lattice based cryptography day 1 simplicity d j bernstein
play

Lattice-based cryptography, day 1: simplicity D. J. Bernstein - PDF document

Oct 12, 2022 •195 likes •1.84k views

1 Lattice-based cryptography, day 1: simplicity D. J. Bernstein University of Illinois at Chicago; Ruhr University Bochum 2 2000 Cohen cryptosystem Public key: vector of integers K = ( K 1 ; : : : ; K N ) { X; : : : ; X } N .

  1. 13 Subset-sum attacks Attacker searches all possibilities for ( r 1 ; : : : ; r N ), checks r 1 K 1 + · · · + r N K N against ± C 1 . This takes 2 N easy operations: e.g. 1024 operations for N = 10. “This finds only one bit m 1 .” — This is a problem in some applications. Should design encryption to leak no information. — Also, can easily modify attack to find all bits of message.

  2. 14 Modified attack: For each ( r 1 ; : : : ; r N ), look up r 1 K 1 + · · · + r N K N in hash table containing ± C 1 ; ± C 2 ; : : : ; ± C B .

  3. 14 Modified attack: For each ( r 1 ; : : : ; r N ), look up r 1 K 1 + · · · + r N K N in hash table containing ± C 1 ; ± C 2 ; : : : ; ± C B . Multi-target attack: Apply this not just to B bits in one message, but all bits in all messages sent to this key.

  4. 14 Modified attack: For each ( r 1 ; : : : ; r N ), look up r 1 K 1 + · · · + r N K N in hash table containing ± C 1 ; ± C 2 ; : : : ; ± C B . Multi-target attack: Apply this not just to B bits in one message, but all bits in all messages sent to this key. Finding all bits in all messages: total 2 N operations.

  5. 14 Modified attack: For each ( r 1 ; : : : ; r N ), look up r 1 K 1 + · · · + r N K N in hash table containing ± C 1 ; ± C 2 ; : : : ; ± C B . Multi-target attack: Apply this not just to B bits in one message, but all bits in all messages sent to this key. Finding all bits in all messages: total 2 N operations. Finding 1% of all bits in all messages, huge information leak: total 0 : 01 · 2 N operations.

  6. 15 “We can stop attacks by taking N = 128, and changing keys every day, and applying all-or-nothing transform to each message.”

  7. 15 “We can stop attacks by taking N = 128, and changing keys every day, and applying all-or-nothing transform to each message.” — Standard subset-sum attacks take only 2 N= 2 operations to find ( r 1 ; : : : ; r N ) ∈ { 0 ; 1 } N with r 1 K 1 + · · · + r N K N = C .

  8. 15 “We can stop attacks by taking N = 128, and changing keys every day, and applying all-or-nothing transform to each message.” — Standard subset-sum attacks take only 2 N= 2 operations to find ( r 1 ; : : : ; r N ) ∈ { 0 ; 1 } N with r 1 K 1 + · · · + r N K N = C . Make hash table containing C − r N= 2+1 K N= 2+1 − · · · − r N K N for all ( r N= 2+1 ; : : : ; r N ). Look up r 1 K 1 + · · · + r N= 2 K N= 2 in hash table for each ( r 1 ; : : : ; r N= 2 ).

  9. 16 These attacks exploit linear structure of problem to convert one target C into many targets.

  10. 16 These attacks exploit linear structure of problem to convert one target C into many targets. (Actually have 2 B targets ± C 1 ; : : : ; ± C B for one message. Convert into B 1 = 2 2 N= 2 targets: total B 1 = 2 2 N= 2 operations to find all B bits. Also, maybe have more messages to attack.)

  11. 16 These attacks exploit linear structure of problem to convert one target C into many targets. (Actually have 2 B targets ± C 1 ; : : : ; ± C B for one message. Convert into B 1 = 2 2 N= 2 targets: total B 1 = 2 2 N= 2 operations to find all B bits. Also, maybe have more messages to attack.) There are even more ways to exploit the linear structure. 1981 Schroeppel–Shamir: 2 N= 2 operations, space 2 N= 4 .

  12. 17 2010 Howgrave-Graham–Joux: claimed 2 0 : 311 N operations. 2011 May–Meurer correction: 2 0 : 337 N .

  13. 17 2010 Howgrave-Graham–Joux: claimed 2 0 : 311 N operations. 2011 May–Meurer correction: 2 0 : 337 N . 2011 Becker–Coron–Joux: 2 0 : 291 N operations.

  14. 17 2010 Howgrave-Graham–Joux: claimed 2 0 : 311 N operations. 2011 May–Meurer correction: 2 0 : 337 N . 2011 Becker–Coron–Joux: 2 0 : 291 N operations. 2016 Ozerov: 2 0 : 287 N operations.

  15. 17 2010 Howgrave-Graham–Joux: claimed 2 0 : 311 N operations. 2011 May–Meurer correction: 2 0 : 337 N . 2011 Becker–Coron–Joux: 2 0 : 291 N operations. 2016 Ozerov: 2 0 : 287 N operations. 2019 Esser–May: claimed 2 0 : 255 N operations, but withdrew claim.

  16. 17 2010 Howgrave-Graham–Joux: claimed 2 0 : 311 N operations. 2011 May–Meurer correction: 2 0 : 337 N . 2011 Becker–Coron–Joux: 2 0 : 291 N operations. 2016 Ozerov: 2 0 : 287 N operations. 2019 Esser–May: claimed 2 0 : 255 N operations, but withdrew claim. 2020 Bonnetain–Bricout– Schrottenloher–Shen: 2 0 : 283 N .

  17. 17 2010 Howgrave-Graham–Joux: claimed 2 0 : 311 N operations. 2011 May–Meurer correction: 2 0 : 337 N . 2011 Becker–Coron–Joux: 2 0 : 291 N operations. 2016 Ozerov: 2 0 : 287 N operations. 2019 Esser–May: claimed 2 0 : 255 N operations, but withdrew claim. 2020 Bonnetain–Bricout– Schrottenloher–Shen: 2 0 : 283 N . Quantum attacks: various papers.

  18. 17 2010 Howgrave-Graham–Joux: claimed 2 0 : 311 N operations. 2011 May–Meurer correction: 2 0 : 337 N . 2011 Becker–Coron–Joux: 2 0 : 291 N operations. 2016 Ozerov: 2 0 : 287 N operations. 2019 Esser–May: claimed 2 0 : 255 N operations, but withdrew claim. 2020 Bonnetain–Bricout– Schrottenloher–Shen: 2 0 : 283 N . Quantum attacks: various papers. Multi-target speedups: probably!

  19. 18 Variants of cryptosystem 2003 Regev: Cohen cryptosystem (without credit), but replace ( − 1) m ( r 1 K 1 + · · · + r N K N ) with m ( K 1 = 2) + r 1 K 1 + · · · + r N K N .

  20. 18 Variants of cryptosystem 2003 Regev: Cohen cryptosystem (without credit), but replace ( − 1) m ( r 1 K 1 + · · · + r N K N ) with m ( K 1 = 2) + r 1 K 1 + · · · + r N K N . To make this work, modify keygen to force K 1 ∈ 2 Z and ( K 1 − u 1 ) =s ∈ 1 + 2 Z . Also be careful with u i bounds.

  21. 18 Variants of cryptosystem 2003 Regev: Cohen cryptosystem (without credit), but replace ( − 1) m ( r 1 K 1 + · · · + r N K N ) with m ( K 1 = 2) + r 1 K 1 + · · · + r N K N . To make this work, modify keygen to force K 1 ∈ 2 Z and ( K 1 − u 1 ) =s ∈ 1 + 2 Z . Also be careful with u i bounds. 2009 van Dijk–Gentry–Halevi– Vaikuntanathan: K i ∈ 2 u i + s Z ; C = m + r 1 K 1 + · · · + r N K N ; m = ( C mod s ) mod 2. Be careful to take s ∈ 1 + 2 Z .

  22. 19 Homomorphic encryption If u i =s is small enough then 2009 DGHV system is homomorphic.

  23. 19 Homomorphic encryption If u i =s is small enough then 2009 DGHV system is homomorphic. Take two ciphertexts: C = m + 2 › + sq , C ′ = m ′ + 2 › ′ + sq ′ with small ›; › ′ ∈ Z .

  24. 19 Homomorphic encryption If u i =s is small enough then 2009 DGHV system is homomorphic. Take two ciphertexts: C = m + 2 › + sq , C ′ = m ′ + 2 › ′ + sq ′ with small ›; › ′ ∈ Z . C + C ′ = m + m ′ + 2( › + › ′ ) + s ( q + q ′ ). This decrypts to m + m ′ mod 2 if › + › ′ is small.

  25. 19 Homomorphic encryption If u i =s is small enough then 2009 DGHV system is homomorphic. Take two ciphertexts: C = m + 2 › + sq , C ′ = m ′ + 2 › ′ + sq ′ with small ›; › ′ ∈ Z . C + C ′ = m + m ′ + 2( › + › ′ ) + s ( q + q ′ ). This decrypts to m + m ′ mod 2 if › + › ′ is small. CC ′ = mm ′ +2( ›m ′ + › ′ m +2 ›› ′ )+ s ( · · · ). This decrypts to mm ′ if ›m ′ + › ′ m + 2 ›› ′ is small.

  26. 20 sage: N=10 sage:

  27. 20 sage: N=10 sage: E=2^10 sage:

  28. 20 sage: N=10 sage: E=2^10 sage: Y=2^50 sage:

  29. 20 sage: N=10 sage: E=2^10 sage: Y=2^50 sage: X=2^80 sage:

  30. 20 sage: N=10 sage: E=2^10 sage: Y=2^50 sage: X=2^80 sage: s=1+2*randrange(Y/4,Y/2) sage: s 984887308997925 sage:

  31. 20 sage: N=10 sage: E=2^10 sage: Y=2^50 sage: X=2^80 sage: s=1+2*randrange(Y/4,Y/2) sage: s 984887308997925 sage: u=[randrange(E) ....: for i in range(N)] sage: u [247, 418, 365, 738, 123, 735, 772, 209, 673, 47] sage:

  32. 21 sage:

  33. 21 sage: K=[2*ui+s*randrange( ....: ceil(-(X+2*ui)/s), ....: floor((X-2*ui)/s)+1) ....: for ui in u] sage:

  34. 21 sage: K=[2*ui+s*randrange( ....: ceil(-(X+2*ui)/s), ....: floor((X-2*ui)/s)+1) ....: for ui in u] sage: K [587473338058640662659869, -1111539179100720083770339, 794301459533783434896055, 68817802108374958901751, 742362470968200823035396, 1023345827831539515054795, -357168679398558876730006, 1121421619119964601051443, -1109674862276222495587129, -235628937785003770523381]

  35. 22 sage: m=randrange(2) sage: r=[randrange(2) ....: for i in range(N)] sage:

  36. 22 sage: m=randrange(2) sage: r=[randrange(2) ....: for i in range(N)] sage: C=m+sum(r[i]*K[i] ....: for i in range(N)) sage: C 2094088748748247210016703 sage:

  37. 22 sage: m=randrange(2) sage: r=[randrange(2) ....: for i in range(N)] sage: C=m+sum(r[i]*K[i] ....: for i in range(N)) sage: C 2094088748748247210016703 sage: C%s 2703 sage:

  38. 22 sage: m=randrange(2) sage: r=[randrange(2) ....: for i in range(N)] sage: C=m+sum(r[i]*K[i] ....: for i in range(N)) sage: C 2094088748748247210016703 sage: C%s 2703 sage: (C%s)%2 1 sage:

  39. 22 sage: m=randrange(2) sage: r=[randrange(2) ....: for i in range(N)] sage: C=m+sum(r[i]*K[i] ....: for i in range(N)) sage: C 2094088748748247210016703 sage: C%s 2703 sage: (C%s)%2 1 sage: m 1 sage:

  40. 23 sage: m2=randrange(2) sage: r2=[randrange(2) ....: for i in range(N)] sage:

  41. 23 sage: m2=randrange(2) sage: r2=[randrange(2) ....: for i in range(N)] sage: C2=m2+sum(r2[i]*K[i] ....: for i in range(N)) sage: C2 -51722353737982737270129 sage:

  42. 23 sage: m2=randrange(2) sage: r2=[randrange(2) ....: for i in range(N)] sage: C2=m2+sum(r2[i]*K[i] ....: for i in range(N)) sage: C2 -51722353737982737270129 sage: C2%s 4971 sage:

  43. 23 sage: m2=randrange(2) sage: r2=[randrange(2) ....: for i in range(N)] sage: C2=m2+sum(r2[i]*K[i] ....: for i in range(N)) sage: C2 -51722353737982737270129 sage: C2%s 4971 sage: (C2%s)%2 1 sage:

  44. 23 sage: m2=randrange(2) sage: r2=[randrange(2) ....: for i in range(N)] sage: C2=m2+sum(r2[i]*K[i] ....: for i in range(N)) sage: C2 -51722353737982737270129 sage: C2%s 4971 sage: (C2%s)%2 1 sage: m2 1 sage:

  45. 24 sage: (C+C2)%s 7674 sage: (C*C2)%s 13436613 sage:

  46. 24 sage: (C+C2)%s 7674 sage: (C*C2)%s 13436613 sage: Because C mod s and C ′ mod s are small enough compared to s , have C + C ′ mod s = ( C mod s ) + ( C ′ mod s ) and CC ′ mod s = ( C mod s )( C ′ mod s ).

  47. 24 sage: (C+C2)%s 7674 sage: (C*C2)%s 13436613 sage: Because C mod s and C ′ mod s are small enough compared to s , have C + C ′ mod s = ( C mod s ) + ( C ′ mod s ) and CC ′ mod s = ( C mod s )( C ′ mod s ). Refinements: add more noise to ciphertexts, bootstrap (2009 Gentry) to control noise, etc.

  48. 25 Lattices

  49. 25 Lattices This is a lettuce:

  50. 25 Lattices This is a lettuce: This is a lattice:

  51. 26 Lattices, mathematically Assume that V 1 ; : : : ; V D ∈ R N are R -linearly independent, i.e., R V 1 + · · · + R V D = { r 1 V 1 + · · · + r D V D : r 1 ; : : : ; r D ∈ R } is a D -dimensional vector space.

  52. 26 Lattices, mathematically Assume that V 1 ; : : : ; V D ∈ R N are R -linearly independent, i.e., R V 1 + · · · + R V D = { r 1 V 1 + · · · + r D V D : r 1 ; : : : ; r D ∈ R } is a D -dimensional vector space. Z V 1 + · · · + Z V D = { r 1 V 1 + · · · + r D V D : r 1 ; : : : ; r D ∈ Z } is a rank- D length- N lattice .

  53. 26 Lattices, mathematically Assume that V 1 ; : : : ; V D ∈ R N are R -linearly independent, i.e., R V 1 + · · · + R V D = { r 1 V 1 + · · · + r D V D : r 1 ; : : : ; r D ∈ R } is a D -dimensional vector space. Z V 1 + · · · + Z V D = { r 1 V 1 + · · · + r D V D : r 1 ; : : : ; r D ∈ Z } is a rank- D length- N lattice . V 1 ; : : : ; V D is a basis of this lattice.

  54. 27 Short vectors in lattices Given V 1 ; V 2 ; : : : ; V D ∈ Z N , what is shortest vector in L = Z V 1 + · · · + Z V D ?

  55. 27 Short vectors in lattices Given V 1 ; V 2 ; : : : ; V D ∈ Z N , what is shortest vector in L = Z V 1 + · · · + Z V D ? 0.

  56. 27 Short vectors in lattices Given V 1 ; V 2 ; : : : ; V D ∈ Z N , what is shortest vector in L = Z V 1 + · · · + Z V D ? 0. “SVP: shortest-vector problem”: What is shortest nonzero vector?

  57. 27 Short vectors in lattices Given V 1 ; V 2 ; : : : ; V D ∈ Z N , what is shortest vector in L = Z V 1 + · · · + Z V D ? 0. “SVP: shortest-vector problem”: What is shortest nonzero vector? 1982 Lenstra–Lenstra–Lov´ asz (LLL) algorithm runs in poly time, computes a nonzero vector in L with length at most 2 D= 2 times length of shortest nonzero vector. Typically ≈ 1 : 02 D instead of 2 D= 2 .

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Lattice-based cryptography: Episode V: the ring strikes back Daniel J. Bernstein University of

Lattice-based cryptography: Episode V: the ring strikes back Daniel J. Bernstein University of

1 Lattice-based cryptography: Episode V: the ring strikes back Daniel J. Bernstein University of Illinois at Chicago Crypto 1999 Nguyen: At Crypto 97, Goldreich, Goldwasser and Halevi proposed a public-key cryptosystem based on the

683 views • 32 slides
Lattice-based cryptography: reduced to a special closest vector Episode V: problem which is much

Lattice-based cryptography: reduced to a special closest vector Episode V: problem which is much

1 2 Lattice-based cryptography: reduced to a special closest vector Episode V: problem which is much easier the ring strikes back than the general problem. As an application, we solved four out Daniel J. Bernstein of the five numerical

1.07k views • 70 slides
Lattice-based cryptography (I) Thijs Laarhoven ts

Lattice-based cryptography (I) Thijs Laarhoven ts

Lattice-based cryptography (I) Thijs Laarhoven ts ttts PQCrypto Summer School 2017 (June 20, 2017) Part 1: Lattices, cryptography, and lattice basis

872 views • 53 slides
MIT 6.875 & Berkeley CS276 Foundations of Cryptography Lecture 20 TODAY: Lattice-based

MIT 6.875 & Berkeley CS276 Foundations of Cryptography Lecture 20 TODAY: Lattice-based

MIT 6.875 & Berkeley CS276 Foundations of Cryptography Lecture 20 TODAY: Lattice-based Cryptography Why Lattice-based Crypto? o Exponentially Hard (so far) o Quantum-Resistant (so far) o Worst-case hardness (unique feature of

699 views • 38 slides
Some Recent Progress in Lattice-Based Cryptography Chris Peikert SRI TCC 2009 1 / 17

Some Recent Progress in Lattice-Based Cryptography Chris Peikert SRI TCC 2009 1 / 17

Some Recent Progress in Lattice-Based Cryptography Chris Peikert SRI TCC 2009 1 / 17 Lattice-Based Cryptography p d o m x g = y N = = p m e mod N q e ( g a , g b ) (Images courtesy xkcd.org) 2 / 17 Lattice-Based

923 views • 74 slides
Lattice-based cryptography II Constructions and implementation issues Leon Groot Bruinderink

Lattice-based cryptography II Constructions and implementation issues Leon Groot Bruinderink

Lattice-based cryptography II Constructions and implementation issues Leon Groot Bruinderink July 1st, 2019 July 1st, 2019 1 / 27 Lattice-based cryptography II In this talk: Introduction to (ring-)LWE Lattice-based key-exchange and

1.44k views • 80 slides
Exploring the parameter space in lattice attacks Daniel J. Bernstein Tanja Lange Based on

Exploring the parameter space in lattice attacks Daniel J. Bernstein Tanja Lange Based on

1 Exploring the parameter space in lattice attacks Daniel J. Bernstein Tanja Lange Based on attack survey from 2019 BernsteinChuengsatiansup Langevan Vredendaal. Some hard lattice meta-problems: Analyze cost of known attacks.

489 views • 36 slides
Lattice-Based Cryptography: Constructing Trapdoors and More Applications Chris Peikert Georgia

Lattice-Based Cryptography: Constructing Trapdoors and More Applications Chris Peikert Georgia

Lattice-Based Cryptography: Constructing Trapdoors and More Applications Chris Peikert Georgia Institute of Technology crypt@b-it 2013 1 / 18 Lattice-Based One-Way Functions Public key Z n m A for q =

871 views • 84 slides
Lattice-based Signcryption without Random Oracles

Lattice-based Signcryption without Random Oracles

Lattice-based Signcryption without Random Oracles Junji Shikata Graduate School of Environment and Information Sciences, Yokohama National University, Japan Overview Lattice-based Cryptography

277 views • 26 slides
Cryptography for Embedded Devices Tobias Oder Ruhr-University Bochum Workshop on Cryptography

Cryptography for Embedded Devices Tobias Oder Ruhr-University Bochum Workshop on Cryptography

Efficient Implementation of Lattice-based Cryptography for Embedded Devices Tobias Oder Ruhr-University Bochum Workshop on Cryptography for the 09.11.2017 Internet of Things and Cloud 2017 Lattice-based Cryptography Set of vectors in n

601 views • 27 slides
Lattice-Based Cryptography Chris Peikert University of Michigan QCrypt 2016 1 / 24 Agenda 1

Lattice-Based Cryptography Chris Peikert University of Michigan QCrypt 2016 1 / 24 Agenda 1

Lattice-Based Cryptography Chris Peikert University of Michigan QCrypt 2016 1 / 24 Agenda 1 Foundations: lattice problems, SIS/LWE and their applications 2 Ring-Based Crypto: NTRU, Ring-SIS/LWE and ideal lattices 3 Practical Implementations:

1.03k views • 101 slides
Lattices: . . . to Cryptography Chris Peikert Georgia Institute of Technology Visions of

Lattices: . . . to Cryptography Chris Peikert Georgia Institute of Technology Visions of

Lattices: . . . to Cryptography Chris Peikert Georgia Institute of Technology Visions of Cryptography 10 December 2013 1 / 12 Agenda 1 The two one main lattice-based OWF 2 Two simple tricks that yield all of lattice cryptography 3 Lots of

909 views • 51 slides
Lattice Cryptography for the Internet Chris Peikert Georgia Institute of Technology Post-Quantum

Lattice Cryptography for the Internet Chris Peikert Georgia Institute of Technology Post-Quantum

Lattice Cryptography for the Internet Chris Peikert Georgia Institute of Technology Post-Quantum Cryptography 2 October 2014 1 / 12 Lattice-Based Cryptography p d o m x g = y N = = p m e mod N q e ( g a , g b ) (Images

873 views • 70 slides
Increased efficiency and functionality through lattice-based cryptography Michele Minelli ENS,

Increased efficiency and functionality through lattice-based cryptography Michele Minelli ENS,

Increased efficiency and functionality through lattice-based cryptography Michele Minelli ENS, CNRS, PSL Research University, INRIA (Internship at CryptoExperts, Paris) ECRYPT-NET School on Correct and Secure Implementation Crete, Greece 8

850 views • 67 slides
Parameterized Hardware Accelerators for Lattice-Based Cryptography and Their Application to the

Parameterized Hardware Accelerators for Lattice-Based Cryptography and Their Application to the

Parameterized Hardware Accelerators for Lattice-Based Cryptography and Their Application to the HW/SW Co-Design of qTESLA Wen Wang , Shanquan Tian, Bernhard Jungk, Nina Bindel, Patrick Longa, and Jakub Szefer CHES 2020 September 14, 2020

711 views • 69 slides
Cryptography from worst-case complexity assumptions Daniele Micciancio UC San Diego LLL+25

Cryptography from worst-case complexity assumptions Daniele Micciancio UC San Diego LLL+25

Cryptography from worst-case complexity assumptions Daniele Micciancio UC San Diego LLL+25 June 2007 (Caen, France) Outline Introduction Lattices and algorithms Complexity and Cryptography Lattice based cryptography Lattice

497 views • 47 slides
Katacryptology trust or not your favorite cryptotool ? RSA PreSE 1 Robert Erra PreSE 2 LSE

Katacryptology trust or not your favorite cryptotool ? RSA PreSE 1 Robert Erra PreSE 2 LSE

Katacryptology Robert Erra LSE WEEK 2014 Catacrypt ? Why should you Katacryptology trust or not your favorite cryptotool ? RSA PreSE 1 Robert Erra PreSE 2 LSE WEEK 2014 PreSE 3 PreSE 5 PostSE 1 July 17, 2014 PostSE 3 Back to RSA

922 views • 44 slides
Security and Protection Xavier Martorell-Bofill 1 Ren Serral-Graci 1 Universitat Politcnica

Security and Protection Xavier Martorell-Bofill 1 Ren Serral-Graci 1 Universitat Politcnica

Security and Protection Xavier Martorell-Bofill 1 Ren Serral-Graci 1 Universitat Politcnica de Catalunya (UPC) May 26, 2014 Introduction About security Security components Lectures System administration introduction 1 Operating System

517 views • 35 slides
syzkaller Mark Johnston markj@FreeBSD.org FreeBSD Bay Area Vendor Summit October 12, 2019

syzkaller Mark Johnston markj@FreeBSD.org FreeBSD Bay Area Vendor Summit October 12, 2019

syzkaller Mark Johnston markj@FreeBSD.org FreeBSD Bay Area Vendor Summit October 12, 2019 System Call Fuzzing: What? Common syscall usage patterns cover a small space Why would you ever call send(2) after listen(2) ? Increase

744 views • 12 slides
Security in a cloud context David Crooks, for the EGI CSIRT Lessons learned from recent incidents

Security in a cloud context David Crooks, for the EGI CSIRT Lessons learned from recent incidents

Security in a cloud context David Crooks, for the EGI CSIRT Lessons learned from recent incidents www.egi.eu EGI-Engage is co-funded by the Horizon 2020 Framework Programme of the European Union under grant number 654142 Cloud Security EGI

571 views • 16 slides
Discrete Logarithm with Auxiliary Inputs (Special Semester Workshop 4) Jung Hee Cheon (partly

Discrete Logarithm with Auxiliary Inputs (Special Semester Workshop 4) Jung Hee Cheon (partly

Discrete Logarithm with Auxiliary Inputs (Special Semester Workshop 4) Jung Hee Cheon (partly joint work with Taechan Kim and Yongsu Song) Department of Mathematical Sciences and ISaC-RIM Seoul National University December 13, 2013 1 / 41

557 views • 41 slides
Exploring the Effect of an Advance Letter on Response and Eligibility Rates: A M Met eta-Ana

Exploring the Effect of an Advance Letter on Response and Eligibility Rates: A M Met eta-Ana

Exploring the Effect of an Advance Letter on Response and Eligibility Rates: A M Met eta-Ana nalysis S Stud udy for the he Nationa nal I Immuni unization S n Sur urvey (NIS) Abera Wouhib 1 , Jie Zhao 2 , Meena Khare 1 and Vicki Pineau 2

812 views • 17 slides
ENISA EUROPEAN NIS AGENDA AND THE PERSPECTIVE Prof. Dr. Reinhard Posch Chairperson ENISA

ENISA EUROPEAN NIS AGENDA AND THE PERSPECTIVE Prof. Dr. Reinhard Posch Chairperson ENISA

ENISA EUROPEAN NIS AGENDA AND THE PERSPECTIVE Prof. Dr. Reinhard Posch Chairperson ENISA Management Board THE GENERAL GOAL The general goal of ENISA and of any subsequent situation is to strengthen Euorpe with NIS and to enable NIS

337 views • 10 slides
www.enisa.eu.int ENISA update 17 th TF-CSIRT, Amsterdam, 23.01.2006 Marco Thorbruegge

www.enisa.eu.int ENISA update 17 th TF-CSIRT, Amsterdam, 23.01.2006 Marco Thorbruegge

www.enisa.eu.int ENISA update 17 th TF-CSIRT, Amsterdam, 23.01.2006 Marco Thorbruegge marco.thorbruegge@enisa.eu.int 1 ENISAs tasks Risk assessment Becoming a centre and Track of expertise risk management standardisation Information

728 views • 16 slides

More recommend