linear structures applications to cryptanalysis of round
play

Linear Structures: Applications to Cryptanalysis of Round-Reduced - PowerPoint PPT Presentation

Jan 18, 2023 •44 likes •474 views

Linear Structures: Applications to Cryptanalysis of Round-Reduced Keccak Meicheng Liu joint work with Jian Guo and Ling Song Asiacrypt 2016 1/28 Outline Introduction SHA-3 hash function Linear Structures Linear structures of Keccak-f

  1. Linear Structures: Applications to Cryptanalysis of Round-Reduced Keccak Meicheng Liu joint work with Jian Guo and Ling Song Asiacrypt 2016 1/28

  2. Outline Introduction SHA-3 hash function Linear Structures Linear structures of Keccak-f permutation Techniques for keeping 1 + 1 rounds being linear Techniques for keeping 1 + 2 rounds being linear Distinguishers Zero-sum distinguishers on Keccak- f Preimage Attacks Preimage Attacks on Keccak Setting up linear equations from the output of χ Keccak Crunchy Crypto Contest 2/28

  3. Cryptographic hash function ◮ A cryptographic hash function is a mathematical algorithm that maps data of arbitrary size to a bit string of a fixed size, which is designed to also be one-way function. ◮ Properties ◮ Collision resistance - It should be difficult to find a pair of different messages m 1 and m 2 such that H ( m 1 ) = H ( m 2 ). ◮ Preimage resistance - Given an arbitrary n -bit value x , it should be difficult to find any message m such that H ( m ) = x . ◮ Second preimage resistance - Given message m 1 , it should be difficult to find any different message m 2 such that H ( m 1 ) = H ( m 2 ). 3/28

  4. SHA-3 hash function ◮ NIST SHA-3 hash function competition (2007–2012) ◮ Winner: Keccak ◮ The winner was announced to be Keccak in October 2012. ◮ Designers: Guido Bertoni, Joan Daemen, Micha¨ el Peeters, and Gilles Van Assche Official versions: Keccak-224/256/384/512 The Keccak web site: http://keccak.noekeon.org/ ◮ In August 2015 NIST announced that SHA-3 had become a hashing standard. ◮ SHA3-224/256/384/512 ◮ SHAKE128/256 (eXtendable Output Functions, XOFs) 4/28

  5. Micha¨ el Peeters, Guido Bertoni, Gilles Van Assche and Joan Daemen The Keccak Team 5/28

  6. Specifications of Keccak ◮ Structure of Keccak ◮ Sponge construction ◮ Keccak- f permutation ◮ 1600 bits: a 5 × 5 array of 64-bit lanes ◮ 24 rounds ◮ each round consists of five steps: ι ◦ χ ◦ π ◦ ρ ◦ θ ◮ χ : the only nonlinear operation 6/28

  7. SHA-3 hash function Federal Information Processing Standards (FIPS) 202 instances Output Collision Preimage Instances r c Length Resistance Resistance SHA3-224 1152 448 224 112 224 SHA3-256 1088 512 256 128 256 SHA3-384 832 768 384 192 384 SHA3-512 576 1024 512 256 512 SHAKE128 1344 256 ℓ min( ℓ/ 2 , 128) min( ℓ, 128) SHAKE256 1088 512 ℓ min( ℓ/ 2 , 256) min( ℓ, 256) Table: The standard FIPS 202 instances 7/28

  8. Linear structures of Keccak-f permutation ◮ Several known attacks are based on the technique of linearizing 1-round Keccak- f ◮ Zero-sum distinguishers [AM09] ◮ Cube-attack-like cryptanalysis on keyed variants of Keccak [DMP + 15] ◮ We find that 2- and 3-round Keccak- f can be linearized 1 1 | ← backward | − − − − − − forward | − − − → dim ≤ 512 1 2 | ← backward | − − − − − − forward | − − − → dim ≤ 194 ◮ To mount preimage attacks, we often use 1 1 | ← backward | − − − − − − forward | − − − → dim = 512 8/28

  9. Specifications of Keccak ◮ Structure of Keccak ◮ Sponge construction ◮ Keccak- f permutation ◮ 1600 bits: a 5 × 5 array of 64-bit lanes ◮ 24 rounds ◮ each round consists of five steps: ι ◦ χ ◦ π ◦ ρ ◦ θ ◮ χ : the only nonlinear operation 9/28

  10. Keccak- f permutation Internal state A : a 5 × 5 array of 64-bit lanes θ C [ x ] = A [ x , 0] ⊕ A [ x , 1] ⊕ A [ x , 2] ⊕ A [ x , 3] ⊕ A [ x , 4] D [ x ] = C [ x − 1] ⊕ ( C [ x + 1] ≪ 1) A [ x , y ] = A [ x , y ] ⊕ D [ x ] ρ A [ x , y ] = A [ x , y ] ≪ r [ x , y ] π B [ y , 2 ∗ x + 3 ∗ y ] = A [ x , y ] χ A [ x , y ] = B [ x , y ] ⊕ (( ∼ B [ x + 1 , y ])& B [ x + 2 , y ]) ι A [0 , 0] = A [0 , 0] ⊕ RC - The constants r [ x , y ] are the rotation offsets. - RC[i] are the round constants. - The only non-linear operation is χ step - algebraic degree 2 10/28

  11. Techniques for keeping 1 + 1 rounds being linear with the degrees of freedom up to 512 ◮ Keeping one round forward being linear 0 , 0 1 , 0 2 , 0 3 , 0 4 , 0 0 , 0 1 , 0 2 , 0 3 , 0 4 , 0 0 , 0 1 , 1 2 , 2 3 , 3 4 , 4 0 , 0 1 , 1 2 , 2 3 , 3 4 , 4 0 , 1 1 , 1 2 , 1 3 , 1 4 , 1 0 , 1 1 , 1 2 , 1 3 , 1 4 , 1 3 , 0 4 , 1 0 , 2 1 , 3 2 , 4 3 , 0 4 , 1 0 , 2 1 , 3 2 , 4 π ◦ ρ ι ◦ χ θ 0 , 2 1 , 2 2 , 2 3 , 2 4 , 2 0 , 2 1 , 2 2 , 2 3 , 2 4 , 2 1 , 0 2 , 1 3 , 2 4 , 3 0 , 4 1 , 0 2 , 1 3 , 2 4 , 3 0 , 4 0 , 3 1 , 3 2 , 3 3 , 3 4 , 3 0 , 3 1 , 3 2 , 3 3 , 3 4 , 3 4 , 0 0 , 1 1 , 2 2 , 3 3 , 4 4 , 0 0 , 1 1 , 2 2 , 3 3 , 4 0 , 4 1 , 4 2 , 4 3 , 4 4 , 4 0 , 4 1 , 4 2 , 4 3 , 4 4 , 4 2 , 0 3 , 1 4 , 2 0 , 3 1 , 4 2 , 0 3 , 1 4 , 2 0 , 3 1 , 4 Figure: Keeping one round forward being linear with the degrees of freedom up to 512, with yellow bits of degree 1, orange bits of degree at most 1, and the other bits being constants. ◮ Keeping one round backward being linear ◮ linearizing the inverse of χ according to its property: restrict the bits of gray lanes to be all ones and the bits of lightgray lanes to be all zeros 11/28

  12. Linearizing the inverse of χ The inverse χ − 1 : b �→ a has algebraic degree 3, and a i = b i ⊕ ( b i +1 ⊕ 1) · ( b i +2 ⊕ ( b i +3 ⊕ 1) · b i +4 ) (1) where 0 ≤ i ≤ 4 and the indexes are operated on modulo 5. If we impose b 3 = 0 and b 4 = 1, then we have a 0 = b 0 ⊕ ( b 1 ⊕ 1) · ( b 2 ⊕ 1) , a 1 = b 1 , a 2 = 1 ⊕ b 2 ⊕ ( b 0 ⊕ 1) · b 1 , a 3 = 0 , a 4 = 1 ⊕ ( b 0 ⊕ 1) · b 1 , and thus all a i ’s are linear on b 0 and b 2 . That’s, for b 3 = 0 , b 4 = 1 and any fixed b 1 , the algebraic degree of χ − 1 becomes 1. 12/28

  13. Techniques for keeping 1 + 2 rounds being linear with the degrees of freedom up to 194 ◮ Keeping two rounds forward being linear 0 , 0 1 , 0 2 , 0 3 , 0 4 , 0 0 , 0 1 , 0 2 , 0 3 , 0 4 , 0 0 , 0 1 , 1 2 , 2 3 , 3 4 , 4 0 , 0 1 , 1 2 , 2 3 , 3 4 , 4 0 , 1 1 , 1 2 , 1 3 , 1 4 , 1 0 , 1 1 , 1 2 , 1 3 , 1 4 , 1 3 , 0 4 , 1 0 , 2 1 , 3 2 , 4 3 , 0 4 , 1 0 , 2 1 , 3 2 , 4 π ◦ ρ ι ◦ χ θ 0 , 2 1 , 2 2 , 2 3 , 2 4 , 2 0 , 2 1 , 2 2 , 2 3 , 2 4 , 2 1 , 0 2 , 1 3 , 2 4 , 3 0 , 4 1 , 0 2 , 1 3 , 2 4 , 3 0 , 4 0 , 3 1 , 3 2 , 3 3 , 3 4 , 3 0 , 3 1 , 3 2 , 3 3 , 3 4 , 3 4 , 0 0 , 1 1 , 2 2 , 3 3 , 4 4 , 0 0 , 1 1 , 2 2 , 3 3 , 4 0 , 4 1 , 4 2 , 4 3 , 4 4 , 4 0 , 4 1 , 4 2 , 4 3 , 4 4 , 4 2 , 0 3 , 1 4 , 2 0 , 3 1 , 4 2 , 0 3 , 1 4 , 2 0 , 3 1 , 4 0 , 0 1 , 1 2 , 2 3 , 3 4 , 4 0 , 0 4 , 1 3 , 2 2 , 3 1 , 4 3 , 0 4 , 1 0 , 2 1 , 3 2 , 4 3 , 3 2 , 4 1 , 0 0 , 1 4 , 2 π ◦ ρ ι ◦ χ 1 , 0 2 , 1 3 , 2 4 , 3 0 , 4 1 , 1 0 , 2 4 , 3 3 , 4 2 , 0 θ 4 , 0 0 , 1 1 , 2 2 , 3 3 , 4 4 , 4 3 , 0 2 , 1 1 , 2 0 , 3 2 , 0 3 , 1 4 , 2 0 , 3 1 , 4 2 , 2 1 , 3 0 , 4 4 , 0 3 , 1 ◮ Keeping one round backward being linear 13/28

  14. Zero-sum distinguishers on Keccak- f Exploiting the linear structures of Keccak- f What’s a zero-sum distinguisher? ◮ Find a set S such that � x ∈ S x = 0 and � x ∈ S f ( x ) = 0. ◮ Known zero-sum distinguisher on Keccak- f permutation 1+ n m +1 m n | ← backward | − − − − − − forward | or | − − − → ← backward | − − − − − − forward | − − − → ◮ Our improved zero-sum distinguisher on Keccak- f permutation m + 1 1 + n | ← backward | − − − − − − forward | − − − → m + 1 2 + n | ← backward | − − − − − − forward | − − − → 14/28

  15. Zero-sum distinguishers on Keccak- f Exploiting the linear structures of Keccak- f What’s a zero-sum distinguisher? ◮ Find a set S such that � x ∈ S x = 0 and � x ∈ S f ( x ) = 0. ◮ Known zero-sum distinguisher on Keccak- f permutation 1+ n m +1 m n | ← backward | − − − − − − forward | or | − − − → ← backward | − − − − − − forward | − − − → ◮ Our improved zero-sum distinguisher on Keccak- f permutation m + 1 1 + n | ← backward | − − − − − − forward | − − − → m + 1 2 + n ← | backward | − − − − − − forward | − − − → ◮ Complexity: 2 1+max(2 n , 3 m ) - Since deg( χ ) = 2 and deg( χ − 1 ) = 3, the algebraic degree of n forward Keccak- f rounds is bounded by 2 n , and m backward rounds by 3 m . 14/28

  16. Zero-sum distinguishers on Keccak- f Exploiting the linear structures of Keccak- f ◮ Extend the previous zero-sum distinguishers by 2 rounds without increasing the complexities #R inv+forw Best Known inv+forw Improved inv+forw Further 2 13 [JN15] 2 10 2 9 7 3+4 3+4 2+5 2 18 [AM09, JN15] 2 17 2 10 8 3+5 3+5 3+5 2 33 ∗ [AM09] 2 28 2 17 9 4+5 4+5 3+6 2 65 ∗ [AM09] 2 33 2 28 10 4+6 4+6 4+6 2 82 ∗ [AM09] 2 65 2 33 11 5+6 4+7 4+7 2 129 [AM09] 2 82 2 65 12 5+7 5+7 4+8 2 244 [AM09] 2 129 2 82 13 6+7 5+8 5+8 2 257 [AM09] 2 244 2 129 14 6+8 6+8 5+9 2 513 [AM09] 2 257 15 6+9 6+9 2 1575 [BCC11, DL11] 24 12+12 ∗ Corrected. 15/28

  17. Zero-sum distinguishers on Keccak- f Exploiting the linear structures of Keccak- f - Practical distinguisher for 11 rounds ∗ The 12-round Keccak- f permutations can be distinguished with complexity 2 65 or 2 82 . ◮ This is of special interests since the 12-round Keccak- f permutation variants are used in the CAESAR candidates Keyak and Ketje . ◮ Nevertheless, we stress here that this distinguisher does not affect the security of Keyak or Ketje . 16/28

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Cryptanalysis of Round-Reduced KECCAK using Non-Linear Structures Mahesh Sreekumar Rajasree

Cryptanalysis of Round-Reduced KECCAK using Non-Linear Structures Mahesh Sreekumar Rajasree

Cryptanalysis of Round-Reduced KECCAK using Non-Linear Structures Mahesh Sreekumar Rajasree Center for Cybersecurity, Indian Institute of Technology Kanpur INDOCRYPT 2019, Hyderabad Outline 2 Introduction Hash function Structure of KECCAK

752 views • 50 slides
Algebraic Cryptanalysis of Round-Reduced Keccak with Linear Structures Meicheng Liu joint work

Algebraic Cryptanalysis of Round-Reduced Keccak with Linear Structures Meicheng Liu joint work

Algebraic Cryptanalysis of Round-Reduced Keccak with Linear Structures Meicheng Liu joint work with Jian Guo and Ling Song ASK 2016, September 2016 1/45 Outline Introduction SHA-3 hash function Specifications of Keccak Main Results

913 views • 65 slides
Experiments on the Multiple Linear Cryptanalysis of Reduced Round Serpent B. Collard , F.-X.

Experiments on the Multiple Linear Cryptanalysis of Reduced Round Serpent B. Collard , F.-X.

Experiments on the Multiple Linear Cryptanalysis of Reduced Round Serpent B. Collard , F.-X. Standaert , J.-J. Quisquater UCL Crypto Group Microelectronics Laboratory Catholic University of Louvain - UCL Belgium FSE 2008 Collard B. (UCL

448 views • 33 slides
Improved Differential-Linear Cryptanalysis of 7-round Chaskey with Partitioning Gatan Leurent

Improved Differential-Linear Cryptanalysis of 7-round Chaskey with Partitioning Gatan Leurent

Chaskey ARX Cryptanalysis Improved Differential-Linear Conclusion Improved Differential-Linear Cryptanalysis of 7-round Chaskey with Partitioning Gatan Leurent Inria, Paris Eurocrypt 2016 m 0 m 1 m 2 K K K Gatan

540 views • 36 slides
Cryptanalysis of Modern Symmetric-Key Block Ciphers [Based on A Tutorial on Linear and

Cryptanalysis of Modern Symmetric-Key Block Ciphers [Based on A Tutorial on Linear and

Cryptanalysis of Modern Symmetric-Key Block Ciphers [Based on A Tutorial on Linear and Differential Cryptanalysis by Howard Heys.] Modern block ciphers (like DES and AES): - proceed in rounds - each round has its own round key or subkey

644 views • 21 slides
/ 33 1 Cryptanalysis of Reduced round SKINNY Block Cipher Outline A brief description of

/ 33 1 Cryptanalysis of Reduced round SKINNY Block Cipher Outline A brief description of

/ 33 1 Cryptanalysis of Reduced round SKINNY Block Cipher Outline A brief description of SKINNY Zero-Correlation Linear Cryptanalysis of SKINNY MILP model for SKINNY64 cipher Using MILP in Impossible differential

420 views • 31 slides
Block Cipher Cryptanalysis II: Block Cipher Cryptanalysis II: Linear Cryptanalysis yp y Andrey

Block Cipher Cryptanalysis II: Block Cipher Cryptanalysis II: Linear Cryptanalysis yp y Andrey

Block Cipher Cryptanalysis II: Block Cipher Cryptanalysis II: Linear Cryptanalysis yp y Andrey Bogdanov Andrey Bogdanov K.U.Leuven, ESAT/COSIC Outline Outline Distribution of Correlation Data Complexity Linear Hulls Zero

659 views • 30 slides
Separable Statistics in Linear Cryptanalysis Igor Semaev, Univ. of Bergen, Norway joint work

Separable Statistics in Linear Cryptanalysis Igor Semaev, Univ. of Bergen, Norway joint work

Separable Statistics in Linear Cryptanalysis Igor Semaev, Univ. of Bergen, Norway joint work with Stian Fauskanger 5 September 2017, MMC workshop Round Block Cipher Cryptanalysis PL-TEXT K1 K1 X K2..K15 Y K16 CH-TEXT Logarithmic

826 views • 41 slides
Differential and Linear Cryptanalysis Lars R. Knudsen June 2014 L.R. Knudsen Differential and

Differential and Linear Cryptanalysis Lars R. Knudsen June 2014 L.R. Knudsen Differential and

Differential cryptanalysis Linear cryptanalysis Differential and Linear Cryptanalysis Lars R. Knudsen June 2014 L.R. Knudsen Differential and Linear Cryptanalysis Differential cryptanalysis Linear cryptanalysis Iterated block ciphers (DES,

910 views • 53 slides
A Methodology for Differential-Linear Cryptanalysis and Its Applications Jiqiang Lu Presenter:

A Methodology for Differential-Linear Cryptanalysis and Its Applications Jiqiang Lu Presenter:

1. Preliminaries 2. Differential-Linear Cryptanalysis: Previous and Our Methodologies 3. Application to 13 Rounds of the DES Block Cipher 4. Application to 10 Rounds of the CTC2 Block Cipher 5. Application to 12 Rounds of the Serpent Block

1.18k views • 25 slides
Separable Statistics and Multidimensional Linear Cryptanalysis Stian Fauskanger Igor Semaev

Separable Statistics and Multidimensional Linear Cryptanalysis Stian Fauskanger Igor Semaev

Separable Statistics and Multidimensional Linear Cryptanalysis Stian Fauskanger Igor Semaev FFI, Norway Univ. of Bergen, Norway 28 March 2019, FSE, Paris Briefly Matsuis Linear Cryptanalysis is based on the distribution of x 1 . .

331 views • 30 slides
Differential Cryptanalysis - quite similar to linear cryptanalysis - exploits the relationship

Differential Cryptanalysis - quite similar to linear cryptanalysis - exploits the relationship

Differential Cryptanalysis - quite similar to linear cryptanalysis - exploits the relationship between the difference of two inputs and the difference of the corresponding two outputs. - the difference M Z of two strings of bits Z and Z

556 views • 10 slides
Quantum Difgerential and Linear Cryptanalysis Truncated difgerential Difgerential Marc Kaplan 1 ,

Quantum Difgerential and Linear Cryptanalysis Truncated difgerential Difgerential Marc Kaplan 1 ,

Introduction Brute-force FSE 2017 Quantum Difgerential and Linear Cryptanalysis Kaplan, Leurent, Leverrier & Naya-Plasencia 1 / 25 Conclusion Quantum Difgerential and Linear Cryptanalysis Truncated difgerential Difgerential Marc Kaplan

410 views • 38 slides
Cryptanalysis of the 10-Round Hash and Full Compression Function of SHAvite-3-512 Praveen

Cryptanalysis of the 10-Round Hash and Full Compression Function of SHAvite-3-512 Praveen

Cryptanalysis of the 10-Round Hash and Full Compression Function of SHAvite-3-512 Praveen Gauravaram 1 , Ga eten Leurent 2 , Florian Mendel 3 , Mar a Naya-Plasencia 4 , Thomas Peyrin 5 , Christian Rechberger 6 , Martin Schl affer 3 , 1

822 views • 45 slides
New Observations on Impossible Differential Cryptanalysis of Reduced-Round Camellia Ya Liu 1 ,

New Observations on Impossible Differential Cryptanalysis of Reduced-Round Camellia Ya Liu 1 ,

New Observations on Impossible Differential Cryptanalysis of Reduced-Round Camellia Ya Liu 1 , Leibo Li 2 , Dawu Gu 1 , Xiaoyun Wang 2,3 , Zhiqiang Liu 1 , Jiazhe Chen 2 , Wei Li 4 1. Shanghai Jiao Tong University, 2. Shangdong University 3.

472 views • 25 slides
Mixture Differential Cryptanalysis: a New Approach to Distinguishers and Attacks on round-reduced

Mixture Differential Cryptanalysis: a New Approach to Distinguishers and Attacks on round-reduced

Mixture Differential Cryptanalysis: a New Approach to Distinguishers and Attacks on round-reduced AES Lorenzo Grassi, IAIK, TU Graz (Austria) March, 2019 www.iaik.tugraz.at Motivation At Eurocrypt 2017, the first secret-key distinguisher for

576 views • 42 slides
Satisfiability Modulo Transcendental Functions via Incremental Linearization Alberto Griggio

Satisfiability Modulo Transcendental Functions via Incremental Linearization Alberto Griggio

Satisfiability Modulo Transcendental Functions via Incremental Linearization Alberto Griggio Fondazione Bruno Kessler, Trento, Italy Joint work with A. Irfan, A. Cimatti, M. Roveri, R. Sebastiani Executive Summary Main idea Abstract

487 views • 24 slides
rt qrtt

rt qrtt

trt rts rtts Prsts rt qrtt rs

1.57k views • 75 slides
Comparisons of gyrokinetic PIC and CIP codes Comparisons of gyrokinetic PIC and CIP codes

Comparisons of gyrokinetic PIC and CIP codes Comparisons of gyrokinetic PIC and CIP codes

1 Comparisons of gyrokinetic PIC and CIP codes Comparisons of gyrokinetic PIC and CIP codes Yasuhiro Idomura Yasuhiro Idomura Japan Atomic Energy Research Institute Japan Atomic Energy Research Institute Festival de Theorie Theorie 2005

469 views • 13 slides
m Electricity: The Linchpin Jesse D. Jenkins, PhD Assistant Professor | Princeton University

m Electricity: The Linchpin Jesse D. Jenkins, PhD Assistant Professor | Princeton University

m Electricity: The Linchpin Jesse D. Jenkins, PhD Assistant Professor | Princeton University Dept. of Mechanical & Aerospace Engineering | Andlinger Center for Energy & Environment Getting to Zero to Zero 2C 1.5C Window Window

425 views • 10 slides
Control Optimization of a Renewable Energy Park with Energy Storage and Distribution Network

Control Optimization of a Renewable Energy Park with Energy Storage and Distribution Network

Objectives Wind Turbine Wind Farm Power Maximization Conclusions and Future Works Control Optimization of a Renewable Energy Park with Energy Storage and Distribution Network Nicol` o Gionfra Supervisors: Guillaume Sandou, Houria

734 views • 24 slides
Uncertain systems and robust control LMI methods Dimitri PEAUCELLE Relaxation Approaches for

Uncertain systems and robust control LMI methods Dimitri PEAUCELLE Relaxation Approaches for

Uncertain systems and robust control LMI methods Dimitri PEAUCELLE Relaxation Approaches for Control of Uncertain Complex Systems: Methodologies and Tools Workshop at 52nd IEEE Conference on Decision and Control Monday December 9, 2013,

795 views • 47 slides
Fin inal Presentation: Fall 2016 Team 1716: Smart Ocean WEC Jeffrey Brennan, Christopher Stella,

Fin inal Presentation: Fall 2016 Team 1716: Smart Ocean WEC Jeffrey Brennan, Christopher Stella,

Fin inal Presentation: Fall 2016 Team 1716: Smart Ocean WEC Jeffrey Brennan, Christopher Stella, Peter McBride, Islam Bilalovski Faculty Advisor: Peng Zhang Graduate Advisor: Taofeek Orekan Outline Introduction Three Phase Power

448 views • 32 slides
Coordinating storage and grid: efficient regulation in a multilevel system with strategic actors

Coordinating storage and grid: efficient regulation in a multilevel system with strategic actors

Introduction Model Results Further research References Backup Coordinating storage and grid: efficient regulation in a multilevel system with strategic actors Roman Mendelevitch, Paul Neetzow Humboldt-Universitaet zu Berlin

291 views • 28 slides

More recommend