 1 � f 1 f 2 + 3 f 1 f 3 Buchberger and � ( 1 � b ) xy + 4 yz + 2 xz + 3 y 2 � z 2 � Macaulay E¢cient Algorithms 0 = f 1 F 5 algorithm � ( 6 x 2 + � � � ) f 2 + 3 ( 6 x 2 + � � � ) f 3 Complexity result I if b 6 = 1 remove x y f 1 I if b = 1 remove y z f 1 Need “some” computation

  7. Gröbner - Crypto New Criterion J.-C. Faugère Any combination of the trivial relations f i f j = f j f i can Plan always be written: Gröbner bases: properties u ( f 2 f 1 � f 1 f 2 ) + v ( f 3 f 1 � f 1 f 3 ) + w ( f 2 f 3 � f 3 f 2 ) Zero dim solve Algorithms Buchberger and where u , v , w are arbitrary polynomials. Macaulay E¢cient Algorithms F 5 algorithm ( u f 2 + v f 3 ) f 1 � uf 1 f 2 � vf 1 f 3 + wf 2 f 3 � wf 3 f 2 Complexity result (trivial) relation hf 1 + � � � = 0 $ h 2 Id ( f 2 , f 3 ) Compute a Gröbner basis of ( f 2 , f 3 ) � ! G prev . Remove line h f 1 i¤ LT ( h ) top reducible by G prev

  8. Gröbner - Crypto Degree 4 I J.-C. Faugère Plan Gröbner bases: properties y 2 f 1 , x zf 1 , y zf 1 , z 2 f 1 , x yf 2 , y 2 f 2 , x zf 2 , Zero dim solve y zf 2 , z 2 f 2 , x 2 f 3 , x yf 3 , y 2 f 3 , x zf 3 , y zf 3 , z 2 f 3 Algorithms Buchberger and Macaulay E¢cient Algorithms F 5 algorithm In order to use previous computations (degree 2 and 3): Complexity result xf 2 ! f 6 f 2 ! f 4 xf 1 ! f 8 yf 1 ! f 7 f 1 ! f 5 yf 7 , zf 8 , zf 7 , z 2 f 5 , yf 6 , y 2 f 4 , zf 6 , y zf 4 , z 2 f 4 , x 2 f 3 , x yf 3 , y 2 f 3 , x zf 3 , y zf 3 , z 2 f 3 ,

  9. Gröbner - Crypto Degree 4 II J.-C. Faugère Plan 1 18 19 0 0 8 5 0 0 7 0 0 0 0 0 Gröbner bases: 1 18 19 0 0 8 5 0 0 7 0 0 0 0 properties 1 18 19 0 0 8 5 0 0 7 0 0 0 Zero dim solve 1 3 0 0 2 4 0 0 22 0 0 0 Algorithms Buchberger and 1 0 0 0 8 0 1 18 0 15 0 Macaulay E¢cient Algorithms 1 18 19 0 8 5 0 7 0 0 F 5 algorithm 1 18 19 0 8 5 0 7 0 Complexity result 1 3 0 2 4 0 22 0 1 0 0 8 1 18 1 5 1 18 19 8 5 7 1 11 0 13 0 1 12 20 1 8 1 11 1 3 1 1 8 1 3 2 4 2 2

  10. Gröbner - Crypto Degree 4 III J.-C. Faugère Plan Gröbner bases: properties Zero dim solve 2 y 2 z 2 x 3 y 3 z 4 x y z z z Algorithms Buchberger and z 2 f 4 Macaulay 1 3 2 4 2 2 E¢cient Algorithms Sub matrix: z 2 f 5 1 1 2 2 0 1 8 F 5 algorithm Complexity result z 7 f 1 1 1 1 3 z 8 f 1 1 8 y 7 f 1 1 1 0 1 3 0

  11. Gröbner - Crypto New algorithm J.-C. Faugère Plan Gröbner bases: properties I Incremental algorithm Zero dim solve Algorithms ( f ) + G old Buchberger and Macaulay E¢cient Algorithms F 5 algorithm Complexity result I Incremental degree by degree I Give a “unique name” to each row Remove h f 1 + � � � if LT ( h ) 2 LT ( G old ) LT ( h ) signature/index of the row

  12. Gröbner - Crypto F 5 matrix J.-C. Faugère Plan Gröbner bases: properties Special/Simpler version of F 5 for dense/generic Zero dim solve polynomials. Algorithms Buchberger and the maximal degree D is a parameter of the algorithm. Macaulay E¢cient Algorithms degree d m = 2, deg ( f i ) = 2 homogeneous quadratic F 5 algorithm Complexity result polynomials, degree d : We may assume that we have already computed: G i , d Gröbner basis [ f 1 , . . . , f i ] up do degree d

  13. Gröbner - Crypto In degree d J.-C. Faugère Plan Gröbner bases: properties Zero dim solve m 1 m 2 m 3 m 4 m 5 Algorithms u 1 f 1 1 x x x x Buchberger and u 2 f 1 0 1 x x x Macaulay E¢cient Algorithms u 3 f 1 0 0 1 x x F 5 algorithm v 1 f 2 0 0 0 1 x Complexity result v 2 f 2 0 0 0 0 1 w 1 f 3 0 0 0 0 0 w 2 f 3 0 0 0 0 0 . . . . . 0 0 0 0 0 . with deg ( u i ) = deg ( v i ) = deg ( w i ) = d � 2

  14. Gröbner - Crypto From degree d to d + 1 I J.-C. Faugère Plan Gröbner bases: properties Select a row in degree d : Zero dim solve Algorithms Buchberger and m 1 m 2 m 3 m 4 m 5 Macaulay E¢cient Algorithms . F 5 algorithm . . 0 1 x x x Complexity result v 1 f 2 0 0 0 1 x v 2 f 2 0 0 0 0 1 0 0 0 0 0 w 1 f 3 w 2 f 3 0 0 0 0 0

  15. Gröbner - Crypto From degree d to d + 1 II J.-C. Faugère Plan Gröbner bases: properties m 1 m 2 m 3 m 4 m 5 . Zero dim solve . . 0 1 x x x Algorithms v 1 f 2 0 0 0 1 x t 1 t 2 t 3 t 4 t 5 Buchberger and Macaulay v 2 f 2 0 0 0 0 1 . . E¢cient Algorithms . F 5 algorithm 0 0 0 0 0 w 1 f 3 w 1 x j f 3 0 1 x x x Complexity result w 1 x j 1 f 3 0 0 1 x x w 2 f 3 0 0 0 0 0 w 1 x n f 3 0 0 0 1 x . . . j x 1 w 1 x i f 1 j

  16. Gröbner - Crypto From degree d to d + 1 III J.-C. Faugère Plan Gröbner bases: properties m 1 m 2 m 3 m 4 m 5 Zero dim solve . . t 1 t 2 t 3 t 4 t 5 . 0 1 x x x Algorithms . v 1 f 2 0 0 0 1 x . Buchberger and . Macaulay v 2 f 2 0 0 0 0 1 w 1 x j f 3 0 1 x x x E¢cient Algorithms F 5 algorithm w 1 x j 1 f 3 0 0 1 x x w 1 f 3 0 0 0 0 0 Complexity result w 1 x n f 3 0 0 0 1 x 0 0 0 0 0 w 2 f 3 . . . K e e p w 1 x i f 3 i f f w 1 x i L T f 1 f 2 j i f x 1 w 1 x 1 j

  17. Gröbner - Crypto From degree d to d + 1 IV J.-C. Faugère Plan Gröbner bases: properties m 1 m 2 m 3 m 4 m 5 . Zero dim solve . t 1 t 2 t 3 t 4 t 5 . 0 1 x x x . Algorithms . v 1 f 2 0 0 0 1 x . Buchberger and v 2 f 2 0 0 0 0 1 Macaulay w 1 x j f 3 0 1 x x x E¢cient Algorithms w 1 x j 1 f 3 0 0 1 x x w 1 f 3 0 0 0 0 0 F 5 algorithm w 1 x n f 3 0 0 0 1 x Complexity result w 2 f 3 0 0 0 0 0 . . . K e e p w 1 x i f 3 i f f w i x i n o t r e d u c i b l e b y L T G 2 d 2 i f x 1 j w 1 x 1 j

  18. Gröbner - Crypto F 5 properties J.-C. Faugère Plan Gröbner bases: properties Full version of F 5 : D the maximal degree is not given . Zero dim solve Theorem If F = [ f 1 , . . . , f m ] is a (semi) regular sequence Algorithms then all the matrices are full rank. Buchberger and Macaulay E¢cient Algorithms I F 5 algorithm Easy to adapt for the special case of F 2 ( new trivial Complexity result syzygy: f 2 i = f i ). I Incremental in degree/equations (swap 2 loops) I Fast in general (but not always) I F 5 matrix: easy to implement, used in applications (HFE).

  19. Gröbner - Crypto Classi…cation I J.-C. Faugère Plan Gröbner bases: properties Zero dim solve Algorithms Buchberger and Macaulay E¢cient Algorithms (with M. Bardet, B. Salvy) F 5 algorithm Complexity result Theorem

  20. Gröbner - Crypto Classi…cation II J.-C. Faugère Pour une suite semi-régulière ( f 1 , . . . , f m ) , il n’y a pas de Plan réduction à 0 dans l’algorithme F 5 en degré inférieur à son Gröbner bases: degré de régularité d reg ; de plus d reg est le degré en z du properties premier coe¢cient négatif de la série: Zero dim solve Algorithms � 1 � ( 1 � δ K , F 2 ) z d i � � 1 � δ K , F 2 z 2 � n m Buchberger and Macaulay ∏ E¢cient Algorithms 1 + δ K , F 2 z d i 1 � z F 5 algorithm i = 1 Complexity result où d i est le degré total de f i . Par conséquent, le nombre total d’opérations arithmétiques dans K nécessaire à F 5 (voir algorithme ?? ) est borné par Cste � M d reg ( n ) ω with ω � 3 On considère une suite semi-régulière constituée d’équations ( f 1 , . . . , f m ) . Le tableau suivant résume le résultat de

  21. Gröbner - Crypto Classi…cation III J.-C. Faugère plusieurs théorèmes donne le développement asymptotique Plan de d reg lorsque n ! ∞ en fonction de la valeur du rapport Gröbner bases: entre le nombre d’équations et le nombre de variables m properties n . Zero dim solve Légende des symboles utilisés dans le tableau: Algorithms k est une constante (qui ne dépend pas de n ). Buchberger and Macaulay d i est le degré total de f i . E¢cient Algorithms F 5 algorithm H k ( X ) est le k ème polynôme d’Hermite; h k , 1 est le plus Complexity result grand zéro de H k (tous les zéros de H k ( X ) sont réels). a 1 � � 2 . 3381 est le plus grand zéro de la fonction d’Airy (solution de ∂ 2 y ∂ z 2 � z y = 0). � � ( 1 � z ) n m Φ ( z ) = z ∂ ( 1 � z d i ) � 1 = ∂ z log ∏ n i = 1 m d i z di 1 � z � 1 z 1 � z di et z 0 est la racine de Φ 0 ( z ) qui minimise ∑ n i = 1 Φ ( z 0 ) > 0.

  22. Gröbner - Crypto Classi…cation IV J.-C. Faugère m Degré d reg Plan Gröbner bases: m < n K , d i = 2 m + 1 (Macaulay bound) properties n + 1 d i � 1 Zero dim solve n + 1 K ∑ (A. Szanto) 2 p m Algorithms i = 1 m n + k K , d i = 2 2 � h k , 1 2 + o ( 1 ) Buchberger and s Macaulay E¢cient Algorithms n + k n + k F 5 algorithm d 2 i � 1 d i � 1 n + k K ∑ � h k , 1 ∑ + o ( 1 ) Complexity result 2 6 i = 1 i = 1 � � 3 � 1 . 47 + 1 . 71 n � 1 1 n � 2 n 3 + O 2 n K , d i = 2 11 . 6569 + 1 . 04 n 3 p 1 ( k � 1 � a 1 3 + O ( 1 ) k n K , d i = 2 2 � k ( k � 1 )) n + 6 n 1 2 ( k ( k � 1 )) � � � � 1 � 1 3 + O 1 2 Φ 00 ( z 0 ) z 2 Φ ( z 0 ) n � a 1 k n K n 3 0 3 � 1 . 58 + O ( n � 1 1 n 3 ) n F 2 , d i = 2 11 . 1360 + 1 . 0034 n � q p � k + 1 2 + 1 k n F 2 , d i = 2 2 k ( k � 5 ) � 1 + 2 ( k + 2 ) k ( k + 2 ) 2

  23. Fast Gröbner algorithms overdetermined systems Jean-Charles Faug` ere CNRS - Universit´ e Paris 6 - INRIA SPIRAL (LIP6) – SALSA Project Samos 2007 Samos – 2007 – p. 1

  24. Why do we need efficiency ? Users have problems that they want to solve. Hot topic in Cryptography (L. Perret). The goal is to evaluate the security of a cryptosystem. Should be resistant to: differential cryptanalysts linear cryptanalysis Algebraic Cryptanalysis Samos – 2007 – p. 2

  25. Algebraic cryptanalysis Convert the crypto-system algebraic � problem. Evaluate the difficulty of the corresponding algebraic system S. n ✂ ✝ ✞ ✟ V z ☎ f z 0 f S ✄ ✄ ✁ ✁ 2 ✆ To solve S: compute Gröbner bases. Samos – 2007 – p. 3

  26. Algebraic cryptanalysis Convert the crypto-system algebraic � problem. Evaluate the difficulty of the corresponding algebraic system S. n ✂ ✝ ✞ ✟ V z ☎ f z 0 f S ✄ ✄ ✁ ✁ 2 ✆ To solve S: compute Gröbner bases. exaustive search !! n 2 n Complexity of exaustive O ✝ ✞ n 80 � Samos – 2007 – p. 3

  27. Specific problems F n ✂ ✝ ✞ ✟ V z f i z 0 i 1 m ✄ ✁ ✁ ✁ � 2 ✆ ✆ ✆ ✁ ✁ ✁ ✆ 2 In fact we have to add the “field equations”: x 2 x i . � i x 2 ✝ ✝ ✞ ✞ ✝ ✞ Ideal f i z 0 i 1 m x i i 1 n ✁ ✁ ✁ i � ✆ ✆ ✁ ✁ ✁ ✆ ✆ ✆ ✁ ✁ ✁ ✆ Hence we have M n equations in n m ✁ variables. Sometimes m n . � � Samos – 2007 – p. 4

  28. Specific solutions For several applications (Signal Theory, Crypto, . . . ) we have to solve an overdertimed system of equations. Improve algorithms for overdertimed systems. Improve complexity bound (Macaulay bound). Samos – 2007 – p. 5

  29. Specific algorithm in Crypto From “outside” the perception of Gröbner bases is (often) bad: n 10 complexity. d 2 Very inefficient implementation of Gröbner bases in general CAS. Results on Complexity are not well known. develop new algorithms for solving algebraic � equations. Samos – 2007 – p. 6

  30. Other algorithms: XL In crypto: develop their own algorithms ! f i initial equations (of degree 2) D a parameter ∏ d 1 Multiply: Generate all the � ✂ f i with d 1 x i j D 2 ✄ ☎ j ✁ 2 Linearize: Consider each monomial in the x i j as a new variable and perform Gaussian elimination on the equations obtained in 1 . Ordering monomials such that all the terms containing one1 variable (say x 1 ) are eliminated last. 3 Solve: Assume that step 2 . yields at least one univariate equation in the powers of x 1 . Solve this equation over the finite field. Samos – 2007 – p. 7 4 Repeat: Simplify the equations and repeat the process

  31. Other algorithms: XL Efficient Algorithms for Solving Overdefined Systems of Multivariate Polynomial Equations N Courtois, A Klimov, J Patarin and A Shamir Abstract. [...] Gr¨ obner base algorithms have large exponential complexity and cannot solve in practice systems with n 15 . Kipnis � ✁ and Shamir [9] have recently introduced a new algorithm called ”relinearization”. [...] This is a challenge for Computer Algebra ! Samos – 2007 – p. 7

  32. Complexity ✝ ✝ ✞ ✝ ✞ ✞ I f 1 x 1 x n f m x 1 x n ✁ � � � ✆ ✁ ✁ ✁ ✆ ✆ ✆ ✆ ✁ ✁ ✁ ✆ x 1 x n ✂ ✄ h deg f ✝ ✞ ✁ ✝ ✞ ✝ ✞ f x 1 x n f x 1 x n h ✁ � ✆ ✁ ✁ ✁ ✆ ✆ ✁ ✁ ✁ ✆ ✆ ✆ ✁ ✁ ✁ ✆ h h ✝ ✝ ✞ ✝ ✞ ✞ ✁ ✁ ✁ I f x 1 x n h f x 1 x n h ✁ 1 m � � � ✆ ✁ ✁ ✁ ✆ ✆ ✆ ✆ ✆ ✁ ✁ ✁ ✆ ✆ n nb of variables, m nb of equations D maximal degree occurring dimension/degree Hilbert function/Regularity Samos – 2007 – p. 8

  33. Complexity (well known results) ✝ ✝ ✞ ✝ ✞ ✞ ✝ ✞ and deg I f 1 x 1 f m x 1 x n f i d ✁ ✁ ✆ ✁ ✁ ✁ ✆ ✁ ✁ ✁ ✆ ✆ ✁ ✁ ✁ ✆ Hypotheses none ONE Explicit example: Mayr and Meyer Complexity d 2 n Samos – 2007 – p. 9

  34. Complexity (well known results) ✝ ✝ ✞ ✝ ✞ ✞ ✝ ✞ and deg I f 1 x 1 f m x 1 x n f i 2 ✁ ✁ ✆ ✁ ✁ ✁ ✆ ✁ ✁ ✁ ✆ ✆ ✁ ✁ ✁ ✆ Hypotheses “set of zeros at infinity is finite” ✝ ✞ ✁ 0 dim I ✁ Gröbner basis (DRL ordering) [La83, Giu84] computed in time polynomial in 2 n maximal degree 1 when m n n ✁ ✁ ( Macaulay ) Lemma 1: For almost all systems: polynomial in 2 n Samos – 2007 – p. 9

  35. Complexity (well known results) ✝ ✝ ✞ ✝ ✞ ✞ ✝ ✞ and deg I f 1 x 1 f m x 1 x n f i 2 ✁ ✁ ✆ ✁ ✁ ✁ ✆ ✁ ✁ ✁ ✆ ✆ ✁ ✁ ✁ ✆ Hypotheses ✝ ✞ x i GF 2 ✄ Gröbner bases: Lemma 2 complexity is always polynomial in 2 n . Samos – 2007 – p. 9

  36. Efficient Algorithms Buchberger (1965) Involutive bases (Gerdt) F 4 (1999) linear algebra slim Gb (2005) momoms degree d in x 1 x n ✂ ✄ ✄ ✄ ✂ monom f i 1 ☎ ✄ ✄ ✄ A d monom f i 2 ✁ ✆ ☎ � ✄ ✄ ✄ monom f i 3 ☎ ✄ ✄ ✄ Samos – 2007 – p. 10

  37. Efficient Algorithms F 5 (2002) full rank matrix momoms degree d in x 1 x n ✂ ✄ ✄ ✄ ✂ monom f i 1 ☎ ✄ ✄ ✄ A d monom f i 2 ✁ ✆ ☎ � ✄ ✄ ✄ monom f i 3 ☎ ✄ ✄ ✄ Samos – 2007 – p. 10

  38. F 5 matrix Special/Simpler version of F 5 for dense/generic polynomials. the maximal degree D is a parameter of the ✝ ✞ algorithm. degree d m 2 , deg f i 2 ✁ ✁ homogeneous quadratic polynomials, degree d : Samos – 2007 – p. 11

  39. F 5 matrix ✝ ✞ 2 , deg 2 homogeneous quadratic m f i ✁ ✁ polynomials, degree d : m 1 m 2 m 3 m 4 m 5 ✁ ✁ ✁ u 1 f 1 x x x x x ✁ ✁ ✁ u 2 f 1 x x x x x � ✁ ✁ ✁ ✁ � ✁ u 3 f 1 x x x x x � ✁ ✁ ✁ ✁ � ✁ v 1 f 2 x x x x x ✁ ✁ ✁ v 2 f 2 x x x x x ✁ ✁ ✁ deg ✝ ✞ deg ✝ ✞ u i v i d 2 ✁ ✁ � Samos – 2007 – p. 11

  40. Gauss Gauss reduction: m 1 m 2 m 3 m 4 m 5 ✁ ✁ ✁ 1 u 1 f 1 x x x x ✁ ✁ ✁ u 2 f 1 0 1 x x x � ✁ ✁ ✁ ✁ � ✁ u 3 f 1 0 0 1 x x � ✁ ✁ ✁ ✁ � ✁ v 1 f 2 0 0 0 1 x ✁ ✁ ✁ v 2 f 2 0 0 0 0 1 ✁ ✁ ✁ Samos – 2007 – p. 12

  41. d d 1 � m 1 m 2 m 3 m 4 m 5 ☎ ☎ ☎ ✁ ✆ u 1 f 1 1 x x x x ☎ ☎ ☎ u 2 f 1 0 1 x x x ✂ ✝ ☎ ☎ ☎ ✂ ✝ u 3 f 1 0 0 1 x x ✂ ✝ ☎ ☎ ☎ ✂ ✝ ✂ ✝ ✂ ✝ v 1 f 2 0 0 0 1 x ✂ ✝ ☎ ☎ ☎ ✄ ✞ v 2 f 2 0 0 0 0 1 ☎ ☎ ☎ Samos – 2007 – p. 13

  42. d d 1 � m 1 m 2 m 3 m 4 m 5 ☎ ☎ ☎ ✁ ✆ u 1 f 1 1 x x x x ☎ ☎ ☎ u 2 f 1 0 1 x x x ✂ ✝ ☎ ☎ ☎ ✂ ✝ t 1 t 2 t 3 t 4 t 5 u 3 f 1 0 0 1 x x ✂ ✝ ☎ ☎ ☎ ☎ ☎ ☎ ✂ ✝ ✁ ✆ ✂ ✝ ✂ ✝ ☎ ☎ ☎ ☎ ☎ ☎ v 1 f 2 0 0 0 1 x ✂ ✝ ☎ ☎ ☎ v 1 x j f 2 0 1 x x x ✂ ✝ ✄ ✞ ☎ ☎ ☎ ✂ ✝ v 2 f 2 0 0 0 0 1 v 1 x j 1 f 2 0 0 1 x x ✂ ✝ ✂ ☎ ☎ ☎ ☎ ☎ ☎ ✂ ✝ ✂ ✝ v 1 x n f 2 0 0 0 1 x ✄ ✞ ☎ ☎ ☎ ☎ ☎ ☎ ☎ ☎ ☎ α j x α 1 if v 1 x � ✁ ✁ ✁ 1 j Samos – 2007 – p. 13

  43. � d d 1 � m 1 m 2 m 3 m 4 m 5 ☎ ☎ ☎ ✁ ✆ u 1 f 1 1 x x x x t 1 t 2 t 3 t 4 t 5 ☎ ☎ ☎ ☎ ☎ ☎ u 2 f 1 0 1 x x x ✂ ✝ ☎ ☎ ☎ ✁ ✆ ✂ ✝ ☎ ☎ ☎ ☎ ☎ ☎ u 3 f 1 0 0 1 x x ✂ ✝ ☎ ☎ ☎ ✂ ✝ v 1 x j f 2 0 1 x x x ✂ ✝ ☎ ☎ ☎ ✂ ✝ ✂ ✝ ✂ ✝ v 1 f 2 0 0 0 1 x v 1 x j 1 f 2 0 0 1 x x ✂ ✝ ✂ ✝ ✂ ☎ ☎ ☎ ☎ ☎ ☎ ✂ ✝ ✄ ✞ ✂ ✝ v 1 x n f 2 0 0 0 1 x ✄ ✞ v 2 f 2 0 0 0 0 1 ☎ ☎ ☎ ☎ ☎ ☎ ☎ ☎ ☎ ☎ ☎ ☎ Keep v 1 x i f 2 iff v i x i � ✂ ✄ ✂ LT f 1 ✁ α j x α 1 if v 1 x � ✁ ✁ ✁ 1 j Samos – 2007 – p. 13

  44. Specific algorithms Nothing to do ! more equations more efficient Gb � computation Samos – 2007 – p. 14

  45. Specific algorithms x 2 x i ✁ i “Easy” part: we can handle efficiently that all the monomials are squarefree (Boolean Gröbner bases) and to develop specific linear algebra packages (over 2 ). ☎ Moreover, we have new trivial syzygies: f 2 f i f j f j f i f ✁ ✁ � 2 (2003/2005) specific version for 2 . F 5 ☎ Samos – 2007 – p. 14

  46. Specific Complexity (with B. Salvy, M. Bardet, 2005) Goal : estimate d n maximal degree occurring Gröbner comput. Idea: we construct A d following step by step F 5 A d full rank number of rows. � � momoms degree d in x 1 x n ✂ ✄ ✄ ✄ ✂ � ✂ monom d 2 f i 1 ☎ ☎ ✄ ✄ ✄ � ✂ A d monom d 2 f i 2 ✁ ✆ ☎ � ☎ ✄ ✄ ✄ � ✂ monom d 2 f i 3 ☎ ☎ ✄ ✄ ✄ Samos – 2007 – p. 15

  47. F 5 criterion Criterion: t f j is in the matrix if t � ✝ ✝ ✞ ✞ , Id LT G j ✄ 1 � where G j 1 is the Gröbner basis of ✂ ✟ . f 1 f j 1 ✆ ✁ ✁ ✁ ✆ � � ✝ ✞ ✂ ✟ nb of rows when computing in U d n f 1 f i i ✆ ✁ ✁ ✁ ✆ ✁ degree d . Samos – 2007 – p. 16

  48. Recurrence relation For d 2 : i 1 n d 2 � ∑ � ✝ ✞ ✝ ✞ U d n i U d n ✁ i 2 j � � � d 2 ✁ ✁ � 1 j ✁ � ✄ � ✄ ✁ ✂ ✁ ✂ criterion number of monomials of degree d 2 ☎ � Samos – 2007 – p. 17

  49. End of the computation col row h[d,i]= row − col degree d ✝ ✞ 0 end of the Gröbner computation h d n � m ✁ Compute biggest real root N d of h d ✝ ✞ . n m ✁ Samos – 2007 – p. 18

  50. Generating series Theorem 1.1 f i degree d i , i m finite field 1 ✁ ✆ ✁ ✁ ✁ ✆ q : ☎ y d iq 1 n m y d i � 1 ∏ ∑ ∞ y q 1 � m y d H m 0 h d � ✁ ✁ d 1 y y d iq 1 ✁ ✁ 1 � � 1 i ✁ particular case: d i 2 , GF(2) n m eqs ✁ ✁ ∞ n 1 y ∑ n y d h d ✁ y 2 1 ✁ d 0 ✁ Samos – 2007 – p. 19

  51. Asymptotic expansion biggest real root of n dy 1 1 y h d ✁ n 2 i π y 2 y d 1 � 1 ✁ C Samos – 2007 – p. 20

  52. Asymptotic expansion λ 1 1 1 1 ✝ ✞ d n λ 0 n n O 3 ✁ � 4 1 λ n 3 3 0 1 n 1 ✝ ✞ 1 0034n O d n 3 � 1 11 11360 ✁ n ✁ 3 where λ 0 � � � 3 2 3 5 2 1 2 72 42 3 11 13 � ✁ ✁ and λ 1 is expressed in term of the biggest zero of the Airy function (solution ∂ 2 y 0 ) zy ∂ z 2 ✁ � Almost exact formula when n 3 ! Samos – 2007 – p. 20

  53. Maximal Degree ( F 2 ) degree 14 12 10 8 6 4 2 0 n 3 9 16 24 32 41 49 58 67 77 86 95 0 Samos – 2007 – p. 21

  54. Conclusion Classification: m number of polynomials, n variables exponential complexity m cste n ✁ ✝ ✞ sub exponential complexity cste nlog m n ✁ cste n 2 polynomial complexity m ✁ Samos – 2007 – p. 22

  55. HFE HFE = Hidden Fields Equations public key cryptosystem using polynomial operations over finite fields proposed by Jacques Patarin (96) very promising cryptosystem: signatures as short as 128, 100 and even 80 bits . Samos – 2007 – p. 23

  56. HFE x 2 i 2 j c 17 x 17 c 16 x 16 � ✝ ✞ secret key P x ✁ � � � � � � � � � 2 n ✝ ✞ c 16 c 17 GF ✄ ✁ ✁ ✁ ✆ ✆ ✆ ✁ ✁ ✁ univariate polynomial structure is hidden Samos – 2007 – p. 23

  57. HFE x 2 i 2 j c 17 x 17 c 16 x 16 � ✝ ✞ secret key P x ✁ � � � � � � � � � ∑ n 1 0 x i w i 2 n 2 n ✝ ✞ , x i ✝ ✞ , w ✝ ✞ x GF GF 2 GF � ✄ ✄ ✄ ✁ i ✁ � ✝ ✞ g 1 x 0 x n 0 ✁ 1 ✁ ✆ ✁ ✁ ✁ ✆ � � � � ✁ ✝ ✞ g n x 0 x n 0 ✂ ✁ 1 ✆ ✁ ✁ ✁ ✆ � where g i coeff of w i in P ∑ n 1 0 x i w i ✝ ✞ (degree 2 ) � i ✁ Samos – 2007 – p. 23

  58. HFE x 2 i 2 j c 17 x 17 c 16 x 16 � ✝ ✞ secret key P x ✁ � � � � � � � � � ∑ n 1 0 x i w i 2 n 2 n ✝ ✞ , x i ✝ ✞ , w ✝ ✞ x GF GF 2 GF � ✄ ✄ ✄ ✁ i ✁ (Random) Change of coordinates n 1 � ∑ x i a i j y j ✁ ✁ j 0 ✁ (Random) Mix of equations n ∑ f i b i j g j ✁ ✁ j 1 Samos – 2007 – p. 23 ✁

  59. HFE x 2 i 2 j c 17 x 17 c 16 x 16 � ✝ ✞ secret key P x ✁ � � � � � � � � � ∑ n 1 0 x i w i 2 n 2 n ✝ ✞ , x i ✝ ✞ , w ✝ ✞ x GF GF 2 GF � ✄ ✄ ✄ ✁ i ✁ Public key : � ✝ ✞ f 1 y 0 y n 1 ✁ ✆ ✁ ✁ ✁ ✆ � � � � ✁ ✝ ✞ f n y 0 y n ✂ 1 ✆ ✁ ✁ ✁ ✆ � Samos – 2007 – p. 23

  60. HFE encryption Initial ✝ ✞ x 1 x n ✆ ✁ ✁ ✁ ✆ Samos – 2007 – p. 24

  61. HFE encryption Initial ✝ ✞ x 1 x n ✆ ✁ ✁ ✁ ✆ ✝ ✞ Encryption z i f i x 1 x n ✁ ✆ ✁ ✁ ✁ ✆ Samos – 2007 – p. 24

  62. HFE encryption Initial ✝ ✞ x 1 x n ✆ ✁ ✁ ✁ ✆ ✝ ✞ Encryption z i f i x 1 x n ✁ ✆ ✁ ✁ ✁ ✆ Send ✝ ✞ z 1 z n ✆ ✁ ✁ ✁ ✆ Samos – 2007 – p. 24

  63. HFE decryption Initial ✝ ✞ x 1 x n ✆ ✁ ✁ ✁ ✆ ✝ ✞ Decryption z i f i x 1 x n ✁ ✆ ✁ ✁ ✁ ✆ Send ✝ ✞ z 1 z n ✆ ✁ ✁ ✁ ✆ secret Initial ✝ ✞ z 1 z n ✆ ✁ ✁ ✁ ✆ Decryption Solve P ✝ ✞ x z ✁ Samos – 2007 – p. 25

  64. HFE decryption Initial ✝ ✞ x 1 x n ✆ ✁ ✁ ✁ ✆ ✝ ✞ Decryption z i f i x 1 x n ✁ ✆ ✁ ✁ ✁ ✆ Send ✝ ✞ z 1 z n ✆ ✁ ✁ ✁ ✆ Enemy secret Initial ✝ ✞ z 1 z n ✆ ✁ ✁ ✁ ✆ Initial ✝ ✞ z 1 z n ✆ ✁ ✁ ✁ ✆ f 1 z 1 � Decryption Decryption Solve P ✝ ✞ x z ✁ f m z m � Samos – 2007 – p. 25

  65. HFE decryption Initial ✝ ✞ x 1 x n ✆ ✁ ✁ ✁ ✆ ✝ ✞ Decryption z i f i x 1 x n ✁ ✆ ✁ ✁ ✁ ✆ Send ✝ ✞ z 1 z n ✆ ✁ ✁ ✁ ✆ Enemy secret Initial ✝ ✞ z 1 z n ✆ ✁ ✁ ✁ ✆ Initial ✝ ✞ z 1 z n ✆ ✁ ✁ ✁ ✆ f 1 z 1 � Decryption Decryption Solve P ✝ ✞ x z ✁ f m z m � Hence, solving algebraic system. Samos – 2007 – p. 25

  66. Degree of univariate polynomial Time to solve the univariate polynomial of degree 2 n (MCA d : O ✝ ✝ ✞ ✝ ✞ ✞ operations in M d log d ☎ Gathen/Gerhard) ✝ ✞ (80,129) (80,257) (80,513) n d ✆ NTL (CPU time) 0.6 sec 2.5 sec 6.4 sec ✝ ✞ (128,129) (128,257) (128,513) n d ✆ NTL (CPU time) 1.25 sec 3.1 sec 9.05 sec (NTL/Shoup PC Pentium III 1000 Mhz) d cannot be too big ! Samos – 2007 – p. 26

  67. Experiments Buchberger Maple slimGb Macaulay 2 Singular F 4 F 5 after 10m 12 17 19 19 22 35 Samos – 2007 – p. 27

  68. Experiments Buchberger Maple slimGb Macaulay 2 Singular F 4 F 5 after 10m 12 17 19 19 22 35 after 2h 14 19 23 21 28 45 Samos – 2007 – p. 27

  69. Experiments Challenge 1 broken Recover Experimentally the complexity of HFE wrt degree of hidden polynomial ✝ ✞ Let D be the maximum degree occuring in d n ✆ the Gröbner computation of HFE polynomial degree d , 2 n . ☎ Samos – 2007 – p. 28

  70. Challenge 1 Proposed by J. Patarin 80 equations in degree 2 Random ? Average nb of terms: 1623.9 ✂ ✄ n n 1 � n 1 2 1620 5 ✁ ✁ 2 Samos – 2007 – p. 29

  71. Challenge 1 But after F 5 � 2 : 6.4 H can be detected that it is not random ! After 187892 sec ( 2 days ) find 4 solutions � (one proc Alpha 1000 Mhz + 4 Go RAM) Samos – 2007 – p. 29

  72. Challenge 1 (solutions) 80 ∑ x i 2 i 1 X � ✁ 1 i ✁ X 644318005239051140554718 ✁ X 934344890045941098615214 ✁ X 1022677713629028761203046 ✁ 1037046082651801149594670 X ✁ Samos – 2007 – p. 30

  73. Maximal degree 16 Maximal Degree in the Gröbner basis computation random system 14 12 10 8 6 HFE 128<d<513 HFE 16<d<129 4 HFE 3<d<17 2 n 0 0 10 20 30 40 50 60 70 80 90 100 Samos – 2007 – p. 31

  74. HFE Conclusion d D Exp comp n 6 3 d 17 � n 8 4 17 d 129 � n 10 5 129 d 513 � Complexity of HFE Samos – 2007 – p. 32

  75. Conclusion Applications: Challenging problem for � Computer Algebra. Need very powerful algorithm/implementation. Samos – 2007 – p. 33

  76. F 4 An efficient algorithm for computing Gröbner using linear algebra Jean-Charles Faug` ere CNRS - INRIA - Universit´ e Paris 6 SALSA Project Samos 2007 Samos 2007 – F 4 – p. 1

  77. Plan of the talk Goal of F 4 Description of the algorithm. Step by step example. Samos 2007 – F 4 – p. 2

  78. Goal of F 4 Among other things 3 big difficulties: A crucial issue to be faced in implementing the Buchberger algorithm is the choice of a Strategy . An apparent difficulty is the growth of the coefficients when computing with big integers. It is difficult to parallelize this algorithm: f n depends strongly on f n 1 , f n 2 , (if you ✁ ✁ ✁ � � remove zero !). Samos 2007 – F 4 – p. 3

  79. Goal of F 4 There are a lot of choices: select a critical pair in the list of critical pairs. choose one reductor among a list of reductors Buchberger theorem not important for the � correctness of the algorithm Samos 2007 – F 4 – p. 3

  80. Notations ✁ ✄ P is the polynomial ring. R x 1 x n � ✂ ✁ ✁ ✁ ✂ T the set of all terms. ✁ ✄ algebraic equations F f 1 f m � ✂ ✁ ✁ ✁ ✂ ☎ ✆ the support of F . T F τ a critical pair Pair ☎ ✆ ☎ ✆ f g t f f t g g � ✂ ✂ ✂ ✂ ✂ τ T 2 ☎ ✆ ☎ ✆ ☎ ✆ ☎ ☎ ✆ t f t g t g LT g t f LT f lcm LT f l ✝ � � � ✂ ✂ ✁ ✁ ✂ ☎ ☎ ✆ ✆ ☎ ✆ the two projections Left , Pair f g t f f � ✂ ✂ ☎ ☎ ✆ ✆ ☎ ✆ Right Pair f g t g g � ✂ ✂ Samos 2007 – F 4 – p. 4

  81. Linear Algebra and Matrices Trivial link: Linear Algebra Polynomials ☎ ✆ Definition: F , ordering. A Matrix f 1 f m � � ✂ ✁ ✁ ✁ ✂ representation M F of F is such that T T F M F X � ✁ where X the monomials (sorted for ) T ☎ ✆ : F � m 1 m 2 m 3 ✁ ✁ f 1 ✁ ✁ ✁ f 2 M F � ✁ ✁ ✁ f 3 ✁ ✁ ✁ Samos 2007 – F 4 – p. 5

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Grbner Bases. Applications in Cryptology Description of the Cipher Families Feistel cipher:

Grbner Bases. Applications in Cryptology Description of the Cipher Families Feistel cipher:

Grbner - Crypto J.-C. Faugre Plan Grbner bases: properties Grbner Bases. Applications in Cryptology Description of the Cipher Families Feistel cipher: FLURRY Feistel cipher modelling Jean-Charles Faugre Algorithms Buchberger

694 views • 57 slides
Grbner Bases: a Tools for Cryptology Jean-Charles Faugre PolSys - INRIA/UPMC ECRYPT II

Grbner Bases: a Tools for Cryptology Jean-Charles Faugre PolSys - INRIA/UPMC ECRYPT II

Grbner Bases: a Tools for Cryptology Jean-Charles Faugre PolSys - INRIA/UPMC ECRYPT II Summer School on Tools 2012 Plan Grbner Bases: a Tools for Cryptology Introduction to Algebraic Cryptanalysis and Grbner bases. Part I

1.26k views • 104 slides
PBIBD and its applications in Cryptology Bimal Roy Indian Statistical Institute www.isical.ac.in/

PBIBD and its applications in Cryptology Bimal Roy Indian Statistical Institute www.isical.ac.in/

PBIBD and its applications in Cryptology Bimal Roy Indian Statistical Institute www.isical.ac.in/ bimal In this talk ... We will first describe the combinatorial framework of PBIBD And then proceed to show its applications in Cryptology 1.

578 views • 29 slides
Cryptology Cryptology = Cryptography + Cryptanalysis Usage: SSL/TLS, ssh, gpg GSM, Wifi,

Cryptology Cryptology = Cryptography + Cryptanalysis Usage: SSL/TLS, ssh, gpg GSM, Wifi,

An introduction to Cryptology 1 2015/03/ EMA, Franceville, Gabon Damien Robert quipe LFANT, Inria Bordeaux Sud-Ouest Institut de Mathmatiques de Bordeaux quipe MACISA, Laboratoire International de Recherche en Informatique et

809 views • 61 slides
Security building blocks: cryptology Markus Peuhkuri 2005-02-08 Lecture topics Cryptology

Security building blocks: cryptology Markus Peuhkuri 2005-02-08 Lecture topics Cryptology

Security building blocks: cryptology Markus Peuhkuri 2005-02-08 Lecture topics Cryptology Encryption Secure hash Security and cryptology Information security = crypto? A significant art by

422 views • 7 slides
Applications of Rule Mining in Knowledge Bases Luis Galrraga November 3 rd , 2014 PIKM,

Applications of Rule Mining in Knowledge Bases Luis Galrraga November 3 rd , 2014 PIKM,

Applications of Rule Mining in Knowledge Bases Luis Galrraga November 3 rd , 2014 PIKM, Shanghai 1 Knowledge Bases (KBs) Barack Obama hasChild born On hasChild Malia Aug 4, 1961 hasChild marriedTo hasChild Michelle Sasha 2 KBs in

652 views • 49 slides
Math236 Discrete Maths with Applications P. Ittmann UKZN, Pietermaritzburg Semester 1, 2012

Math236 Discrete Maths with Applications P. Ittmann UKZN, Pietermaritzburg Semester 1, 2012

Math236 Discrete Maths with Applications P. Ittmann UKZN, Pietermaritzburg Semester 1, 2012 Ittmann (UKZN PMB) Math236 2012 1 / 18 Cryptology Cryptology is usually understood to consist of two related disciplines Cryptography and

316 views • 18 slides
Acids and Bases List as many things that you can about acids or bases in 15 seconds. Share

Acids and Bases List as many things that you can about acids or bases in 15 seconds. Share

Acids and Bases List as many things that you can about acids or bases in 15 seconds. Share with table mates. List brainstorm Make foldable Science Definitions Acids: Link to vid Hydronium Bases: pH: pH scale

162 views • 15 slides
Information Transmission Chapter 6 Cryptology OVE EDFORS ELECTRICAL AND INFORMATION TECHNOLOGY

Information Transmission Chapter 6 Cryptology OVE EDFORS ELECTRICAL AND INFORMATION TECHNOLOGY

1 Information Transmission Chapter 6 Cryptology OVE EDFORS ELECTRICAL AND INFORMATION TECHNOLOGY Learning outcomes After this lecture the student should undertand what cryptology is and how it is used, be familiar with the crypto

307 views • 18 slides
Introduction to Cryptology Laboratory for cryptologic algorithms Arjen K. Lenstra What is

Introduction to Cryptology Laboratory for cryptologic algorithms Arjen K. Lenstra What is

Introduction to Cryptology Laboratory for cryptologic algorithms Arjen K. Lenstra What is Cryptology? The art and science of secret writing What this talk could be: ------------------------------------

959 views • 59 slides
Understanding Tax Bases Staff Presentation July 20, 2005 Clean Tax Bases What is in the

Understanding Tax Bases Staff Presentation July 20, 2005 Clean Tax Bases What is in the

1 Understanding Tax Bases Staff Presentation July 20, 2005 Clean Tax Bases What is in the tax base? o There are numerous deductions, credits and exclusions in the current code Many are designed to make system more progressive

723 views • 45 slides
Acids and Bases Slide 3 / 208 Table of Contents: Acids and Bases Click on the topic to go to

Acids and Bases Slide 3 / 208 Table of Contents: Acids and Bases Click on the topic to go to

Slide 1 / 208 Slide 2 / 208 Acids and Bases Slide 3 / 208 Table of Contents: Acids and Bases Click on the topic to go to that section Properties of Acids and Bases Conjugate Acid and Base Pairs Amphoteric Substances Strong Acids

1.37k views • 99 slides
Acids and Bases Slide 3 / 208 Table of Contents: Acids and Bases Click on the topic to go to

Acids and Bases Slide 3 / 208 Table of Contents: Acids and Bases Click on the topic to go to

Slide 1 / 208 Slide 2 / 208 Acids and Bases Slide 3 / 208 Table of Contents: Acids and Bases Click on the topic to go to that section Properties of Acids and Bases Conjugate Acid and Base Pairs Amphoteric Substances Strong Acids

1.01k views • 70 slides
Wind Turbine Bases Agenda 1. CSIC Who we are and what we do. 2. Wind Turbine Bases

Wind Turbine Bases Agenda 1. CSIC Who we are and what we do. 2. Wind Turbine Bases

Research on Options for Wind Turbine Bases Agenda 1. CSIC Who we are and what we do. 2. Wind Turbine Bases Understanding the Problem. 3. Collaborative Approach Working together to develop solutions. 4. Next Steps For the project, and CSIC.

389 views • 25 slides
A New Publication Model for FSE: IACR Transactions on Symmetric Cryptology (ToSC) Bart Preneel

A New Publication Model for FSE: IACR Transactions on Symmetric Cryptology (ToSC) Bart Preneel

Rump Session 2016 A New Publication Model for FSE: IACR Transactions on Symmetric Cryptology (ToSC) Bart Preneel COSIC KU Leuven and iMinds FSE ToSC Fast Software Encryption IACR Transactions on Symmetric Cryptology =

303 views • 5 slides
Acids and Bases List as many things that you can about acids or bases in 15 seconds. Share

Acids and Bases List as many things that you can about acids or bases in 15 seconds. Share

Acids and Bases List as many things that you can about acids or bases in 15 seconds. Share with table mates. List brainstorm Acids All acid formulas start with hydrogen Look for the pattern on the next slide Patterns? HCl

350 views • 12 slides
Design and Analysis of Single-source and Layer Multicast Multisource Application Layer Multicast

Design and Analysis of Single-source and Layer Multicast Multisource Application Layer Multicast

Design and Analysis of Single-source and Multisource Application Layer Multicast Routing Protocols Design and Analysis of Single-source and Multisource Application Design and Analysis of Single-source and Layer Multicast Multisource

995 views • 60 slides
OpenGL: Open Graphics Library Graphics API Introduction to OpenGL ( Application Programming

OpenGL: Open Graphics Library Graphics API Introduction to OpenGL ( Application Programming

OpenGL: Open Graphics Library Graphics API Introduction to OpenGL ( Application Programming Interface) Part II Software library Layer between programmer and graphics CS 351-50 hardware (and other software Several hundred

252 views • 9 slides
On the Metric-based Approximate Minimization of Markov Chains* Giovanni Bacci , Giorgio Bacci,

On the Metric-based Approximate Minimization of Markov Chains* Giovanni Bacci , Giorgio Bacci,

On the Metric-based Approximate Minimization of Markov Chains* Giovanni Bacci , Giorgio Bacci, Kim G. Larsen, Radu Mardare Aalborg University OPCT 2017 Vienna, 26th June 2017 1/27 (*) accepted for publication at ICALP17 Introduction

1.16k views • 89 slides
Authenticated Encryption Mode for Beyond the Birthday Bound Security Tetsu Iwata

Authenticated Encryption Mode for Beyond the Birthday Bound Security Tetsu Iwata

Authenticated Encryption Mode for Beyond the Birthday Bound Security Tetsu Iwata Nagoya University iwata@cse.nagoya-u.ac.jp ESC, Echternach Symmetric Crypto seminar January 11, 2008 Blockcipher plaintext M

576 views • 40 slides
In the name of the markets: Which legitimacy for which European governance ? Ccile Barbier

In the name of the markets: Which legitimacy for which European governance ? Ccile Barbier

In the name of the markets: Which legitimacy for which European governance ? Ccile Barbier Senior researcher Confrence Sociale Europenne : Bilan de la gouvernance conomique lors du premier Semestre Europen. Observatoire social

532 views • 9 slides
Continuous Improvement Toolkit Overall Equipment Effectiveness (OEE) Continuous Improvement

Continuous Improvement Toolkit Overall Equipment Effectiveness (OEE) Continuous Improvement

Continuous Improvement Toolkit Overall Equipment Effectiveness (OEE) Continuous Improvement Toolkit . www.citoolkit.com Managing Deciding &amp; Selecting Planning &amp; Project Management* Pros and Cons Risk PDPC Importance-Urgency Mapping

403 views • 17 slides
Predictive maintenance Predicting failures using machine learning company confidential 3

Predictive maintenance Predicting failures using machine learning company confidential 3

HKUST predictive maintenance contest May 8, 2018 Predictive maintenance Predicting failures using machine learning company confidential 3 nexperia.com company confidential Semiconductor packaging 4 nexperia.com company confidential

357 views • 12 slides
migrations with minimum downtime Shuhao Wu Shopify April 24, 2018 Problems with Existing Tools

migrations with minimum downtime Shuhao Wu Shopify April 24, 2018 Problems with Existing Tools

Ghostferry: the swiss army knife of live data migrations with minimum downtime Shuhao Wu Shopify April 24, 2018 Problems with Existing Tools Cloud limitations No access to the filesystem. No direct access to commands like CHANGE

824 views • 24 slides

More recommend